Internal Control and Risk Management Quiz

Questions and Answers

What is the most likely reason the auditor would use to reconsider the assessed control risk?

The tests of controls indicate the controls did not operate effectively (correct)

The tests of controls indicate the controls operated effectively

The auditor wants to apply more extensive tests of controls

The preliminary assessed control risk was too high

Which of the following procedures would the auditor most likely use to support the operating effectiveness of internal controls?

Inspect the client's physical assets

Perform analytical procedures

Examine documents, records, and reports (correct)

Inquire about the client's accounting policies

How does the extent of tests of controls applied by the auditor depend on the preliminary assessed control risk?

The extent of tests of controls is determined solely by the results of the tests of controls

The lower the preliminary assessed control risk, the more extensive the tests of controls (correct)

The extent of tests of controls is independent of the preliminary assessed control risk

The higher the preliminary assessed control risk, the more extensive the tests of controls

What is the primary purpose of the auditor using the control risk assessment and results of tests of controls?

To determine the nature and extent of substantive procedures

Which of the following procedures is NOT listed in the text as one the auditor is likely to use to support the operating effectiveness of internal controls?

Perform analytical procedures on the client's accounting records

What is the purpose of control activities in an organization?

To ensure management's directives are implemented to mitigate risks

What is the significance of considering fraud risk in assessing risks to objectives?

Supports the selection and development of control activities

What does the deployment of control activities involve in an organization?

Establishing policies and procedures to put management's directives into action

How do control activities contribute to mitigating risks in an organization?

By selecting and developing control activities that support objectives achievement

What does an authorization signify in the context of control activities?

A validation of a transaction as a genuine economic event

Why is it essential for organizations to have control activities at various levels and stages within business processes?

To ensure that management's directives are carried out to mitigate risks

Which of the following is NOT one of the main categories of computer controls mentioned in the text?

Network Controls

What is the primary purpose of Input Controls?

To ensure accurate and authorized data entry into the computer system

Which of the following is NOT a characteristic of effective Application Controls, according to the text?

They are designed to prevent unauthorized access to data files

What is the purpose of Segregation of Duties, as mentioned in the text?

To enforce formal standards, rules, and procedures for general controls

What is the primary function of Computer Operations Controls?

To apply to the work of the computer department and ensure that programmed procedures are consistently and correctly applied

Which type of controls are responsible for ensuring that computer hardware is physically secure and checking for equipment malfunction?

Hardware Controls

What is the primary purpose of supervisory controls?

To assess whether other transaction control activities are being performed correctly

Which of the following is an example of a physical control activity?

Periodically counting and reconciling physical inventory

What is the purpose of an entity's accounting information and communication system?

To initiate, record, process, and report transactions, and maintain accountability for assets

Which principle relates to the communication of information within an organization?

Principle 14: The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control.

What is the primary source of information used by management to support internal control?

Both internal and external sources

Which of the following is NOT a transaction control activity mentioned in the text?

Risk assessments

What is the primary reason that input errors can lead to output errors in IT systems?

A large portion of errors in IT systems result from data entry errors

Which of the following is NOT a common example of a data entry control?

Batch total check

Which of the following processing controls is used to ensure that data are complete and accurate during updating?

All of the above

What is the purpose of a $hash total$ in data entry controls?

To create a summary total of codes from all records in a batch that do not represent a meaningful total

What is the purpose of a $financial total$ in data entry controls?

To create a summary total of field amounts for all records in a batch that represent a meaningful total such as dollars or amounts

Study Notes

Internal Control Components

• The organization identifies risks to the achievement of its objectives across the entity and analyzes risks to determine how to manage them.
• The organization considers the potential for fraud in assessing risks to the achievement of objectives.

Control Activities

• Control activities are actions established through policies and procedures to ensure management's directives to mitigate risks are carried out.
• Control activities are performed at all levels of the entity, at various stages within business processes, and over the technology environment.
• The organization selects and develops control activities that contribute to mitigating risks to acceptable levels.
• The organization selects and develops general control activities over technology to support the achievement of objectives.

Types of Control Activities

• Authorizations and approvals: an authorization affirms that a transaction is valid, representing an actual economic event.
• Other types of control activities include:
  • Reasonableness checks
  • Format checks
  • Existence checks
  • Financial totals
  • Hash totals
  • Record counts

Processing Controls

• Establish that data are complete and accurate during updating.
• Major processing controls include:
  • Run control totals
  • Computer matching
  • Programmed edit checks

Software, Hardware, and Computer Operations Controls

• Software controls monitor the use of system software and prevent unauthorized access.
• Hardware controls ensure physical security and check for equipment malfunction.
• Computer operations controls ensure programmed procedures are consistently and correctly applied.

Data Security Controls and Administrative Controls

• Data security controls ensure valuable business data files are not subject to unauthorized access, change, or destruction.
• Administrative controls formalize standards, rules, procedures, and control disciplines to ensure proper execution and enforcement of internal controls.

Application Controls

• Application controls are specific to each computerized application, such as payroll, accounts receivable, and order processing.
• Application controls consist of both controls applied from the user functional area and from programmed procedures.
• Application controls fall into three categories: Input, Processing, and Output.

Information and Communication

• The organization obtains or generates and uses relevant and quality information from both internal and external sources to support internal control.
• The purpose of an accounting information and communication system is to initiate, record, process, and report transactions and maintain accountability for assets.
• Principles relating to information and communication:
  • The organization obtains or generates and uses relevant, quality information.
  • The organization internally communicates information necessary to support internal control.

Description

Test your knowledge on how organizations identify risks, analyze them, consider fraud potential, and assess changes impacting internal control systems. Explore control activities through policies and procedures that support management's directives.