Auditing and Assurance Services An Integrated Approach 13th Edition by Arens

$25.00

Category:

Description

INSTANT DOWNLOAD WITH ANSWERS
Auditing and Assurance Services An Integrated Approach 13th Edition by Arens

Chapter 2

 

Multiple-Choice Questions

 

 

1. Which one of the following is not one of the three General Standards?
easy a.      Proper planning and supervision.
a b.      Independence of mental attitude.
  c.       Adequate training and proficiency.
  d.      Due professional care.
   
2. Which one of the following is not a Field Work Standard?
easy a.      Adequate planning and supervision.
b b.      Due professional care.
  c.       Understand the entity and its environment including internal control.
  d.      Sufficient appropriate audit evidence.
   
3. The General Standards stress the importance of:
easy a.      evidence accumulation.
b b.      personal qualities the auditor should possess.
  c.       communicating the auditor’s findings to the reader.
  d.      general supervision of the audit.
   
4.

easy

The generally accepted auditing standard that requires “Adequate technical training and proficiency” is normally interpreted as requiring the auditor to have:
a a.      formal education in auditing and accounting.
  b.      worked for an entity similar to the entity being audited.
  c.       independence in mental attitude
  d.      a graduate degree in a business field.
   
5. (SOX)

 

Members of the Public Company Accounting Oversight Board are appointed and overseen by:
easy a.      the U.S. Congress.
d b.      the American Institute of Certified Public Accountants.
  c.       the Auditing Standards Board.
  d.      the Securities and Exchange Commission.
   
6.

easy

Statements on Auditing Standards provide auditors of privately held companies with ______ guidance regarding the conduct of financial statement audits.
b a.      fairly extensive
  b.      some limited
  c.       practically no
  d.      specific and detailed
   

 

 

7.

easy

Which of the following statements most accurately captures the intent of the standards of field work?
c a.      Field work standards are primarily concerned with personal attributes necessary during the conduct of the audit.
  b.      Field work standards provide extensive guidance regarding the conduct of an audit.
  c.       Field work standards are primarily directed at the auditor’s planning, understanding of internal control, and evidence accumulation.
  d.      Field work standards are primarily concerned with the conduct of substantive testing as opposed to testing of internal controls.
   
8. (SOX)

easy

Prior to the passage of the Sarbanes-Oxley Act, which of the following was responsible for establishing auditing standards?
c a.      Securities and Exchange Commission
  b.      Public Company Accounting Oversight Board
  c.       Auditing Standards Board
  d.      National Association of Accounting
   
9. (SOX)

medium

Standards issued by the Public Company Accounting Oversight Board must be followed by CPAs who audit:
b a.      both private and public companies.
  b.      public companies only.
  c.       private companies, public companies, and nonprofit entities.
  d.      private companies only.
   
10. Which of the following is the least likely form of business for a CPA firm?
medium a.      General partnership
b b.      General corporation
  c.       Limited liability company
  d.      Limited liability partnership
   
11. The Statements on Auditing Standards issued by the Auditing Standards Board:
medium a.      are interpretations of generally accepted auditing standards.
a b.      are the equivalent of laws for audit practitioners.
  c.       must be followed in all situations.
  d.      are optional guidelines which an auditor may choose to follow or not follow when   conducting an audit.
   
12. An auditor need not abide by a particular auditing standard if the auditor believes that:
medium a.      the issue in question is immaterial in amount.
a b.      more expertise is needed to fulfill the requirement.
  c.       the requirement of the standard has not been addressed by the PCAOB.
  d.      any of the above three are correct.
   
13. (SOX) The Public Company Accounting Oversight Board does not:
medium a.      perform inspections of the quality controls at audit firms that audit public companies.
b b.      establish auditing standards that must be followed by CPAs on all audits.
  c.       oversee auditors of public companies.
  d.      perform any of the above functions.
   
14.

medium

The form that must be completed and filed with the Securities and Exchange Commission whenever a company experiences a significant event that is of interest to public investors is the:
b a.      Form S-1.
  b.      Form 8-K.
  c.       Form 10-K.
  d.      Form 10-Q.
   
15.

medium

The form that must be filed with the Securities and Exchange Commission whenever a company plans to issue new securities to the public is the:
a a.      Form S-1.
  b.      Form 8-K.
  c.       Form 10-K.
  d.      Form 10-Q.
   
16.

medium

The third general standard states that due care is to be exercised in the performance of an audit. This standard is generally interpreted to require:
c a.      objective review of the adequacy of the technical training of firm personnel.
  b.      thorough review of the existing internal control structure.
  c.       critical review of work done at every level of supervision.
  d.      periodic review of a CPA firm’s quality control procedures.
   
17. (SOX)

medium

Assume the Public Company Accounting Oversight Board (PCAOB) identifies a violation during its inspection of a registered accounting firm.
d a.      The PCAOB may not enforce some disciplinary action against the accounting firm.
  b.      The PCAOB may not report the matter to the Securities and Exchange Commission.
  c.       The PCAOB may not report the matter to the appropriate state accountancy board
  d.      The PCAOB may not suspend the license to practice of the CPA guilty of the violation.
   
18.

medium

Which of the following statements best describes the primary purpose of Statements on Auditing Standards?
d a.    They are guides intended to set forth auditing procedures that are applicable to a variety of situations.
  b.    They are procedural outlines that are intended to narrow the areas of inconsistency and divergence of auditor opinion.
  c.     They are authoritative statements, enforced through the Code of Professional Conduct, and are intended to limit the degree of auditor judgment.
  d.    They are interpretations that are intended to clarify the meaning of “generally accepted auditing standards.”
   
19. Statements on Standards for Accounting and Review Services are issued by the:
medium a.      Accounting and Review Services Committee.
a b.      Professional Ethics Executive Committee.
  c.       Securities and Exchange Commission.
  d.      Financial Accounting Standards Board.
   
20. Consulting Standards are issued by the:
medium a.      Accounting and Review Services Committee.
c b.      Securities and Exchange Commission.
  c.       Management Consulting Services Executive Committee.
  d.      Financial Accounting Standards Board.
   
21.

medium

The auditor’s judgment concerning the overall fairness of presentation of financial position, results of operations, and changes in cash flow is applied within the framework of:
d a.      quality control.
  b.      generally accepted auditing standards which include the concept of materiality.
  c.       the auditor’s evaluation of the audited company’s internal control.
  d.      generally accepted accounting principles.
   
22.

medium

A basic objective of a CPA firm is to provide professional services to conform to professional standards. Reasonable assurance of achieving this basic objective is provided through:
c a.      continuing professional education.
  b.      compliance with generally accepted reporting standards.
  c.       a system of quality control.
  d.      a system of peer review.
   
23.

medium

Within the context of quality control, the primary purpose of continuing professional education and training activities is to enable a CPA firm to provide its personnel with:
c a.      technical training that assures proficiency as a valuation expert.
  b.      professional education that is required in order to perform with due professional care.
  c.       knowledge required to fulfill assigned responsibilities.
  d.      knowledge required to perform a peer review.
   
24.

medium

Williams & Co., a member of the Private Companies Practice Section, is to have a “peer review.” The peer review can be performed by:
d a.      a CPA firm selected by Williams & Co.
  b.      a review team selected by the state society.
  c.       internal auditors.
  d.      either a or b.
   
25.

medium

a

Hansen Corporation’s stock is listed on a national stock exchange and registered with the Securities and Exchange Commission. Hansen’s management hires a CPA to perform an independent audit of Hansen’s financial statements. The primary objective of this audit is to provide assurance to the:
  a.      investors in Hansen Corporation’s stock.
  b.      stock exchange.
  c.       Securities and Exchange Commission.
  d.      management of Hansen Corporation.
   
26. Which of the following is not an essential component of quality control?
medium

a

a.      Policies and procedures to ensure that firm personnel are actively engaged in marketing   strategies.
  b.      Policies and procedures to ensure that the work performed by firm personnel meet   applicable professional standards.
  c.       Policies to ensure that personnel maintain their independence in fact and in appearance.
  d.      Policies that ensure that monitoring activities are effectively applied.
   
27. Which of the following is true regarding the AICPA-approved practice monitoring programs?
challenging a.      The Center for Public Company Audit Firms does not offer a peer review program.
c b.      Firms registered with the PCAOB must not enroll in an AICPA-approved practice           monitoring program.
  c.       Public accounting firms must be enrolled in an AICPA-approved practice monitoring           program for members in the firm to be eligible for membership in the AICPA.
  d.      The AICPA peer review program is administered through the SEC.
   
28.

challenging

c

Which of the following statements is true as it relates to limited liability partnerships?

a.      Only senior partners are liable for the partnership’s debts.

b.      Partners have no liability in a limited liability partnership arrangement.

c.       Partners are personally liable for the acts of those under their supervision.

d.      All partners must be AICPA members.

 

29. (SOX)

challenging

If an auditor of a public company cannot find guidance issued by the PCAOB on a particular audit matter, the auditor should generally seek guidance from which of the following sources?
a a.      Statements on Auditing Standards.
  b.      Statements on Standards for Accounting and Review Services.
  c.       Regulations issued by the Securities and Exchange Commission.
  d.      The AICPA Code of Professional Conduct.
   
30. The SEC requirements of greatest interest to CPAs are set forth in the SEC’s:
challenging a.      Regulation S-X and Accounting Series Releases.
a b.      S-1 through S-16 forms.
  c.       Director’s newsletter.
  d.      Forms 8-K, 10-K, and 10-Q.
   
31.

challenging

The AICPA has authority to establish standards and rules in all but which of the following areas?
d a.      Auditing standards applicable to financial statements of private companies.
  b.      Compilation and review standards.
  c.       Professional conduct.
  d.      Auditing standards applicable to financial statements of private and public companies.
   
32.

challenging

Generally Accepted Auditing Standards (GAAS) and Statements on Auditing Standards (SAS) should be looked upon by practitioners as:
c a.      ideals to work towards, but which are not achievable.
  b.      maximum standards that denote excellent work.
  c.       minimum standards of performance that must be achieved on each audit engagement.
  d.      benchmarks to be used on all audits, reviews, and compilations.
   
33.

challenging

Which one of the following is not a requirement for belonging to the Private Companies Practice Section of the American Institute of Certified Public Accountants?
c a.      Adherence to quality control standards.
  b.      Mandatory peer review.
  c.       Partner rotation after a period of ten consecutive years.
  d.      Continuing education.
   
34. Statements on Auditing Standards issued by the AICPA’s Auditing Standards Board are:
challenging

b

a.      part of the generally accepted auditing standards under the AICPA Code of Professional Conduct.
  b.      interpretations of generally accepted auditing standards and departures from such statements must be justified.
  c.       interpretations of generally accepted auditing standards and such standards must be followed in every engagement.
  d.      generally accepted auditing procedures that are not covered by the AICPA Code of Professional Conduct.
   

 

Essay Questions

 

35.

easy

Distinguish between generally accepted auditing standards (GAAS) and generally accepted accounting principles (GAAP). What professional organization establishes GAAS? What professional organization establishes GAAP?

 

  Answer:

Generally accepted auditing standards are general guidelines to help auditors meet their professional responsibilities in the audit of historical financial statements. They are considered to be the minimum standards of performance for auditors to follow and are established by the Auditing Standards Board of the American Institute of Certified Public Accountants for private companies and by the Public Company Accounting Oversight Board for public companies. Generally accepted accounting principles are the guidelines which an entity’s management normally follows when preparing historical financial statements. GAAP is established by the Financial Accounting Standards Board.

 

 

36.

easy

Discuss the relationship between quality control and generally accepted auditing standards.

 

  Answer:

For a CPA firm, quality control encompasses the methods used to make sure that the firm meets its professional responsibilities to clients. Quality control is closely related to, but distinct from, GAAS. A CPA firm must make sure that GAAS are followed on every audit. Quality controls are the procedures used by the CPA firm that help it meet requirements demanded by GAAS on every engagement in a consistent manner.

 

 

37.

easy

Describe the various staff levels and responsibilities of a typical public accounting firm.

 

  Answer:

·         Staff assistant – Staff assistants, or staff accountants, perform most of the detailed audit work.

·         Senior or In-charge auditor – Seniors coordinate and are responsible for the audit field work, including the supervision and review of staff assistants’ work.

·         Manager – Managers assist the senior plan and manage the audit, review the senior’s work, and manages relations with the client. A manager may be responsible for multiple engagements at the same time.

·         Partner – Partners review the overall audit work and they are involved in all significant audit decisions. As owners of the firm, partners are ultimately responsible for conducting the audit and serving the client.

 

38.

medium

Discuss the five elements of quality control. Who establishes the standards for quality control?

 

  Answer:

·         Independence, integrity and objectivity – Personnel on engagement should maintain independence in fact and in appearance, perform all professional responsibilities with integrity and maintain objectivity in performing their professional responsibilities.

·         Personnel management – Policies and procedures should be established to provide the firm with reasonable assurance that all new personnel are qualified to perform their work, work is assigned to personnel who have adequate training, and personnel should participate in continuing professional education.

·         Acceptance and continuation of clients and engagements – Policies and procedures should be established for deciding whether to accept or continue a client relationship. These policies should minimize the risk of associating with a client whose management lacks integrity.

·         Engagement performance – Policies and procedures should exist to ensure that engagement personnel perform work that meets applicable professional standards and the firm’s standards of quality.

·         Monitoring – Policies and procedures should exist to ensure that the other four quality control elements are being effectively applied.

 

Quality control standards are established by the Auditing Standards Board for auditors of private companies and by the Public Company Accounting Oversight Board for auditors of public companies.

 

39.

medium

Describe the six organizational structures available to CPA firms.

 

  Answer:

CPA firms can take one of six organizational forms:

·         Proprietorship. This form is limited to firms with only one owner.

·         General partnership. This form is similar to a proprietorship, except that it applies to multiple owners.

·         General corporation. Unlike a general partnership, shareholders in a general corporation are liable only to the extent of their investment in the corporation.

·         Professional corporation. Professional corporations can have one or more shareholders. Personal liability protection for shareholders in professional corporations varies widely from state to state.

·         Limited liability company. This form combines the most favorable attributes of a general corporation and a general partnership. LLCs are taxed like a general partnership, but its owners have limited personal liability like shareholders of a general corporation.

·         Limited liability partnership. An LLP is structured and taxed like a general partnership. However, the personal liability protection of an LLP is less than that of a general corporation or an LLC, but it is greater than a general partnership. Many accounting firms now operate as LLPs.

 

 

40.

medium

There are ten generally accepted auditing standards, divided into three categories. List, by category, each of these ten standards.

 

  Answer:

General Standards

·         Adequate technical training and proficiency.

·         Independence in mental attitude.

·         Due professional care.

 

Standards of Fieldwork

·         Adequate planning and supervision.

·         Understand the entity and its environment including internal control.

·         Sufficient appropriate audit evidence.

 

Standards of Reporting

·         Whether statements were prepared in accordance with GAAP.

·         Circumstances when GAAP was not consistently followed.

·         Adequacy of informative disclosures.

·         Expression of opinion on financial statements as a whole.

 

 

41.

medium

In the context of auditing, explain what is meant by an independent mental attitude. Discuss how internal auditors can have an independent mental attitude when they are employed by the company they audit.

 

  Answer:

Independent mental attitude refers to a state of mind in which the CPA is totally unbiased with respect to the client and the financial information under audit.

Although internal auditors are employees of the organization for which their audits are performed, internal auditors should be independent of the function being examined and should report their findings to a level high enough in the organization to allow the auditor to be free from influence by the party, or parties, being examined.

 

 

42. (SOX)

medium

The Sarbanes-Oxley Act established the Public Company Accounting Oversight Board (PCAOB). What are the PCAOB’s primary functions? Who performed these functions prior to the PCAOB?

 

  Answer:

The PCAOB has responsibility for providing oversight auditors of public companies, establishing auditing and quality control standards for public company audits and performing inspections of the quality controls at audit firms performing those audits. These functions were formerly the responsibility of the American Institute of Certified Public Accountants.

 

 

 

 

43.

challenging

What are four of the major functions of the AICPA?

 

  Answer:

Major functions of the AICPA include:

·         Establishing standards and rules that practicing CPAs must follow. These standards consist of auditing standards for auditors of private companies, compilation and review standards, other attestation standards, and the Code of Professional Conduct.

·         Research and publication. AICPA publications include the Journal of Accountancy, industry audit guides, periodic updates of the Codification of Statements on Auditing Standards, and the Code of Professional Conduct.

·         Promoting the accounting profession.

·         Developing specialist certifications.

·         Writing and grading the uniform CPA examination.

·         Providing continuing education seminars for its members.

 

 

44.

challenging

Discuss the purpose of the Securities and Exchange Commission and its influence on setting generally accepted accounting principles.

 

  Answer:

The overall purpose of the SEC is to assist in providing investors with reliable information upon which to make investment decisions. As a result of its authority for specifying financial reporting requirements, the SEC has considerable influence in setting generally accepted accounting principles. Although the SEC has taken the position that accounting principles should be set by the profession (FASB), the SEC’s opinion is generally considered in any major change in GAAP proposed by the FASB.

 

 

45.

challenging

The purpose of the AICPA’s CPA Vision Project is to help CPAs make sense of our changing and complex world. The Project has identified core values that CPAs must be aware of in the future. What are the top five core values?

 

  Answer:

·         Continuing education and lifelong learning

·         Competence

·         Integrity

·         Attuned to broad business issues

·         Objectivity

 

 

Other Objective Answer Format Questions

 

46.

easy

b

Membership in the AICPA is restricted to CPAs who are currently practicing as independent auditors.

a.      True

b.      False

 

47.

easy

b

Membership in the AICPA is mandatory for all licensed practicing CPAs.

a.      True

b.      False

 

48.

easy

a

Any public accounting firm can be a member of the AICPA if the firm meets the membership requirements.

a.      True

b.      False

 

49.

easy

b

Statements on Auditing Standards (SASs) are issued by the Public Company Accounting Oversight Board.

a.      True

b.      False

 

50. (SOX)

easy

b

Auditors of public companies should, in the absence of guidance issued by the PCAOB, follow auditing standards issued by the SEC.

a.      True

b.      False

 

51. (SOX)

medium

b

The U.S. Congress has oversight responsibility for the PCAOB.

a.      True

b.      False

 

52.

medium

b

Form 10-K must be filed with the SEC whenever a public company experiences a significant event.

a.      True

b.      False

 

53.

medium

b

In a limited liability partnership, partners are personally liable for liabilities arising from negligent acts of other partners, but not for liabilities arising from acts of other employees.

a.      True

b.      False

 

54.

medium

a

Limited liability companies are structured and taxed like a general partnership, but their owners have limited personal liability similar to that of a general corporation.

a.      True

b.      False

 

55. (SOX)

medium

b

All CPA firms registered with the PCAOB are required to undergo a peer review at least once every two years.

a.      True

b.      False

 

56.

medium

a

Statements on Auditing Standards (SASs) are considered to be interpretations of the ten generally accepted auditing standards.

a.      True

b.      False

 

57. (SOX)

medium

a

Any CPA firm that audits more than 100 public companies is required to have an annual inspection by the PCAOB.

a.      True

b.      False

 

58.

medium

a

The overall purpose of the Securities and Exchange Commission is to assist in providing investors with reliable information upon which to make investment decisions.

a.      True

b.      False

 

59.

medium

a

International Standards on Auditing are issued by the International Auditing Practices Committee.

a.      True

b.      False

 

Chapter 12

 

Multiple-Choice Questions

 

1.

easy

IT has several significant effects on an organization. Which of the following would not be important from an auditing perspective?
d a.      Organizational changes.
  b.      The visibility of information.
  c.       The potential for material misstatement.
  d.      None of the above; i.e., they are all important.
   
2.

easy

The audit procedure which is least useful in gathering evidence on significant computer processes is:
b a.      documentation.
  b.      observation.
  c.       test decks.
  d.      generalized audit software.
   
3. Which of the following is not a benefit of using IT-based controls?
easy a.      Ability to process large volumes of transactions.
d b.      Ability to replace manual controls with computer-based controls.
  c.       Reduction in misstatements due to consistent processing of transactions.
  d.      Over-reliance on computer-generated reports.
   
4.

easy

One significant risk related to an automated environment is that auditors may ____ information provided by an information system.
b a.      not place enough reliance on
  b.      place too much reliance on
  c.       reveal
  d.      not understand
   
5. Which of the following is not a risk specific to IT environments?
easy a.      Reliance on the functioning capabilities of hardware and software.
b b.      Increased human involvement.
  c.       Loss of data due to insufficient backup.
  d.      Reduced segregation of duties.
   
6.

easy

Which of the following is not an enhancement to internal control that will occur as a consequence of increased reliance on IT?
d a.      Computer controls replace manual controls.
  b.      Higher quality information is available.
  c.       Computer-based controls provide opportunities to enhance separation of duties.
  d.      Manual controls replace automated controls.
   
7. Which of the following is not a risk to IT systems?
easy a.      Need for IT experienced staff
c b.      Separation of IT duties from accounting functions
  c.       Improved audit trail
  d.      Hardware and data vulnerability
   
8. Which of the following is not a category of an application control?
easy a.      Processing controls.
c b.      Output controls.
  c.       Hardware controls.
  d.      Input controls.
   
9. Old and new systems operating simultaneously in all locations is a test approach known as:
easy a.      pilot testing.
d b.      horizontal testing.
  c.       integrative testing.
  d.      parallel testing.
   
10.

easy

a

When the client uses a computer but the auditor chooses to use only the non-IT segment of internal control to assess control risk, it is referred to as auditing around the computer. Which one of the following conditions need not be present to audit around the computer?
  a.      Computer programs must be available in English.
  b.      The source documents must be available in a non-machine language.
  c.       The documents must be filed in a manner that makes it possible to locate them.
  d.      The output must be listed in sufficient detail to enable the auditor to trace individual           transactions.
   
11. Which of the following is a category of general controls?
easy a.      Processing controls.
c b.      Output controls.
  c.       Physical and online security.
  d.      Input controls.
   
12. Which of the following statements related to application controls is correct?
easy

d

a.      Application controls relate to various aspects of the IT function including software acquisition and the processing of transactions.
  b.      Application controls relate to various aspects of the IT function including physical security and the processing of transactions in various cycles.
  c.       Application controls relate to all aspects of the IT function.
  d.      Application controls relate to the processing of individual transactions.
   
13. General controls include all of the following except:
easy a.      systems development.
c b.      online security.
  c.       processing controls.
  d.      hardware controls.
   
14.

easy

Predesigned formats, such as those used for audit documentation, can be created and saved using electronic spreadsheets and word processors. These are called:
b a.      desktop publishing.
  b.      templates.
  c.       macros.
  d.      work files.
   
15.

easy

______ involves implementing a new system in one part of the organization, while other locations continue to use the current system.
c a.      Parallel testing
  b.      Online testing
  c.       Pilot testing
  d.      Control testing
   
16. To determine that user ID and password controls are functioning, an auditor would most likely:
easy a.      attempt to sign on to the system using invalid user identifications and passwords.
a b.      write a computer program that simulates the logic of the client’s access control software.
  c.       extract a random sample of processed transactions and ensure that the transactions were           appropriately authorized.
  d.      examine statements signed by employees stating that they have not divulged their user identifications and passwords to any other person.
   
17.

easy

When IT programs or files can be accessed from terminals, users should be required to enter a(n):
d a.      echo check.
  b.      parity check.
  c.       self-diagnosis test.
  d.      authorized password.
   
18. An auditor’s flowchart of a client’s system is a graphical representation that depicts the auditor’s:
easy a.      program for tests of controls.
b b.      understanding of the system.
  c.       understanding of the types of errors that are probable given the present system.
  d.      documentation of the study and evaluation of the system.
   
19. Which of the following is not a characteristic of an online processing system?
medium a.      Output of the data files is available on request.
d b.      Master files are updated at the time the entry is made.
  c.       Display terminals are used for both input and output purposes.
  d.      Programming is not allowed online and must be done separately.
   
20. Typical controls developed for manual systems which are still important in IT systems include:
medium a.      proper authorization of transactions.
d b.      competent and honest personnel.
  c.       careful and complete preparation of source documents.
  d.      all of the above.
   
21. ______ controls prevent and detect errors while transaction data are processed.
medium a.      Software
c b.      Application
  c.       Processing
  d.      Transaction
   
22. A database management system:
medium a.      physically stores each element of data only once.
a b.      stores data on different files for different purposes, but always knows where they are and           how to retrieve them.
  c.       allows quick retrieval of data but at a cost of inefficient use of file space.
  d.      allows quick retrieval of data, but it needs to update files continually.
   
23. Which of the following is not associated with converting from a manual to an IT system?
medium a.      It usually centralizes data.
d b.      It permits higher quality and more consistent controls over operations.
  c.       It may eliminate the control provided by division of duties of independent persons who           perform related functions and compare results.
  d.      It may take the recordkeeping function and the document preparation function away from       those who have custody of assets and put those functions into the IT center.
   
24. Which of the following statements about general controls is not correct?
medium a.      Disaster recovery plans should identify alternative hardware to process company data.
d b.      Successful IT development efforts require the involvement of IT and non-IT personnel.
  c.       The chief information officer should report to senior management and the board.
  d.      Programmers should have access to computer operations to aid users in resolving           problems.
   
25. Which of the following statements is correct?
medium a.      Auditors should evaluate application controls before evaluating general controls.
c b.      Auditors should evaluate application controls and general controls simultaneously.
  c.       Auditors should evaluate general controls before evaluating application controls.
  d.      None of these statements is correct.
   
26. An important characteristic of IT is uniformity of processing. Therefore, a risk exists that:
medium a.      auditors will not be able to access data quickly.
c b.      auditors will not be able to determine if data is processed consistently.
  c.       erroneous processing can result in the accumulation of a great number of misstatements in      a short period of time.
  d.      all of the above.
   
27.

medium

Auditors should evaluate the ________ before evaluating application controls because of the potential for pervasive effects.
d a.      input controls
  b.      control environment
  c.       processing controls
  d.      general controls
28. A control that relates to all parts of the IT system is called a(n):
medium a.      general control.
a b.      systems control.
  c.       universal control.
  d.      applications control.
   
29. Controls which apply to a specific element of the system are called:
medium a.      user controls.
d b.      general controls.
  c.       systems controls.
  d.      applications controls.
   
30. Which of the following is not an example of an applications control?
medium a.      An equipment failure causes system downtime.
a b.      There is a preprocessing authorization of the sales transactions.
  c.       There are reasonableness tests for the unit selling price of a sale.
  d.      After processing, all sales transactions are reviewed by the sales department.
   
31.

medium

Which of the following is least likely to be used in obtaining an understanding of client general controls?
c a.      Examination of system documentation
  b.      Inquiry of client personnel (e.g., key users)
  c.       Observation of transaction processing
  d.      Reviews of questionnaires completed by client IT personnel
   
32. Which of the following is not a general control?
medium a.      Reasonableness test for unit selling price of a sale.
a b.      Equipment failure causes error messages on monitor.
  c.       Separation of duties between programmer and operators.
  d.      Adequate program run instructions for operating the computer.
   
33. Controls which are built in by the manufacturer to detect equipment failure are called:
medium a.      input controls.
c b.      fail-safe controls.
  c.       hardware controls.
  d.      manufacturer’s controls.
   
34. Auditors usually evaluate the effectiveness of:
medium a.      hardware controls before general controls.
c b.      sales-cycle controls before application controls.
  c.       general controls before applications controls.
  d.      applications controls before the control environment.
   
35.

medium

Controls which are designed to assure that the information processed by the computer is authorized, complete, and accurate are called:
a a.      input controls.
  b.      processing controls.
  c.       output controls.
  d.      general controls.
   
36. Programmers should be allowed access to:
medium a.      user controls.
d b.      general controls.
  c.       systems controls.
  d.      applications controls.
   
37. Programmers should do all but which of the following?
medium a.      Test programs for proper performance.
b b.      Evaluate legitimacy of transaction data input.
  c.       Develop flowcharts for new applications.
  d.      Programmers should perform each of the above.
   
38. ______ tests determines that every field in a record has been completed.
medium a.      Validation
c b.      Sequence
  c.       Completeness
  d.      Programming
   
39. In an IT-intensive environment, most processing controls are:
medium a.      input controls.
c b.      operator controls.
  c.       programmed controls.
  d.      documentation controls.
   
40. Which of the following is not a processing control?
medium a.      Control totals.
c b.      Logic tests.
  c.       Check digits.
  d.      Computations tests.
   
41. Output controls are not designed to assure that data generated by the computer are:
medium a.      accurate.
d b.      distributed only to authorized people.
  c.       complete.
  d.      used appropriately by employees in making decisions.
   
42. Auditors usually obtain information about general and application controls through:
medium a.      interviews with IT personnel.
d b.      examination of systems documentation.
  c.       reading program change requests.
  d.      all of the above methods.
   
43. When auditors consider only non-IT controls in assessing control risk, it is known as:
medium a.      the single-stage audit.
c b.      the test deck approach.
  c.       auditing around the computer.
  d.      generalized audit software (GAS).
   
44.

medium

The auditor’s objective to determine whether the client’s computer programs can correctly handle valid and invalid transactions as they arise is accomplished through the:
a a.      test data approach.
  b.      generalized audit software approach.
  c.       microcomputer-aided auditing approach.
  d.      generally accepted auditing standards.
   
45.

medium

The audit approach in which the auditor runs his or her own program on a controlled basis to verify the client’s data recorded in a machine language is:
c a.      the test data approach.
  b.      called auditing around the computer.
  c.       the generalized audit software approach.
  d.      the microcomputer-aided auditing approach.
   
46.

medium

Which of the following is not one of the three categories of testing strategies when auditing through the computer?
a a.      Pilot simulation.
  b.      Test data approach.
  c.       Parallel simulation.
  d.      Embedded audit module.
   
47.

medium

d

Companies with non-complex IT environments often rely on microcomputers to perform accounting system functions. Which of the following is not an audit consideration in such an environment?
  a.      Limited reliance on automated controls.
  b.      Unauthorized access to master files.
  c.       Vulnerability to viruses and other risks.
  d.      Excess reliance on automated controls.
   
48. Internal control is ineffective when computer personnel:
medium a.      participate in computer software acquisition decisions.
c b.      design flowcharts and narratives for computerized systems.
  c.       originate changes in customer master files.
  d.      provide physical security over program files.
   
49. When using the test data approach:
medium a.      test data should include only exception conditions.
d b.      application programs tested must be virtually identical to those used by employees.
  c.       select data may remain in the client system after testing.
  d.      none of the above statements is correct.
   
50.

medium

Because general controls have a _____ effect on the operating effectiveness of application controls, auditors must consider general controls.
b a.      nominal
  b.      pervasive
  c.       mitigating
  d.      worsening
   
51. Errors in data processed in a batch computer system may not be detected immediately because:
medium a.      transaction trails in a batch system are available only for a limited period of time.
b b.      there are time delays in processing transactions in a batch system.
  c.       errors in some transactions cause rejection of other transactions in the batch.
  d.      random errors are more likely in a batch system than in an online system.

 

52. ______ link equipment in large geographic regions.
medium a.      Cosmopolitan area networks (CANs)
c b.      Local area networks (LANs)
  c.       Wide area networks (WANs)
  d.      Virtual area networks (VANs)
   
53.

medium

c

Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process?
  a.      Parallel simulation.
  b.      Generalized audit software programming.
  c.       Integrated test facility.
  d.      Test data approach.
   
54. Firewalls are used to protect:
medium a.      erroneous internal handling of data.
d b.      against insufficient documentation of transactions.
  c.       illogical programming commands.
  d.      unauthorized use of system resources.
   
55. In an IT system, automated equipment controls or hardware controls are designed to:
medium a.      correct errors in the computer programs.
c b.      monitor and detect errors in source documents.
  c.       detect and control errors arising from the use of equipment.
  d.      arrange data in a logical sequential manner for processing purposes.
   
56.

medium

If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll IT application?
b a.      Gross wages earned.
  b.      Employee numbers.
  c.       Total hours worked.
  d.      Total debit amounts and total credit amounts.
   
57. What tools do companies use to limit access to sensitive company data?
medium              
a   Encryption techniques   Digital signatures   Firewall  
  a. Yes   Yes   Yes
  b. Yes   No   No
  c. No   Yes   Yes
  d. Yes   Yes   No
   
58.

medium

Rather than maintain an internal IT center, many companies use ________ to perform many basic functions such as payroll.
b a.      external general service providers
  b.      external application service providers
  c.       internal control service providers
  d.      internal auditors
   
59.

medium

d

A company uses the account code 669 for maintenance expense. However, one of the company clerks often codes maintenance expense as 996. The highest account code in the system is 750. What internal control in the company’s computer program would detect this error?
  a.      Pre-data input check.
  b.      Valid-character test.
  c.       Sequence check.
  d.      Valid-code test.
   
60. Which of the following is not an application control?
challenging a.      Preprocessing authorization of sales transactions.
d b.      Reasonableness test for unit selling price of sale.
  c.       Post-processing review of sales transactions by the sales department.
  d.      Separation of duties between computer programmer and operators.
   
61.

challenging

d

It is common in IT systems to have certain types of transactions initiated automatically by the computer. Which of the following activities would not be an appropriate candidate for automatic computer initialization?
  a.      In a bank, periodic calculation of interest on customer accounts.
  b.      In a manufacturing facility ordering inventory at preset order levels.
  c.       In a hospital, the ordering of oxygen when pre-specified levels are achieved.
  d.      In an investment brokerage firm, the sale of pharmaceutical stocks when the Dow-Jones Industrial Average falls below a certain level.
   
62.

challenging

Application controls vary across the IT system. To gain an understanding of internal control for a private company, the auditor must evaluate the application controls for every:
d a.      every audit area.
  b.      every material audit area.
  c.       every audit area in which the client uses the computer.
  d.      every audit area where the auditor plans to reduce assessed control risk.
   
63.

challenging

Many clients have outsourced the IT functions. The difficulty the independent auditor faces when a computer service center is used is to:
c a.      gain the permission of the service center to review their work.
  b.      find compatible programs that will analyze the service center’s programs.
  c.       determine the adequacy of the service center’s internal controls.
  d.      try to abide by the Code of Professional Conduct to maintain the security and confidentiality of client’s data.
   
64.

challenging

An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as:
a a.      time tickets with invalid job numbers.
  b.      overtime not approved by supervisors.
  c.       deductions not authorized by employees.
  d.      payroll checks with unauthorized signatures.
   
65. Which of the following is not a general control?
challenging a.      The plan of organization and operation of IT activity.
c b.      Procedures for documenting, reviewing, and approving systems and programs.
  c.       Processing controls.
  d.      Hardware controls.
   
66.

challenging

In comparing (1) the adequacy of the hardware controls in the system with (2) the organization’s methods of handling the errors that the computer identifies, the independent auditor is:
c a.      unconcerned with both (1) and (2).
  b.      equally concerned with (1) and (2).
  c.       less concerned with (1) than with (2).
  d.      more concerned with (1) than with (2).
   

 

 

67. Service auditors do not issue which of the following types of reports?
challenging a.      Report on implemented controls
b b.      Report on controls that have been implemented and tested for design effectiveness
  c.       Report on controls that have been implemented and tested for operating effectiveness
  d.      Each of the above is issued.
   
68. The most important output control is:
challenging

b

a.      distribution control, which assures that only authorized personnel receive the reports generated by the system.
  b.      review of data for reasonableness by someone who knows what the output should look like.
  c.       control totals, which are used to verify that the computer’s results are correct.
  d.      logic tests, which verify that no mistakes were made in processing.
   

 

Essay Questions

 

69.

easy

Briefly define general controls and application controls.

 

  Answer:

General controls are those that relate to all aspects of the IT function. They include controls related to administration, software acquisition and maintenance, physical and on-line security, backup and disaster recovery planning, and hardware controls.  Application controls relate to the processing of individual transactions. Application controls are specific to certain software applications and typically do not affect all IT functions.

 

 

70.

easy

What are three specific risks to IT systems?
  Answer:

Three specific risks to IT systems include risks to hardware and data, a reduced audit trail,           and the need for IT experience and separation of IT duties.

 

 

71.

medium

Discuss how the integration of IT into accounting systems enhances internal control.

 

  Answer:

Enhancements to internal control resulting from the integration of IT into accounting systems include:

·         Computer controls replace manual controls. Replacing manual procedures with programmed controls that apply checks and balances to each processed transaction and that process information consistently can reduce human error that is likely to occur in traditional manual environments.

·         Higher quality information is available. IT systems typically provide management with more and higher quality information faster than most manual systems.

 

 

 

 

72

medium

Identify the three categories of application controls, and give one example of each.

 

  Answer:

Application controls fall into three categories:

·         Input controls. Key verification and check digits are examples of input controls.

·         Processing controls. One example is a reasonableness test for the unit selling price of a sale.

·         Output controls. One example is post-processing review of sales transactions by the sales department.

 

 

73.

medium

Discuss what is meant by the term “auditing around the computer.”

 

  Answer:

“Auditing around the computer” occurs when the auditor considers only the non-IT controls when assessing control risk. Under this approach, the auditor obtains an understanding of internal control and performs tests of controls, substantive tests of transactions, and account balance verification procedures in the same manner as in manual systems. However, there is no attempt to test, or rely on, the client’s IT controls.

 

 

74.

medium

Discuss the circumstances that must exist for the auditor to “audit around the computer.”

 

  Answer:

To “audit around the computer,” the following conditions must exist:

·         The source documents must be available in a form readable by a human.

·         The documents must be maintained in a manner that makes it possible to locate them for auditing purposes.

·         The output must be listed in sufficient detail to enable the auditor to trace individual transactions from the source documents to the output and vice versa.

If any of these conditions does not exist, the auditor will have to rely on computer-oriented controls.

 

 

75.

medium

Describe three computer auditing techniques available to the auditor.

 

  Answer:

Computer auditing techniques available to the auditor are:

·         Test data approach. Using this approach, the auditor develops different types of transactions that are processed under his or her own control using the client’s computer programs on the client’s IT equipment.

·         Parallel simulation. Using parallel simulation, the auditor writes a computer program that replicates some part of the client’s application system. The client’s data is then processed using the auditor’s computer program. The auditor then compares the output generated by his or her program with that generated by the client’s program to test the correctness of the client’s program. Generalized audit software may be used.

·         Embedded audit module. Using this approach, the auditor inserts an audit module in the client’s application system to capture transactions with characteristics that are of interest to the auditor.

 

 

 

 

76.

medium

What are the two software testing strategies that companies typically use?  Which strategy is more expensive?

 

  Answer:

Companies may use pilot testing and parallel testing to test new software.  Pilot testing involves operating the new software at a limited number of facilities, while continuing to operate the old software at all other locations.  Parallel testing involves operating the new and old software simultaneously.  Parallel testing is more expensive than pilot testing.

 

 

77.

medium

Discuss the advantages and benefits of using generalized audit software.

 

  Answer:

Advantages and benefits of using generalized audit software include:

·      they are developed in such a manner that most of the audit staff can be trained to use the program even if they have little formal IT education.

·      a single program can be applied to a wide range of tasks without having to incur the cost or inconvenience of developing individualized programs.

·      generalize audit software can perform tests much faster and in more detail than using traditional manual procedures.

 

 

78.

medium

Why do businesses use networks? Describe a local area network and a wide area network.

 

  Answer:

Networks are used to link equipment such as microcomputers, midrange computers, mainframes, work stations, servers, and printers. A local area network links equipment within a single or small cluster of buildings and is used only within a company. A wide area network links equipment in larger geographic regions, including global operations.

 

 

79.

medium

Discuss the four areas of responsibility under the IT function that should be segregated in large companies.

 

  Answer:

The responsibilities for IT management, systems development, operations, and data control should be separated:

·         IT Management. Oversight of the IT function should be segregated from the systems development, operations, and data control functions. Oversight of IT should be the responsibility of the Chief Information Officer or IT manager.

·         Systems development. Systems analysts are responsible for the overall design of each application system. Programmers develop, test, and document applications software. Programmers and analysts should not have access to input data or computer operations.

·         Operations. Computer operators are responsible for the day-to-day operations of the computer.

·         Data control. Data control personnel independently verify the quality of input and the reasonableness of output.

 

 

 

 

80.

challenging

What types of reports may be issued by a service organization auditor? Which of these is likely to be used by an auditor performing an audit of a public company?

 

  Answer:

Service organization auditors may issue two types of reports:

·         reports on controls that have been implemented, and

·         reports on controls that have been implemented and tested for operating effectiveness.

 

Auditors of a public company would likely use the latter type of report because they have           to provide a report on the internal control over financial reporting.

 

 

81.

challenging

Identify the six categories of general controls and give one example of each.

 

  Answer:

General controls fall into the following six categories:

·         Administration of the IT function. For example, the chief information officer (CIO) should report to senior management and board of directors.

·         Segregation of IT duties. For example, there should be separation of duties between the computer programmers, operators, and the data control group.

·         Systems development. Users, analysts, and programmers develop and test software.

·         Physical and online security. For example, passwords should be required for access to computer systems.

·         Backup and contingency planning. Written backup plans should be prepared and tested on a regular basis throughout the year.

·         Hardware controls. For example, uninterruptible power supplies should be used to avoid loss of data in the event of a power blackout.

 

 

 

Other Objective Answer Format Questions

 

82.

medium

Match eight of the terms (a-n) with the definitions provided below (1-8):

 

  a.      Application controls
  b.      Auditing around the computer
  c.       Auditing through the computer
  d.      Error listing
  e.       General controls
  f.       Generalized audit software
  g.       Hardware controls
  h.      Input controls
  i.        Output controls
  j.       Parallel simulation
  k.      Parallel testing
  l.        Pilot testing
  m.     Processing controls
  n.      Test data approach
   
k                   1.           The new and old systems operate simultaneously in all locations.

 

e                   2.           Controls that relate to all parts of the IT system.

 

 

 

j                   3.           Involves the use of a computer program written by the auditor that replicates some part of a client’s application system.

 

n                   4.           A method of auditing IT systems which uses data created by the auditor to determine whether the client’s computer program can correctly process valid and invalid transactions.

 

i                   5.           Controls such as review of data for reasonableness, designed to assure that data generated by the computer is valid, accurate, complete, and distributed only to authorized people.

 

a                   6.           Controls that apply to processing of transactions.

 

l                   7.           A new system is implemented in one part of the organization while other locations continue to rely on the old system.

 

h                   8.           Controls such as proper authorization of documents, check digits, and adequate documentation, designed to assure that the information to be processed by the computer is authorized, complete, and accurate.

 

 

 

83.

easy

b

Inherent risk is often reduced in complex IT systems relative to less complex IT systems.

a.      True

b.      False

 

84.

easy

a

 

Parallel testing is used when old and new systems are operated simultaneously in all locations.

a.      True

b.      False

 

85.

easy

a

Firewalls can protect company data and software programs.

a.      True

b.      False

 

86.

easy

a

Programmers should not have access to transaction data.

a.      True

b.      False

 

87.

easy

a

One potential disadvantage of IT systems is the reduction or elimination of source documents, which reduces the visibility of the audit trail.

a.      True

b.      False

 

88.

easy

a

LANs link equipment within a single or small cluster of buildings and are used only for intracompany purposes.

a.      True

b.      False

 

89.

medium

a

In IT systems, if general controls are effective, it increases the auditor’s ability to rely on application controls to reduce control risk.

a.          True

b.          False

 

90.

medium

a

 

Parallel testing is more expensive than pilot testing.

a.      True

b.      False

 

91.

medium

b

 

The effectiveness of manual controls depends solely on the competence of the personnel performing the controls.

a.      True

b.      False

 

92.

medium

b

The test data approach requires the auditor to insert an audit module in the client’s application system to test transaction data specifically identified by the auditor as unusual.

a.          True

b.          False

 

93.

medium

a

General controls in smaller companies are usually less effective than in more complex IT environments.

a.          True

b.          False

 

94. (Public)

medium

b

Knowledge of both general and application controls is not particularly crucial for auditors of public companies.

a.      True

b.      False

 

95.

medium

b

Logic tests and completeness tests are examples of general controls.

a.      True

b.      False

 

96.

medium

b

When the auditor decides to “audit around the computer,” there is no need to test the client’s IT controls or obtain an understanding of the client’s internal controls related to the IT system.

a.      True

b.      False

 

97.

medium

b

 

Auditors normally link controls and deficiencies in general controls to specific transaction-related audit objectives.

a.      True

b.      False

 

98.

medium

a

Output controls focus on detecting errors after processing is completed rather than preventing errors prior to processing.

a.      True

b.      False

 

99.

medium

a

The objective of the computer audit technique known as the test data approach is to determine whether the client’s computer programs can correctly process valid and invalid transactions.

a.      True

b.      False

 

100.

medium

b

Parallel simulation is used primarily to test internal controls over the client’s IT systems, whereas the test data approach is used primarily for substantive testing.

a.      True

b.      False

 

101.

medium

a

Processing controls is a category of application controls.

a.      True

b.      False

 

102.

medium

a

Controls that relate to a specific use of the IT system, such as the processing of sales or cash receipts, are called application controls.

a.      True

b.      False

 

103.

medium

b

“Auditing around the computer” is acceptable only if the auditor has access to the client’s data in a machine-readable language.

a.      True

b.      False

 

104.

medium

b

IT controls are classified as either input controls or output controls.

a.      True

b.      False

 

105.

medium

b

One common use of generalized audit software is to help the auditor identify weaknesses in the client’s IT control procedures.

a.      True

b.      False

 

106.

medium

a

Tests of controls are normally performed only if the auditor believes the client’s internal control may be effective.

a.      True

b.      False

 

107.

medium

b

“Auditing around the computer” is most appropriate when the client has not maintained detailed output or source documents in a form readable by humans.

a.      True

b.      False

 

108.

medium

b

When auditing a client whose information is processed by an outside service provider, it is not acceptable for the auditor to rely on the audit report of another independent auditor who has previously tested the internal controls of the service provider, rather than testing the service provider’s controls himself or herself.

a.      True

b.      False

 

109.

medium

a

When a client uses microcomputers for the accounting functions, the auditor should normally rely only on non-IT controls or take a substantive approach to the audit.

a.      True

b.      False

 

 

Chapter 26

 

Multiple-Choice Questions

 

1.

easy

b

The IIA Code of Ethics is based on all but which of the following ethical principles?

a.      Integrity.

b.      Independence.

c.       Competency.

d.      Confidentiality.

 

2.

easy

c

Statements on Internal Auditing Standards are issued by the:

a.      AICPA.

b.      SEC.

c.       Internal Auditing Standards Boards.

d.      Auditing Standards Boards.

 

3.

easy

c

Internal auditors are responsible to:

a.      the board of directors.

b.      management.

c.       both a and b.

d.      neither a nor b.

 

4.

easy

a

Which of the following is not a similarity between external and internal auditors?

a.      Both must be independent of the company.

b.      Both must be competent.

c.       Both use similar methodologies in performing their work.

d.      Both consider risk and materiality in their work.

 

5.

easy

d

External auditors consider internal auditors effective if they are:

a.      independent of the operating units being evaluated.

b.      competent and well trained.

c.       have performed relevant audit tests of the internal controls and financial statements.

d.      all of the above.

 

6.

easy

d

Auditing standards _______ external auditors to use the internal auditors for direct assistance on the audit.

a.      discourage

b.      prohibit

c.       encourage

d.      permit

 

7.

easy

b

The primary source of authoritative literature for doing government audits is the:

a.      Purple Book.

b.      Yellow Book.

c.       Green Book.

d.      Red Book.

 

 

 

8.

easy

c

When a state or local government agency receives federal financial assistance, it is subject to the audit requirements of:

 

 
a   Yellow Book   Single Audit Act   OMB Circular A-133  
  a. Yes   Yes   No
  b. No   No   Yes
  c. Yes   Yes   Yes
  d. Yes   No   No
   
9.

easy

c

Which of the following is not one of the broad categories of operational audits?

a.      Functional audits.

b.      Organizational audits.

c.       Single Audit Act audits.

d.      Special assignment audits.

 

 
10.

easy

d

Which of the following groups could not be involved in an operational audit?

a.      CPA firms.

b.      Internal auditors.

c.       Government auditors.

d.      None of the above answers is correct; that is, all of the above could be involved.

 

 
11.

easy

b

The IIA’s professional practice framework (including its code of ethics and International Standards for the Professional Practice of Internal Auditing) is commonly referred to as the:

a.      Blue Book.

b.      Red Book.

c.       Green Book.

d.      Yellow Book.

 

 
12.

easy

b

The professional organization which is responsible for providing guidance for internal auditors is the:

a.      APA.

b.      IIA.

c.       ABA.

d.      AIA.

 

 
13.

easy

d

The financial auditing standards of the Yellow Book are ______ the 10 GAAS of the AICPA.

a.      the same as

b.      quite different from

c.       incompatible with

d.      consistent with

 

 
14.

easy

b

Which of the following is not one of the three phases in an operational audit?

a.      Planning.

b.      Training and supervising employees.

c.       Evidence accumulation and evaluation.

d.      Reporting and follow-up.

 

 
15.

medium

a

The correct title of the Yellow Book is:

a.      Government Auditing Standards.

b.      IIA Practice Standards.

c.       Statement of Responsibilities of Internal Auditing.

d.      Statement of Standards on Accounting and Review Services.

 

 
16.

medium

b

The Yellow Book recognizes that, because of the sensitivity of government activities and their public accountability, in government audits the thresholds of acceptable audit risk and tolerable misstatement compared to an audit of a commercial enterprise may be:

a.      equal.

b.      lower.

c.       higher.

d.      indeterminable.

 

 

 

17.

medium

b

The Single Audit Act requires that an audit be conducted for recipients who receive total federal funds in any fiscal year of:

a.      $1,000,000 or more.

b.      $500,000 or more.

c.       $300,000 or more.

d.      $100,000 or more.

 

18.

medium

b

An audit conducted in accordance with the Yellow Book must include an audit report that states the audit was performed in accordance with:

a.      GAAS.

b.      GAGAS.

c.       GASA.

d.      SAS.

 

19.

medium

d

An audit designed to evaluate the efficiency and effectiveness of an organization or some part of an organization would not be called a(n):

a.      performance audit.

b.      management audit.

c.       operational audit.

d.      compliance audit.

 

20.

medium

c

Which of the following is not one of the major differences between financial and operational auditing?

a.      The financial audit is oriented to the past, but an operational audit concerns performance for the future.

b.      The financial audit report is distributed to many readers, but the operational audit report goes to a few managers.

c.       Financial audits deal with the information on the financial statements, but operational audits are concerned with the information in the ledgers.

d.      Financial audits are limited to matters that directly affect the financial statements, but operational audits cover any aspect of efficiency and effectiveness.

 

21.

medium

d

Before an operational audit for effectiveness can be performed, there must be:

a.      a financial audit by an independent auditor.

b.      a financial audit by an internal auditor.

c.       a review performed by either an independent or an internal auditor.

d.      specific criteria developed to define effectiveness.

 

22.

medium

d

Auditors involved in planning, performing, or reporting on audits under GAGAS must complete ____ hours of continuing professional education in each two-year period.

a.      20

b.      40

c.       60

d.      80

 

23.

medium

b

Which of the following statements regarding types of operational audits is false?

a.      A functional audit has the advantage of permitting specialization by auditors.

b.      An advantage of functional auditing is its ability to evaluate interrelated functions.

c.       The emphasis in an organizational audit is on how efficiently and effectively functions interact.

d.      Special operational auditing assignments arise at the request of management.

 

 

24.

medium

b

The two most important qualities for an operational auditor are:

a.      personality and appearance.

b.      independence and competence.

c.       competence and technical training.

d.      academic background and sufficient experience.

 

 
25.

medium

a

Which of the following is not a difference between operational auditing and financial auditing?

a.      Both must be CPAs.

b.      Operational audit reports are usually of a restricted distribution while financial audit           reports are widely distributed.

c.       Operational audits often cover non-financial issues while financial audits do not.

d.      None of the above is a difference.

 

 
26.

medium

c

A typical objective of an operational audit is to determine whether an entity’s:

a.      internal control is adequately operating as designed.

b.      financial statements present fairly the results of operations.

c.       specific operating units are functioning efficiently and effectively.

b.      operational information is in accordance with generally accepted government auditing standards.

 

 
27. Which of the following can affect the independence of operational auditors?

 

medium   Responsibilities   Reporting Structure
d a. Yes   No  
  b. No   No  
  c. No   Yes  
  d. Yes   Yes  
     

 

28.

challenging

d

Which is not a purpose of an economy and efficiency audit?

a.      Whether the entity is acquiring, protecting, and using resources economically and           efficiently.

b.      The causes of inefficiencies and uneconomical practices.

c.       Whether the entity has complied with laws and regulations concerning matters of economy               and efficiency.

d.      Each of the above is a purpose.

 

 
29.

challenging

d

A(n) _________ audit emphasizes how efficiently and effectively functions interact.

a.      operational

b.      compliance

c.       financial

d.      organizational

 

 
30.

challenging

b

Which of the following is not a purpose of a program audit as performed by government auditors?

a.      Determination of the extent to which the desired results established by the legislature are being achieved.

b.      Determination of the causes of inefficiencies in sponsored programs.

c.       Determination of the effectiveness of organizations, programs and activities.

d.      Determination as to whether the entity has complied with laws and regulations applicable to the program.

 

 
31.

challenging

c

What distinguishes internal control evaluation and testing for financial and operational auditing?

a.      Purpose of the work.

b.      Scope of the work.

c.       Both a and b.

d.      Neither a nor b.

 

 
32.

challenging

c

Of the many hours of continuing professional education required every two years, how many must be in subjects related to the government environment and government auditing for auditors involved in planning, performing and reporting on audits under GAGAS?

a.      8 hours

b.      16 hours

c.       24 hours

d.      32 hours

 

 
33. To be effective, an internal audit department must report to:  
Challenging    
b   Operating departments   The accounting department
  a. Yes   Yes  
  b. No   No  
  c. Yes   No  
  d. No   Yes  
           
34.

challenging

External financial statement auditors must obtain evidence regarding what attributes of an internal audit department if the external auditors intend to rely on the internal auditor’s work?  
d    
    Independence from the Audit Committee   Competence
  a. Yes   Yes  
  b. No   No  
  c. Yes   No  
  d. No   Yes  
           

 

Essay Questions

 

35.

easy

 

What organization establishes auditing standards for internal auditors and what are those standards commonly called?

 

  Answer:

Auditing standards for internal auditors are established by the Internal Auditing Standards Board. They are commonly known as the “Red Book.”

 

 

36.

medium

What are several similarities between internal and external auditors?

 

  Answer:

·         Both must be competent as auditors and remain objective in performing their work and reporting their results.

·         Both follow a similar methodology in performing their audits, including planning and performing tests of controls and substantive tests.

·         Both consider risk and materiality in deciding the extent of their tests and evaluating results. However, their decisions about materiality and risks may differ, because external users may have different needs than management or the board.

 

 

37.

medium

External auditors typically consider internal auditors effective if they meet three criteria. What are these criteria?

 

  Answer:

External auditors typically consider internal auditors effective if they are:

·         Independent of the operating units being evaluated

·         Competent and well-trained

·         Have performed relevant audit tests of the internal controls and financial statements

 

 

38.

medium

How do the risk and materiality thresholds change in a government audit compared to a financial statement audit of a public company?

 

  Answer:

The Yellow Book recognizes that in government audits the thresholds of acceptable audit risk and materiality may be lower than in an audit of a commercial enterprise. This is because of the sensitivity of government activities and their public accountability.

 

 

 

39.

medium

Discuss each of the three phases of an operational audit.

 

  Answer:

·         Planning. In the planning phase, the auditor must determine the scope of the engagement, staff the engagement, obtain background information about the organizational unit, understand internal control, and decide on the appropriate evidence to accumulate.

·         Evidence accumulation and evaluation. In operational auditing, it is common to use documentation, client inquiry, and observation extensively, while confirmation and reperformance are used less extensively for most operational audits than for financial audits.

·         Reporting and follow-up. The audit report is tailored to address the scope of the audit, findings, and recommendations and is typically sent only to management. When recommendations are made to management, follow-up is done to determine whether the recommended changes were made, and if not, why.

 

 

40.

medium

The Institute of Internal Auditors has established Ethical Principles for its members. List each of the principles.

 

  Answer:

The IIA’s ethical principles are:

·         Integrity.

·         Objectivity.

·         Confidentiality.

·         Competency.

 

 

41.

medium

Define internal auditing.

 

  Answer:

 

According to the IIA: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

 

 

42.

medium

Discuss three major differences between operational and financial auditing.

 

  Answer:

·         Purpose of the audit. Financial auditing emphasizes whether historical information was correctly recorded, whereas operational auditing emphasizes effectiveness and efficiency.

·         Distribution of the reports. For financial auditing, the report typically goes to many users of financial statements, such as stockholders and bankers, whereas operational audit reports are intended primarily for management.

·         Inclusion of nonfinancial areas in operational auditing. Operational audits cover any aspect of efficiency and effectiveness in an organization, whereas financial audits are limited to matters that directly affect the fairness of financial statement presentations.

 

 

 

43.

medium

Discuss each of the three broad categories (types) of operational audits.

 

  Answer:

·         Functional. A functional audit deals with auditing one or more functions (e.g., purchasing) in an organization.

·         Organizational. An organizational audit deals with an entire organizational unit, such as a department, branch, or subsidiary.

·         Special assignments. Special assignments audits arise at the request of management when there is a need to investigate a particular area, such as investigating the possibility of fraud in a division, or determining the cause of an ineffective EDP system.

 

 

44.

medium

Operational auditing is the review of an organization for efficiency and effectiveness. Discuss what is meant by the terms “effectiveness” and “efficiency.”

 

  Answer:

·         Effectiveness refers to the degree to which the organization’s objectives and goals are accomplished.

·         Efficiency refers to the degree to which costs are reduced without reducing effectiveness.

 

 

45.

challenging

Audit tests as required by the Single Audit Act must meet several specific objectives. One objective is to determine “whether the amounts reported as expenditures were for allowable services.” Identify three other specific objectives.

 

  Answer:

·         Whether the records show that those who received services or benefits were eligible to receive them.

·         Whether matching requirements, levels of effort, and earmarking limitations were met.

·         Whether federal financial reports and claims for advances and reimbursements contain information that is supported by the books and records from which the basic financial statements have been prepared.

·         Whether amounts claimed or used for matching were determined in accordance with OMB Circular A-87 and OMB Circular A-102.

 

 

46.

challenging

The auditing standards of the Yellow Book are consistent with the ten generally accepted auditing standards of the AICPA. There are, however, important additions/modifications in the Yellow Book. For example, the Yellow Book recognizes that materiality and risk are lower due to the nature of the government enterprise. Discuss the other additions/modifications.

 

  Answer:

·         Quality control. Auditors of government entities must have an appropriate system of internal quality control and participate in an external quality control review program.

·         Compliance auditing. The audit should be designed to provide reasonable assurance of detecting material misstatements resulting from noncompliance with provisions of contracts or grant agreements that have a material and direct effect on the financial statements.

·         Reporting. The report on financial statements must describe the scope of the auditors’ testing of compliance with laws and regulations and internal controls and present the results of those tests, or refer to a separate report containing that information.

 

 

47.

challenging

In addition to an opinion on whether the financial statements are in accordance with GAAP, identify four other reports required by the OMB Circular A-133.

 

  Answer:

The following reports are required:

·         An opinion as to whether the schedule of federal awards is presented fairly in all material respects in relation to the financial statements as a whole.

·         A report on internal control related to the financial statements and major programs.

·         A report on compliance with laws, regulations, and the provisions of contracts or grant agreements, noncompliance with which could have a material effect on the financial statements. This report can be combined with the report on internal control.

·         A schedule of findings and questioned costs.

 

 

 

Other Objective Answer Format Questions

 

48. Match seven of the terms (a-o) with the descriptions/definitions provided below (1-7):
medium  
  a.      Compliance audit
  b.      Economy and efficiency audit
  c.       Effectiveness
  d.      Efficiency
  e.       Functional audit
  f.       Government Auditing Standards
  g.       Government audit
  h.      Institute of Internal Auditors
  i.        Operational auditing
  j.       Organizational audit
  k.      Program audit
  l.        Single Audit Act
  m.     Special assignment
  n.      IIA Practice Standards
  o.      Statements on Internal Auditing Standards
   
f                   1.       The official title of the Yellow Book.

 

m                   2.       A management request for an operational audit for a specific purpose, such as investigating the possibility of fraud in a division or making recommendations for reducing the cost of a manufactured product.

 

b                   3.       A government audit to determine whether an entity is acquiring, protecting, and using its resources economically and efficiently and whether the entity has complied with laws and regulations concerning such matters.

 

c                   4.       The degree to which the organization’s objectives are accomplished.

 

i                   5.       The review of an organization for efficiency and effectiveness.

 

l                   6.       Federal legislation that provides for a single coordinated audit to satisfy the audit requirements of all federal funding agencies.

 

o                   7.       Statements issued by the Internal Auditing Standards Board of the IIA to provide authoritative interpretation of the IIA Practice Standards.

 

49.

easy

b

Independence is a fundamental ethical principle for internal auditors.

a.      True

b.      False

 

50.

easy

b

Current professional auditing standards prohibit external auditors from using internal auditors for direct assistance on external audits.

a.      True

b.      False

 

51.

easy

b

Current professional auditing standards require external auditors to use internal auditors for direct assistance on external audits.

a.      True

b.      False

 

52.

easy

a

The objectives of internal auditors are considerably broader than the objectives of external auditors.

a.          True

b.          False

 

53.

easy

a

For financial auditing, the audit report typically goes to many users of financial statements, whereas operational audit reports are intended primarily for management.

a.      True

b.      False

 

54.

easy

a

Integrity is one of the IIA’s ethical principles.

a.      True

b.      False

 

55.

easy

b

Operational audits are primarily geared toward compliance.

a.      True

b.      False

 

56.

easy

b

Effectiveness refers to the degree to which costs are reduced without reducing efficiency.

a.      True

b.      False

 

57.

easy

a

Efficiency refers to the degree to which costs are reduced without reducing effectiveness.

a.      True

b.      False

 

58.

easy

b

Internal auditing standards are included in the Yellow Book.

a.      True

b.      False

 

59.

easy

a

Government auditing standards are included in the Yellow Book.

a.      True

b.      False

 

60.

easy

a

Effectiveness is concerned with whether defined goals are achieved, whereas efficiency is concerned with whether the goals are achieved with a minimum use of resources.

a.      True

b.      False

 

61.

easy

b

Operational audits may be performed by internal auditors and government auditors, but not by external auditors.

a.      True

b.      False

62.

easy

a

Benchmarking is one source of evaluation criteria for completing an operational audit.

a.      True

b.      False

 

63.

easy

a

The two most important qualities for an internal auditor to possess are independence and competence.

a.      True

b.      False

 

64.

easy

b

Program audits are primarily focused on inefficient uses of federal funds in sponsored programs.

a.      True

b.      False

 

65.

easy

a

The formal name of the Yellow Book is Government Auditing Standards.

a.      True

b.      False

 

66.

medium

a

Professional guidelines for performing internal audits for companies are not as well-defined as for external audits.

a.      True

b.      False

 

67.

medium

b

To help them remain independent of the operations they audit, internal auditors should report directly to the controller.

a.      True

b.      False

 

68.

medium

a

An operational auditor may use “engineered standards” as evaluation criteria.

a.      True

b.      False

 

69.

medium

a

The Internal Auditing Standards Board issues Statements on Internal Auditing Standards.

a.      True

b.      False

 

70.

medium

a

Operational audits are often categorized as functional, organizational, or special assignments.

a.      True

b.      False

 

71.

medium

b

Internal auditors should have the authority to require implementation of suggestions for improvement.

a.      True

b.      False

 

72.

medium

b

The “Red Book” specifies all auditing standards issued by the U.S. General Accounting Office.

a.      True

b.      False

 

73.

challenging

a

One disadvantage of functional auditing is the failure to evaluate interrelated functions.

a.      True

b.      False

 

Reviews

There are no reviews yet.

Be the first to review “Auditing and Assurance Services An Integrated Approach 13th Edition by Arens”

Your email address will not be published. Required fields are marked *