Vous êtes sur la page 1sur 33

Chapter 6: Performing an Integrated Audit

Student: ___________________________________________________________________________
1. A company with a strong control environment demonstrates a culture of high integrity and ethics.
True False

2. The requirement to report on internal control placed on public companies resulted from one particular type of
internal control breakdown: front line employees of some major public companies overrode their control
systems and issued misleading financial statements.
True False

3. During the course of the audit, the auditor should continually gather and update information on business risk,
including the identification of any fraud risk factors noted during preliminary audit planning.
True False

4. The auditor should not attempt to analyze potential management motivations to misstate account balances
since auditor is an accounting expert and not expected to perform behavioral assessments.
True False

5. Substantive procedures performed by the auditor will include procedures to address fraud risks.
True False

6. Recent research by COSO reinforces the concept that the control environment is not a very important factor
associated with fraud
True False

7. A material weakness in internal control is a deficiency in the design or operation of the control that adversely
affects the companys ability to initiate, record, process or report external financial data reliably in accordance
with GAAP.
True False

8. The concept of reasonable assurance regarding controls recognizes that the benefits of internal controls
should not exceed the cost.
True False

9. The auditor is required to report material weaknesses in internal control to the audit committee.
True False

10. In an integrated audit both management and the auditor are required to report on the fairness of the internal
control of the company.
True False

11. The purpose of tests of controls is to determine that account balances are properly stated.
True False

12. The purpose of the auditor consideration of the strength of internal controls is to determine the nature, extent
and timing of substantive testing.
True False

13. Pervasive controls are those that affect the processing of specific computer applications of the client.
True False

14. In an integrated audit the auditor is responsible to only form an opinion on the fairness of the financial
statements.
True False

15. If the auditor finds material weaknesses in the internal controls of the client a qualified report would be
issued.
True False

16. The auditors report on the internal controls and the financial statements of the client are required to be
reported in the same report.
True False

17. The major changes in guidance since the original issuance of AS 2 include encouragement to both
management and auditors to implement a top down, risk-based approach.
True False

18. Internal control reporting must be based on evidence of both the design and the operation of internal
controls.
True False

19. In an integrated audit the auditor is required to issue two separate reports. One on the fairness of the internal
controls and a second on the fairness of the financial statements.
True False

20. In an integrated audit the auditor is required to issue a report expressing an opinion on managements
assessment of the effectiveness of controls.
True False

21. If managements report on internal control indicates one or more material weaknesses, the auditor would
express an adverse opinion on the internal controls.
True False

22. If managements report on internal control indicates a material weakness, the auditor would express a
qualified opinion on the internal controls.
True False

23. The auditor is responsible to understand the controls of the client and to test all of its controls in the process
of evaluating the strength of the internal control system.
True False

24. Controls of the client that the auditor expects to depend upon in reducing substantive testing must be tested.
True False

25. A risk-based approach to an integrated audit requires auditors to consider the materiality of account
balances and processes along with the risks that the account balance may be misstated
True False

26. Controls for all assertions need not be tested if the auditor believes that a misstatement related to a particular
assertion would not be material.
True False

27. The direct tests of account balances are determined, in large part, by the specific nature of the identified
control deficiencies.
True False

28. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial
reporting that is more severe than a material weakness.
True False

29. In evaluating the strength of internal control in determining the nature, timing and extent of substantive
audit evidence to collect the auditor must form their own independent assessment. Audit evidence cannot be
reduced based upon the work of the internal auditor.
True False

30. In evaluating the strength of internal control in determining the nature, timing and extent of substantive
audit evidence to collect the auditor must form their own independent assessment. Audit evidence can be
reduced based upon the effectiveness of managements monitoring controls.
True False

31. The assessment of internal control is at the end of the clients reporting period. There is often an opportunity
to correct a deficiency before the end of the year if it is identified early enough.
True False

32. If the auditor finds material weaknesses in the internal controls of the client an adverse report would be
issued.
True False

33. The size of the account (materiality) influences, but does not totally dictate, whether substantive testing
should be performed.`
True False

34. To some extent, the external auditor can rely on some of the companys evaluation and/or testing of
controls, particularly work performed by a competent and independent internal audit function.
True False

35. The external auditor can never rely to any extent on some of the companys evaluation and/or testing of
controls, even when performed by a competent and independent internal audit function.
True False

36. No matter how low control risk is assessed, some substantive testing of account balances must be conducted
for material account balances.
True False

37. Under AS 5, the auditors objective in an audit of internal control over financial reporting is to express an
opinion on the effectiveness of the companys internal control over financial reporting.
True False

38. In an integrated audit the auditor conducts their audit of the internal controls of the company in accordance
with the standards of COSO, which requires reasonable assurance of maintenance in material respects.
True False

39. In an integrated audit an unqualified opinion on the internal controls over financial reporting can be issued
by the auditor if no misstatements are found in the financial statement audit.
True False

40. Management is responsible to document the COSO control elements, especially the control environment,
risk analysis, and monitoring.
True False

41. The financial competencies needed by an organization are directly correlated with the complexity of
transactions in which the company engages and the size of the company.
True False

42. Once a company establishes that it has effective internal control over processes, monitoring can be effective
by assuring that any changes made to the processes are fully documented and tested and that controls have not
deteriorated.
True False

43. Regardless of the level of assessed control risk, the auditor must conduct some substantive procedures for
material account balances.
True False

44. In the risk-based audit approach the control environment serves as the first line of defense in mitigating the
risks that a company has to manage.
True False

45. Managements evaluation of internal controls often presents opportunities to improve both the quality of
controls and the efficiency of processing.
True False

46. A company with a strong control environment demonstrates which of the following:
A. a culture of high integrity and ethics.
B. a commitment to financial reporting competencies.
C. an independent, active, and knowledgeable audit committee.
D. all of the above.

47. Regardless of the level of assessed control risk, the auditor must conduct some substantive procedures for
material account balances. These procedures may include which of the following.
A. input from the audit teams brainstorming analysis regarding potential for fraud.
B. the size of the account balance.
C. how IT affects the company's flow of transactions.
D. all of the above.

48. Research has found that the most fraudulent financial reporting, such as misleading reporting was
perpetrated by which of the following.
A. lower-level employees.
B. external auditors.
C. internal auditors.
D. senior management.

49. The auditor considers internal control in order to determine


A. the nature, timing and extent of substantive testing to perform.
B. inherent risk in an account balance.
C. an acceptable level of control risk for an account balance.
D. Both B and C.

50. For the auditor to assess control risk for account balances at less than the maximum
A. no significant weaknesses must have occurred.
B. the internal auditor must test and evaluate some of the controls.
C. the external auditor must test and evaluate some of the controls.
D. management must test and evaluate some of the controls.

51. Under what circumstance is it appropriate for the auditor to rely on the work of an internal auditor?
A. It is never acceptable for the external auditor to rely upon the work of the internal auditor.
B. The external auditor may relay on certain of the work of the internal auditor after making a comprehensive
assessment of the auditor and his/her work.
C. The external auditor may rely on the work of the internal auditor if he/she is also a CPA.
D. There is no restriction in relying upon the work of internal auditors.

52. The risk-based audit approach requires the auditor to identify


A. account balances or related disclosures that might be materially misstated.
B. potential causes of the misstatement.
C. important processes that may affect one or more account balances.
D. all of the above.

53. An adverse report on internal controls is rendered when the auditor finds
A. a significant weakness in the internal controls of the client.
B. a material weakness in the internal controls of the client.
C. a deficiency in operation of the internal controls of the client.
D. all of the above would result in an adverse opinion.

54. The amount of direct testing to be performed by the auditor is directly related to
A. audit risk
B. business risk.
C. subjectivity of account balances.
D. both B and C.

55. The amount of direct testing to be performed by the auditor is inversely related to
A. audit risk.
B. enterprise risk.
C. subjectivity of accounting process.
D. materiality of account balance.

56. If the auditor assesses control risk dealing with account balances as being weak, the effect on residual risk is
to
A. reduce residual risk.
B. increase residual risk.
C. no effect on residual risk.
D. either A or B depending upon presence or absence of significant deficiencies.

57. In evaluating the extent to which the external auditor can rely on the work of the internal auditor, which of
the following factors would the external auditor consider?
A. The independence of the function from management.
B. The design and comprehensiveness of the internal audit testing approach.
C. The documentation of the internal audit testing.
D. All would be considered.

58. If the auditor finds a material weakness in the controls of the client, it represents a deficiency in the design
or operation of a control
A. that adversely affects the companys ability to initiate, record, process, or report external financial data
reliably in accordance with GAAP.
B. that negatively affects the companys ability to initiate, record, process, or report external financial data
reliably in accordance with GAAP.
C. that results in a remote possibility that a material misstatement of the annual or interim financial statements
will not be prevented or detected.
D. that results in a reasonable possibility that a material misstatement of the annual or interim financial
statements will not be prevented or detected.

59. In planning the audit, auditors assess control risk for


A. each relevant assertion.
B. important classes of transactions.
C. significant account balances.
D. all of the above.

60. When would the auditor issue an unqualified opinion on the internal controls of a client?
A. No material weaknesses in internal controls are found.
B. No significant deficiencies in internal controls are found.
C. No errors are found in the account balances of the client.
D. Either A or B.

61. Which assertions and controls must be tested by the auditor?


A. All controls and assertions must be tested.
B. A sample of controls and assertions must be tested.
C. Material controls and assertions must be tested.
D. The majority of controls and assertions of the client must be tested.

62. In examining controls for transactions and events, which of the following assertions would be included:
A. occurrence.
B. completeness.
C. valuation.
D. all are included.

63. Which of the following is not correct about the performance of tests of controls?
A. Tests of controls must be performed for every account.
B. Some tests of controls must be performed to rely upon controls to reduce substantive testing.
C. The work of the internal auditor can be used to reduce substantive testing.
D. All of the above are correct.

64. In evaluating residual risk of account balances, tests of controls by the auditor involves the assessment of
A. the design of controls.
B. the operation of controls.
C. the strength of the control environment.
D. all of the above

65. In assessing internal controls the auditor is suppose to apply the concept of reasonable assurance, which
indicates that
A. there should be a clear separation of duties between personnel who authorize, record, and hold assets.
B. the costs of a control should not exceed its benefits.
C. testing of the controls should provide assurance that they work most of the time.
D. testing of the controls should provide reasonable assurance that they are working properly.

66. Which of the following statements about internal control is not correct?
A. The costs of the control should not exceed the benefits.
B. The auditors assessment of detection risk is inversely related to the assessment of control risk.
C. Stronger internal controls result in an increase in the number of required substantive audit procedures.
D. Management is responsible for the maintenance of internal control.

67. When assessing the client which of the following factors is considered pervasive and creates both an attitude
and culture that affects the clients reporting system, the process of recording transactions, and the process of
making estimates and adjustments.
A. The control environment.
B. Audit testing of processes and controls.
C. Design and operation of controls.
D. Inherent and control risk.

68. Segregation of duties deals with the segregation of which functions?


A. Recording and physical custody of assets.
B. Authorizing and recording assets.
C. Authorizing, recording, and physical custody of assets.
D. Authorizing, recording, physical custody, and access to assets.

69. If the auditors assessment of audit risk is low (e.g., 1% rather than 5%), what is the effect on the amount of
direct testing performed by the auditor?
A. Increase in direct testing.
B. Decrease in direct testing
C. No change in direct testing.
D. Direct testing is not needed.

70. If the auditors assessment of an account balance is material, what is the effect on the amount of direct
testing performed by the auditor?
A. Increase in direct testing.
B. Decrease in direct testing
C. No change in direct testing.
D. Direct testing is not needed.

71. If the auditors assessment of an internal control is that it is effective, what is the effect on the amount of
direct testing performed by the auditor?
A. Increase in direct testing.
B. decrease in direct testing
C. No change in direct testing.
D. Direct testing is not needed.

72. Large public company audited financial statements are required to be accompanied by:
A. managements report on internal control over financial reporting.
B. an external audit report on the financial statements and the effectiveness of internal control over financial
reporting.
C. the internal auditors report on the financial statements.
D. both A and B.
E. all of the above.

73. Control deficiencies result when there are deficiencies in the design or operation of controls and may result
in
A. reportable deficiencies.
B. significant deficiencies.
C. material weaknesses.
D. either B or C.
E. all of the above.

74. In an integrated audit the auditor must test the controls of all material processes of the client unless
A. substantive testing would be more effective and efficient.
B. the controls were in place last year.
C. there have been changes to the controls during the year.
D. the design of the control would not prevent material misstatements.

75. Even though there was a material weakness in internal control, management of the company issues an
unqualified report. What types of report(s) would the auditor issue?
A. An adverse opinion on managements assessment of internal control and in their report on internal control.
B. An unqualified opinion on managements assessment of internal control and an adverse opinion in their
report on internal control.
C. An unqualified opinion on managements assessment of internal control and in their report on internal
control.
D. An adverse opinion on managements assessment of internal control and an unqualified report on internal
control.

76. In an integrated audit the auditors report on internal control does not require the statement that
A. the audit was conducted in accordance with AICPA auditing standards.
B. management is responsible for maintaining effective internal control.
C. used COSOs internal control framework.
D. a reasonable basis exists for their opinion.

77. Which of the following factor(s) is considered by the auditor in evaluating the potential for residual risk
remaining in an account balance or class of transactions?
A. Sources of potential misstatement.
B. Extent of potential misstatement.
C. Type of potential misstatement.
D. All of the above should be considered.

78. Which of the following is not one of the phases in planning an integrated audit?
A. identifying and assessing business risk.
B. documenting all controls.
C. assessing fraud risk.
D. determining the most efficient manner in which to conduct an integrated audit.

79. Ultimately, the starting point of the integrated audit should be to understand all of the following except
A. the risks that the business faces in meeting its objectives, with a focus on the objective of accurate financial
reporting
B. the incentives that may motivate management or other employees to misstate the financial statements
C. the risks inherent in important business processes
D. the results of direct account substantive testing

80. The auditor could assess control risk for an account at the maximum when
A. immaterial control deficiencies exists in the account.
B. significant control deficiencies exists in an account.
C. material weaknesses exists in an account.
D. both A and B.

81. In an integrated audit, the amount of direct testing of account balances is inversely related to
A. subjectivity of estimates.
B. riskiness of the account.
C. effectiveness of internal control.
D. materiality of the account.

82. The types of opinion on internal control that may be issued are
A. Unqualified.
B. Qualified.
C. Adverse.
D. Either A or C.
E. All of the above.

83. Indicate the proper sequence of steps in planning an integrated audit:


1. Consider the Possibility of Account Misstatements.
2. Complete Preliminary Analytical Procedures.
3. Identify Controls to Test.
4. Update Information about Various Risks.
5. Understand the Clients Internal Controls.
A. 4, 2, 3, 5, 1
B. 4, 1, 2, 5, 3
C. 1, 4, 5, 2, 3
D. 1, 4, 2, 5, 3

84. The probability that an account balance might be misstated after processes are complete and internal
controls have been applied is
A. residual risk.
B. business risk.
C. audit risk.
D. control risk.

85. Direct testing examines


A. Controls.
B. Processes.
C. Account balances.
D. Both A and C.

86. Reporting requirements


Discuss the reporting requirements of an integrated audit under Sarbanes Oxley Act for both management and
the auditor.

87. Reporting requirements


Discuss elements that should be included in the auditors unqualified report.

88. Planning an integrated audit


Discuss the different steps and phases that are required in planning an integrated audit.

89. Changes in guidance


What are the major changes in guidance since the original issuance of AS 2.

90. Integrated Audit


The framework for audit evidence in an integrated audit contains several key elements for the auditor to
consider. Identify and discuss these key elements.

91. Identifying audit work


What are the fundamental questions that the auditor must address to determine the optimal amount of audit
work.

92. Risk-based audit approach


In conducting an integrated audit, discuss the potential effect of managements monitoring controls on the
auditors determination of the amount of direct testing of account balances that may be needed.

Chapter 6: Performing an Integrated Audit Key

1. A company with a strong control environment demonstrates a culture of high integrity and ethics.
TRUE

2. The requirement to report on internal control placed on public companies resulted from one particular type of
internal control breakdown: front line employees of some major public companies overrode their control
systems and issued misleading financial statements.
FALSE

3. During the course of the audit, the auditor should continually gather and update information on business risk,
including the identification of any fraud risk factors noted during preliminary audit planning.
TRUE

4. The auditor should not attempt to analyze potential management motivations to misstate account balances
since auditor is an accounting expert and not expected to perform behavioral assessments.
FALSE

5. Substantive procedures performed by the auditor will include procedures to address fraud risks.
TRUE

6. Recent research by COSO reinforces the concept that the control environment is not a very important factor
associated with fraud
FALSE

7. A material weakness in internal control is a deficiency in the design or operation of the control that adversely
affects the companys ability to initiate, record, process or report external financial data reliably in accordance
with GAAP.
FALSE

8. The concept of reasonable assurance regarding controls recognizes that the benefits of internal controls
should not exceed the cost.
FALSE

9. The auditor is required to report material weaknesses in internal control to the audit committee.
TRUE

10. In an integrated audit both management and the auditor are required to report on the fairness of the internal
control of the company.
TRUE

11. The purpose of tests of controls is to determine that account balances are properly stated.
FALSE

12. The purpose of the auditor consideration of the strength of internal controls is to determine the nature, extent
and timing of substantive testing.
TRUE

13. Pervasive controls are those that affect the processing of specific computer applications of the client.
FALSE

14. In an integrated audit the auditor is responsible to only form an opinion on the fairness of the financial
statements.
FALSE

15. If the auditor finds material weaknesses in the internal controls of the client a qualified report would be
issued.
FALSE

16. The auditors report on the internal controls and the financial statements of the client are required to be
reported in the same report.
FALSE

17. The major changes in guidance since the original issuance of AS 2 include encouragement to both
management and auditors to implement a top down, risk-based approach.
TRUE

18. Internal control reporting must be based on evidence of both the design and the operation of internal
controls.
TRUE

19. In an integrated audit the auditor is required to issue two separate reports. One on the fairness of the internal
controls and a second on the fairness of the financial statements.
FALSE

20. In an integrated audit the auditor is required to issue a report expressing an opinion on managements
assessment of the effectiveness of controls.
TRUE

21. If managements report on internal control indicates one or more material weaknesses, the auditor would
express an adverse opinion on the internal controls.
TRUE

22. If managements report on internal control indicates a material weakness, the auditor would express a
qualified opinion on the internal controls.
FALSE

23. The auditor is responsible to understand the controls of the client and to test all of its controls in the process
of evaluating the strength of the internal control system.
FALSE

24. Controls of the client that the auditor expects to depend upon in reducing substantive testing must be tested.
TRUE

25. A risk-based approach to an integrated audit requires auditors to consider the materiality of account
balances and processes along with the risks that the account balance may be misstated
TRUE

26. Controls for all assertions need not be tested if the auditor believes that a misstatement related to a particular
assertion would not be material.
TRUE

27. The direct tests of account balances are determined, in large part, by the specific nature of the identified
control deficiencies.
TRUE

28. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial
reporting that is more severe than a material weakness.
FALSE

29. In evaluating the strength of internal control in determining the nature, timing and extent of substantive
audit evidence to collect the auditor must form their own independent assessment. Audit evidence cannot be
reduced based upon the work of the internal auditor.
FALSE

30. In evaluating the strength of internal control in determining the nature, timing and extent of substantive
audit evidence to collect the auditor must form their own independent assessment. Audit evidence can be
reduced based upon the effectiveness of managements monitoring controls.
TRUE

31. The assessment of internal control is at the end of the clients reporting period. There is often an opportunity
to correct a deficiency before the end of the year if it is identified early enough.
TRUE

32. If the auditor finds material weaknesses in the internal controls of the client an adverse report would be
issued.
TRUE

33. The size of the account (materiality) influences, but does not totally dictate, whether substantive testing
should be performed.`
TRUE

34. To some extent, the external auditor can rely on some of the companys evaluation and/or testing of
controls, particularly work performed by a competent and independent internal audit function.
TRUE

35. The external auditor can never rely to any extent on some of the companys evaluation and/or testing of
controls, even when performed by a competent and independent internal audit function.
FALSE

36. No matter how low control risk is assessed, some substantive testing of account balances must be conducted
for material account balances.
TRUE

37. Under AS 5, the auditors objective in an audit of internal control over financial reporting is to express an
opinion on the effectiveness of the companys internal control over financial reporting.
TRUE

38. In an integrated audit the auditor conducts their audit of the internal controls of the company in accordance
with the standards of COSO, which requires reasonable assurance of maintenance in material respects.
FALSE

39. In an integrated audit an unqualified opinion on the internal controls over financial reporting can be issued
by the auditor if no misstatements are found in the financial statement audit.
FALSE

40. Management is responsible to document the COSO control elements, especially the control environment,
risk analysis, and monitoring.
TRUE

41. The financial competencies needed by an organization are directly correlated with the complexity of
transactions in which the company engages and the size of the company.
TRUE

42. Once a company establishes that it has effective internal control over processes, monitoring can be effective
by assuring that any changes made to the processes are fully documented and tested and that controls have not
deteriorated.
TRUE

43. Regardless of the level of assessed control risk, the auditor must conduct some substantive procedures for
material account balances.
TRUE

44. In the risk-based audit approach the control environment serves as the first line of defense in mitigating the
risks that a company has to manage.
TRUE

45. Managements evaluation of internal controls often presents opportunities to improve both the quality of
controls and the efficiency of processing.
TRUE

46. A company with a strong control environment demonstrates which of the following:
A. a culture of high integrity and ethics.
B. a commitment to financial reporting competencies.
C. an independent, active, and knowledgeable audit committee.
D. all of the above.

47. Regardless of the level of assessed control risk, the auditor must conduct some substantive procedures for
material account balances. These procedures may include which of the following.
A. input from the audit teams brainstorming analysis regarding potential for fraud.
B. the size of the account balance.
C. how IT affects the company's flow of transactions.
D. all of the above.

48. Research has found that the most fraudulent financial reporting, such as misleading reporting was
perpetrated by which of the following.
A. lower-level employees.
B. external auditors.
C. internal auditors.
D. senior management.

49. The auditor considers internal control in order to determine


A. the nature, timing and extent of substantive testing to perform.
B. inherent risk in an account balance.
C. an acceptable level of control risk for an account balance.
D. Both B and C.

50. For the auditor to assess control risk for account balances at less than the maximum
A. no significant weaknesses must have occurred.
B. the internal auditor must test and evaluate some of the controls.
C. the external auditor must test and evaluate some of the controls.
D. management must test and evaluate some of the controls.

51. Under what circumstance is it appropriate for the auditor to rely on the work of an internal auditor?
A. It is never acceptable for the external auditor to rely upon the work of the internal auditor.
B. The external auditor may relay on certain of the work of the internal auditor after making a comprehensive
assessment of the auditor and his/her work.
C. The external auditor may rely on the work of the internal auditor if he/she is also a CPA.
D. There is no restriction in relying upon the work of internal auditors.

52. The risk-based audit approach requires the auditor to identify


A. account balances or related disclosures that might be materially misstated.
B. potential causes of the misstatement.
C. important processes that may affect one or more account balances.
D. all of the above.

53. An adverse report on internal controls is rendered when the auditor finds
A. a significant weakness in the internal controls of the client.
B. a material weakness in the internal controls of the client.
C. a deficiency in operation of the internal controls of the client.
D. all of the above would result in an adverse opinion.

54. The amount of direct testing to be performed by the auditor is directly related to
A. audit risk
B. business risk.
C. subjectivity of account balances.
D. both B and C.

55. The amount of direct testing to be performed by the auditor is inversely related to
A. audit risk.
B. enterprise risk.
C. subjectivity of accounting process.
D. materiality of account balance.

56. If the auditor assesses control risk dealing with account balances as being weak, the effect on residual risk is
to
A. reduce residual risk.
B. increase residual risk.
C. no effect on residual risk.
D. either A or B depending upon presence or absence of significant deficiencies.

57. In evaluating the extent to which the external auditor can rely on the work of the internal auditor, which of
the following factors would the external auditor consider?
A. The independence of the function from management.
B. The design and comprehensiveness of the internal audit testing approach.
C. The documentation of the internal audit testing.
D. All would be considered.

58. If the auditor finds a material weakness in the controls of the client, it represents a deficiency in the design
or operation of a control
A. that adversely affects the companys ability to initiate, record, process, or report external financial data
reliably in accordance with GAAP.
B. that negatively affects the companys ability to initiate, record, process, or report external financial data
reliably in accordance with GAAP.
C. that results in a remote possibility that a material misstatement of the annual or interim financial statements
will not be prevented or detected.
D. that results in a reasonable possibility that a material misstatement of the annual or interim financial
statements will not be prevented or detected.

59. In planning the audit, auditors assess control risk for


A. each relevant assertion.
B. important classes of transactions.
C. significant account balances.
D. all of the above.

60. When would the auditor issue an unqualified opinion on the internal controls of a client?
A. No material weaknesses in internal controls are found.
B. No significant deficiencies in internal controls are found.
C. No errors are found in the account balances of the client.
D. Either A or B.

61. Which assertions and controls must be tested by the auditor?


A. All controls and assertions must be tested.
B. A sample of controls and assertions must be tested.
C. Material controls and assertions must be tested.
D. The majority of controls and assertions of the client must be tested.

62. In examining controls for transactions and events, which of the following assertions would be included:
A. occurrence.
B. completeness.
C. valuation.
D. all are included.

63. Which of the following is not correct about the performance of tests of controls?
A. Tests of controls must be performed for every account.
B. Some tests of controls must be performed to rely upon controls to reduce substantive testing.
C. The work of the internal auditor can be used to reduce substantive testing.
D. All of the above are correct.

64. In evaluating residual risk of account balances, tests of controls by the auditor involves the assessment of
A. the design of controls.
B. the operation of controls.
C. the strength of the control environment.
D. all of the above

65. In assessing internal controls the auditor is suppose to apply the concept of reasonable assurance, which
indicates that
A. there should be a clear separation of duties between personnel who authorize, record, and hold assets.
B. the costs of a control should not exceed its benefits.
C. testing of the controls should provide assurance that they work most of the time.
D. testing of the controls should provide reasonable assurance that they are working properly.

66. Which of the following statements about internal control is not correct?
A. The costs of the control should not exceed the benefits.
B. The auditors assessment of detection risk is inversely related to the assessment of control risk.
C. Stronger internal controls result in an increase in the number of required substantive audit procedures.
D. Management is responsible for the maintenance of internal control.

67. When assessing the client which of the following factors is considered pervasive and creates both an attitude
and culture that affects the clients reporting system, the process of recording transactions, and the process of
making estimates and adjustments.
A. The control environment.
B. Audit testing of processes and controls.
C. Design and operation of controls.
D. Inherent and control risk.

68. Segregation of duties deals with the segregation of which functions?


A. Recording and physical custody of assets.
B. Authorizing and recording assets.
C. Authorizing, recording, and physical custody of assets.
D. Authorizing, recording, physical custody, and access to assets.

69. If the auditors assessment of audit risk is low (e.g., 1% rather than 5%), what is the effect on the amount of
direct testing performed by the auditor?
A. Increase in direct testing.
B. Decrease in direct testing
C. No change in direct testing.
D. Direct testing is not needed.

70. If the auditors assessment of an account balance is material, what is the effect on the amount of direct
testing performed by the auditor?
A. Increase in direct testing.
B. Decrease in direct testing
C. No change in direct testing.
D. Direct testing is not needed.

71. If the auditors assessment of an internal control is that it is effective, what is the effect on the amount of
direct testing performed by the auditor?
A. Increase in direct testing.
B. decrease in direct testing
C. No change in direct testing.
D. Direct testing is not needed.

72. Large public company audited financial statements are required to be accompanied by:
A. managements report on internal control over financial reporting.
B. an external audit report on the financial statements and the effectiveness of internal control over financial
reporting.
C. the internal auditors report on the financial statements.
D. both A and B.
E. all of the above.

73. Control deficiencies result when there are deficiencies in the design or operation of controls and may result
in
A. reportable deficiencies.
B. significant deficiencies.
C. material weaknesses.
D. either B or C.
E. all of the above.

74. In an integrated audit the auditor must test the controls of all material processes of the client unless
A. substantive testing would be more effective and efficient.
B. the controls were in place last year.
C. there have been changes to the controls during the year.
D. the design of the control would not prevent material misstatements.

75. Even though there was a material weakness in internal control, management of the company issues an
unqualified report. What types of report(s) would the auditor issue?
A. An adverse opinion on managements assessment of internal control and in their report on internal control.
B. An unqualified opinion on managements assessment of internal control and an adverse opinion in their
report on internal control.
C. An unqualified opinion on managements assessment of internal control and in their report on internal
control.
D. An adverse opinion on managements assessment of internal control and an unqualified report on internal
control.

76. In an integrated audit the auditors report on internal control does not require the statement that
A. the audit was conducted in accordance with AICPA auditing standards.
B. management is responsible for maintaining effective internal control.
C. used COSOs internal control framework.
D. a reasonable basis exists for their opinion.

77. Which of the following factor(s) is considered by the auditor in evaluating the potential for residual risk
remaining in an account balance or class of transactions?
A. Sources of potential misstatement.
B. Extent of potential misstatement.
C. Type of potential misstatement.
D. All of the above should be considered.

78. Which of the following is not one of the phases in planning an integrated audit?
A. identifying and assessing business risk.
B. documenting all controls.
C. assessing fraud risk.
D. determining the most efficient manner in which to conduct an integrated audit.

79. Ultimately, the starting point of the integrated audit should be to understand all of the following except
A. the risks that the business faces in meeting its objectives, with a focus on the objective of accurate financial
reporting
B. the incentives that may motivate management or other employees to misstate the financial statements
C. the risks inherent in important business processes
D. the results of direct account substantive testing

80. The auditor could assess control risk for an account at the maximum when
A. immaterial control deficiencies exists in the account.
B. significant control deficiencies exists in an account.
C. material weaknesses exists in an account.
D. both A and B.

81. In an integrated audit, the amount of direct testing of account balances is inversely related to
A. subjectivity of estimates.
B. riskiness of the account.
C. effectiveness of internal control.
D. materiality of the account.

82. The types of opinion on internal control that may be issued are
A. Unqualified.
B. Qualified.
C. Adverse.
D. Either A or C.
E. All of the above.

83. Indicate the proper sequence of steps in planning an integrated audit:


1. Consider the Possibility of Account Misstatements.
2. Complete Preliminary Analytical Procedures.
3. Identify Controls to Test.
4. Update Information about Various Risks.
5. Understand the Clients Internal Controls.
A. 4, 2, 3, 5, 1
B. 4, 1, 2, 5, 3
C. 1, 4, 5, 2, 3
D. 1, 4, 2, 5, 3

84. The probability that an account balance might be misstated after processes are complete and internal
controls have been applied is
A. residual risk.
B. business risk.
C. audit risk.
D. control risk.

85. Direct testing examines


A. Controls.
B. Processes.
C. Account balances.
D. Both A and C.

86. Reporting requirements


Discuss the reporting requirements of an integrated audit under Sarbanes Oxley Act for both management and
the auditor.
Management is responsible to issue a report assessing the effectiveness of the companys internal controls over
financial reporting.
The auditor is responsible to issue three reports:
1) express an opinion on managements assertion of the effectiveness of the companys internal controls over
financial reporting.
2) express an opinion about the effectiveness of the companys internal controls over financial reporting.
3) express an opinion on the fairness of the financial statements in accordance with GAAP.

87. Reporting requirements


Discuss elements that should be included in the auditors unqualified report.
The auditors unqualified report should contain the following elements:
-The internal control report is contained in the same report that contains the opinion on the financial statements.
An acceptable alternative is to issue two reports: one on the financial statements and the other on internal
controls. However, if separate reports are issued, each report must refer to the other report.
-The auditor provides an opinion on the effectiveness of internal control in the context of agreed upon criteria,
that is, the COSO Internal Control, Integrated Framework.
-The auditor recognizes and conveys to users that there are limitations of internal control that can affect its
effectiveness in the future.

88. Planning an integrated audit


Discuss the different steps and phases that are required in planning an integrated audit.
The planning of an integrated audit consists of five phases:
Phase 1 & 2
Update Information about Various Risks.
Consider the Possibility of Account Misstatements.
Complete Preliminary Analytical Procedures.
Understand the Clients Internal Controls.
Phase 3 & 4
Identify controls to test.
Make a plan to test the controls and execute that plan.
Consider the results of control testing.
Conduct substantive audit tests.

89. Changes in guidance


What are the major changes in guidance since the original issuance of AS 2.
* Encouragement to both management and auditors to implement a top-down, risk-based approach.
* Clarity in the definition of material weakness that there should be a reasonable possibility that a material
misstatement could occur in an account balance because of the control deficiency.
* Recognition that the external auditor can rely on the work of management in assessing internal controls,
particularly on work performed by a competent and independent internal audit function.
* Additional emphasis on the need to document the auditors reasoning process linking control deficiencies to
specific tests of account balances.
* Increased focus on improving audit efficiency by encouraging greater reliance on effective internal controls in
reducing the amount of substantive tests of account.

90. Integrated Audit


The framework for audit evidence in an integrated audit contains several key elements for the auditor to
consider. Identify and discuss these key elements.
* The quality of internal control affects the reliability of financial statement data.
* The control environment is pervasive and affects the process of recording transactions, making estimates, and
making adjusting entries.
* If the control environment is strong and the controls over transaction processing, adjusting, and estimating are
good, then both management and the auditor would have a high degree of confidence that the financial accounts
are fairly stated and financial disclosures are adequate.
* A potential for misstatements exists in inputting, processing, estimating, or adjusting account balances.
* There is always a need to perform some substantive testing of material account balances, but the nature,
timing, and extent of that testing will depend on the quality of internal controls.
* The auditors evidence is based on testing internal controls, testing transactions, and substantive tests of
account balances, including substantive analytical procedures and direct tests of account balances.

91. Identifying audit work


What are the fundamental questions that the auditor must address to determine the optimal amount of audit
work.
How much assurance can be obtained regarding audit risk when internal control is present and working?
If control activities within major processes are working properly throughout the year, what is the residual risk
that remains that an account balance can still be misstated?
What is the risk that the auditors evaluation of internal controls might be incorrect?
Which account balances contain more than an acceptable amount of risk that a material misstatement could
occur?
How would a misstatement in a material account balance most likely occur?
What are the most effective substantive tests of account balances to determine whether there is a misstatement
in the account balance?

92. Risk-based audit approach


In conducting an integrated audit, discuss the potential effect of managements monitoring controls on the
auditors determination of the amount of direct testing of account balances that may be needed.
Monitoring is the process by which the organization determines whether its other control procedures are
operating effectively. Section 404 of SOX requires that organizations have a monitoring component to their
internal control system.
The amount of direct testing of account balances by the auditor depends upon the thoroughness of
managements assessment process, i.e., the adequacy of their controls and of their testing and documentation of
those controls, including for example the strength of the internal control department.The auditor is allowed to
rely upon the work performed within the organization so long as certain conditions are met. The auditor has to
independently determine which controls need to be tested and to take samples based on their planning
parameters, audit sampling principles, and the independence and reliability of managements tests. The level of
direct testing by the auditor can be greatly reduced and even eliminated on some accounts. However, the auditor
has to test and evaluate managements assessment process and perform enough of their own work to be able to
make an independent decision in gathering sufficient competent evidential matter to support their conclusion
that only a low level of residual risk remains in account balances and the financial statements.