Q&A Hero

Q: Which of the following statements is correct concerning statistical sampling in compliance testing? A. The population size has little or no effect on determining sample size except for very small populations. B. The expected population deviation rate has little or no effect on determining sample size except for very small populations. C. As the population size doubles, the sample size also should double. D. For a given tolerable deviation rate, a larger sample size should be selected as the expected population deviation rate decreases.

Q: An auditor is testing internal control procedures that are evidenced on an entity's vouchers. To select the vouchers for testing, the auditor obtains random numbers between the first and last voucher number in the period. If a random number matches the number of avoided voucher, that voucher ordinarily should be replaced by another voucher in the random sample if the voucher A. constitutes a deviation. B. has been properly voided. C. cannot be located. D. represents an immaterial dollar amount.

Q: An auditor plans to examine a sample of 20 checks for countersignatures as prescribed by the entity's internal control procedures. One of the checks in the chosen sample of 20 cannot be found. The auditor should consider the reasons for this limitation and A. evaluate the results as if the sample size had been 19. B. treat the missing check as a deviation for the purpose of evaluating the sample. C. treat the missing check in the same manner as the majority of the other 19 checks (i.e., countersigned or not). D. choose another check to replace the missing check in the sample.

Q: An underlying feature of random-based selection of items is that each A. stratum of the accounting population be given equal representation in the sample. B. item in the accounting population be randomly ordered. C. item in the accounting population should have an opportunity to be selected. D. item must be systematically selected using replacement.

Q: In addition to evaluating the frequency of deviations in tests of controls, an auditor should also consider certain qualitative aspects of the deviations. The auditor most likely would give broader consideration to the implications of a deviation if it was A. the only deviation discovered in the sample. B. identical to a deviation discovered during the prior year's audit. C. caused by an employee's oversight. D. initially concealed by a forged document.

Q: Harvey Jones, CPA, uses statistical sampling to test control procedures. What is a benefit of using statistical sampling? A. It provides a means of mathematically measuring the sampling risk that result from examining only a part of the data. B. It eliminates the use of judgment required of Jones because the AICPA has established numerical criteria for this type of testing. C. It increases Jones' knowledge of the entity's prescribed procedures and their limitations. D. It is required by generally accepted auditing standards.

Q: For which of the following audit tests would an auditor most likely use attributes sampling? A. Making an independent estimate of the amount of LIFO inventory. B. Examining invoices in support of the valuation of fixed asset additions. C. Selecting accounts receivable balances for confirmation. D. Inspecting employee time cards for proper approval by supervisors.

Q: The likelihood of assessing control risk too high is the risk that the sample selected to test controls A. does not support the auditor's planned assessed level of control risk when the true operating effectiveness of internal control justifies such an assessment. B. contains misstatements that could be material to the financial statements when aggregated with misstatements in other account balances or transactions classes. C. contains proportionately fewer deviations from prescribed internal controls than exist in the balance or class as a whole. D. does not support the tolerable misstatement for some or all of management's assertions.

Q: The risk of incorrect acceptance relates to the A. effectiveness of the audit. B. efficiency of the audit. C. preliminary estimates of materiality levels. D. tolerable misstatement.

Q: The tolerable deviation rate for a test of controls is generally A. lower than the expected rate of deviations in the related accounting records. B. higher than the expected rate of deviations in the related accounting records. C. identical to the expected rate of deviations in the related accounting records. D. unrelated to the expected rate of deviations in the related accounting records.

Q: Jones, CPA, believes the industry-wide deviation rate of client billing errors is 3% and has established a tolerable deviation rate of 5%. In the review of client invoices, Jones should use A. discovery sampling. B. attributes sampling. C. stratified sampling. D. variables sampling.

Q: Which of the following best illustrates the concept of sampling risk? A. A randomly chosen sample may not be representative of the population as a whole (regarding the characteristic being tested). B. An auditor may select audit procedures that are not appropriate to achieve the specific objective. C. An auditor may fail to recognize errors in the documents examined for the chosen sample. D. The documents related to the chosen sample may not be available for inspection.

Q: With a nonstatistical sampling application, the auditor relies on professional judgment rather than the laws of probability to reach a conclusion about the audit test.

Q: Attribute sampling is used to estimate the proportion of a population that possesses a specified characteristic.

Q: Audit sampling is commonly used to gather scanning audit evidence.

Q: Audit sampling is commonly used to gather confirmation audit evidence.

Q: The larger the sample, the lower the confidence level and the lower the sampling risk.

Q: Confidence level and sampling risk are related to sample size.

Q: Confidence level is the complement of sampling risk.

Q: A Type II error is the risk of incorrect acceptance.

Q: A Type I error is the risk of incorrect acceptance.

Q: Auditing standards permit both statistical and nonstatistical methods of audit sampling.

Q: In determining the extent to which the auditor may use the work of others in the audit of ICFR, the auditor should do all of the following except: A. Test some of the work performed by others to evaluate the quality and effectiveness of their work. B. Evaluate the nature of the controls subjected to the work of others. C. Evaluate the competence and objectivity of the individuals who performed the work. D. All of these are required.

Q: An auditor performing an audit of internal control over financial reporting would be required to A. Rely on the work of internal auditors. B. Test all of the entity's internal controls. C. Form an opinion on the effectiveness of internal control. D. Randomly identify accounts for an audit of internal control.

Q: The main goal of auditing internal control is A. To allow the auditor to fix any internal control deficiencies. B. To form an opinion on the ability of internal controls to prevent fraud. C. To assure management that internal control is preventing all material misstatements on the financial statements. D. To evaluate the effectiveness of controls over all relevant financial statement disclosures in the financial statements.

Q: Which of the following is not a primary objective of internal control as established by COSO? A. Efficiency and effectiveness of operations. B. Effective purchasing systems. C. Compliance with laws and regulations. D. Reliable financial reporting.

Q: Management documentation should include all of the following except: A. Documentation regarding the auditor's evaluation of internal controls. B. Documentation regarding management's testing and evaluation of the controls. C. Documentation regarding the safeguarding of assets. D. Documentation on the controls designed in all five components of internal control.

Q: Which of the following is not a topic that requires special consideration by management during management's internal control assessment process and by the auditor during the audit of internal control? A. Multiple locations and business units. B. Service organizations. C. The role of the auditor in internal control. D. Safeguarding assets.

Q: A deficiency that implies that there is a reasonable possibility of misstatement in the financial statements that is significant but not material is A. A material weakness. B. A significant deficiency. C. An insignificant deficiency. D. A probable deficiency.

Q: The person in charge of authorizing credit to customers does not properly understand what constitutes a credit risk. This is an example of A. A management deficiency. B. A design deficiency. C. A deficiency in operation. D. This is not an internal control deficiency.

Q: According to the PCAOB, who is responsible for the reliability of the internal controls over financial reporting process of an entity? A. The entity's CEO and/or CFO. B. The entity's board of directors. C. An internal control specialist. D. The external auditor.

Q: Section 404 of the Sarbanes-Oxley Act requires the auditor to provide which of the following? A. Reasonable assurance on the financial statements, absolute assurance on internal control. B. Reasonable assurance on internal control, absolute assurance on the financial statements. C. Absolute assurance on both the financial statements and internal control. D. Reasonable assurance on both the financial statements and internal control.

Q: An "integrated audit" as stated in Section 404 of the Sarbanes-Oxley Act means A. The auditor must consider the integrated thoughts and ideas of everyone on the audit staff. B. The auditor must conduct two audits, one on the effectiveness of internal control and one on the financial statements, in an integrated way. C. The auditor must integrate the same objectives whether auditing internal control or auditing the financial statements. D. Two independent CPA firms must work together on the audit.

Q: In order for an external auditor to complete an audit of a public company, the entity's management must comply with all of the following except: A. Accept responsibility for the effectiveness of the entity's internal control over financial reporting. B. Evaluate the effectiveness of the entity's internal control over financial reporting using suitable control criteria. C. Support its evaluation with sufficient evidence, including documentation. D. Present an oral assessment of the effectiveness of the entity's internal control over financial reporting as of the end of the entity's most recent fiscal year.

Q: When auditing a public company, the auditor must form an opinion on the effectiveness of internal control over financial reporting, or issue a disclaimer in the event of a scope limitation.

Q: The likelihood of an event is "more than remote" when it is "highly possible."

Q: The PCAOB makes it clear that the CEO and CFO are responsible for the internal control over financial reporting and the preparation of the statements.

Q: Based on PCAOB guidelines, the audit of ICFR and financial statements audit should be conducted as an "integrated audit."

Q: In a public company, management's report on internal control must be signed by the members of the audit committee.

Q: In a public company, management must assess and report on internal control over financial reporting.

Q: Most public companies must follow the guidelines of AS5.

Q: All companies must follow the guidelines of AS5.

Q: When an auditor tests a computerized accounting system, which of the following is true of the test data approach? A. Test data are processed by the entity's computer programs under the auditor's control. B. Test data must consist of all possible valid and invalid conditions. C. Testing a program at year end provides assurance that the entity's processing was accurate for the entire year. D. Several transactions of each type must be tested.

Q: When testing a computerized accounting system, which of the following is false regarding the test data approach? A. The test data need to consist of only those valid and invalid conditions in which the auditor is interested. B. Only one transaction of each type needs be tested. C. Test data are processed by the entity's computer programs under the auditor's control. D. The test data must consist of all possible valid and invalid conditions.

Q: Which of the following is false? A. Regardless of the achieved level of control risk in connection with the audit of the financial statements, auditing standards require the auditor to perform some substantive procedures for all significant accounts and disclosures. B. The absence of misstatements in financial statements is considered convincing evidence that existing controls are effective. C. The audit of internal control is intended to draw conclusions about the effectiveness of internal control over financial reporting as of a specific date. D. The auditor is required by AS5 to evaluate the implications of the financial statement audit for the effectiveness of internal control over financial reporting.

Q: For which of the following internal controls would an auditor be least likely to perform tests of internal controls closer to the "as of" date? A. Withdrawals from Federal Bank of more than $5 million must include a manager's signature. B. At the end of each day at Federal Bank, the total cash in the vault is reconciled with daily registers of deposits and withdrawals. C. Federal Bank has just started establishing trusts for its customers and it has only set up ten such trusts. Before making an investment for a trust, bank employees must verify that the investment is in accordance with stated investment policies. D. On an annual basis, Federal Bank management performs credit checks on its loan customers before determining the value of loans it will not be able to collect on.

Q: Section 404 of the Sarbanes-Oxley Act includes which of the following? A. A requirement that management of a publicly traded company issues an assessment of internal control that covers the entire year. B. Specific guidance on what constitutes adequate internal control. C. A requirement that management of a publicly traded company accepts responsibility for establishing and maintaining adequate internal controls. D. A requirement that management of a publicly traded company issues an assessment regarding the efficiency of internal control for the year.

Q: The advantages of generalized audit software include all of the following except: A. It involves auditing while the data are being processed (real-time). B. It is easy to use. C. The time to develop the application is usually short. D. An entire population can be examined in some instances.

Q: Which of the following is true of generalized audit software packages? A. They can be used only in auditing online computer systems. B. They can be used on any computer without modification. C. They each have their own characteristics that the auditor must carefully consider before using in a given audit situation. D. They enable the auditor to perform all manual test procedures less expensively.

Q: An auditor will use the IT test data method in order to gain certain assurances with respect to the A. Input data. B. Machine capacity. C. Procedures contained within the program. D. Degree of keypunching accuracy.

Q: According to the COSO definition of safeguarding of assets A. Controls over financial reporting are effective if they provide reasonable assurance that asset losses will not occur. B. Controls over financial reporting are effective if they provide reasonable assurance that losses are properly reflected in the financial statements. C. Controls over financial reporting are effective if they provide reasonable assurance that asset losses will not occur and that losses are properly reflected in the financial statements. D. There is no way to create controls that will provide reasonable assurance that asset losses will not occur.

Q: AAA & Associates recently finished auditing LinktheEarth Corporation's internal control over financial reporting. AAA found a number of material weaknesses in the entity's internal control. LinktheEarth's management remediated all of the weaknesses that AAA found. However, the auditors did not have sufficient time to retest the controls. What report should AAA issue with regards to internal control over financial reporting at year-end? A. Unqualified report. B. Adverse report. C. Qualified report. D. Disclaimer on opinion.

Q: A modification of the standard report is required for all of the following conditions except: A. There is a restriction on the scope of the engagement. B. There is other information contained in management's report on internal control. C. Management has concluded that internal controls are not effective. D. A significant subsequent event has occurred since the date being reported on.

Q: Which of the following statements included in management's assessment of the effectiveness of internal control over financial reporting would be considered acceptable for issuing an unqualified opinion? A. Nothing has come to management's attention to suggest that the entity's internal control is less than effective. B. Statements suggesting only negative assurance. C. A conclusion that the entity's internal control over financial reporting is effective when a material weakness exists at the end of the reporting period. D. Disclosure of material weaknesses corrected during the period.

Q: Examples of entity-level controls include A. Management's risk assessment process. B. Controls to monitor results of operations. C. The period-end financial reporting process. D. All of these are examples of entity-level controls.

Q: In the context of an audit of internal controls, the auditor must document all of the following except: A. The extent to which he or she relied upon work performed by others. B. The auditor's understanding and evaluation of the design of each of the components of the entity's internal control over financial reporting. C. Transcripts of the auditor's discussion with management concerning the points at which misstatements could occur. D. The evaluation of any deficiencies discovered that could result in a modification of the auditor's report.

Q: Management's written representations concerning internal control are A. Addressed to the users of the financial statements. B. Normally drafted by management. C. Included in the auditor's final report. D. Signed by the CEO and CFO.

Q: To obtain an understanding of significant processes and relevant subprocesses, auditors would be least likely to use which of the following techniques? A. Reviewing management documentation. B. Inquiry. C. Scanning. D. Transaction walkthroughs.

Q: Which of the following statements is false? A. The PCAOB focuses on the financial reporting objective of internal controls. B. Management is required to base internal controls on a recognized control framework. C. Most U.S. companies use the internal control framework developed by COSO. D. All controls relevant to financial reporting are accounting controls.

Q: Which of the following is true regarding management's documentation of internal controls? A. Some documentation should focus on controls designed to detect fraud. B. Documentation should focus on controls over the interim financial reporting process. C. Documentation must be done on paper. D. Inadequate documentation is usually considered an insignificant deficiency in internal control.

Q: Which of the following is not an element of management's assessment process for the effectiveness of internal control? A. Evaluating the likelihood that failure of a control could result in a misstatement. B. Determining the locations and business units to include in the evaluation. C. Determining significant deficiencies and material weaknesses in controls. D. Obtaining the auditor's assessment of the internal control effectiveness.

Q: The PCAOB's definition of internal control over financial reporting specifically mentions all of the following control activities except: A. The maintenance of asset records. B. The segregation of duties. C. The authorization by management of receipts and expenditures. D. The safeguarding of assets.

Q: ACL is an example of A. An EDI software package. B. An IT software package. C. Software that allows auditors to retrieve and evaluate data from entity systems. D. A type of networking.

Q: Which of the following is an advantage of generalized computer audit packages? A. They are all written in one identical computer language. B. They can be used for audits of entities that use differing IT equipment and file formats. C. They have reduced the need for the auditor to study input controls for IT-related procedures. D. Their use can be substituted for a relatively large part of the required compliance testing.

Q: The five step process in the audit of ICFR includes A. Form an opinion on the safeguarding of the entity's assets. B. Identify controls to test using a top-down, risk-based approach. C. Form an opinion on the fairness of the presentation of the financial statements. D. Form an opinion on the effectiveness of internal controls in meeting operational goals.

Q: The auditor is least likely to use generalized audit software to A. Perform analytical procedures on the entity's data. B. Access information stored on the entity's IT files. C. Identify material weaknesses in the entity's IT controls. D. Test the accuracy of the entity's computations.

Q: Which of the following audit procedures would an auditor be least likely to perform using a generalized computer audit program? A. Searching records of accounts receivable balances for credit balances. B. Investigating inventory balances for possible damaged goods. C. Selecting accounts receivable for positive and negative confirmations. D. Listing of unusually large inventory balances.

Q: The primary purpose of a generalized computer audit program is to allow the auditor to A. Use the entity's employees to perform routine audit checks of the electronic data processing records that otherwise would be done by the auditor's staff accountants. B. Test the logic of computer programs used in the entity's electronic data processing systems. C. Select larger samples from the entity's electronic data processing records than would otherwise be selected without the generalized program. D. Independently process electronic data processing records.

Q: An "integrated audit" A. Will, in most cases, lead to a substantive audit strategy. B. Denies the auditor access to information about the entity's controls. C. May be performed by two separate audit firms. D. Is comprised of audits of internal control over financial reporting and of financial statements.

Q: Which of the following is not true? A. The auditor should not communicate with management until the audit of internal control over financial reporting is finished. B. Written communication between the auditor and management about internal control over financial reporting should include the definitions of control deficiencies, significant deficiencies, and material weaknesses. C. The auditor should not include in the audit report that no significant deficiencies were noted during an audit of internal control over financial reporting. D. If fraud is discovered, the auditor must report it to the appropriate level of management.

Q: Prior to issuing a report on internal controls over financial reporting, an auditor is required to A. Perform procedures sufficient to identify all control deficiencies. B. Communicate to management, in writing, all control deficiencies previously included in written communication from the internal auditors. C. Communicate to management, in writing, all control deficiencies identified during the audit and inform the audit committee when such a communication has been made. D. Represent that no significant deficiencies were noted during the audit of internal control.

Q: Which of the following concerning the auditor's report on internal control over financial reporting is correct? A. The auditor's report contains an opinion on the effectiveness of internal control over financial reporting based on the auditor's independent work. B. In the report on internal control over financial reporting, the auditor can issue only a qualified or an unqualified opinion. C. The auditor needs to state management's assessment of internal control over financial reporting, but does not necessarily need to comment on whether he or she agrees. D. An unqualified opinion is required if a material weakness is identified.

Q: Public reporting on the effectiveness of internal control over financial reporting, as required by the Sarbanes-Oxley Act, includes A. A statement that the public accounting firm that audited the financial statements has provided input on the design of internal controls. B. A statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting. C. An explicit statement as to whether management agrees with the public accounting firm's assessment of internal controls. D. A detailed statement describing changes or additions to the internal control environment that occurred in the current year.

Q: S&H Associates has just performed an audit of Bob's Bikes. S&H was unable to obtain a written representation from management about internal control. Which of the following is true? A. S&H must still assume that management has assessed the effectiveness of internal control. B. Depending on other factors in the audit, S&H can still issue an unqualified opinion. C. S&H should consider this situation a limitation on the scope of the audit. D. Management does not need to give S&H a letter if it has disclosed all known internal control deficiencies.

Q: Which of the following is least likely to represent a material weakness in internal control for Flynt Corporation? A. Flynt Corporation's computer systems were not working properly for two days; consequently, employees needed to do all reconciliations manually. B. Flynt Corporation's CFO was arrested last year for embezzling money from the entity. C. For the current year, the auditor found a material misstatement in Flynt's sales recognition that was undetected by the internal controls. D. Flynt's audit committee is deemed to be ineffective.

Q: While performing an audit on the internal controls over financial reporting for AirWaves Corporation, your audit team finds what it considers to be a significant deficiency. AirWaves is a large, private company. What steps would you take to communicate this finding?

Q: What are four potential tools available to the auditor for documenting her understanding of an entity's system of internal control?

Q: The program flowcharting symbol representing a decision is a A. Triangle. B. Circle. C. Rectangle. D. Diamond.

Q: When communicating internal control-related matters noted in an audit of a nonpublic company, an auditor's report issued on significant deficiencies should indicate that A. Errors or fraud may occur and not be detected because there are inherent limitations in any internal control system. B. The issuance of an unqualified opinion on the financial statements may depend on corrective follow-up action. C. The deficiencies noted were not detected within a timely period by employees in the normal course of performing their assigned functions. D. The purpose of the audit was to report on the financial statements and not to provide assurance on internal control.

Q: Before applying substantive procedures to the details of asset and liability accounts at an interim date, the auditor should A. Assess the difficulty in controlling achieved audit risk for the remainder of the period. B. Investigate significant fluctuations that have occurred in the asset and liability accounts since the previous balance sheet date. C. Select only those accounts which can effectively be sampled during year-end audit work. D. Consider the compliance tests that must be applied at the balance sheet date to extend the audit conclusions reached at the interim date.