28 Questions
What is the most likely reason the auditor would use to reconsider the assessed control risk?
The tests of controls indicate the controls did not operate effectively
Which of the following procedures would the auditor most likely use to support the operating effectiveness of internal controls?
Examine documents, records, and reports
How does the extent of tests of controls applied by the auditor depend on the preliminary assessed control risk?
The lower the preliminary assessed control risk, the more extensive the tests of controls
What is the primary purpose of the auditor using the control risk assessment and results of tests of controls?
To determine the nature and extent of substantive procedures
Which of the following procedures is NOT listed in the text as one the auditor is likely to use to support the operating effectiveness of internal controls?
Perform analytical procedures on the client's accounting records
What is the purpose of control activities in an organization?
To ensure management's directives are implemented to mitigate risks
What is the significance of considering fraud risk in assessing risks to objectives?
Supports the selection and development of control activities
What does the deployment of control activities involve in an organization?
Establishing policies and procedures to put management's directives into action
How do control activities contribute to mitigating risks in an organization?
By selecting and developing control activities that support objectives achievement
What does an authorization signify in the context of control activities?
A validation of a transaction as a genuine economic event
Why is it essential for organizations to have control activities at various levels and stages within business processes?
To ensure that management's directives are carried out to mitigate risks
Which of the following is NOT one of the main categories of computer controls mentioned in the text?
Network Controls
What is the primary purpose of Input Controls?
To ensure accurate and authorized data entry into the computer system
Which of the following is NOT a characteristic of effective Application Controls, according to the text?
They are designed to prevent unauthorized access to data files
What is the purpose of Segregation of Duties, as mentioned in the text?
To enforce formal standards, rules, and procedures for general controls
What is the primary function of Computer Operations Controls?
To apply to the work of the computer department and ensure that programmed procedures are consistently and correctly applied
Which type of controls are responsible for ensuring that computer hardware is physically secure and checking for equipment malfunction?
Hardware Controls
What is the primary purpose of supervisory controls?
To assess whether other transaction control activities are being performed correctly
Which of the following is an example of a physical control activity?
Periodically counting and reconciling physical inventory
What is the purpose of an entity's accounting information and communication system?
To initiate, record, process, and report transactions, and maintain accountability for assets
Which principle relates to the communication of information within an organization?
Principle 14: The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control.
What is the primary source of information used by management to support internal control?
Both internal and external sources
Which of the following is NOT a transaction control activity mentioned in the text?
Risk assessments
What is the primary reason that input errors can lead to output errors in IT systems?
A large portion of errors in IT systems result from data entry errors
Which of the following is NOT a common example of a data entry control?
Batch total check
Which of the following processing controls is used to ensure that data are complete and accurate during updating?
All of the above
What is the purpose of a $hash total$ in data entry controls?
To create a summary total of codes from all records in a batch that do not represent a meaningful total
What is the purpose of a $financial total$ in data entry controls?
To create a summary total of field amounts for all records in a batch that represent a meaningful total such as dollars or amounts
Study Notes
Internal Control Components
- The organization identifies risks to the achievement of its objectives across the entity and analyzes risks to determine how to manage them.
- The organization considers the potential for fraud in assessing risks to the achievement of objectives.
Control Activities
- Control activities are actions established through policies and procedures to ensure management's directives to mitigate risks are carried out.
- Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment.
- The organization selects and develops control activities that contribute to mitigating risks to acceptable levels.
- The organization selects and develops general control activities over technology to support the achievement of objectives.
Types of Control Activities
- Authorizations and approvals: an authorization affirms that a transaction is valid, representing an actual economic event.
- Other types of control activities include:
- Reasonableness checks
- Format checks
- Existence checks
- Financial totals
- Hash totals
- Record counts
Processing Controls
- Establish that data are complete and accurate during updating.
- Major processing controls include:
- Run control totals
- Computer matching
- Programmed edit checks
Software, Hardware, and Computer Operations Controls
- Software controls monitor the use of system software and prevent unauthorized access.
- Hardware controls ensure physical security and check for equipment malfunction.
- Computer operations controls ensure programmed procedures are consistently and correctly applied.
Data Security Controls and Administrative Controls
- Data security controls ensure valuable business data files are not subject to unauthorized access, change, or destruction.
- Administrative controls formalize standards, rules, procedures, and control disciplines to ensure proper execution and enforcement of internal controls.
Application Controls
- Application controls are specific to each computerized application, such as payroll, accounts receivable, and order processing.
- Application controls consist of both controls applied from the user functional area and from programmed procedures.
- Application controls fall into three categories: Input, Processing, and Output.
Information and Communication
- The organization obtains or generates and uses relevant and quality information from both internal and external sources to support internal control.
- The purpose of an accounting information and communication system is to initiate, record, process, and report transactions and maintain accountability for assets.
- Principles relating to information and communication:
- The organization obtains or generates and uses relevant, quality information.
- The organization internally communicates information necessary to support internal control.
Test your knowledge on how organizations identify risks, analyze them, consider fraud potential, and assess changes impacting internal control systems. Explore control activities through policies and procedures that support management's directives.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
