Internal Control and Risk Management Quiz

Questions and Answers

What is the most likely reason the auditor would use to reconsider the assessed control risk?

• The tests of controls indicate the controls did not operate effectively (correct)
• The tests of controls indicate the controls operated effectively
• The auditor wants to apply more extensive tests of controls
• The preliminary assessed control risk was too high

Which of the following procedures would the auditor most likely use to support the operating effectiveness of internal controls?

• Inspect the client's physical assets
• Perform analytical procedures
• Examine documents, records, and reports (correct)
• Inquire about the client's accounting policies

How does the extent of tests of controls applied by the auditor depend on the preliminary assessed control risk?

• The extent of tests of controls is determined solely by the results of the tests of controls
• The lower the preliminary assessed control risk, the more extensive the tests of controls (correct)
• The extent of tests of controls is independent of the preliminary assessed control risk
• The higher the preliminary assessed control risk, the more extensive the tests of controls

What is the primary purpose of the auditor using the control risk assessment and results of tests of controls?

To determine the nature and extent of substantive procedures (C)

Which of the following procedures is NOT listed in the text as one the auditor is likely to use to support the operating effectiveness of internal controls?

Perform analytical procedures on the client's accounting records (A)

What is the purpose of control activities in an organization?

To ensure management's directives are implemented to mitigate risks (A)

What is the significance of considering fraud risk in assessing risks to objectives?

Supports the selection and development of control activities (C)

What does the deployment of control activities involve in an organization?

Establishing policies and procedures to put management's directives into action (B)

How do control activities contribute to mitigating risks in an organization?

By selecting and developing control activities that support objectives achievement (C)

What does an authorization signify in the context of control activities?

A validation of a transaction as a genuine economic event (C)

Why is it essential for organizations to have control activities at various levels and stages within business processes?

To ensure that management's directives are carried out to mitigate risks (C)

Which of the following is NOT one of the main categories of computer controls mentioned in the text?

Network Controls (C)

What is the primary purpose of Input Controls?

To ensure accurate and authorized data entry into the computer system (C)

Which of the following is NOT a characteristic of effective Application Controls, according to the text?

They are designed to prevent unauthorized access to data files (B)

What is the purpose of Segregation of Duties, as mentioned in the text?

To enforce formal standards, rules, and procedures for general controls (D)

What is the primary function of Computer Operations Controls?

To apply to the work of the computer department and ensure that programmed procedures are consistently and correctly applied (D)

Which type of controls are responsible for ensuring that computer hardware is physically secure and checking for equipment malfunction?

Hardware Controls (B)

What is the primary purpose of supervisory controls?

To assess whether other transaction control activities are being performed correctly (C)

Which of the following is an example of a physical control activity?

Periodically counting and reconciling physical inventory (B)

What is the purpose of an entity's accounting information and communication system?

To initiate, record, process, and report transactions, and maintain accountability for assets (B)

Which principle relates to the communication of information within an organization?

Principle 14: The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control. (B)

What is the primary source of information used by management to support internal control?

Both internal and external sources (D)

Which of the following is NOT a transaction control activity mentioned in the text?

Risk assessments (D)

What is the primary reason that input errors can lead to output errors in IT systems?

A large portion of errors in IT systems result from data entry errors (D)

Which of the following is NOT a common example of a data entry control?

Batch total check (C)

Which of the following processing controls is used to ensure that data are complete and accurate during updating?

All of the above (D)

What is the purpose of a $hash total$ in data entry controls?

To create a summary total of codes from all records in a batch that do not represent a meaningful total (B)

What is the purpose of a $financial total$ in data entry controls?

To create a summary total of field amounts for all records in a batch that represent a meaningful total such as dollars or amounts (C)

Flashcards

Internal Control Components

Identifying and analyzing risks to achieving business objectives, and considering fraud potential.

Control Activities

Policies and procedures to ensure directives for risk mitigation are carried out.

General Control Activities

Control activities over technology to support objective achievement.

Authorizations and Approvals

Validating transactions as actual economic events.

Reasonableness Checks

Checking if figures are within acceptable ranges.

Format Checks

Ensuring data matches the required format.

Existence Checks

Verifying the existence of a record or data element.

Processing Controls

Ensuring data accuracy and completeness during updates.

Run Control Totals

Automated checks for completeness and accuracy during processing.

Computer Matching

Comparing data from different sources to verify accuracy.

Programmed Edit Checks

Automated checks for data validity during processing.

Software Controls

Monitoring, safeguarding against unauthorized use and access of system software.

Hardware Controls

Ensuring physical security and checking equipment performance.

Computer Operations Controls

Ensuring correct and consistent application of programmed procedures.

Data Security Controls

Protecting valuable data from unauthorized access, changes, and loss.

Administrative Controls

Formalizing standards, rules, and control procedures for enforcement.

Application Controls

Specific controls for computerized applications (like payroll).

Information and Communication

Using relevant internal and external info to support internal controls.

Accounting Information System

Records, reports transactions, and maintains accountability for assets.

Study Notes

Internal Control Components

• The organization identifies risks to the achievement of its objectives across the entity and analyzes risks to determine how to manage them.
• The organization considers the potential for fraud in assessing risks to the achievement of objectives.

Control Activities

• Control activities are actions established through policies and procedures to ensure management's directives to mitigate risks are carried out.
• Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment.
• The organization selects and develops control activities that contribute to mitigating risks to acceptable levels.
• The organization selects and develops general control activities over technology to support the achievement of objectives.

Types of Control Activities

• Authorizations and approvals: an authorization affirms that a transaction is valid, representing an actual economic event.
• Other types of control activities include:
  • Reasonableness checks
  • Format checks
  • Existence checks
  • Financial totals
  • Hash totals
  • Record counts

Processing Controls

• Establish that data are complete and accurate during updating.
• Major processing controls include:
  • Run control totals
  • Computer matching
  • Programmed edit checks

Software, Hardware, and Computer Operations Controls

• Software controls monitor the use of system software and prevent unauthorized access.
• Hardware controls ensure physical security and check for equipment malfunction.
• Computer operations controls ensure programmed procedures are consistently and correctly applied.

Data Security Controls and Administrative Controls

• Data security controls ensure valuable business data files are not subject to unauthorized access, change, or destruction.
• Administrative controls formalize standards, rules, procedures, and control disciplines to ensure proper execution and enforcement of internal controls.

Application Controls

• Application controls are specific to each computerized application, such as payroll, accounts receivable, and order processing.
• Application controls consist of both controls applied from the user functional area and from programmed procedures.
• Application controls fall into three categories: Input, Processing, and Output.

Information and Communication

• The organization obtains or generates and uses relevant and quality information from both internal and external sources to support internal control.
• The purpose of an accounting information and communication system is to initiate, record, process, and report transactions and maintain accountability for assets.
• Principles relating to information and communication:
  • The organization obtains or generates and uses relevant, quality information.
  • The organization internally communicates information necessary to support internal control.