Auditing
Auditing
Auditing
1) A measure of how willing the auditor is to accept that the financial statements may be
materially misstated after the audit is completed and an unqualified opinion has been issued
is the:
A) inherent risk.
B) acceptable audit risk.
C) statistical risk.
D) financial risk.
Answer: B
2) A measure of the auditor's assessment of the likelihood that there are material
misstatements in an account before considering the effectiveness of the client's internal
control is called:
A) control risk.
B) acceptable audit risk.
C) statistical risk.
D) inherent risk.
Answer: D
5) The auditor uses knowledge gained from the understanding of the client's business and
industry to assess:
A) client business risk.
B) control risk.
C) inherent risk.
D) audit risk.
Answer: A
6) There are three main reasons why an auditor should properly plan audit engagements.
Discuss each of these reasons.
Answer:
Three reasons why an auditor should properly plan audit engagements are:
• To enable the auditor to obtain sufficient competent evidence for the circumstances. This
is essential for minimizing legal liability and maintaining a good profession reputation.
• To help keep audit costs reasonable. Given the competitive auditing environment,
keeping costs reasonable helps the firm obtain and retain clients.
• To avoid misunderstandings with the client. This is important for good client relations.
7) When an auditor decides there is higher inherent risk for an account, one potential effect is
that more audit evidence will be required for that account.
Answer: TRUE
8) As acceptable audit risk is decreased, the likely cost of conducting an audit increases.
Answer: TRUE
9) Obtaining sufficient appropriate evidence is essential if the CPA firm is to minimize legal
liability.
Answer: TRUE
1
and successor auditors?
A) The burden of initiating the communication rests with the predecessor.
B) The predecessor's response can be limited to stating that no information will be provided.
C) The predecessor should communicate with the successor only if the client is public.
D) The predecessor auditor of a public company does not need permission from the client
before communicating with the successor auditor.
Answer: B
10) The purpose of an engagement letter is to:
A) document the CPA firm's responsibility to external users of the audited financial
statements.
B) document the terms of the engagement.
C) notify the audit staff of an upcoming engagement so that personnel scheduling can be
facilitated.
D) emphasize management's responsibility for approving the audit program.
Answer: B
11) Written communication that the auditor will provide reasonable assurance for the
detection of fraud is found in:
A) engagement letter.
B) representation letter.
C) responsibility letter.
D) client letter.
Answer: A
13) The two major factors affecting acceptable audit risk are:
A) inherent risk and the intended uses of the financial statements.
B) control risk and the intended uses of the financial statements.
C) the likely statement users and the intended uses of the statements.
D) the audit firm and the intended uses of the statements
Answer: C
15) The preliminary audit strategy:
A) is set before the auditor understands the client's reasons for the audit.
B) guides the development of the audit plan.
C) is determined after the engagement staffing is set.
D) is the detailed steps to be followed for the substantive audit tests.
Answer: B
16) The purpose of the requirement in having communication between the predecessor and
successor auditors is to:
A) allow the predecessor to disclose information which would otherwise be confidential.
B) help the successor auditor to evaluate whether to accept the engagement.
C) help the client by facilitating the change of auditors.
D) ensure the predecessor collects all unpaid fees prior to a change in auditor.
Answer: B
2
of the business entity should:
A) engage financial experts familiar with the nature of the business entity.
B) obtain a knowledge of matters that relate to the nature of the entity's business.
C) refer a substantial portion of the audit to another CPA who will act as the principal
auditor.
D) first inform management that an unqualified opinion cannot be issued.
Answer: B
28) Discuss the primary purpose of an audit engagement letter. Is an engagement letter
required?
Answer: The purpose of an audit engagement letter is to establish a clear understanding
between the auditor and the client regarding the terms of the engagement. An engagement is
required for both public and private company audits.
30) Discuss the required communications between predecessor and successor auditors.
Answer: Auditing standards require a successor auditor to communicate with the
predecessor auditor whenever accepting a client that has been previously audited. The
purpose of the communication is to help the successor auditor evaluate whether to accept the
engagement. While the burden of initiating the communication rests on the successor auditor,
the predecessor auditor must respond to the request for information. However, because of the
requirements related to confidentiality, the predecessor must obtain the former client's
permission prior to providing information to the successor.
Terms: Required communications between predecessor and successor auditors
31) Discuss several reasons why an auditor may not wish to continue a relationship with an
existing audit client.
Answer: There are a number of reasons an auditor may choose not to continue a relationship
with an existing client. Examples include:
1. Previous conflicts over accounting issues, scope of the audit, type of opinion, or fees.
2. Management integrity may be deemed to be insufficient.
3. Legal action initiated by either the auditor or client related to prior audit services.
4. The presence of excessive risk which could result in financial failure of the client or
lawsuits against the audit firm.
34) For prospective clients that have previously been audited by another CPA firm, the
predecessor auditor is required to communicate with the successor auditor.
Answer: FALSE
35) When a successor auditor contacts a company's previous auditor, the predecessor auditor
is required to respond fully and without limit to the request for information.
Answer: FALSE
38) Because of audit risk, some CPA firms now refuse any new clients in certain high-risk
industries.
Answer: TRUE
39) An engagement letter establishes a clear understanding of the terms of the engagement
between the client and the auditor, but it is optional for private companies.
Answer: TRUE
41) If a prospective client has been audited in the past, the successor auditor will typically
rely solely on the representations about the client by the predecessor auditor.
3
Answer: FALSE
42) A major consideration in audit staffing is the need for continuity from year to year.
Answer: TRUE
43) When a successor auditor requests information from a company's previous auditor, and
there are legal problems or disputes between the client and the predecessor auditor, the
predecessor auditor's response to the new auditor may be limited to stating that no
information will be provided.
Answer: TRUE
44) An engagement letter can affect the CPA firm's legal responsibilities to the client, but does
not affect responsibility to external users of audited financial statements.
Answer: TRUE
2) Most auditors assess inherent risk as high for related parties and related-party transactions
because:
A) of the unique classification of related-party transactions required on the balance sheet.
B) of the lack of independence between the parties.
C) of the unique classification of related-party transactions required on the income statement.
D) it is required by generally accepted accounting principles.
Answer: B
3) The audit team gathers information about a new client's business and industry in order to
obtain:
A) an understanding of the clients internal control system for financial reporting.
B) an understanding of how economic events and transactions have an effect on the
company's financial statements.
C) information about control risk.
D) information regarding whether the company is engaging in financial statement fraud.
Answer: B
5) An official record of meetings of the board of directors and stockholders is included in the
corporate:
A) bylaws.
B) charter.
C) minutes.
D) license.
Answer: C
4
8) An auditor should examine minutes of the board of directors' meetings:
A) through the date of the financial statements.
B) through the date of the audit report.
C) only at the beginning of the audit.
D) on a test basis.
Answer: B
9) Which of the following would most likely not be classified as a related-party transaction?
A) An advance of one week's salary to an employee
B) Sales of merchandise between affiliated companies
C) Loans or credit sales to the principal owner of the client company
D) Exchanges of equipment between two companies owned by the same person
Answer: A
12) Define the term "related party" and discuss why an auditor should identify the client's
related parties early in the audit.
Answer: A related party is an affiliated company, principal owner of the client company, or
any other party with which the client deals where one of the parties can influence the
management or operating policies of the other. Auditors need to be aware of who the client's
related parties are early in the audit to enable the auditor to identify related-party
transactions, especially those that have not been disclosed.
Terms: Related party
15) There are three primary reasons for obtaining a thorough understanding of the client's
industry and external environment. What are these reasons?
Answer: The three reasons are:
• Risks associated with specific industries may affect the auditor's assessment of client
business risk and acceptable audit risk.
• Certain inherent risks are typically common to all clients in certain industries. Familiarity
with those risks aids the auditor in assessing their relevance to the client.
• Many industries have unique accounting requirements that the auditor must understand
to evaluate whether the client's financial statements are in accordance with accounting
standards.
16) Auditors should obtain copies of the client's code of ethics and minutes of the meetings of
the board of directors to aid in their understanding of the company's management and
governance structure.
Answer: TRUE
17) Many inherent risks are common to all clients in certain industries.
Answer: TRUE
18) Transactions with related parties must be disclosed in the financial statements if they are
deemed to be material.
Answer: TRUE
5
19) All know related parties must be identified and included in the auditor's permanent files
related to the client.
Answer: TRUE
22) Ordinarily, the auditor should review corporate minutes during the later stages of an
audit.
Answer: FALSE
23) Material transactions between the client and the client's related parties must be disclosed
in the auditor's report.
Answer: FALSE
24) A tour of the client's facilities can help the auditor assess physical safeguards over assets
and interpret accounting data related to assets such as factory equipment.
Answer: TRUE
1) An auditor has accessed client business risk and the risk of material misstatements to the
clients financial statements. These are done in order to:
A) apply the audit risk model to determine the appropriate extent of audit evidence.
B) determine the reliance on the company's internal control systems for financial reporting.
C) determine the test of balances to be performed by the audit team.
D) assure the CPA firm that they can perform the audit effectively and efficiently.
Answer: A
2) Business risk:
A) is the risk after considering the effectiveness of top management controls.
B) is the risk that the client's internal controls will fail.
C) can include a new technology which threatens to erode a company's competitive
advantage.
D) cannot be mitigated by management.
Answer: C
3) Define business risk. List several factors that may impact the auditor's assessment of
business risk.
Answer: Business risk is the risk that a company will fail to achieve its objectives.
Factors that may impact business risk include:
• General economic conditions,
• Significant declines in the economy that threaten the client's cash flows,
• New technology eroding a company's competitive advantage
• Company failing to execute its strategies as well as its competitors
• Extent of competition within an industry,
• Changing regulatory requirements,
• Competence of management,
• Ability to maintain sufficient cash flows and secure financing, and
• Successful implementation of business strategies.
6
2) In order to be meaningful, a company's ratios should be compared to their prior year's
ratios, not industry benchmarks.
Answer: FALSE
1) During audit planning, the auditor uses analytical procedures primarily to:
A) identify weaknesses in internal control.
B) determine if the company's financial statements appear reasonable and are free of material
misstatement.
C) determine the correspondence of the company's financial statements to the valuation and
accuracy audit objectives.
D) determine the nature, extent, and timing of audit procedures.
Answer: D
2) Which of the following is most correct with respect to the use of analytical procedures?
A) Analytical procedures may be used in evaluating balances in the testing phase as long as
the auditor also uses them in assessing the going concern assumption.
B) Analytical procedures must be used throughout the audit.
C) Analytical procedures used in the testing phase of the audit are primarily used to direct an
auditor's attention so that the auditor's understanding of the business is improved.
D) Analytical procedures are performed by studying plausible relationships between
financial and nonfinancial data.
Answer: D
3) Analytical procedures:
A) are not a type of audit evidence.
B) are not required during the completion phase of the audit.
C) performed during the planning phase of the audit are used as a substantive test in support
of account balances.
D) performed in the completion phase serve as a final review for material misstatements or
financial problems.
Answer: D
4) Discuss the four primary purposes of analytical procedures performed during the planning
phase of an audit.
Answer: The four primary purposes of preliminary analytical procedures are:
• to help the auditor understand the client's industry and business,
• to help the auditor assess the going concern assumption,
• to indicate areas of possible misstatements, and
• to reduce the extent of detailed tests.
5) Auditors routinely conduct analytical procedures in the planning, testing, and completion
phases of the audit. Identify the primary and secondary purposes of performing analytical
procedures in each phase of the audit.
Answer:
• Planning — primary purposes are to understand the client's business and industry and
indicate possible misstatements. Secondary purposes are to assess going concern and reduce
detailed tests.
• Testing — primary purpose is to reduce detailed tests and secondary purpose is to
indicate possible misstatements
• Completion — primary purpose is to indicate possible misstatements and secondary
purpose is to assess going concern
Terms: Primary and secondary purposes of analytical procedures in planning, testing, and completion
phases of audit
7
6) One purpose of performing preliminary analytical procedures in the planning phase of an
audit is to help the auditor make a preliminary assessment of control risk.
Answer: FALSE
4) When performing planning analytical procedures for a client the auditor detected that the
gross profit percentage had declined by 50% from the previous year to the year currently
under audit. The auditor should:
A) investigate the possibility the client may have made an error in their cost of goods sold
computation.
B) assist management in developing greater cost efficiencies in their product line.
C) prepare a going concern opinion for the client.
D) advise the client to have extensive disclosure to alleviate investor concerns.
Answer: A
5) When are auditors likely to encounter judgment problems in the use of analytical
procedures?
A) Whenever the auditor places reliance on management's explanations for unusual
fluctuations in account balances without first developing independent expectations
B) Whenever the auditor allows unaudited balances to unduly influence his/her expectations
of current balances
C) Whenever the auditor fails to consider the pattern reflected by several unusual
fluctuations when trying to explain what caused them
D) The auditor is likely to encounter judgment problems in each of the above instances.
Answer: D
6) The major concern when using nonfinancial data in analytical procedures is the:
A) accuracy of the nonfinancial data.
B) source of the nonfinancial data.
C) type of nonfinancial data.
D) presence of multiple sources of nonfinancial data.
Answer: A
2) When using financial ratios, the most important comparisons are to those of previous years
8
for the company and to industry averages or similar companies for the same year.
Answer: TRUE
3) Auditors are responsible for determining whether financial statements are materially
misstated, so upon discovering a material misstatement they must bring it to the attention of:
A) regulators.
B) the audit firm's managing partner.
C) the client shareholders.
D) the client.
Answer: D
1) Audit standards require the auditor to consider materiality early in the audit. Which
statement(s) regarding preliminary materiality are true?
I. Preliminary materiality may change during the engagement.
II. Preliminary materiality is the maximum amount by which the auditor believes the
financials could be misstated and still not affect the decisions of reasonable users.
A) I only
B) II only
C) both I and II
D) neither are true
Answer: C
3) If an auditor establishes a relatively high level for materiality, then the auditor will:
A) accumulate more evidence than if a lower level had been set.
B) accumulate less evidence than if a lower level had been set.
9
C) accumulate approximately the same evidence as would be the case were materiality lower.
D) accumulate an undetermined amount of evidence.
Answer: B
4) The preliminary judgment about materiality and the amount of audit evidence
accumulated are ________ related.
A) directly
B) indirectly
C) not
D) inversely
Answer: D
5) Which of the following is the primary basis used to decide materiality for a for-profit
entity?
A) Net sales
B) Net assets
C) Net income before tax
D) All of the above
Answer: C
6) Auditing standards ________ that the basis used to determine the preliminary judgment
about materiality be documented in the audit files.
A) permit
B) do not allow
C) require
D) strongly encourage
Answer: C
7) Amounts involving fraud are usually considered ________ important than unintentional
errors of equal dollar amounts.
A) less
B) no less
C) no more
D) more
Answer: D
8) Qualitative factors can affect an auditor's assessment of materiality. Which of the following
statements is true?
I. Misstatements that are otherwise immaterial may be material if they affect earnings
trends.
II. Misstatements that are otherwise minor may be material if there are possible
consequences arising from contractual obligations.
A) I only
B) II only
C) I and II
D) neither I nor II
Answer: C
9) The five steps in applying materiality are listed below in random order.
1. Estimate the combined misstatement.
2. Estimate the total misstatement in the segment.
3. Set materiality for the financial statements as a whole.
4. Determine performance materiality.
5. Compare combined estimate with preliminary judgment about materiality.
10
The first three steps in correct sequence would be:
A) 1, 2, 5
B) 3, 4, 2
C) 2, 1, 5
D) 3, 2, 4
Answer: B
16) The auditor's preliminary judgment about materiality is the maximum amount by which
the auditor believes the financial statements could be misstated and still not affect the
decisions of reasonable users.
Answer: TRUE
17) Preliminary judgments about materiality are often changed during the course of the
engagement.
Answer: TRUE
18) Net assets are the most often used base for deciding materiality.
Answer: FALSE
19) The lower the dollar amount of the preliminary judgment the more audit evidence is
required.
Answer: TRUE
20) Amounts involving fraud are not usually considered qualitative factors affecting the
preliminary materiality judgment.
Answer: FALSE
21) CPA firms can establish policy guidelines to help their auditors determine materiality.
Answer: TRUE
11
22) Statements on Auditing Standards provide detailed, objective guidance on how auditors
are to establish a preliminary materiality level, thus eliminating the need for subjective
auditor judgment in this task.
Answer: FALSE
23) If the preliminary judgment of materiality increases, the amount of audit evidence
required will decrease.
Answer: TRUE
24) Net income before tax is the normal base used to determine materiality in a not-for-profit
company.
Answer: FALSE
1) When auditors allocate the preliminary judgment about materiality to account balances,
the materiality allocated to any given account balance is referred to as:
A) the materiality range.
B) the error range.
C) tolerable materiality.
D) performance materiality.
Answer: D
3) Which of the following is an incorrect statement regarding the allocation of the preliminary
judgment about materiality to balance sheet accounts?
A) Auditors expect certain accounts to have more misstatements than others.
B) The allocation has virtually no effect on audit costs because the auditor must collect
sufficient appropriate audit evidence.
C) Auditors expect to identify overstatements as well as understatements in the accounts.
D) Relative audit costs affect the allocation.
Answer: B
4) Which of the following statements is true concerning the allocation of preliminary
materiality?
A) It is necessary to allocate preliminary materiality to financial statements as a whole rather
than by segments.
B) Preliminary materiality should be allocated to income statement accounts only.
C) Preliminary materiality is required by the SEC.
D) The PCAOB term used when preliminary materiality is allocated to segments is tolerable
misstatement.
Answer: D
7) When allocating performance materiality:
A) it is easy to predict in advance which accounts are mot likely to be misstated.
B) only overstatements need to be considered.
C) professional judgment is critical.
D) the sum of all the performance materiality levels cannot exceed the preliminary judgment
about materiality.
Answer: C
12
8) When allocating materiality, most practitioners choose to allocate to:
A) the income statement accounts because they are more important.
B) the balance sheet accounts because most audits focus on the balance sheet.
C) both balance sheet and income statement accounts because there could be errors on either.
D) all of the financial statements because it is required by GAAS.
Answer: B
9) Which of the following is a correct statement regarding performance materiality?
A) Determining performance materiality is necessary because auditors accumulate evidence
by segments.
B) The level of performance materiality does not affect the amount of evidence needed.
C) Performance materiality cannot vary for different classes of transactions.
D) Performance materiality is required for public companies, but not for private companies.
Answer: A
12) Most practitioners allocate the preliminary judgment about materiality to both the balance
sheet and income statement accounts.
Answer: FALSE
13) The primary purpose of allocating the preliminary judgment about materiality to financial
statement accounts is to help the auditor decide the appropriate evidence to accumulate.
Answer: TRUE
14) Both overstatements and understatements must be considered when allocating materiality
to balance sheet accounts.
Answer: TRUE
16) To maximize audit efficiency, the auditor should allocate less tolerable misstatement to
accounts that can be verified by using low-cost audit procedures, such as analytical
procedures, than to accounts that are more costly to audit.
Answer: TRUE
1) Auditors are ________ to document the known and likely misstatements in the financial
statements under audit.
A) permitted
B) required
C) not allowed
D) strongly encouraged
Answer: B
2) ________ misstatements are those where the auditor can determine the amount of the
misstatement in the account.
A) Potential
B) Likely
C) Known
D) Projected
Answer: C
13
6) The preliminary judgment on materiality is compared to the total estimated misstatement
amount to determine if an account balance is materially misstated.
Answer: TRUE
10) If the auditor approaches the audit of the accounts in s sequential manner, the findings of
the audit of accounts audited earlier can be used to revise the performance materiality
established for accounts audited later.
Answer: TRUE
5) The most important element of the audit risk model is control risk.
Answer: FALSE
6) The audit risk model that must be used for planning audit procedures and evaluating audit
results is:
= AAR.
Answer: FALSE
1) The measurement of the auditor's assessment of the likelihood that there are material
misstatements due to error or fraud in a segment before considering the effectiveness of
internal controls is defined as:
A) audit risk.
B) inherent risk.
C) sampling risk.
D) detection risk.
Answer: B
2) The risk that audit evidence for a segment will fail to detect misstatements exceeding
performance materiality levels is:
A) audit risk.
B) control risk.
14
C) inherent risk.
D) planned detection risk.
Answer: D
4) Inherent risk is ________ related to detection risk and ________ related to the amount of
audit evidence.
A) directly, inversely
B) directly, directly
C) inversely, inversely
D) inversely, directly
Answer: D
5) Auditors frequently refer to the terms audit assurance, overall assurance, and level of
assurance to refer to ________.
A) detection risk
B) audit report risk
C) acceptable audit risk
D) inherent risk
Answer: C
6) If planned detection risk is reduced, the amount of evidence the auditor accumulates will:
A) increase.
B) decrease.
C) remain unchanged.
D) be indeterminate.
Answer: A
15
D) are directly related to audit risk.
Answer: B
10) To what extent do auditors typically rely on internal controls of their public company
clients?
A) Extensively
B) Only very little
C) Infrequently
D) Never
Answer: A
11) Auditors typically rely on internal controls of their private company clients:
A) only as needed to complete the audit and satisfy Sarbanes-Oxley requirements.
B) only if the controls are determined to be effective.
C) only if the client asks an auditor to test controls.
D) only if the controls are sufficient to increase Control Risk to an acceptable level.
Answer: B
16
Answer: A
18) An auditor who audits a business cycle that has low inherent risk should:
A) increase the amount of audit evidence gathered.
B) assign more experienced staff to that area.
C) increase the performance materiality level for the area.
D) expand planning procedures.
Answer: C
19) Match the terms below (a-h) with the definitions provided below (1-8):
________ 1. A measure of the risk that audit evidence for a segment will fail to detect
misstatements exceeding the performance materiality amount, should such misstatements
exist.
________ 3. A measure of how much risk the auditor is willing to take that the financial
statements may be materially misstated after the audit is completed and an unqualified audit
opinion has been issued.
________ 5. The maximum amount by which the auditor believes that the statements could be
misstated and still not affect the decisions of reasonable users.
________ 8. A measure of the auditor's assessment of the likelihood that there are material
misstatements before considering the effectiveness of internal control.
Answer:
1. c
2. g
3. e
4. f
5. a
6. d
7.h
17
8. b
20) Using your knowledge of the relationships among acceptable audit risk, inherent risk,
control risk, planned detection risk, performance materiality, and planned evidence, state the
effect on planned evidence (increase or decrease) of changing each of the following factors,
while the other factors remain unchanged.
21) If acceptable audit risk is low, and inherent risk and control risk are both low, then
planned detection risk should be high.
Answer: TRUE
22) If the audit assurance rate is 95%, then the level of acceptable audit risk is 5%.
Answer: TRUE
23) A high detection risk equates to a low amount of audit evidence needed.
Answer: FALSE
24) For a private company client, auditors are required to test any internal controls they
believe have not been operating effectively during the period under audit.
Answer: FALSE
25) There is a direct relationship between acceptable audit risk and planned detection risk.
Answer: TRUE
26) Acceptable audit risk and the amount of substantive evidence required are inversely
related.
Answer: TRUE
27) As control risk increases, the amount of substantive evidence the auditor plans to
accumulate should increase.
Answer: TRUE
29) An acceptable audit risk assessment of low indicates a risky client requiring more
extensive evidence, assignment of more experienced personnel, and/or a more extensive
review of audit files.
Answer: TRUE
30) Audit assurance is the complement of planned detection risk, that is, one minus planned
detection risk.
18
Answer: FALSE
1) If an auditor believes the chance of financial failure is high and there is a corresponding
increase in business risk for the auditor, acceptable audit risk would likely:
A) be reduced.
B) be increased.
C) remain the same.
D) be calculated using a computerized statistical package.
Answer: A
2) When management has an adequate level of integrity for the auditor to accept the
engagement but cannot be regarded as completely honest in all dealings, auditors normally:
A) reduce acceptable audit risk and increase inherent risk.
B) reduce inherent risk and control risk.
C) increase inherent risk and control risk.
D) increase acceptable audit risk and reduce inherent risk.
Answer: A
3) When the auditor is attempting to determine the extent to which external users rely on a
client's financial statements, they may consider several factors except for:
A) client size.
B) concentration of ownership.
C) nature and amounts of liabilities.
D) assessment of detection risk.
Answer: D
PDR =
Planned detection risk is a measure of the risk that audit evidence for an account (segment)
will fail to detect misstatements exceeding a tolerable amount, should such misstatements
exist. Planned detection risk determines the amount of substantive evidence that the auditor
plans to accumulate.
Acceptable audit risk is a measure of how willing the auditor is to accept that the financial
statements may be materially misstated after the audit is completed and an unqualified
opinion has been issued. It is influenced primarily by the degree to which external users will
rely on the statements, the likelihood that a client will have financial difficulties after the
audit report is issued, and the auditor's evaluation of management's integrity.
Inherent risk is a measure of the auditor's assessment of the likelihood that there are material
misstatements in an account due to error or fraud before considering the effectiveness of
internal control.
19
Control risk is a measure of the auditor's assessment of the likelihood that misstatements
exceeding a tolerable amount in an account (segment) will be prevented or detected on a
timely basis by the client's internal controls.
6) If an auditor believes the client will have financial difficulties after the audit report is
issued, and external users will be relying heavily on the financial statements, the auditor will
probably set acceptable audit risk as low.
Answer: TRUE
2) Auditors begin their assessments of inherent risk during audit planning. Which of the
following would not help in assessing inherent risk during the planning phase?
A) Obtaining client's agreement on the engagement letter
B) Obtaining knowledge about the client's business and industry
C) Touring the client's plant and offices
D) Identifying related parties
Answer: A
3) Which of the following is not a primary consideration when assessing inherent risk?
A) Nature of client's business
B) Existence of related parties
C) Degree of separation of duties
D) Susceptibility to misappropriation of assets
Answer: C
6) The risk of fraud should be assessed for the entire audit as well as by cycle, account, and
objective.
Answer: TRUE
7) The auditing profession has established guidelines for setting inherent risk.
Answer: FALSE
8) Auditors begin their assessment of inherent risk during the planning phase and update the
assessments throughout the audit.
Answer: TRUE
20
B) II only
C) I and II
D) neither I nor i
Answer: C
5) In applying the audit risk model, auditors are concerned about overstatements, not
understatements.
Answer: FALSE
6) One major limitation in the application of the audit risk model is the difficulty of
measuring the components of the model.
Answer: TRUE
21
D) only apply to SEC companies.
Answer: B
The auditor's focus in both the audit of financial statements and the audit of internal controls
is on the controls over the reliability of financial reporting plus those controls over operations
and compliance with laws and regulations that could materially affect financial reporting.
Terms: Three broad objectives management has for internal control
7) Management has a legal and professional responsibility to be sure that the financial
statements are prepared in accordance with reporting requirements of applicable accounting
frameworks.
Answer: TRUE
1) Which of the following is responsible for establishing a private company's internal control?
A) Senior Management
B) Internal Auditors
C) FASB
D) Audit committee
Answer: A
2) Two key concepts that underlie management's design and implementation of internal
control are:
A) costs and materiality.
B) absolute assurance and costs.
C) inherent limitations and reasonable assurance.
D) collusion and materiality.
Answer: C
22
B)
Management Financial statement auditors
No No
C)
Management Financial statement auditors
Yes No
D)
Management Financial statement auditors
No Yes
Answer: A
5) An act of two or more employees to steal assets and cover their theft by misstating the
accounting records would be referred to as:
A) collusion.
B) a material weakness.
C) a control deficiency.
D) a significant deficiency.
Answer: A
8) When one material weakness is present at the end of the year, management of a public
company must conclude that internal control over financial reporting is:
A) insufficient.
B) inadequate.
C) ineffective.
D) inefficient.
Answer: C
9) The auditors primary purpose in auditing the client's system of internal control over
financial reporting is:
A) to prevent fraudulent financial statements from being issued to the public.
B) to evaluate the effectiveness of the company's internal controls over all relevant assertions
in the financial statements.
C) to report to management that the internal controls are effective in preventing
misstatements from appearing on the financial statements.
D) to efficiently conduct the Audit of Financial Statements.
Answer: B
10) Management must disclose material weaknesses in internal control in its audit report:
A) whenever the weakness is deemed significant to a single class of transactions.
B) whenever the weakness is significant to overall financial reporting objectives.
C) if the weakness exists at the end of the year.
D) only if the auditor identifies the weakness as significant.
Answer: C
11) In performing the audit of internal control over financial reporting the auditor emphasizes
internal control over class of transactions because:
A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and
processing.
B) the class of transaction is where most fraud schemes occur.
C) account balances are less important to the auditor then the changes in the account
balances.
D) classes of transactions tests are the most efficient manner to compensate for inherent risk.
23
Answer: A
12) Internal controls can never be regarded as completely effective. Even if company
personnel could design an ideal system, its effectiveness depends on the:
A) adequacy of the computer system.
B) proper implementation by management.
C) ability of the internal audit staff to maintain it.
D) competency and dependability of the people using it.
Answer: D
13) When considering internal controls, an important point to consider is that:
A) auditors can ignore controls affecting internal management information.
B) auditors are concerned with the client's internal controls over the safeguarding of assets if
they affect the financial statements.
C) management is responsible for understanding and testing internal control over financial
reporting.
D) companies must use the COSO framework to establish internal controls.
Answer: B
14) Of the following statements about internal controls, which one is least likely to be correct?
A) No one person should be responsible for the custodial responsibility and the recording
responsibility for an asset.
B) Transactions must be properly authorized before such transactions are processed.
C) Because of the cost-benefit relationship, a client may apply controls on a test basis.
D) Control procedures reasonably ensure that collusion among employees cannot occur.
Answer: D
16) The financial statements may not correctly reflect accounting frameworks such as GAAP
or IFRS if the:
A) controls affecting the reliability of financial reporting are inadequate.
B) company's controls do not promote efficiency.
C) company's controls do not promote effectiveness.
D) company's controls do not promote compliance with applicable rules and regulations.
Answer: A
17) The primary emphasis by auditors is on controls over:
A) classes of transactions.
B) account balances.
C) both A and B, because they are equally important.
D) both A and B, because they vary from client to client.
Answer: A
18) An auditor should consider two key issues when obtaining an understanding of a client's
internal controls. These issues are:
A) the effectiveness and efficiency of the controls.
B) the frequency and effectiveness of the controls.
C) the design and operating effectiveness of the controls.
D) the implementation and operating effectiveness of the controls.
Answer: C
19) When a company designs and implements internal controls, cost of the controls is not a
valid consideration.
Answer: FALSE
24
controls.
B) no likelihood that material misstatements will not be prevented or detected by internal
control.
C) moderate likelihood that material misstatements will not be prevented or detected by
internal control.
D) high likelihood that material misstatements will not be prevented or detected by internal
control.
Answer: A
22) To issue a report on internal control over financial reporting for a public company, an
auditor must:
A) evaluate management's assessment process.
B) independently assess the design and operating effectiveness of internal control.
C) evaluate management's assessment process and independently assess the design and
operating effectiveness of internal control.
D) test controls over significant account balances.
Answer: C
1) Which of the following activities would be least likely to strengthen a company's internal
control?
A) Separating accounting from other financial operations
B) Maintaining insurance for fire and theft
C) Fixing responsibility for the performance of employee duties
D) Carefully selecting and training employees
Answer: B
2) Which of the following components of the control environment define the existing lines of
responsibility and authority?
A) Organizational structure
B) Management philosophy and operating style
C) Human resource policies and practices
D) Management integrity and ethical values
Answer: A
4) Which of the following statements is most correct with respect to separation of duties?
A) A person who has temporary or permanent custody of an asset should account for that
asset.
B) Employees who authorize transactions should not have custody of related assets.
C) Employees who open cash receipts should record the amounts in the subsidiary ledgers.
D) Employees who authorize transactions should have recording responsibility for these
transactions.
Answer: B
5) Authorizations can be either general or specific. Which of the following is not an example
of a general authorization?
A) Automatic reorder points for raw materials inventory
B) A sales manager's authorization for a sales return
C) Credit limits for various classes of customers
D) A sales price list for merchandise
Answer: B
6) Which of the following is correct with respect to the design and use of business
25
documents?
A) The documents should be in paper format.
B) Documents should be designed for a single purposes to avoid confusion in their use.
C) Documents should be designed to be understandable only by those who use them.
D) Documents should be prenumbered consecutively to facilitate control over missing
documents.
Answer: D
12) Which of the following is not one of the subcomponents of the control environment?
A) Management's philosophy and operating style
B) Organizational structure
C) Adequate separation of duties
D) Commitment to competence
Answer: C
13) It is important for the CPA to consider the competence of the clients' personnel because
their competence has a direct impact upon the:
A) cost/benefit relationship of the system of internal control.
B) achievement of the objectives of internal control.
C) comparison of recorded accountability with assets.
D) timing of the tests to be performed.
Answer: B
26
14) Proper segregation of functional responsibilities calls for separation of:
A) authorization, execution, and payment.
B) authorization, recording, and custody.
C) custody, execution, and reporting.
D) authorization, payment, and recording.
Answer: B
15) Without an effective ________, the other components of the COSO framework are unlikely
to result in effective internal control, regardless of their quality.
A) risk assessment policy
B) monitoring policy
C) control environment
D) system of control activities
Answer: C
Terms: Internal control
Diff: Moderate
16) Which of the following groups establishes and maintains the company's internal controls?
A) Internal auditors
B) Board of Directors
C) Management
D) Audit committee
Answer: C
19) Hanlon Corp. maintains a large internal audit staff that reports directly to the accounting
department. Audit reports prepared by the internal auditors indicate that the system is
functioning as it should and that the accounting records are reliable. An independent auditor
will probably:
A) eliminate tests of controls.
B) increase the depth of the study and evaluation of administrative controls.
C) avoid duplicating the work performed by the internal audit staff.
D) place limited reliance on the work performed by the internal audit staff.
Answer: D
20) External financial statement auditors must obtain evidence regarding what attributes of
an internal audit (IA) department if the external auditors intend to rely on IA's work?
A) Integrity
B) Objectivity
C) Competence
D) All of the above
Answer: D
21) To obtain an understanding of an entity's control environment, an auditor should
concentrate on the substance of management's policies and procedures rather than their form
because:
A) management may establish appropriate policies and procedures but not act on them.
27
B) the board of directors may not be aware of management's attitude toward the control
environment.
C) the auditor may believe that the policies and procedures are inappropriate for that
particular entity.
D) the policies and procedures may be so weak that no reliance is contemplated by the
auditor.
Answer: A
22) Control activities help assure that the necessary actions are taken to address risks to the
achievement of the company's objectives. List the five types of control activities.
Answer:
1. Adequate separation of duties
2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance
25) Separation of duties is essential in preventing errors and intentional misstatements on the
financial statements. List below the four general guidelines.
Answer:
1. Separation of custody of the assets from accounting
2. Separation of the authorization of transactions from custody of related assets
3. Separation of operational responsibility from record keeping responsibility
4. Separation of IT duties from user departments
Terms: General guidelines for separation of duties
27) The internal control framework developed by COSO includes five so-called "components"
of internal control. Discuss each of these five components.
Answer: Five components of internal control are:
• The control environment. The control environment consists of the actions, policies, and
procedures that reflect the overall attitudes of top management, directors, and owners of an
entity about internal control and its importance to the company.
• Risk assessment. This is management's identification and analysis of risks relevant to the
preparation of financial statements in accordance with appropriate accounting frameworks
such as GAAP or IFRS.
• Information and communication. These are the methods used to initiate, record, process,
and report the entity's transactions and to maintain accountability for the related assets.
• Control activities. These are the policies and procedures that management has established
to meet its objectives for financial reporting.
• Monitoring. This is management's ongoing and periodic assessment of the quality of
internal control performance to determine whether controls are operating as intended and are
modified when needed.
28) Discuss what is meant by the term "control environment" and identify four control
environment subcomponents that the auditor should consider.
Answer: The control environment consists of the actions, policies, and procedures that reflect
the overall attitudes of top management, directors, and owners of an entity about control and
its importance to the entity. Subcomponents include:
• integrity and ethical values
• commitment to competence
• board of director or audit committee participation
• management's philosophy and operating style
• organizational structure
• human resource policies and practices.
30) Control activities are a subcomponent of the information and communication component
28
of internal control.
Answer: FALSE
31) Adequate documents and records is a subcomponent of the control environment.
Answer: FALSE
32) The chart of accounts is helpful in preventing classification errors if it accurately describes
which type of transaction should be in each account.
Answer: TRUE
33) Auditing standards prohibit reliance on the work of internal auditors due to the lack of
independence of the internal auditors.
Answer: FALSE
34) If an auditor wishes to rely on the work of internal auditors (IA), the auditor must obtain
satisfactory evidence related to the IA's competence, integrity, and objectivity.
Answer: TRUE
1) When the auditor attempts to understand the operation of the accounting system by
tracing a few transactions through the accounting system, the auditor is said to be:
A) tracing.
B) vouching.
C) performing a walk-through.
D) testing controls.
Answer: C
2) The purpose of phase 3 in the "process for understanding internal control and assessing
control risk" is to:
A) design, perform and evaluate tests of controls.
B) obtain and document an understanding of internal control design an operation.
C) assess control risk.
D) decide planned detection risk and substantive tests.
Answer: A
Terms: Process for understanding internal control and assessing risk
3) Narratives, flowcharts, and internal control questionnaires are three common methods of:
A) testing the internal controls.
B) documenting the auditor's understanding of internal controls.
C) designing the audit manual and procedures.
D) documenting the auditor's understanding of a client's organizational structure.
Answer: B
4) When dealing with the documentation of internal control:
A) in a narrative, most questions simply require a "yes" or "no" response.
B) questionnaires offer useful checklists to remind the auditor of the many different types of
internal controls that should exist.
C) questionnaires and flowcharts should not be used together.
D) flowcharts fail to show the segregation of duties in the company.
Answer: B
5) Audit evidence regarding the separation of duties is normally best obtained by:
A) preparing flowcharts of operational processes.
B) preparing narratives of operational processes.
C) observation of employees applying control activities.
D) inquiries of employees applying control activities.
Answer: C
7) A narrative should describe the disposition of every document and record in the system.
29
Answer: TRUE
8) For most uses, flowcharts are superior to narratives as a method of communicating the
characteristics of internal control.
Answer: TRUE
1) The person responsible for reconciling sales invoices to customer orders does not access to
the company's master price list in order to correctly compute sales. This is an example of a(n):
A) operating deficiency.
B) design deficiency.
C) training deficiency.
D) management deficiency.
Answer: B
3) The employee in charge of authorizing credit to the company's customers does not fully
understand the concept of credit risk. This lack of knowledge would constitute:
A) a deficiency in operation of internal controls.
B) a deficiency in design of internal controls.
C) a deficiency of management.
D) not constitute a deficiency.
Answer: A
6) Which of the following is the correct definition of "control deficiency"?
A) A control deficiency exists if the design or operation of controls does not permit company
personnel to prevent or detect misstatements on a timely basis.
B) A control deficiency exists if one or more deficiencies exist that adversely affect a
company's ability to prepare external financial statements reliably.
C) A control deficiency exists if the design or operation of controls results in a more than
remote likelihood that controls will not prevent or detect misstatements.
D) A control deficiency exists if the design or operation of controls results in a more than
probable likelihood that controls will prevent or detect misstatements.
Answer: A
7) Which of the following deficiency exists if a necessary control is missing or not properly
formulated?
A) Control
B) Significant
C) Design
D) Operating
Answer: C
30
5) The procedures to obtain an understanding of internal control are only applied when the
assessed control risk is high.
Answer: FALSE
6) Controls that are applied throughout the accounting period must be tested both at an
interim date and then again on the balance sheet date.
Answer: FALSE
7) Match seven of the terms (a-i) with the definitions provided below (1-7):
a. Control environment
b. Control activities
c. Independent checks on performance
d. Internal control
e. Monitoring
f. Separation of duties
g. General authorization
h. Specific authorization
i. Risk assessment
________ 1. Management's ongoing and periodic assessment of the quality of internal control
performance to determine that controls are operating as intended and are modified when
needed.
________ 2. Company-wide policies for the approval of all transactions within stated limits.
________ 3. The actions, policies, and procedures that reflect the overall attitudes of top
management, directors, and owners of an entity about internal control and its importance to
the entity.
________ 6. Policies and procedures that help ensure that necessary actions are taken to
address risks in the achievement of the entity's objectives.
31
10) Auditors of private companies may rely on prior periods' tests of controls.
Answer: TRUE
13) A company's size should have no impact on the nature of internal control and the controls
that are implemented.
Answer: FALSE
) Control risk is generally set at minimum for most private companies.
Answer: FALSE
Chapter Fraud Auditing
1) Which of the following best defines fraud in a financial statement auditing context?
A) Fraud is an unintentional misstatement of the financial statements.
B) Fraud is an intentional misstatement of the financial statements.
C) Fraud is either an intentional or unintentional misstatement of the financial statements,
depending on materiality.
D) Fraud is either an intentional or unintentional misstatement of the financial statements,
depending on consistency.
Answer: B
4) Most cases of fraudulent reporting involve:
A) inadequate disclosures.
B) an overstatement of income.
C) an overstatement of liabilities.
D) an overstatement of expenses.
Answer: B
The two main categories of fraud are fraudulent financial reporting and misappropriation of
32
assets. Fraudulent financial reporting is an intentional misstatement or omission of amounts
or disclosures with the intent to deceive users of the financial statement. Misappropriation of
assets involve theft of an entity's assets.
10) The two main categories of fraud are fraudulent financial reporting and misappropriation
of assets.
Answer: TRUE
Terms: Categories of fraud; Fraudulent financial reporting and misappropriation of assets
11) "Cookie jar reserves" are often created by companies whenever their earnings are high to
create reserves for future periods when earnings need to be "boosted" upward.
Answer: TRUE
12) Misappropriation of assets is normally perpetrated at the lowest levels of the organization
hierarchy.
Answer: TRUE
13) Fraudulent financial reporting usually involves manipulation of amounts rather than
disclosures.
Answer: TRUE
3) Which of the following is not a factor that relates to opportunities to commit fraudulent
financial reporting?
A) Lack of controls related to the calculation and approval of accounting estimates
B) Ineffective oversight of financial reporting by the board of directors
C) Management's practice of making overly aggressive forecasts
D) High turnover of accounting, internal audit, and information technology staff
Answer: C
5) Which of the following is a factor that relates to incentives or pressures to commit
fraudulent financial reporting?
A) Significant accounting estimates involving subjective judgments
B) Excessive pressure for management to meet debt repayment requirements
C) Management's practice of making overly aggressive forecasts
D) High turnover of accounting, internal audit, and information technology staff
Answer: B
33
commit fraud.
• Attitudes/Rationalization — An attitude, character, or set of ethical values exists that
allows management or employees to intentionally commit a dishonest act, or they are in an
environment that imposes sufficient pressure that causes them to rationalize committing a
dishonest act.
16) Incentives and opportunities are two conditions that are generally present when financial
statement fraud occurs.
Answer: TRUE
Terms: Conditions present when material misstatements due to fraud occur
17) Fraud is more prevalent in large businesses than small businesses and not-for-profit
organizations.
Answer: FALSE
18) The same three fraud triangle risk conditions apply to fraudulent financial reporting and
misappropriation of assets.
Answer: TRUE
19) "An attitude, character, or set of ethical values exist that allow management or employees
to commit a dishonest act …." describes the opportunities condition included in the fraud
triangle.
Answer: FALSE
21) A common incentive for companies to manipulate financial statements is a decline in the
company's financial prospects.
Answer: TRUE
10) If employees have positive feelings about their employers, they are less likely to commit
fraud.
Answer: TRUE
11) Management must recognize that almost any employee is capable of committing a
dishonest act under the right circumstances.
34
Answer: TRUE
12) Audit committee oversight also serves as a deterrent to fraud by senior management.
Answer: TRUE
4) Because fraud perpetrators are often knowledgeable about audit procedures, auditors
should incorporate unpredictability into the audit plan.
Answer: TRUE
1) Auditing standards specifically require auditors to identify ________ as a fraud risk in most
audits.
A) overstated assets
B) understated liabilities
C) improper revenue recognition
D) overstated expenses
Answer: C
3) A company is concerned with the theft of cash after the sale has been recorded. One way in
which fraudsters conceal the theft is by a process called "lapping." Which of the following
best describes lapping?
A) Reduce the customer's account by recording a sales return
B) Write off the customer's account
C) Apply the payment from another customer to the customer's account
D) Reduce the customer's account by recording a sales allowance
Answer: C
4) Analytical procedures can be very effective in detecting inventory fraud. Which of the
following analytical procedures would not be useful in detecting fraud?
A) Gross margin percentage
B) Inventory Turnover
C) Cost of sales percentage
D) Accounts receivable turnover
Answer: D
7) Fictitious revenues:
A) increase accounts receivable turnover.
B) understate the gross margin percentage.
C) lower accounts receivable turnover.
D) have no impact on the gross margin percentage.
Answer: C
12) When the allowance for doubtful accounts is understated, bad debt expense is
understated and net income is also understated.
Answer: FALSE
13) Fictitious revenue transactions have the same level of documentary evidence as legitimate
transactions.
Answer: FALSE
14) Auditors should rely on original, rather than duplicate, copies of documents.
Answer: TRUE
15) The two most common areas of fraud in payroll are the creation of fictitious employees
and the overstatement of individual payroll hours.
Answer: TRUE
35
36