Auditing and Attestation 5-8

Able Co. uses an online sales order processing system to process its sales transactions. Able's sales data are electronically sorted and subjected to edit checks. A direct output of the edit checks most likely would be a

File of all rejected sales transactions. Edit checks test transactions prior to processing. Rejected transactions should be recorded in a file for evaluation, correction, and resubmission. Edit checks are applied to the sales transactions to test for comp

Which of the following procedures would an entity most likely include in its disaster recovery plan?

Store duplicate copies of files in a location away from the computer center. Off-site storage of duplicate copies of critical files protects them from a fire or other disaster at the computing facility. The procedure is part of an overall disaster recover

Decision tables differ from program flowcharts in that decision tables emphasize

Logical relationships among conditions and actions. A decision table identifies the contingencies considered in the description of a problem and the appropriate actions to be taken relative to those contingencies. Decision tables are logic diagrams presen

Internal control is a function of management, and effective control is based upon the concept of charge and discharge of responsibility and duty. Which of the following is one of the overriding principles of internal control?

Responsibility for the performance of each duty must be fixed. Effective internal control may be obtained by decentralization of responsibilities and duties. Fixing the responsibility for each performance or duty makes it easier to trace problems to the p

An auditor's flowchart of a client's accounting system is a diagrammatic representation that depicts the auditor's

Understanding of the system. The auditor should document (1) the understanding of the entity and its environment and the components of internal control, (2) the sources of information regarding the understanding, and (3) the risk assessment procedures per

It is important for the auditor to consider the competence of the audit client's employees, because their competence bears directly and importantly upon the

Achievement of the objectives of internal control. The control environment is the foundation of internal control. A commitment to competence is one of the factors in the control environment.

Which of the following are considered control environment elements?
Detection Risk; Commitment to Competence

No Yes
Commitment to competence is a control environment element. It relates to the knowledge and skills needed to do the tasks included in a job and management's consideration of required competence levels.

Which of the following factors is least likely to affect the extent of the auditor's understanding of the entity's internal controls?

The amount of time budgeted to complete the engagement. The understanding of internal control relevant to the audit helps the auditor to (1) identify types of potential misstatements, (2) identify factors affecting the risks of material misstatement, and

Which of the following characteristics distinguishes computer processing from manual processing?

Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing. Computer processing uniformly subjects like transactions to the same processing instructions. A computer program defines the process

When obtaining an understanding of an entity's internal control, an auditor should concentrate on their substance rather than their form because

Management may establish appropriate controls but not enforce compliance with them. The auditor must concentrate on the substance rather than the form of controls because management may establish appropriate controls but not apply them. Whether controls h

Some data processing controls relate to all computer processing activities (general controls) and some relate to specific tasks (application controls). General controls include

Controls for documenting and approving programs and changes to programs. General controls are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper

The auditor's understanding of internal control is documented to substantiate

Compliance with generally accepted auditing standards. The auditor should prepare audit documentation that is sufficient to permit an experienced auditor to understand (1) the nature, timing, and extent of audit procedures performed to comply with GAAS an

In auditing an online perpetual inventory system, an auditor selected certain file-updating transactions for detailed testing. The audit technique that will provide a computer trail of all relevant processing steps applied to a specific transaction is des

Tagging and tracing. Tagging and tracing describes the selection of specific transactions to which an indicator is attached at input. A computer trail of all relevant processing steps of these tagged transactions in the application system can be printed o

An auditor uses the audit evidence provided by the understanding of internal control and the assessment of the risks of material misstatement to determine the nature, timing, and extent of

Further audit procedures. The auditor uses the understanding of internal control and the assessment of the RMMs to design further audit procedures. These include tests of controls, if relevant, and substantive procedures.

Which of the following passwords would be most difficult to crack?

O?Ca!FlSi. To be effective, passwords should consist of random letters, symbols, and numbers and should not contain words or phrases. Accordingly, computer system users should avoid employing words for or in their passwords.

For control purposes, which of the following should be organizationally separated from the computer operations function?

Systems development. Systems analysts survey the existing system, analyze the organization's information requirements, and design new computer systems to meet those needs. These design specifications guide the preparation of specific programs by computer

Which of the following strategies would a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?

Continuous monitoring and analysis of transaction processing with an embedded audit module. An audit module embedded in the client's software routinely selects and abstracts certain transactions. They may be tagged and traced through the information syste

Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization?

Allowing for greater management oversight of incompatible activities. Complete segregation may not be feasible due to cost-benefit restraints. Compensating controls most likely are established when segregation of duties is not feasible. Typical compensati

An auditor anticipates relying on the operating effectiveness of controls in a computerized environment. Under these circumstances, on which of the following activities would the auditor initially focus?

General controls. Relying on controls involves (1) identifying specific controls that are suitably designed to prevent, or detect and correct, material misstatements in relevant assertions; (2) performing tests of controls; and (3) assessing the RMMs. Som

Which of the following factors would most likely be considered an inherent limitation to an entity's internal control?

Human judgment in the decision making process. Human judgment is faulty, and controls may fail because of simple error or mistake. For example, design changes for an automated order entry system may be faulty because the designers did not understand the s

The primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with

Knowledge necessary for audit planning. The auditor is required to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement of the financial statements, whether due to fraud or

When obtaining an understanding of an entity's control environment, an auditor should concentrate on the substance of controls rather than their form because

Management may establish appropriate controls but not act on them. In obtaining an understanding of the control environment, the auditor seeks to understand the attitude, awareness, and actions concerning the control environment on the part of management

An auditor is obtaining an understanding of a client's Internet controls. Which of the following is most likely the least effective control?

The client requires users to share potentially useful downloaded programs from public electronic sources with only authorized employees. Sharing programs from public electronic sources with authorized employees is an ineffective control. The programs are

A customer intended to order 100 units of product Z96014 but incorrectly ordered nonexistent product Z96015. Which of the following controls most likely would detect this error?

Check digit verification. Check digit verification is used to identify incorrect identification numbers. The digit is generated by applying an algorithm to the ID number. During input, the check digit is recomputed by applying the same algorithm to the en

In an audit of the financial statements, an auditor's primary consideration regarding an entity's controls is whether they

Affect the financial statement assertions. Assertions are management representations embodied in the financial statements. A relevant assertion has reasonable possibility of containing a misstatement that could cause material misstatements of the financia

Which of the following factors is most likely to affect the extent of the documentation of the auditor's understanding of a client's system of internal controls?

The degree to which information technology is used in the accounting function. As internal control becomes more sophisticated, the documentation becomes more complex and extensive.

Which of the following is an inherent limitation in internal control?

Faulty human judgment. Human judgment is faulty, and controls may fail because of human error.

Internal control can be designed and operated to provide absolute assurance that control objectives are met.

False.
1.The inherent limitations of internal control mean that it can be designed and operated to provide only reasonable assurance that control objectives are met.
2.Inherent limitations include human judgment, circumvention of manual or automated contr

Establishing and maintaining internal control is the auditor's responsibility.

False. Establishing and maintaining internal control is management's, not the auditor's, responsibility.

An information system includes manual and automated procedures and often uses IT extensively.

True. An information system consists of physical and hardware elements (infrastructure), people, software, data, and manual and automated procedures and often uses IT extensively.

New or revamped information systems, changes in the operating environment, and new technology are factors that affect risk for internal control.

True.
1.Significant and rapid changes in information systems can affect control risk, but IT is important to the risk assessment process because it provides timely information for identifying and managing risks.
2.A shift in the regulatory or operating en

The five internal control components are control activities, risk assessment, information and communication, monitoring, and the control environment.

True. Internal control consists of the following five interrelated components (a mnemonic to help recall these would be "CRIME," with the E representing Control Environment):
1.Control activities are the policies and procedures that help ensure management

Management's philosophy and operating style are critical parts of the internal control component of risk assessment.

False. Management's philosophy and operating style are critical parts of the internal control component of the control environment, which sets the tone of the organization.

Documentation of the understanding of internal control is not required by GAAS.

False. Documentation of the understanding of internal control is required by GAAS.

The auditor should gain an understanding of the IT systems, programs, and controls in the financial reporting process.

True. The auditor should understand the information system relevant to financial reporting, that is, the classes of significant transactions; the automated and manual procedures applied from the occurrence of transactions to their inclusion in the stateme

In considering internal control, implemented differs from operating effectiveness.

True.
1.Implemented means the entity is using the control.
2.Operating effectiveness is concerned with how and by whom the control (manual or automated) was applied and the consistency of application.

In a financial statement audit, the auditor is obligated to search for deficiencies in internal control.

False.
1.The auditor is not obligated to search for deficiencies in internal control, although (s)he must communicate any significant deficiencies and material weaknesses noted.
2.Internal control knowledge should be used to identify types of potential mi

The auditor should obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud and to design the nature, timing,

True. In all audits, the auditor should obtain an understanding of the entity and its environment, including internal control sufficient to plan the audit by performing procedures to understand the design of controls relevant to an audit of financial stat

Related to auditor documentation, a checklist is a series of sequential processes represented in pictorial form.

False. A checklist is a series of steps that are performed. Systems (document) flowcharts represent a series of sequential processes. They provide a visual (pictorial) representation of the system.

Knowledge about the operating effectiveness of controls need not be obtained as part of the understanding of internal control.

True. The auditor need not test the operating effectiveness of controls when obtaining an understanding of internal control. However, the auditor should evaluate the design of controls and determine whether they have been implemented.

Areas of responsibility on a flowchart are usually depicted in horizontal rows.

False. Areas of responsibility on a flowchart are usually depicted in vertical columns or areas.

The processing in a flowchart is presented sequentially from the final output distribution to the point of origin

False. The processing is presented sequentially from the point of origin to final output distribution.

Processing controls include cross-footing and zero-balance checks.

True.
1.Cross-footing compares an amount to the sum of its components.
2.A zero-balance check adds the positive and negative amounts posted. The result should be zero.

A hot site is an off-site backup hardware facility that is fully configured and ready to operate.

True. A hot site is a fully operational processing facility that is immediately available (e.g., a service bureau).

Input system activities are the least error prone and are rarely the targets of fraud.

False.
1.Input controls are critical to auditors because they represent the most prevalent type of control.
2.Input system activities are the most error prone and are often the targets of fraud.

Digital signatures are controls that use biometric technology.

False. Digital signatures represent a form of encryption technology used by businesses to authenticate documents.

Encrypted data allow unauthorized users to access and read information.

False.
1.Encryption technology converts data into a code.
2.Unauthorized users may be able to access the data, but without the encryption key, they will be unable to decode the information.

A system access log records uses and attempted uses of a system.

True.
1.A system access log records uses and attempted uses of a system.
2.The date and time, codes used, modes of access, data involved, and interventions by operators are recorded.

A device authorization table restricts access to those physical devices that should logically need access.

True. The device authorization table will deny access to unauthorized terminals even when a valid password is used. For example, a person trying to access the accounts receivable file from a manufacturing terminal would be denied.

Firewalls provide adequate protection against computer viruses.

False. Firewalls do not provide adequate protection against computer viruses.

Console operators should be assigned programming duties and make changes in programs and systems as they operate the equipment.

False. Console operators should not be assigned programming duties or responsibility for systems design and should have no opportunity to make changes in programs and systems as they operate the equipment.

A separation of functions (authorization, recording, and access to assets) may not be feasible in a computer environment.

True. A computer may print checks, record disbursements, and generate information for reconciling the account balance, which are activities customarily segregated in a manual system.

Application controls may be further classified as input controls, processing controls, and output controls.

True. Application controls may be further classified as input controls, processing controls, and output controls.

General controls should be tested after evaluation of application controls.

False.
1.General controls are the umbrella under which the IT function operates. They support the application controls by helping to ensure the proper functioning of information systems.
2.They should be tested prior to evaluation of application controls.

Two broad groupings of information systems control activities are general controls and application controls.

True. Two broad groupings of information systems control activities are general controls and application controls.

Intranets and extranets are defined by the physical area over which they provide communications.

False. Intranets and extranets are defined by who has access.

Corporate culture and an effective control environment are not absolute deterrents to management fraud.

True. Custom, culture, the corporate governance system, and an effective control environment are not absolute deterrents to fraud. For example, if the nature of management incentives increases the risk of material misstatements, the effectiveness of contr

Which of the following statements about internal control is correct?

The cost-benefit relationship is a primary criterion that should be considered in designing internal control. Internal control reflects the quantitative and qualitative estimates and judgments of management in evaluating the cost-benefit relationship. The

In an audit of financial statements in accordance with generally accepted auditing standards, an auditor should

Document the auditor's understanding of the entity's internal control. The auditor should document (1) the understanding of the entity and its environment and the components of internal control, (2) the sources of information regarding the understanding,

Which of the following factors are included in an entity's control environment? Audit Committee Participation; Integrity and Ethical Values; Organizational Structure

Yes; Yes; Yes
The control environment is the foundation for all other control components. It provides discipline and structure, sets the tone of the organization, and influences the control consciousness of employees. Its components include (1) participat

The following is a section of a system flowchart for a payroll application:
Symbol X could represent

An error report. Symbol X is a document, that is, hard copy output of the validation routine shown. The time card data, the validated data, and the errors are recorded on magnetic disk after the validation process. Thus, either an error report or the vali

A client communicates sensitive data across the Internet. Which of the following controls would be most effective to prevent the use of the information if it were intercepted by an unauthorized party?

Encryption. Encryption technology converts data into a code. Encoding data before transmission over communications lines makes it more difficult for someone with access to the transmission to understand or modify its contents.

Which of the following controls most likely could prevent computer personnel from modifying programs to bypass programmed controls?

Separation of duties for computer programming and computer operations. Programmers and analysts can modify programs, data files, and controls, so they should have no access to programs used to process transactions. Separation of programming and operations

In the accounting system of Acme Company, the amounts of cash disbursements entered at a computer terminal are transmitted to the computer, which immediately transmits the amounts back to the terminal for display on the terminal screen. This display enabl

Verify the amount was entered accurately. The display of the amounts entered is an input control that permits visual verification of the accuracy of the input by the operator. This is termed "closed-loop verification.

In an audit of financial statements of a nonissuer in accordance with GAAS, an auditor is required to

Document the auditor's understanding of the entity's internal control components. Documentation of the understanding of the internal control components is required by GAAS. Its form and extent are influenced by the nature and complexity of the entity's co

Effective internal control in a small company that has an insufficient number of employees to permit proper division of responsibilities can best be enhanced by

Direct participation by the owner of the business in the recordkeeping activities of the business. The manner in which control objectives are achieved varies with the size and complexity of the entity. Thus, direct participation of an owner-manager in the

In which of the following circumstances would an auditor expect to find that an entity implemented automated controls to reduce risks of misstatement?

When transactions are high-volume and recurring. Automated controls are cost effective when they are applied to high-volume, recurring transactions. For example, credit limit checks on customer orders could be automated to relieve management from evaluati

Which of the following procedures would an entity most likely include in its computer disaster recovery plan?

Store duplicate copies of critical files in a location away from the computer center. Off-site storage of duplicate copies of critical files protects them from a fire or other disaster at the computing facility. The procedure is part of an overall disaste

Although substantive tests may support the accuracy of underlying information used in monitoring, these tests may provide no affirmative evidence of the effectiveness of monitoring controls because

The information used in monitoring may be accurate even though it is subject to ineffective control. When obtaining an understanding of each of the five components of internal control (including monitoring), the auditor must perform procedures to understa

The use of message encryption software

Increases system processing costs. Encryption software uses a fixed algorithm to manipulate plain text and an encryption key (a set of random data bits used as a starting point for the application of the algorithm) to introduce variation. The machine inst

Which of the following statements regarding auditor documentation of the understanding of the client's internal control components obtained to plan the audit is correct?

No one particular form of documentation is necessary, and the extent of documentation may vary. In accordance with the documentation requirements in AU-C 315, the auditor should document such matters as (1) discussions among the engagement team; (2) the u

Which of the following is an example of a validity check?

The computer flags any transmission for which the control field value did not match that of an existing file record. Validity checks test identification numbers or transaction codes for validity by comparison with items already known to be correct or auth

An entity has the following invoices in a batch:
Invoice Number Product Quantity Unit Price
201 F10 150 $ 5.00
202 G15 200 10.00
203 H20 250 25.00
204 K35 300 30.00
Which of the following most likely represents a hash total?

810. Input controls in batch computer systems are used to determine that no data are lost or added to the batch. Depending on the sophistication of a particular system, control may be accomplished by using record counts, financial totals, or hash totals.

The client's computer exception reporting system helps an auditor to conduct a more efficient audit because it

Highlights abnormal conditions. The exception reporting system highlights abnormal conditions and allows the auditor to focus on problem areas. Exception reports, also called error listings, suspense listings, and edit reports indicate the errors discover

First Federal S&L has an online, real-time system, with terminals installed in all of its branches. This system will not accept a customer's cash withdrawal instruction in excess of $1,000 without the use of a "terminal audit key." After the transaction i

Online recording of the transaction on an audit override sheet. Control over large cash withdrawals can be improved further by separately recording these transactions. The additional documentation provides an audit trail that the auditor may follow to det

Which of the following is a management control method that most likely could improve management's ability to supervise company activities effectively?

Establishing budgets and forecasts to identify variances from expectations. The control activities component of internal control includes performance reviews. Performance reviews involve comparison of actual performance with budgets, forecasts, or prior p

Proper segregation of functional responsibilities to achieve effective internal control calls for separation of the functions of

Authorization, recording, and custody. One person should not be responsible for all phases of a transaction, i.e., for authorization of transactions, recording of transactions, and custodianship of the related assets. These duties should be performed by s

Proper segregation of duties reduces the opportunities to allow any employee to be in a position to both

Record and conceal fraudulent transactions in the normal course of assigned tasks. Proper segregation of duties and responsibilities reduces the opportunity for an individual to commit and conceal fraud in the normal course of his/her duties. Hence, diffe

Which of the following is not a medium that can normally be used by an auditor to record information concerning internal control?

Procedures manual. A procedures manual is one source of information about the client's internal control. However, the auditor normally does not prepare this manual and record information in it. The accounting procedures manual is a client document that ex

Which of the following is a network node that is used to improve network traffic and to set up a boundary that prevents traffic from one segment from crossing over to another?

Firewall. A firewall separates an internal from an external network (e.g., the Internet) and prevents passage of specific types of traffic. It identifies names, Internet Protocol (IP) addresses, applications, etc., and compares them with programmed access

An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts

Provide a visual depiction of clients' activities. Systems flowcharts provide a visual representation of a series of sequential processes, that is, of a flow of documents, data, and operations. In many instances, a flowchart is preferable to a questionnai

Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal control?

Incompatible duties. Internal control has inherent limitations. The performance of incompatible duties, however, is a failure to assign different people the functions of authorization, recording, and asset custody, not an inevitable limitation of internal

If High Tech Corporation's disaster recovery plan requires fast recovery with little or no downtime, which of the following backup sites should it choose?

Hot site. A company uses a hot site backup when fast recovery is critical. The hot site includes all software, hardware, and other equipment necessary for a company to carry out operations. Hot sites are expensive to maintain and may be shared with other

Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been

Implemented. In all audits, the auditor should obtain an understanding of internal control. An understanding is obtained by evaluating the design of controls and determining whether they have been implemented. A control has been implemented if it exists a

Each of the following types of controls is considered to be an entity-level control, except those

Regarding the company's annual stockholder meeting. Control regarding the entity's annual shareholders' meeting is not a basic component of internal control. It does not affect every aspect of the operations of an entity.

An auditor tests an entity's policy of obtaining credit approval before shipping goods to customers in support of management's financial statement assertion of

Valuation. The proper approval of credit provides assurance that the account receivable is collectible. Thus, it is related to the valuation assertion that balances are reported at appropriate amounts, e.g., accounts receivable at net realizable value.

An online sales order processing system most likely would have an advantage over a batch sales order processing system by

Enabling shipment of customer orders to be initiated as soon as the orders are received. An online processing system can handle transactions as they are entered because of its direct connection to a computer network. Thus, shipment of customer orders may

Under effective internal controls, the Sales Department should be responsible for which of the following activities?

Approval of the return of defective merchandise. To ensure that the sales returns and allowances function is effective, proper controls must be established, including a segregation of duties. The Sales Department should be responsible for the initial appr

One of two office clerks in a small company prepares a sales invoice for $4,300; however, the invoice is incorrectly entered by the bookkeeper in the general ledger and the accounts receivable subsidiary ledger as $3,400. The customer subsequently remits

Using predetermined totals to control posting routines. A control total should be generated for the transactions to be posted. It then should be compared with the total of items posted to the individual accounts.

Which of the following internal controls most likely would reduce the risk of diversion of customer receipts by an entity's employees?

A bank lockbox system. A lockbox system ensures that cash receipts are not stolen by mail clerks or other employees. Customer payments are mailed to a post office box and collected directly by the bank.

In a retail cash sales environment, which of the following controls is often absent?

Separation of functions. In the usual retail cash sales situation, the sales clerk authorizes and records the transactions and takes custody of assets. However, management ordinarily employs other compensating controls to minimize the effects of the failu

Which of the following activities most likely would not be an internal control activity designed to reduce the risk of errors in the billing process?

Reconciling the control totals for sales invoices with the accounts receivable subsidiary ledger. The accounts receivable subsidiary ledger contains all receivables outstanding to date. It is not feasible to attempt to reconcile current sales invoices wit

An auditor noted that the accounts receivable department is separate from other accounting activities. Credit is approved by a separate credit department. Control accounts and subsidiary ledgers are balanced monthly. Similarly, accounts are aged monthly.

Write-offs of delinquent accounts. The accounts receivable manager has the ability to perpetrate fraud because (s)he performs incompatible functions. Authorization and recording of transactions should be segregated. Thus, someone outside the accounts rece

Which of the following employees should report to the chief financial officer?

Credit manager. The CFO's primary responsibility is to safeguard assets. Although credit approval is an authorization process, assets are lost if credit is improperly granted. Thus, the credit manager should be responsible to one who has no vested interes

Which of the following best represents a key control for ensuring sales are properly authorized when assessing risks of material misstatement for sales?

Sales orders are sent to the credit department for approval. The credit department should investigate potential customers and approve sales orders.

Which of the following controls is most likely to detect an invalid customer number entered into the sales order entry screen?

A validity check. A validity check tests the relationships among input items and other parts of the system, e.g., that customer 1272 on the sales order is included in the customer file.

Mill Co. uses a batch processing method to process its sales transactions. Data on Mill's sales transaction file are electronically sorted by customer number and are subjected to programmed edit checks in preparing its invoices, sales journals, and update

Report showing exceptions and control totals. Batch processing is useful for processing large volumes of data, especially when sorted in sequential order, for example, by customer number. Editing (validation) of data should produce a cumulative automated

Fact Pattern: Management discovers that a supervisor at one of its restaurant locations removes excess cash and resets sales totals throughout the day on the point-of-sale (POS) system. At closing, the supervisor deposits cash equal to the recorded sales

The accounting for customer food checks by the supervisor. An inappropriate segregation of duties existed because the supervisor was responsible for accounting for customer food checks and depositing receipts and had the ability to reset POS totals throug

Which of the following controls will most likely prevent the concealment of a cash shortage resulting from the improper write-off of a trade account receivable?

Write-offs must be approved by a responsible officer after review of credit department recommendations and supporting evidence. The CFO usually is responsible for authorizing write-offs of bad debts based on evidence such as receiving reports for the retu

For the purpose of effective internal control, postdated checks received from customers should be

Restrictively endorsed. All checks received from customers should be restrictively endorsed with the phrase "For Deposit Only" in the company account regardless of their date. They should be physically safeguarded until deposit.

Which of the following fraudulent activities most likely could be perpetrated due to the lack of effective internal controls in the revenue cycle?

Authorization of credit memos by personnel who receive cash may permit the misappropriation of cash. Ineffective controls in the revenue cycle, such as inappropriate segregation of duties and responsibilities, inadequate supervision, or deficient authoriz

The internal control objectives of the revenue cycle include all of the following except

Appropriate goods are ordered so that sales can be made. The revenue cycle consists of the activities involving exchanges with customers and the collection in cash of the amounts paid for the goods or services provided. Ordering appropriate goods, an obje

At which point in an ordinary sales transaction of a wholesaling business is a lack of specific authorization of least concern to the auditor in the conduct of an audit?

Selling of goods for cash. Selling goods for cash is the consummation of a transaction that is likely to be covered by a general authorization. Thus, the risk of loss arising from lack of specific authorization of cash sales is minimal.

Upon receipt of customers' checks in the mail room, a responsible employee should prepare a remittance listing that is forwarded to the cashier. A copy of the listing should be sent to the

Accounts receivable bookkeeper to update the subsidiary accounts receivable records. The individuals with recordkeeping responsibility should not have custody of cash. Hence, they should use either the remittance advices or a listing of the remittances to

Cash receipts from sales on account have been misappropriated. Which of the following acts would conceal this defalcation and be least likely to be detected by an auditor?

Understating the sales journal. Not recording sales on account in the books of original entry is the most effective way to conceal a subsequent theft of cash receipts. The accounts will be incomplete but balanced, and procedures applied to the accounting

Sound internal control activities dictate that defective merchandise returned by customers be presented initially to the

Receiving clerk. For control purposes, all receipts of goods or materials should be handled by the receiving clerk. Receiving reports should be prepared for all items received.

Which of the following would be the best protection for a company that wishes to prevent the lapping of trade accounts receivable?

Have customers send payments directly to the company's depository bank. Lapping is the delayed recording of cash receipts to cover a cash shortage. Current receipts are posted to the accounts of customers who paid one or two days previously to avoid compl

When using effective internal controls, the Sales Department should be responsible for approval of the return of defective merchandise.

True. To ensure that the sales returns and allowances function is effective, proper controls must be established, including a segregation of duties. The Sales Department should be responsible for the initial approval of sales returns and allowances.

A lockbox system cannot prevent lapping.

False.
1.Lapping occurs when an employee with access to both the accounts receivable subsidiary ledger and customer payments steals a portion of the receipts without recording them in the customer accounts. To conceal the theft, subsequent receipts are po

Periodic reconciliation of the accounts receivable subsidiary ledger and the accounts receivable control account in the general ledger can determine whether an amount was posted to the wrong account in the subsidiary ledger.

False.
1.Periodic reconciliation of the accounts receivable subsidiary ledger and the accounts receivable control account in the general ledger establishes agreement of the total amounts posted.
2.However, the reconciliation cannot determine whether an am

All cash should be deposited intact daily.

True. Depositing cash intact daily assures that the cash received and recorded on the daily remittance list can be reconciled with the deposit ticket validated by the bank.

After the receipts are deposited by Cash Receipts, the validated deposit ticket is returned to the Controller.

True. The Controller reconciles the validated deposit ticket with the daily remittance list of cash received from the Mail Room.

Only one clerk needs to be present in the Mail Room during the opening and recording of the receipts.

False. Two clerks should be present in the Mail Room during the opening and recording of the receipts.

Accounts Receivable receives all customer receipts, opens the mail, separates the checks from the remittance advices, and prepares a daily listing of the checks received (the daily remittance list).

False. The Mail Room receives all customer receipts, opens the mail, separates the checks from the remittance advices, and prepares the daily remittance list.

A remittance advice is part of or a copy of the sales invoice sent to a customer and intended to be returned with the payment.

True. A remittance advice contains the customer's name, the invoice number, and its amount.

Routing the sales order copy through Billing assures that goods are shipped only to customers who are likely to pay.

False. Routing the sales order copy through the Credit Manager would assure that goods are shipped only to customers who are likely to pay.

The division of the duties of the transactions in the sales-receivables-cash receipts cycle is as follows: authorization, recording, and custody of assets.

True. Authorization, recording transactions, and asset custody should be performed by different departments to ensure proper segregation of duties.

The Accounts Receivable department authorizes customer credit and initiates write-off of bad debts.

False.
1.The Credit Manager authorizes credit and initiates write-offs.
2.The Credit Manager should report to the CFO.

The accounts receivable subsidiary ledger maintains the accounts receivable control account and records sales.

False.
1.The general ledger maintains the accounts receivable control account and records sales.
2.Daily summaries of sales are recorded in a sales journal.
3.Totals of details from the sales journal are posted periodically to the general ledger.

Compensating controls will likely be established when the segregation of duties is not maintained.

True.
1.Cost-benefit considerations typically affect the organizational structure and complete segregation may not be feasible.
2.Typical compensating controls may include more supervision and owner involvement in the process.

The organizational structure should segregate duties and responsibilities so that an individual is not in the position to perpetrate and conceal errors or fraud.

True. The ideal segregation of duties is
1.Authorization of the transaction
2.Recording of the transaction
3.Custody over the assets (e.g., inventory, receivables, and cash) associated with the transaction

In the audit of the financial statements, management is charged with obtaining an understanding of internal control, determining that controls are in place, judging whether to apply tests of controls, and ultimately assessing risks of material misstatemen

False. The auditor obtains an understanding of internal control, including evaluating the design of controls and determining whether they have been implemented. The auditor also judges whether to apply tests of controls and assesses the risks of material

The auditor is responsible for the establishment of the controls over the sales-receivables-cash receipts cycle.

False. Management is responsible for the establishment of the controls over the sales-receivables-cash receipts cycle to ensure
1.Proper acceptance of the customer order
2.Granting of credit approval in accordance with credit limits
3.Safeguarding of asse

Understanding how information and documents flow through a sales-receivables cycle helps the auditor determine what controls are in place and whether they may be effective in mitigating errors and fraud.

True. An auditor should not only understand the system and controls; (s)he also should document that understanding. Use of flowcharts typically facilitates both understanding and the subsequent documentation.

Assignment of one clerk to be responsible for sales recording and cash receipts during a work period is not an effective control when used in conjunction with other compensating controls in a cash sales environment.

False. Assignment of one clerk to be responsible for sales recording and cash receipts during a work period is a compensating control.

Use of a cash register or sales terminal to record the sale is a compensating control for a cash sale environment.

True. The terminal makes a permanent record of the event that the clerk cannot erase.

Cash sales cycles often lack the segregation of duties necessary for the proper framework of control.

True. For example, the sales clerk often authorizes the sale (e.g., acceptance of a check), records the sale (i.e., enters it on the sales terminal), and has custody of the assets related to the sale (i.e., cash and inventory).

A key control for sales returns is approval of the credit memo related to the sales return by someone not in the sales department.

True. The controls over sales returns and allowances should assure proper approval and processing. The key controls include
1.Approval by the sales department to return goods
2.Receipt of the returned goods by the receiving department and preparation of a

The write-off of bad debts requires strong controls.

True. The write-off of bad debts requires strong controls.

Encryption ensures that clerks properly and completely enter a customer order.

False.
1.Preformatted screens are a way to ensure that employees enter complete information about a customer order.
2.Encryption is used to transmit sensitive information, so unauthorized users do not have access to it.

The inventory reasonableness test cannot be employed in conjunction with a validity check.

False.
1.Reasonableness tests are used to test inventory quantities and billing amounts.
2.The inventory reasonableness test can be employed in conjunction with a validity check.

Additional controls for an e-commerce firm include a firewall, passwords, and encryption.

True. E-commerce consideration includes additional controls such as
1.A firewall between the customer and internally stored client data.
2.Passwords for authorized or preferred customers.
3.Encryption procedures for transmission of sensitive information.

Validity tests can be used to determine that a customer exists in the accounts receivable master file.

True. Validity tests can also be used to determine that ordered part numbers exist on the inventory master file.

In an online computer processing system, inventory levels are formally updated upon initial receipt of the customer order.

False. Inventory levels are formally updated upon release of the goods from the Inventory Warehouse.

When a computer processing system is used to account for sales and receivables, routine credit decisions are typically made by the Credit Manager.

False. Routine credit decisions are replaced by a computer program.

Batch processing is appropriate when an immediate response is necessary.

False.
1.Batch processing is appropriate when an immediate response is not necessary.
2.Batching transactions is useful for processing large volumes of data.

When a firm uses an Internet website to conduct sales and the payment is made by credit card, accounts receivable will not be maintained.

True.
1.Likely changes in an e-commerce environment include direct entry of the order by the customer, elimination of the sales order department, and payment by credit card.
2.Thus, accounts receivable will not be maintained.
3.Acknowledgment of the order

Proper authorization of write-offs of uncollectible accounts should be approved in which of the following departments?

CFO. The write-off of uncollectible accounts requires effective controls. The initiation of the write-off is performed by the credit manager. However, authorization should be by an independent party, typically the CFO. The credit manager is evaluated, in

When evaluating internal control of an entity that processes sales transactions on the Internet, an auditor would be most concerned about the

Potential for computer disruptions in recording sales. Processing sales on the Internet (often called e-commerce) creates new and additional risks for clients. The client should use effective controls to ensure proper acceptance, processing, and storage o

For effective internal control, employees maintaining the accounts receivable subsidiary ledger should not also approve

Write-offs of customer accounts. An employee who authorizes a transaction, such as the write-off of a receivable, ordinarily should not be responsible for recording the same transaction. Segregating the functions of authorization, recordkeeping, and custo

Fact Pattern: Management discovers that a supervisor at one of its restaurant locations removes excess cash and resets sales totals throughout the day on the point-of-sale (POS) system. At closing, the supervisor deposits cash equal to the recorded sales

For selected days, reconciling the total of customer food checks to daily bank deposits. Using the total of the customer food checks as a confirmation of sales would have detected the shortage in the bank deposit.

To safeguard the assets through effective internal control, accounts receivable that are written off should be transferred to

A separate ledger. Accounts receivable that are written off should be transferred to a separate ledger. This ledger should be maintained by the accounting department and periodically reviewed to determine if any of the accounts have become collectible.

An auditor's tests of controls for completeness of the revenue cycle usually include determining whether

An invoice is prepared for each shipping document. Tests of completeness determine whether all assets, liabilities, and equity interests are recorded properly. They emphasize the events rather than the existence of the documents. When a shipping document

During the consideration of a small business client's internal control, the auditor discovered that the accounts receivable clerk approves credit memos and has access to cash. Which of the following controls would be most effective in offsetting this weak

The owner reviews credit memos after they are recorded. The clerk can both perpetrate and conceal a fraud in the normal course of his/her duties. The clerk has custody of cash, performs the recordkeeping function for accounts receivable, and authorizes cr

Which of the following procedures would an auditor most likely perform to test controls relating to management's assertion about the completeness of cash receipts for cash sales at a retail outlet?

Observe the consistency of the employee's use of cash registers and tapes. An assertion about completeness of transactions addresses whether all transactions that should be presented are included in the financial statements. To determine that controls are

Which of the following are not directly involved in the revenue cycle?

Receiving department clerk. The receiving department clerk is involved in the purchases-payables cycle. The clerk counts the goods and prepares receiving reports that provide partial authorization for invoice payment.

Proper authorization procedures in the revenue cycle usually provide for the approval of bad debt write-offs by an employee in which of the following departments?

Chief Financial Officer (CFO). The credit manager, who reports to the CFO, usually is responsible for authorizing write-offs of bad debts based on evidence such as aging reports and collection agency reports. The CFO, or another official not involved with

Alpha Company uses its sales invoices for posting perpetual inventory records. Inadequate internal control over the invoicing function allows goods to be shipped that are not invoiced. The inadequate controls could cause an

Understatement of revenues and receivables and an overstatement of inventory. If goods are shipped before the sales are invoiced, inventory will not be credited for the shipments, thus overstating inventory. Moreover, if the accounting function does not r

Fact Pattern: A sales transaction record designed to contain the information presented below.
Column Information
1-10 Customer account number
11-30 Customer name
31-38 Amount of sale
39-44 Sales date
45-46 Store code number
47-49 Sales clerk number
50-59

A field check. The erroneous entry of a customer's name into the field that should contain the amount of the sale is detected by a field check. This control identifies an alphabetic character in a field that should contain only numeric characters.

Fact Pattern: A sales transaction record designed to contain the information presented below.
Column Information
1-10 Customer account number
11-30 Customer name
31-38 Amount of sale
39-44 Sales date
45-46 Store code number
47-49 Sales clerk number
50-59

A validity check. A validity check can be used to determine the consistency of one field with another.

Cash receipts should be deposited on the day of receipt or the following business day. What is the most appropriate audit procedure to determine that cash is promptly deposited?

Compare the daily cash receipts totals with the bank deposits. A standard control over the cash receipts function is to require that daily cash receipts be deposited promptly and intact. Thus, the total of cash receipts for a day should equal the bank dep

Immediately upon receipt of cash, a responsible employee should

Prepare a remittance listing. Effective control of cash requires that receipts be recorded promptly. For mail receipts, a listing of remittance advices by an employee not performing incompatible functions is a standard control procedure. If the customer d

Which of the following credit approval procedures would be the basis for developing a deficiency finding for a wholesaler?

Salespeople are responsible for evaluating and monitoring the financial condition of prospective and continuing customers. Salespeople should be responsible for generating sales and providing service to customers. For effective control purposes, the credi

An entity with a large volume of customer remittances by mail most likely can reduce the risk of employee misappropriation of cash by using

A bank lockbox system. A lockbox system assures that cash receipts are not stolen by mail clerks or other employees. This system provides for customer payments to be sent to a post office box and collected directly by the bank.

Smith Corporation has numerous customers. A customer file is kept on disk storage. Each customer record contains the name, address, credit limit, and account balance. The auditor wishes to test this file to determine whether credit limits are being exceed

Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit. The auditor should consider developing a program to compare the balances with the credit limits and to pri

Which of the following internal control activities most likely would deter lapping of collections from customers?

Separation of duties between receiving cash and posting the accounts receivable ledger. Lapping is the delayed recording of cash receipts to cover a cash shortage. Current receipts are posted to the accounts of customers who paid one or two days previousl

Which of the following internal control activities most likely would assure that all billed sales are correctly posted to the accounts receivable ledger?

Daily sales summaries are compared with daily postings to the accounts receivable ledger. Daily sales summaries represent billed sales. Reconciliation with the postings to the accounts receivable ledger would provide assurance that billed sales were poste

Employers bond employees who handle cash receipts because fidelity bonds reduce the possibility of employing dishonest individuals and

Deter dishonesty by making employees aware that insurance companies may investigate and prosecute dishonest acts. Effective internal control, including human resources practices that stress the hiring of trustworthy people, does not guarantee against loss

A CPA is gaining an understanding of the internal controls for a client that sells garden products using an Internet site. Which of the following is not likely to be found on the client's organization chart?

The sales order department. The customer directly communicates the order via the Internet site. Thus, a sales order department is not needed to handle and process the order. Acceptance of the order, collection of payment, and scheduling of products for sh

A mail-order retailer has just modified its processing programs to charge each customer the appropriate sales tax. The best approach for detecting whether sales taxes are applied correctly is to

Add the program code that will sort orders by area, compute taxes in the aggregate, and compare the amount with the sum of individual taxes charged for each area. Sales taxes vary from one jurisdiction to another. Thus, the program should sort orders by a

To conceal defalcations involving receivables, the auditor would expect an experienced bookkeeper to charge which of the following accounts?

Sales returns. To conceal a theft of customer payments on account, a bookkeeper debits sales returns and credits accounts receivable. If accounts receivable are not credited, the customer will continue to be billed and will complain.

Which of the following most likely would be the result of ineffective internal control in the revenue cycle?

Final authorization of credit memos by personnel in the sales department could permit an employee defalcation scheme. Ineffective controls in the revenue cycle, such as inappropriate segregation of duties and responsibilities, inadequate supervision, or d

An auditor would consider a cashier's job description to contain compatible duties if the cashier receives remittances from the mail room and also prepares the

Daily deposit slip. Preparing the bank deposit slip is a part of the custodial function, which is the primary responsibility of a cashier. The cashier is an assistant to the CFO and thus performs an asset custody function. The preparation of a bank deposi

In obtaining an understanding of a manufacturing entity's internal control concerning inventory balances, an auditor most likely would

Review the entity's descriptions of inventory policies and procedures. The auditor makes inquiries of personnel, observes activities and operations, and reviews an entity's documentation of controls relevant to the management of inventories to obtain an u

A large retail enterprise has established a policy that requires the paymaster to deliver all unclaimed payroll checks to the internal audit department at the end of each payroll distribution day. This policy was most likely adopted to

Detect any fictitious employee who may have been placed on the payroll. A follow-up of unclaimed checks may result in identification of fictitious or terminated employees, thus eliminating an employee's opportunity to claim a paycheck belonging to a termi

Which of the following controls should prevent an invoice for the purchase of merchandise from being paid twice?

The check signer reviews and cancels the voucher packets. A control should be implemented to prevent an invoice from being paid twice. This can be accomplished by canceling the voucher and supporting documents.

Which of the following controls would an entity most likely use in safeguarding against the loss of trading securities?

An independent trust company that has no direct contact with the employees who have record-keeping responsibilities has possession of the securities. Assigning custody of trading securities to a bank or trust company provides the greatest security because

For effective internal control, which of the following functions should not be the responsibility of the CFO's department?

Data processing. The CFO (chief financial officer) performs the custodianship function. For a proper separation of functions, the CFO should not perform a recording function such as data processing.

Which of the following questions would an auditor most likely include on an internal control questionnaire for notes payable?

Are direct borrowings on notes payable authorized by the board of directors? Control is enhanced when different persons or departments authorize, record, and maintain custody of assets for a class of transactions. Authorization of notes payable transactio

Which of the following is a control activity that most likely could help prevent employee payroll fraud?

The human resources department promptly sends employee termination notices to the payroll supervisor. The human resources department should forward personnel changes to payroll promptly to ensure that proper authorizations are used to calculate the payrol

Matthews Corp. has changed from a system of recording time worked on clock cards to a computerized payroll system in which employees record time in and out with magnetic cards. The computer system automatically updates all payroll records. Because of this

Part of the audit trail is altered. In a manual payroll system, a paper trail of documents would be created to provide audit evidence that controls over each step in processing were operating effectively. One element of a computer system that differentiat

In the accounting system of Apogee Company, the quantities counted by the receiving department and entered at a terminal are transmitted to the computer, which immediately transmits the amounts back to the terminal for display on the terminal screen. This

Verify that the amount was entered accurately. The display of the amounts entered is an input control that permits visual verification of the accuracy of the input by the operator. This is termed closed-loop verification.

In a well-designed internal control system, the same employee may be permitted to

Mail signed checks and also cancel supporting documents. The cash disbursements department has an asset custody function. Consequently, this department is responsible for signing checks after verification of their accuracy by reference to the supporting d

The objectives of internal control for a production cycle are to provide assurance that transactions are properly executed and recorded, and that

Custody of work-in-process and of finished goods is properly maintained. A principal objective of internal control is to safeguard assets. In the production cycle, control activities should be implemented to ensure that inventory is protected from misuse

What is a possible consequence of an employee's being able to visit the safe-deposit box unaccompanied?

The employee could pledge corporate investments as security for a short-term personal bank loan. The bank should maintain a record, which can be inspected by company personnel, of all safe-deposit box visits. Access should be limited to authorized officer

Which of the following is an essential element of the audit trail in an electronic data interchange (EDI) system?

Activity logs that indicate failed transactions. Because an audit trail allows for the tracing of a transaction from initiation to its disposition, an activity log provides a key link in the process. Such a log provides information about users who have ac

The purpose of segregating the duties of hiring personnel and distributing payroll checks is to segregate the

Authorization of transactions from the custody of related assets. In principle, the payroll function should be divided into its authorization, recording, and custody functions. Authorization of hiring, wage rates, and deductions is provided by human resou

Equipment acquisitions that are misclassified as maintenance expense most likely would be detected by an internal control activity that provides for

Investigation of variances within a formal budgeting system. A formal planning and budgeting system that estimates maintenance expense at a certain level will report a significant variance if capital expenditures are charged to the account. Investigation

In which of the following situations would it be most important to have employees sign for their pay?

The firm uses a cash payment payroll function. Under a cash payroll system, the receipt signed by the employee is the only document in support of payment. The signed receipt is essential to verify proper payment.

Which of the following is usually a benefit of transmitting transactions in an electronic data interchange (EDI) environment?

A compressed business cycle with lower year-end receivables balances. EDI transactions are typically transmitted and processed in real time. Thus, EDI compresses the business cycle by eliminating delays. The time required to receive and process an order,

Which of the following controls most likely would assist in reducing the risks of material misstatement related to the existence or occurrence of manufacturing transactions?

Perpetual inventory records are independently compared with goods on hand. The recorded accountability for assets should be compared with existing assets at reasonable intervals. If assets are susceptible to loss through fraud or error, the comparison sho

Effective controls relevant to purchasing of raw materials should usually include all of the following except

Obtaining third-party written quality and quantity reports prior to payment for the raw materials. Obtaining third-party written quality and quantity reports prior to payment for raw materials is unnecessary. Only in exceptional cases when client personne

Mailing disbursement checks and remittance advices should be controlled by the employee who

Signs the checks last. Checks for disbursements should be signed by a responsible person in the cash disbursements department after necessary supporting evidence has been examined. This individual also should be responsible for mailing the signed checks a

One objective of internal control is to record property, plant, and equipment (PPE) additions correctly as to account, amount, and period. Which of the following environmental considerations indicates that the risks of material misstatement of these addit

Most construction is performed in-house. The risks of material misstatement for in-house construction are high. For example, the entity must allocate overhead, allocate labor costs between regular and construction labor, and estimate the interest cost to

An auditor will ordinarily ascertain whether payroll checks are properly endorsed during the audit of

The payroll register. Ordinarily, the auditor examines the endorsements on payroll checks while obtaining an understanding of and testing the payroll cycle, which includes consideration of the payroll register.

Which of the following controls could best prevent direct labor from being charged to manufacturing overhead?

Comparison of daily journal entries with factory labor summary. Daily journal entries are made to record labor, materials, and overhead. Direct labor is posted from the daily factory labor summary. If the latter has been properly recorded, tracing the amo

Which of the following procedures in the cash disbursements cycle should not be performed by the accounts payable department?

Canceling supporting documentation after payment. Checks for disbursements should be signed by a responsible person in the cash disbursements department after necessary supporting evidence has been examined. This individual therefore should be responsible

Which of the following internal control activities most likely justifies reducing the assessment of the risks of material misstatement for plant and equipment acquisitions?

Periodic physical inspection of plant and equipment by the internal audit staff. A periodic physical inspection by the internal audit staff is the best activity for verifying the existence of plant and equipment. Direct observation by an independent, comp

In a well-designed internal control system, employees in the same department most likely would approve purchase orders, and also

Negotiate terms with vendors. To prevent or detect fraud or error in the performance of assigned responsibilities, duties are often segregated. Approving purchase orders and negotiating terms with vendors are part of the authorization process performed by

To provide assurance that each voucher is submitted and paid only once, an auditor most likely would examine a sample of paid vouchers and determine whether each voucher is

Stamped "paid" by the check signer. To provide assurance that voucher documentation is not used to support a duplicate payment, the individual responsible for cash disbursements should examine the voucher and determine the appropriateness of the supportin

Which of the following activities most likely would detect whether payroll data were altered during processing?

Using test data to verify the performance of edit routines. The test data approach uses the computer to test the processing logic and controls within the system and the records produced. The auditor prepares a set of dummy transactions specifically design

In a properly designed internal control system, the same employee most likely would match vendors' invoices with receiving reports and also

Recompute the calculations on vendors' invoices. The vouchers payable clerk (1) matches purchase orders, vendors' invoices, and receiving reports; (2) tests the calculations and terms on the vendors' invoices; and (3) prepares a disbursement voucher.

The voucher-disbursement system is applicable solely to the purchase of inventory.

False. The voucher-disbursement system is applicable to virtually all required payments by the entity, not just purchases of inventory.

A standard control over cash disbursements is to require checks for large amounts to have signatures from two authorized persons in the organization.

True. Two signatures may be required for checks larger than some preset limit.

An approved voucher would be placed in a tickler file arranged by due date based on the vendor's terms.

True.
1.Vouchers will be pulled from the file on the due date and sent to Cash Disbursements for signing and mailing the check.
2.At the time the check is signed, the documentation, (i.e., payment voucher, approved invoice, requisition, purchase order, an

If the goods received are nonconforming, they should be returned to the vendor, and the Purchasing Agent should be notified so arrangements can be made with the vendor for another shipment.

True. If the goods received are nonconforming, the Shipping Department will return them to the vendor and notify the Purchasing Agent so arrangements can be made with the vendor for another shipment.

The blind copy of the purchase order prepared by the Purchasing Agent is the sole authorization required for the Receiving Department to accept goods when they arrive.

True. When the goods arrive, the Receiving Department accepts the goods based on the authorization by the Purchasing Agent contained in the blind copy of the purchase order.

Inventory Control provides additional authorization and determines the appropriate vendor, often through bidding.

False. The Purchasing Agent provides additional authorization and determines the appropriate vendor, often through bidding, to supply the appropriate quantity and quality of goods at the optimal price.

The general ledger maintains the accounts payable control account and other related general ledger accounts.

True.
1.Accounts Payable (vouchers payable) assembles proper documentation to support a payment voucher.
2.Once a payment is authorized, it is recorded in the general ledger.

Cash Disbursements evaluates the documentation to support a payment voucher and signs and mails the check.

True.
1.Cash Disbursements is a component of the treasury function.
2.Cash Disbursements also cancels the documentation to prevent duplicate vouchers and checks.

The Purchasing Agent provides authorization for the purchase of goods and performs an accountability function.

False.
1.Inventory Control provides authorization for the purchase of goods and performs an accountability function.
2.The Purchasing Agent issues purchase orders for required goods.

When segregation of duties is not feasible, a company has no other way to establish controls.

False. Compensating controls can be established when the segregation of duties is not maintained.

The ideal organizational structure should segregate duties and responsibilities into authorization of the transaction, recording of the transaction, and custody over the assets associated with the transaction.

True. Cost and benefit considerations may affect the organizational structure, and complete segregation may not be feasible.

The auditor is charged with (1) evaluating the design of controls, (2) determining that controls have been implemented, (3) judging whether to apply tests of controls, and (4) assessing the risks of material misstatement associated with the purchases-paya

True. If the auditor determines that controls are effective by applying tests of controls, the auditor may decide to rely on the controls.

Due to technological advancements, most of the record-keeping and filing for the purchases-payables-cash disbursements cycle are conducted by computer systems.

True. Computer processing ordinarily replaces the activities of clerks performing recording functions (e.g., updating the inventory file to record goods received from vendors and updating the open purchase order file).

A distinction of EDI is that EDI transactions are formatted using strict standards that have been agreed to worldwide.

True.
1.Organizations such as the American National Standards Institute (ANSI) have defined virtually every type of business transaction in terms of their fields and information content. These are termed transmission sets.
2.By using such standards, commu

In an electronic data interchange (EDI) system, transaction protocols are paths that a message takes as it is sent from a sender to a recipient.

False. Transmission protocols are rules on how each envelope or package of information is structured and processed by the communications devices so that messages are kept separate.

Elimination of document preparation, processing, and mailing costs are advantages of EDI.

True. Advantages of EDI include reduction of clerical errors, speed, and the elimination of repetitive clerical tasks. EDI also eliminates document preparation, processing, filing, and mailing costs.

An auditor would consider failure to maintain an audit trail of EDI transactions a risk regarding an entity's use of electronic data interchange (EDI).

True. Audit trails are essential to the processing of all transactions. In an EDI system, the trail should maintain information such as who has access to a transaction, time of access, the use of the transaction, etc. An activity log would provide this in

Paychecks are distributed by Accounts Payable.

False. Paychecks are distributed by Cash Disbursements, usually by the paymaster.

The job time tickets, once used by Timekeeping, are sent to Payroll to charge the work-in-process recorded on job cost sheets for the direct labor used in production.

False.
1.The job time tickets, once used by Timekeeping, are sent to Cost Accounting to charge the work-in-process recorded on job cost sheets for the direct labor used in production.
2.The nonproductive labor is accumulated and reported as overhead incur

Cash Disbursements prepares and distributes employee paychecks.

True. Cash Disbursements signs and deposits a check based on the payment voucher into a separate payroll account, prepares individual employee paychecks, and distributes paychecks.

The authorized employees from Human Resources together with the authorized hours from Timekeeping are used to calculate the payroll for the period.

True. The authorized employees, rates, and deductions from Human Resources, together with the authorized hours from Timekeeping, are used to calculate the payroll for the period.

Payroll accounting calculates pay but does not sign the paychecks.

True. Payroll does not authorize transactions or handle (take custody of) assets.

In a computer payroll application, validity checks would be made to assure that an employee record exists.

True. Validity checks are made to ensure that an employee record exists on the personnel file before any transactions are accepted.

A reasonableness test could be used to test the total hours recorded for each employee.

True. Reasonableness tests are made when appropriate, e.g., testing at the end of the week to assure that total hours recorded for an employee are not in excess of 40 hours or the acceptable limit.

The calculation of the payroll is normally batch oriented.

True.
1.The processing of records and maintenance of files are typically performed on a daily basis.
2.However, the calculation of the payroll is normally batch oriented because checks to employees are prepared periodically (e.g., weekly).

Only the Human Resources department has access to the personnel master file and can make changes.

True.
1.Access controls are used requiring passwords and identification numbers.
2.Departments are limited to the changes that can be made to files.

When using a computer system to replace manual functions, the internal control objectives are modified for those functions.

False.
1.Several of the accounting clerk's functions are replaced by computer programs.
2.These include some of the duties of the timekeeping and payroll departments.
3.The objectives of control do not change.

The financing cycle concerns obtaining and repaying capital through noncurrent debt and shareholders' equity transactions.

True. Major transactions are authorized by the board of directors or others charged with governance.

Typical controls in the investing cycle include written authorizations from the board of directors, physical safeguards over assets, and specific identification of certificate numbers.

True. Typical controls in the investing cycle include (1) written authorizations from the board of directors, (2) segregation of recordkeeping and accountability from physical custody, (3) physical safeguards over assets, (4) specific identification of ce

In considering property, plant, and equipment (PPE), subsidiary records and the general ledger control account should be periodically reconciled.

True. Typical controls in the PPE cycle include (1) a periodic reconciliation of subsidiary records and the general ledger control account and (2) periodic comparisons of physical assets with subsidiary records.

To determine whether an organization is purchasing excess raw materials, an internal auditor should

Ascertain that production budgets and economic order quantities are integrated and have been used in determining quantities purchased. An economic order quantity (EOQ) model can be used to determine the order quantity (or production run) that minimizes th

For effective internal control, the accounts payable department ordinarily should

Establish the agreement of the vendor's invoice with the receiving report and purchase order. The accounts payable department is responsible for matching the vendor's invoice against the corresponding purchase order and receiving report. This procedure pr

A client's materials purchasing cycle begins with requisitions from user departments and ends with the receipt of materials and the recognition of a liability. An auditor's primary objective in reviewing this cycle is to

Evaluate the reliability of information generated by the purchasing process. The auditor should obtain an understanding of internal control. The purpose of internal control is to address business risks that threaten the achievement of the following entity

An audit of the electronic data interchange (EDI) area of a purchasing department revealed the facts listed below. Which one indicates the need for improved internal control?

Branch office employees may access the server with a single call via modem. The system should employ automatic dial-back to prevent intrusion by unauthorized parties. This procedure accepts an incoming modem call, disconnects, and automatically dials back

In determining the effectiveness of an entity's policies and procedures relating to the existence or occurrence assertion for payroll transactions, an auditor most likely would inquire about and

Observe the segregation of duties concerning human resources responsibilities and payroll disbursement. In considering whether transactions actually occurred, the auditor is most concerned about the proper segregation of duties between the human resources

Which of the following internal control activities is not usually performed in the CFO's department?

Approving vendors' invoices for payment. The accounts payable department is responsible for compiling documentation to support an account payable. This approval process is performed in the accounting department.

Based on observations made during an audit, the auditor should discuss with management the effectiveness of the company's controls that protect against the purchase of

Supplies individually ordered, without considering possible volume discounts. An auditor should communicate to management and those charged with governance significant deficiencies and material weaknesses observed during an audit (AU-C 265). (S)he should

Which of the following is usually a benefit of using electronic funds transfer for international cash transactions?

Reduction of the frequency of data entry errors. The processing and transmission of electronic transactions, such as EFTs, virtually eliminates human interaction. This process not only helps eliminate errors but also allows for the rapid detection and rec

Which of the following statements is true concerning the security of messages in an electronic data interchange (EDI) system?

Encryption performed by physically secure hardware devices is more secure than encryption performed by software. Physically secure hardware for performing encryption is under the direct control of the client. Software is not easily controlled because it i

Which of the following statements represents an additional cost of transmitting business transactions by means of electronic data interchange (EDI) rather than in a traditional paper environment?

Translation software is needed to convert transactions from the entity's internal format to a standard EDI format. The conversion cost of transactions into a standard EDI format is a cost that must be incurred for an EDI process in order to transmit the t

An internal control questionnaire indicates that an approved receiving report is required to accompany every check request for payment of merchandise. Which of the following procedures provides the greatest assurance that this control is operating effecti

Canceled checks and ascertain that the related receiving reports are dated no later than the checks. The best procedure is to test whether any checks have been issued without receiving reports. An appropriate sample of canceled checks and the related supp

A client's program that recorded receiving report information entered directly by the receiving department on vendor shipment receipt included a reasonableness or limit test. Which of the following errors would this test likely detect?

The receiving department clerk entered the quantity of the product received as 0. Reasonableness or limit tests are used to test quantities received to determine if they are within acceptable limits. Entry of a product number with 0 received is identified

For several years a client's physical inventory count has been lower than what was shown on the books at the time of the count, and downward adjustments of the inventory account have been required. Contributing to the inventory problem could be material w

Purchases returned to vendors. Purchases returned to the vendor but not recorded overstate inventory records. The goods are reflected in inventory but are not on hand.

Effective control over the cash payroll function would mandate which of the following?

Each employee should be asked to sign a receipt. Under a cash payroll system, the receipt signed by the employee is the only document in support of payment. The signed receipt is essential to verify proper payment.

Which of the following internal control activities most likely would prevent direct labor hours from being charged to manufacturing overhead?

Use of time tickets to record actual labor worked on production orders. Time tickets should specifically identify labor hours as direct or indirect.

A company employs three accounts payable clerks and one treasurer. Their responsibilities are as follows:
Employee Responsibility
Clerk 1 Reviews vendor invoices for proper signature approval.
Clerk 2 Enters vendor invoices into the accounting system and

Clerk 3 mails the checks and remittances after they have been signed. Certain duties should be segregated so that an individual cannot perpetrate and conceal fraud or error. The ideal structure segregates authorization of the transaction, recording of the

The client has equity securities classified as available for sale. The auditor is most concerned about controls related to

The determination of the fair value measurements of the securities. The auditor should obtain an understanding of (1) the client's process for the determination of fair value measurements and disclosures and (2) the relevant controls. Available-for-sale a

To avoid potential errors and fraud, well-designed internal control in the accounts payable area should include a segregation of which of the following functions?

Cash disbursements and vendor invoice verification. The functions of cash disbursements (custody of assets) and invoice verification (recordkeeping) should be segregated for effective internal control. Invoice verification should be done by an employee ou

In auditing an entity's computerized payroll transactions, an auditor would be least likely to use test data to test controls concerning

Control and distribution of unclaimed checks. If wages are not directly deposited into employees' bank accounts, paper checks must be physically distributed by the cash disbursements function. Any unclaimed checks should be turned over to an appropriate c

Which of the following activities performed by a department supervisor most likely would help in the prevention or detection of a payroll fraud?

Approving a summary of hours each employee worked during the pay period. The department supervisor is in the best position to determine that employees are present and performing the assigned functions.

The sampling unit in a test of controls pertaining to the occurrence of payroll transactions ordinarily is a(n)

Payroll register entry. Determining whether payroll transactions occurred is an internal control objective of the human resources and payroll cycle. The payroll register records each payroll transaction for each employee. Thus, an entry in the payroll reg

Which of the following statements is correct concerning internal control in an electronic data interchange (EDI) system?

Preventive controls generally are more important than detective controls in EDI systems. In general, preventive controls are more important than detective controls because the benefits typically outweigh the costs. In electronic processing, once a transac

The authority to accept incoming goods in receiving should be based on a(n)

Approved purchase order. A receiving department should accept merchandise only if a purchase order or approval granted by the purchasing department is on hand.

Which of the following questions would most likely be included in an internal control questionnaire concerning the completeness assertion for purchases?

Are purchase orders, receiving reports, and vouchers prenumbered and periodically accounted for? The completeness assertion concerns whether all transactions and accounts that should be presented are so included. Thus, management asserts that all purchase

An auditor most likely would assess the risks of material misstatement as unacceptable if the payroll department supervisor is responsible for

Authorizing payroll rate changes for all employees. The payroll department should be independent of the human resources department, which would be responsible for authorizing all payroll rate changes for the employees of the entity. A supervisor would be

Which of the following control activities is not usually performed with regard to vouchers payable in the accounting department?

Controlling the mailing of the check and remittance advice. The cash disbursements department, which is responsible to the CFO, has an asset custody function that should be segregated from the recording function of the accounting department. Consequently,

Which of the following activities is most likely to prevent the improper disposition of equipment?

A segregation of duties between those authorized to dispose of equipment and those authorized to approve removal work orders. Segregation of duties reduces the opportunity for an individual both to perpetrate and to conceal fraud or error. Accordingly, th

Which of the following computer-assisted auditing techniques processes client input data on a controlled program under the auditor's control to test controls in the computer system?

Parallel simulation. Parallel simulation is a test of the controls in a client's application program. An auditor-developed program, not the client's program, is used to process actual client data and compare the outputs and exceptions report with those of

In a computerized payroll system environment, an auditor is least likely to use test data to test controls related to

Proper approval of overtime by supervisors. Approval of overtime by supervisors most likely entails initialing of time cards. Inspection by the auditor is the appropriate test of this control.

Which of the following courses of action is the most appropriate if an auditor concludes that there is a high risk of material misstatement?

Select more effective substantive procedures. The nature, timing, and extent of the auditor's further audit procedures should respond to the assessed RMMs at the relevant assertion level. The greater the assessed RMMs, the more persuasive audit evidence s

Which of the following tests of controls most likely will help assure an auditor that goods shipped are properly billed?

Examine shipping documents for matching sales invoices. The proper starting point to determine whether all goods shipped were properly billed is the shipping documents. Tracing the shipping documents to the matching sales invoices provides assurance that

For which of the following computer-assisted auditing techniques does the auditor use a controlled program?

Parallel simulation. Parallel simulation is a test of the controls in a client's application program. An auditor-developed program is used to process actual client data, and the output and exceptions report is compared with those of the client's applicati

What is the most likely course of action that an auditor would take after determining that performing substantive procedures on inventory will take less time than performing tests of controls?

Perform only substantive procedures on inventory. According to AU-C 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained, the auditor may in some cases perform only substantive procedures and exclude th

The risks of material misstatement (RMMs) should be assessed in terms of

Financial statement assertions. The auditor's objective is to identify and assess the RMMs, whether due to fraud or error, at the financial statement and relevant assertion levels. This objective is achieved through understanding the entity and its enviro

When an auditor tests a computerized accounting system, which of the following is true of the test data approach?

Test data are processed by the client's computer programs under the auditor's control. In using the test data approach, the auditor prepares a set of dummy transactions specifically tailored to test the control procedures that management claims to have in

When an auditor tests the internal controls of a computerized system, which of the following is true of the test data approach?

Test data are processed with the client's computer and the results are compared to the auditor's predetermined results. The test data are processed by the client's computer programs under the control of the auditor. These results are then compared to the

Which of the following statements concerning the parallel simulation approach when testing a computerized accounting system is false?

Transactions are reprocessed only by the client's computer programs. Parallel simulation is a test of the controls in a client's application program. An auditor-developed program, not the client's program, is used to process actual client data and compare

To obtain evidence that online access controls are properly functioning, an auditor most likely will

Enter invalid identification numbers or passwords to ascertain whether the system rejects them. Employees with access authority to process transactions that change records should not also have asset custody or program modification responsibilities. The au

When an auditor increases the assessment of the risks of material misstatement because certain controls were determined to be ineffective, the auditor will most likely increase the

Extent of tests of details. An auditor should obtain an understanding of internal control to assess the RMMs. The greater (lower) the assessment of the RMMs, the lower (greater) the acceptable detection risk for a given level of audit risk. In turn, the a

When numerous property and equipment transactions occur during the year, an auditor who assesses the risks of material misstatement at a low level usually performs

Tests of controls and limited tests of current-year property and equipment transactions. The auditor usually performs tests of controls and substantive procedures (the combined audit approach). The auditor must make decisions about the nature, timing, and

To test the effectiveness of controls, an auditor ordinarily selects from a variety of techniques, including

Reperformance and observation. The auditor selects tests of controls from a variety of techniques such as inquiry, observation, inspection, recalculation, and reperformance of a control that pertains to an assertion. No one specific test of controls is al

In parallel simulation, actual client data are reprocessed using an auditor software program. An advantage of using parallel simulation, instead of performing tests of controls without a computer, is that

The size of the sample can be greatly expanded at relatively little additional cost. Parallel simulation uses a controlled program to reprocess sets of client transactions and compares those results with those of the client. The primary disadvantages are

Tests of controls in an advanced computer system

Can be performed using actual transactions or simulated transactions. Tests of controls, that is, determining whether the prescribed controls are operating effectively at the assertion level, can be performed using either actual or simulated transactions.

Regardless of the assessed risks of material misstatement, an auditor should perform some

Substantive procedures to restrict detection risk for significant transaction classes. Regardless of the assessed risks of material misstatement (or the effectiveness of the relevant controls), the auditor should design and perform substantive procedures

Smith Corporation has numerous customers. A customer file is kept digitally. Each customer record contains the name, address, credit limit, and account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. Th

Develop a program to compare credit limits with account balances and list the details of any account with a balance exceeding its credit limit. The auditor should consider developing a program to compare the balances with the credit limits and to list the

Which of the following statements is false about the test data approach when testing a computerized accounting system?

Several transactions of each type must be tested. The test data approach includes preparation of dummy transactions by the auditor. These transactions are processed by the client's computer programs under the auditor's control. The test data consist of on

A nonissuer audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in an audit of financial statements?

Adopt a substantive audit approach. The assessment of risks is a basis for choosing the audit approach. A substantive audit approach is based only on substantive procedures. A combined audit approach applies tests of controls and substantive procedures. F

After obtaining an understanding of internal control, an auditor of a nonissuer's financial statements may place no reliance on controls for some assertions because the auditor

Believes the controls are unlikely to be effective. The assessment of risks is a basis for choosing the audit approach. A substantive audit approach is based only on substantive procedures. A combined audit approach applies tests of controls and substanti

An auditor who is testing computer controls in a payroll system will most likely use test data that contain conditions such as

Time tickets with invalid job numbers. The auditor will most likely test computer controls for detection of time tickets with invalid job numbers. The validity of codes can be determined by the computer system. Testing of approvals, authorizations, and si

An auditor may decide to perform only substantive procedures for certain assertions because the auditor believes

Controls are not relevant to the assertions. The auditor's risk assessment procedures may not have identified any suitably designed and implemented controls that are relevant to the assertions. Another possibility is that testing of controls may be ineffi

An auditor uses the assessed risks of material misstatement to

Determine the acceptable level of detection risk for financial statement assertions. For a given audit risk, the acceptable detection risk (the auditor's risk) is inversely related to the assessed RMMs (the entity's risks) at the assertion level. Detectio

Which of the following is least likely to indicate the need to increase the assurance provided by substantive testing?

A decrease in the assessed inherent risk. Substantive procedures are performed to detect material misstatements in management's assertions. The nature, timing, and extent of substantive procedures are determined by the acceptable level of audit risk. For

Which of the following procedures concerning accounts receivable is an auditor most likely to perform to obtain evidence in support of the effectiveness of controls?

Observing an entity's employee prepare the schedule of past due accounts receivable. To test the effectiveness of controls, an auditor performs procedures such as inquiry, observation, inspection, recalculation, and reperformance of a control. Thus, obser

An auditor generally tests the segregation of duties related to inventory by

Personal inquiry and observation. The segregation of duties reduces the opportunity for an individual to perpetrate and conceal fraud or error in the normal course of his/her duties. Authorization of transactions, recording of transactions, and custody of

Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without the knowledge of client operating personnel?

Integrated test facility (ITF). The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will

An auditor may compensate for a high assessed risk of material misstatement by

Increasing the extent of substantive analytical procedures. When designing further audit procedures, the auditor obtains more persuasive evidence the higher the risk assessment. Thus, the auditor may increase the quantity of evidence or obtain more releva

The objective of tests of details of transactions performed as tests of controls is to

Evaluate whether internal controls operated effectively. The auditor may use tests of details of transactions concurrently as tests of controls (i.e., as dual-purpose tests). As substantive procedures, their objective is to support relevant assertions or

An auditor most likely should test for the presence of unauthorized computer program changes by running a

Source code comparison program. The best way to test for unauthorized computer program changes is to examine the program itself. By comparing a program under his/her control with the program used for operations, the auditor can determine whether unauthori

An auditor obtains a digital file that contains the dollar amounts of all client inventory items by style number. The auditor is aware that the client holds certain inventory styles on consignment for others. The auditor can best ascertain that the client

Tests for and accumulates all amounts for items with style numbers indicating consigned merchandise. Given that items on the inventory file are marked appropriately with style numbers, the auditor can best determine whether consigned merchandise is includ

For certain controls, such as assignment of authority and responsibility, documentary evidence may not exist. An auditor would most likely test the controls by

Observation and inquiry. When documentary evidence does not exist, evidence about the effectiveness of the operation of controls may be obtained through such methods as observation, inquiry, or computer-assisted techniques. Inquiry alone, however, will no

When an auditor plans to rely on controls that have changed since they were last tested, which of the following courses of action would be most appropriate?

Test the operating effectiveness of such controls in the current audit. Controls that have changed must be tested for operating effectiveness before they can be relied on.

Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of controls. One of the techniques involved in this approach makes use of

An integrated test facility. The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will re

Which of the following statements is false about the integrated test facility (ITF) method for testing a computerized accounting system?

ITF reprocesses only actual, not fictitious, transactions. The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming t

An auditor wishes to perform tests of controls on a client's cash disbursements procedures. If the controls leave no audit trail of documentary evidence, the auditor most likely will test the controls by

Observation and inquiry. For some controls, documentation may not be available or relevant. For example, documentation of operation may not exist for (1) some factors in the control environment, such as assignment of authority and responsibility, or (2) s

The portion of the audit plan for a financial statement audit that describes further audit procedures usually cannot be developed until the

Understanding of the entity's internal control has been completed. The audit plan develops over the course of the audit. Thus, planning for risk assessment procedures occurs early in the audit. However, the nature, timing, and extent of further audit proc

The major purpose of the auditor's study and evaluation of the company's computer processing operations is to

Evaluate the reliability and integrity of financial information. Information systems provide data for decision making, control, and compliance with external requirements. Thus, auditors should examine information systems and, as appropriate, determine (1)

An auditor who wishes to capture an entity's data as transactions are processed and continuously test the entity's computerized information system most likely would use which of the following techniques?

Embedded audit module. Continuous monitoring and analysis of transaction processing can be achieved with an embedded audit module. An audit module embedded in the client's software routinely selects and abstracts certain actual transactions and other info

When an accounting application is processed by computer, an auditor cannot verify the reliable operation of automated controls by

Manually reperforming, as of a moment in time, the processing of input data and comparing the simulated results with the actual results. This procedure describes what is termed auditing around the computer. The computer is treated as a black box, and only

To obtain evidence that user identification and password controls are functioning as designed, an auditor should

Examine a sample of password holders and access authority to determine whether they have access authority incompatible with their other responsibilities. Employees with access authority to process transactions that change records should not also have asse

The auditor should perform tests of controls when the auditor's assessment of the risks of material misstatement includes an expectation of the operating effectiveness of internal control or when

Substantive procedures alone cannot provide sufficient appropriate audit evidence at the relevant assertion level. For some RMMs, the auditor may determine that it is not feasible to obtain sufficient appropriate audit evidence only from substantive proce

After gaining an understanding of a client's computer processing internal control, a financial statement auditor may decide not to test the effectiveness of the computer processing control procedures. Which of the following is not a valid reason for choos

The assessment of the risks of material misstatement permits the auditor to rely on the controls. Although controls appear to be effective based on the understanding of internal control, the auditor should perform tests of controls when the assessment of

Which of the following most likely should be included as part of an auditor's tests of controls?

Inspection. The auditor should perform other procedures in combination with inquiry to obtain evidence about the operating effectiveness of controls. Thus, inquiry by itself is not sufficient. Accordingly, inquiry combined with inspection, recalculation,

A client maintains a large data center where access is limited to authorized employees. How may an auditor best determine the effectiveness of this control activity?

Observe whether the data center is monitored. Physically observing that the data center is being monitored provides direct evidence that the control is in place and is being utilized effectively. The auditor will be able to see, first hand, if the control

The ultimate purpose of understanding the entity and its environment and assessing the risks of material misstatement is to contribute to the auditor's assessment of the risk that

Material misstatements may exist in the financial statements. The auditor's objective is to identify and assess the RMMs, whether due to fraud or error, at the financial statement and relevant assertion levels. This objective is achieved through understan

Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertions and risks?

Testing the operating effectiveness of the relevant controls would not be efficient. The assessment of risks is a basis for choosing the audit approach. The risk assessment procedures may not identify effective controls for the relevant assertion, or test

Which of the following statements is not true of the test data approach to testing an accounting system?

The test data must consist of all possible valid and invalid conditions. The test data approach includes preparation of dummy transactions by the auditor. These transactions are processed by the client's computer programs under the auditor's control. The

An auditor is least likely to test controls that provide for

Classification of revenue and expense transactions by product line. The auditor is primarily concerned with the fairness of external financial reporting and therefore with controls relevant to a financial statement audit. (S)he is less likely to test cont

Which of the following is a step in an auditor's decision to rely on internal controls?

Identify specific controls that are likely to prevent, or detect and correct, material misstatements and perform tests of controls. An auditor should obtain an understanding of controls relevant to the audit. Thus, the auditor should evaluate their design

Samples to test controls are intended to provide a basis for an auditor to conclude whether

The controls are operating effectively. Tests of controls obtain evidence about the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. Tests of controls address (1) how they were

After obtaining an understanding of internal control in a financial statement audit, an auditor has concluded that it is well designed and is operating effectively. Under these circumstances, the auditor would most likely

Not increase the extent of substantive procedures. The auditor should obtain reasonable assurance about whether the financial statements are free from material misstatement to permit expression of an opinion on whether they are fairly presented. To obtain

As the acceptable level of detection risk increases for a given audit risk, an auditor may change the

Timing of substantive procedures from year end to an interim date. For a given audit risk, the acceptable detection risk (the auditor's risk) is inversely related to the assessed RMMs (the entity's risks) at the assertion level. Detection risk is the risk

A client maintains perpetual inventory records in both quantities and dollars. If the assessment of the risks of material misstatement is high, an auditor will probably

Request the client to schedule the physical inventory count at the end of the year. If the assessment of the RMMs is high, the acceptable detection risk for a given level of audit risk decreases. The auditor should change the nature, timing, or extent of

When assessing the risks of material misstatement at a low level, an auditor is required to document the auditor's
Understanding of the Entity's Control Environment; Overall Responses to Assessed Risks

Yes; Yes
The understanding of the components of internal control, including the control environment, should be documented regardless of the degree of risk (AU-C 315). The overall responses to the assessed risks of material misstatement at the financial st

A test of a payroll system involved comparing an individual's number of overtime hours a week with an average of weekly overtime during a similar period in a prior year and evaluating the results. This is an example of what type of test?

Reasonableness test. Reasonableness tests are used to test quantities received to determine whether they are comparable to an acceptable amount.

If the risks of material misstatement are assessed at a low level, the auditor need not document the conclusion or the response to the assessments.

False. The auditor should document the following:
1.Overall responses to the assessed RMMs at the statement level
2.Nature, timing, and extent of further audit procedures and their connection with assessed risks at the relevant assertion level
3.Results o

Risks of material misstatement related to significant judgmental matters may be greater if they involve accounting estimates.

True.
RMMs related to significant judgmental matters may be greater if they involve accounting estimates resulting from, among other things, the following: 1.Accounting principles subject to different interpretations
2.Subjective or complex judgments
3.Si

Relying on controls to reduce the risks of material misstatement for relevant assertions requires auditors to obtain evidence about the design and operation of controls.

True. The auditor's understanding of relevant controls involves evaluating their design and determining whether they have been implemented. Tests of controls determine whether they are operating effectively to prevent, or detect and correct, material miss

Failure to detect misstatements by performing substantive procedures implies that controls are effective.

False. Misstatements detected by substantive procedures may imply that controls are ineffective. However, nondetection of misstatements is not evidence of effectiveness.

Tests of controls are performed when the auditor intends to rely on their operating effectiveness, or substantive procedures alone cannot provide sufficient appropriate evidence at the assertion level.

True. The auditor tests the operating effectiveness of relevant controls if (1) the auditor has an expectation of their effectiveness, i.e., the auditor intends to rely on the controls to determine the nature, timing, and extent of the substantive procedu

Timeliness of evidence concerns when it was obtained and the portion of the audit period to which it applies.

True. The evidence obtained by some tests of controls, such as observation, pertains only to the moment in time at which the audit procedure was performed. Thus, such evidence may be insufficient for periods not subjected to such tests.

Evidence obtained in prior audits may be considered in a new audit.

True. Evidence obtained in prior audits may be considered in a new audit.

When obtaining evidence about the operation of internal control during an interim period, the auditor need not determine what additional evidence should be obtained for the remaining period.

False.
When obtaining evidence about the operation of internal control during period remaining after an interim date, the auditor should consider 1.Assessed RMMs
2.Controls tested
3.The evidence about operating effectiveness
4.The duration of the remainin

Evidence about the effectiveness of the operation of controls obtained directly by the auditor usually provides less assurance than evidence obtained indirectly or by inference, such as through inquiry.

False. Evidence may be obtained through the auditor's direct observation of an individual who applies a control. This evidence is usually more reliable than that which is gathered through inquiries about the application of the control.

The sufficiency of evidence is a matter of auditor judgment.

True. The degree of assurance provided is a function of the type of evidence, its source, its timeliness, and the availability of other evidence related to the conclusion.

The auditor tests suitably designed controls at the relevant assertion level when the risk assessment is based on the expectation that controls are operating effectively.

True. The auditor tests the effectiveness of suitably designed controls at the relevant assertion level in two circumstances: 1.The assessment of the risks of material misstatement at the assertion level is based on the expectation that controls are opera

A financial statement audit involves obtaining and evaluating evidence about management's assertions.

True. Management's assertions are included in the account balance, transaction class, and preparation and disclosure components of financial statements. They are used by the auditor to determine the types of potential misstatements.

In the integrated test facility (ITF) method, the auditor creates a dummy record within the client's actual system. Dummy and actual transactions are then processed. The auditor can test the edit checks by altering the dummy transactions and evaluating er

True. In the integrated test facility (ITF) method, the auditor creates a dummy record within the client's actual system. Dummy and actual transactions are then processed. The auditor can test the edit checks by altering the dummy transactions and evaluat

An embedded audit module is part of an application system that is designed to identify and report actual transactions and other information that meet criteria having audit significance.

True. An embedded audit module is an integral part of an application system that is designed to identify and report actual transactions and other information that meet criteria having audit significance.

The primary advantage of parallel simulation is that transactions from throughout the period may be reprocessed.

True.
1.The results of a parallel simulation can be compared with the client's results to provide assurance that the edit checks (controls) have been applied during the period.
2.The primary disadvantages of this method are the cost of obtaining the progr

Parallel simulation uses a controlled program to reprocess sets of client transactions and compares the auditor-achieved results with those of the client.

True. The key in a parallel simulation is for the auditor's program to include the client's edit checks. Thus, the client's results of processing, rejected transactions, and error listing should be the same as the auditor's.

In the test data approach, the auditor prepares a set of dummy transactions specifically designed to test the control activities that management claims to have incorporated into the processing programs.

True. The auditor can expect the controls to be applied to the transactions in the prescribed manner. Thus, the auditor is testing the effectiveness of the controls.

The primary advantage of the test data approach is that it tests processing at one moment in time.

False. The primary disadvantage is that it tests processing at only one moment in time.

Auditing around the computer is not appropriate when systems are sophisticated or the major controls are included in the computer programs.

True. Auditing around the computer may be appropriate for very simple systems that produce appropriate printed outputs for the auditor.
1.The auditor manually processes transactions and compares the results with the client's computer processed results.
2.

The auditor tests access controls by attempting to sign on to the computer system using various passwords and ID numbers.

True. The auditor tests access controls by (1) attempting to sign on to the computer system using various passwords and ID numbers, (2) inspecting the system access log for completeness and appropriate use and follow-up (passwords required to be consisten

The auditor inspects documentation and observes operations demonstrating that the computer processing department is operating as a service department independently of users and reporting to senior-level management.

True. The auditor inspects documentation and observes operations demonstrating that the computer processing department is operating as a service department independently of users and reporting to senior-level management.
1.Computer processing should be a

Numerous controls in a computer environment are outside the computer system and can be tested using procedures applicable to a manual system.

True.
1.Control objectives and concepts are the same in a computer environment and a manual system.
2.Many procedures are the same. These procedures include (a) inquiries of entity personnel, (b) inspection of documents and reports, (c) observation of the

The auditor's controlled program in a parallel simulation cannot be a copy of the client's program.

False.
1.The auditor's controlled program in a parallel simulation may be a copy of the client's program that has been tested.
2.An expensive alternative is for the auditor to write a program that includes management's controls. Also, a program may be cre

The auditor may use tests of details of transactions concurrently as tests of controls.

True.
1.Tests of details may be dual-purpose tests. As substantive procedures, tests of details of transactions are designed to detect material misstatements at the assertion level.
2.As tests of controls, tests of details evaluate whether a control opera

For material balances, the risks of material misstatement cannot be sufficiently low to eliminate the need for all substantive procedures.

True. Substantive procedures are performed for all relevant assertions related to material account balances, transaction classes, and disclosures.

The assessed level of control risk is an evaluation of the effectiveness of internal control in preventing, or detecting and correcting, material misstatements.

True. GAAS generally refer to the assessment of the risks of material misstatement. But an auditor may separately assess the components of the RMMs: inherent risk and control risk. The assessed level of control risk is an evaluation of the effectiveness o

Inherent risk is the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated.

False. Audit risk is the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated.
1.Inherent risk is the susceptibility of an assertion to a material misstatement before consideration of related cont

Audit risk is the risk that analytical procedures and other relevant substantive tests do not detect misstatements equal to tolerable misstatements that could occur in an assertion.

False. Detection risk is the risk that procedures performed to reduce audit risk to an acceptably low level will not detect material misstatements.

In evaluating the degree of assurance provided by various types of evidence relating to an assertion, the auditor should consider the interrelationship between them.

True. In evaluating the degree of assurance provided by various types of evidence relating to an assertion, the auditor should consider the interrelationship between them.

Substantive procedures should be performed that respond specifically and with a low degree of reliability to significant risks.

False. Substantive procedures should be performed that respond specifically and with a high degree of reliability to significant risks of material misstatement.

1. The independent auditor should acquire an understanding of a client's internal audit function to determine whether the work of internal auditors will be a factor in determining the nature, timing and extent of the independent auditor's procedures. The

c) Consideration of the internal control structure.

2. Effective I/C in a small company that has insufficient employees to permit proper division of responsibilities can be best enhanced by

b) Direct participation by the owner of the business in the recordkeeping activities of the business.

3. An auditor is considering the internal control system for purchasing and disbursement procedures. The auditor will be least influenced by

d) The strength or weakness of internal control in other areas, e.g., sales and accounts receivable.

4. In general, material irregularities perpetrated by which of the following are most difficult to detect?

d) Controller

5. If, during the course of an annual audit of a publicly held manufacturing company, an independent auditor becomes aware of a reportable condition in the company's internal control, the auditor is required to communicate the reportable condition to

d) The audit committee of the board of directors.

6. Which of the following best describes the primary reason for the auditor's use of flowcharts during an audit engagement?

d) To record the auditor's understanding of the client's I/C.

7. The independent auditor should acquire an understanding of the internal audit function as it relates to the independent auditor's consideration of the I/C because

c) The work performed by internal auditors may be a factor in determining the nature, timing and extent of the independent auditor's procedures.

8. The auditor's understanding of the client's I/C is documented in order to substantiate

b) Compliance with generally accepted auditing standards.

9. The ICS normally would include procedures that are designed to provide reasonable assurance that

b) Transactions are executed in accordance with management's general or specific authorization.

10. In general, a reportable condition may be defined as a condition in which material errors or irregularities ordinarily would not be detected within a timely period by

c) Employees in the normal course of performing their assigned duties.

11. Proper segregation of functional responsibilities calls for separation of the

d) Authorization, recording and custodial functions.

12. The ultimate risk against which the auditor requires reasonable protection is a combination of two separate risks. The first of these is that material errors will occur in the accounting process by which the F/S are developed, and the second is that

b) Those errors that occur will not be detected by the auditor's examination.

13. When an independent auditor decides that the work performed by internal auditors may have a bearing on the nature, extent and timing of the independent auditor's procedures, the independent auditor should evaluate the competence and objectivity of the

a) Consider the organizational level to which internal auditors report the results of their work.

14. To provide the greatest degree of independence in performing internal auditing functions, an internal auditor should probably report to the

b) Corporate controller.

15. When considering the client's ICS to determine whether the necessary procedures are prescribed and are followed satisfactorily, an auditor must

b) Review the ICS and perform tests of controls.

16. After the auditor has prepared a flowchart of the I/C surrounding sales and evaluated the design of the ICS, the auditor would perform tests of controls on all internal control procedures

c) Considered to be strengths that the auditor plans to rely on.

17. A consideration of the ICS made in connection with an annual audit is usually not sufficient to express an opinion on an entity's internal control because

c) Only those controls on which an auditor intends to rely are reviewed, tested and evaluated.

18. Which of the following would be least likely to suggest to an auditor that the client's management may have overridden the ICS?

c) Differences are always disclosed on a computer exception report.

19. Which of the following is intended to detect deviation from prescribed Accounting Department procedures?

b) Tests of controls designed specifically for the client.

20. The independent auditor selects several transactions in each functional area and traces them through the entire system, paying special attention to evidence about whether or not the control features are in operation. This is an example of a

b) Tests of controls

21. In the consideration of the ICS, the auditor is basically concerned that the system provides reasonable assurance that

c) Errors have been prevented or detected.

22. During the audit, the independent auditor identified the existence of a reportable condition in the client's system of internal controls and orally communicated this finding to the client's senior management and audit committee. The auditor should

b) Document the matter in the working papers and consider the effects of the condition on the audit.

23. Which of the following statements concerning the independent auditor's required communication of reportable conditions is correct?

d) Although written communication is preferable, the auditor may communicate the findings orally.

24. Which of the following is least likely to be evidence the auditor examines to determine whether operations are in compliance with the internal control system?

c) Confirmations of accounts receivable.

25. The auditor's communication of reportable conditions in internal control is

c) Incident to the auditor's objective of forming an opinion as to the fair presentation of the financial statements.

26. An auditor may compensate for a condition in the ICS by increasing the

d) Extent of analytical procedures

27. After considering the client's internal controls, an auditor has concluded that I/C is well designed and is functioning as intended. Under these circumstances, the auditor would most likely

c) Not increase the extent of predetermined substantive tests.

28. The use of fidelity bonds may indemnify a company from embezzlement losses. The use also

d) Reduces the possibility of employing persons with dubious records in positions of trust.

29. Which of the following procedures most likely would be included as part of an auditor's tests of controls?

a) Inspection.

30. If the independent auditors decide that the work performed by the internal auditor may have bearing on their own procedures, they should consider the internal auditor's

a) Competence and objectivity.

31. Which statement is correct concerning the definition of internal control developed by the Committee of Sponsoring Organizations (COSO)?

b) It is recognized in the Statement on Auditing Standards.

32. Monitoring is considered

a) A component of internal control.

33. Which of the following is not a factor included in the control environment?

b) Risk assessment.

34. An entity's ongoing monitoring activities often include

c) The audit of the annual financial statements.

35. The definition of internal control developed by the Committee of Sponsoring Organizations (COSO) and included in the professional standards includes the reliability of financial reporting, the effectiveness and efficiency of operations and

a) Compliance with applicable laws and regulations.

36. Which statement is correct concerning the relevance of various types of controls to a financial audit?

b) Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit but other controls may also be relevant.

37. Which of the following is not ordinarily considered a factor indicative of increased financial reporting risk when an auditor is considering a client's risk assessment policies?

a) Commissioned sales personnel.

38. While obtaining an understanding of a client's risk assessment policies, an auditor does not ordinarily include how management

b) Eliminates significant risks.

39. When an auditor considers a client's internal control, which of the following is ordinarily a type of control activity that is considered?

b) Segregation of duties over payroll.

40. When tests of controls reveal that controls are operating as anticipated, it is most likely that the assessed level of control risk will

b) Equal the planned assessed level of control risk.

41. Which of the following is not a control that is designed to protect investment securities?

a) Custody over securities should be limited to individuals who have record keeping responsibility over the securities.

1. An auditor tests an entity's policy of obtaining credit approval before shipping goods to customers in support of management's financial statement assertion of

a) Valuation or allocation.

2. Which of the following audit procedures would an auditor most likely perform to test controls relating to management's assertion concerning the completeness of sales transactions?

b) Inspect the entity's reports of prenumbered shipping documents that have not been recorded in the sales journal.

3. Which of the following internal control procedures most likely would assure that all billed sales are correctly posted to the accounts receivable ledger?

a) Daily sales summaries are compared to daily posting to the accounts receivable ledger.

4. Two assertions for which confirmation of accounts receivable balances provides primary evidence are

c) Rights & Obligations and existence.

5. An auditor's purpose in reviewing the renewal of a note payable shortly after the balance sheet date most likely is to obtain evidence concerning management's assertions about

b) Presentation and disclosure.

6. In testing the existence assertion for an asset, an auditor ordinarily works from the

c) Accounting records to the supporting evidence.

7. An auditor's purpose in reviewing credit ratings of customers with delinquent accounts receivable most likely is to obtain evidence concerning management's assertions about

d) Valuation or allocation.

8. To satisfy the valuation assertion when auditing an investment accounted for by the equity method, an auditor most likely would

b) Examine the audited financial statements of the investee company.

9. Cutoff tests designed to detect credit sales made before the end of the year that have been recorded in the subsequent year provide assurance about management's assertion of

b) Completeness.

10. Inquiries of warehouse personnel concerning possible obsolete or slow-moving inventory items provide assurance about management's assertion of

d) Valuation.

11. Which of the following control procedures most likely would assist in reducing control risk related to the existence or occurrence of manufacturing transactions?

a) Perpetual inventory records are independently compared with goods on hand.

12. Which of the following audit procedures probably would provide the most reliable evidence concerning the entity's assertion of rights and obligations related to inventories?

b) Inspect agreements to determine whether any inventory is pledged as collateral or subject to any liens.

13. During an audit of an entity's stockholders' equity accounts, the auditor determines whether there are restrictions on retained earnings resulting from loans, agreements or state law. This audit procedure most likely is intended to verify management's

d) Presentation and disclosure.

14. Which of the following most likely would give the most assurance concerning the valuation assertion of accounts receivable?

d) Assessing the allowance for uncollectible accounts for reasonableness.

15. An auditor most likely would inspect loan agreements under which an entity's inventories are pledged to support management's financial statement assertion of

c) Presentation and disclosure.

16. An auditor most likely would analyze inventory turnover rates to obtain evidence concerning management's assertions about

d) Valuation or allocation.

17. Which of the following procedures would an auditor most likely perform to verify management's assertion of completeness?

a) Compare a sample of shipping documents to related sales invoices.

18. Which of the following is a substantive test that an auditor most likely would perform to verify the existence and valuation of recorded accounts payable?

c) Vouching selected entries in the accounts payable subsidiary ledger to purchase orders and receiving reports.

19. An auditor most likely would review an entity's periodic accounting for the numerical sequence of shipping documents and invoices to support management's financial statement assertion of

d) Completeness.

20. In auditing accounts payable, an auditor's procedures most likely would focus primarily on management's assertion of

c) Completeness.

21. An auditor concluded that no excessive costs for idle plant were charged to inventory. This conclusion most likely related to the auditor's objective to obtain evidence about the financial statement assertions regarding inventory, including presentati

a) Valuation and allocation.

22. An auditor selected items for test counts while observing a client's physical inventory. The auditor then traced the test counts to the client's inventory listing. This procedure most likely obtained evidence concerning management's assertion of

b) Completeness.

23. In testing plant and equipment balances, an auditor examines new additions listed on an analysis of plant and equipment. This procedure most likely obtains evidence concerning management's assertion of

b) Existence or occurrence.

24. Which of the following most likely would give the most assurance concerning the valuation assertion of accounts receivable?

d) Assessing the reasonableness of the allowance for doubtful accounts.

25. Cutoff tests designed to detect credit sales made before the end of the year that have been recorded in the subsequent year provide assurance about management's assertion of

b) Completeness.

1. Which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files?

b. It is usually easier for unauthorized persons to access and alter the files

2. The machine language for a specific computer

c. Is determined by the engineers who designed the computer

3. Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because

c. There are time delays in processing transactions in a batch system

4. What type of computer system is characterized by data that are assembled from more than one location and records that are updated immediately?

d. Online, real-time systems

5. An auditor anticipates assessing control risk at a low level in a computerized environment. Under these circumstances, on which of the following procedures would the auditor initially focus?

d. General control procedures

6. For control purposes, which of the following should be organizationally segregated from the computer operations function?

c. Systems development

7. One of the major problems in a computer system is that incompatible functions may be performed by the same individual. One compensating control is the use of

d. A computer log

8. Which of the following activities would most likely be performed in the computer department?

b. Conversion of information to machine-readable form

9. When disk files are used, the grandfather-father-son updating backup concept is relatively difficult to implement because

d. The process of updating old records is destructive

10. Any assessment of the operational capabilities of a computer system must consider downtime. Even in a fully protected system, downtime will happen because of

b. Unscheduled maintenance

11. Decision tables differ from program flowcharts in that decision tables emphasize

b. Logical relationships among conditions and actions

12. Mill Co. uses a batch processing method to process its sales transactions. Data on Mill's sales transaction tape are electronically sorted by customer number and are subjected to programmed edit checks in preparing its invoices, sales journals, and up

a. Report showing exceptions and control totals

13. In updating a computerized accounts receivable file, which one of the following is used as a batch control to verify the accuracy of posting cash remittances?

c. The sum of cash deposits plus discounts taken by customers

14. If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll computer application?

d. Department numbers

15. When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an error report. This error report should be reviewed and followed up by the

c. Data control group

16. In the accounting system of Acme Co., the amounts of cash disbursements entered at a computer terminal are transmitted to the computer, which immediately transmits the amounts back to the terminal for display on the terminal screen. This display enabl

b. Verify the amount was entered accurately

17. When an accounting application is processed by computer, an auditor cannot verify the reliable operation of programmed controls by

c. Manually reperforming, as of a moment in time, the processing of input data and comparing the simulated results with the actual results

18. Which of the following is necessary to audit balances in an online computer system in an environment of destructive updating?

d. A well-documented audit trail

19. Which of the following is likely to be least important to an auditor who is considering the internal control structure for the automated data processing fuction?

d. Bit storage capacity

20. After gaining an understanding of a client's computer processing internal control structure, an auditor may decide not to test the effectiveness of the computer processing control procedures. Which of the following is not a valid reason for choosing t

d. The controls appear effective enough to support a reduced level of control risk

21. Tests of controls in an advanced computer system

b. Can be performed using actual transactions or simulated transactions

22. When an auditor tests a computerized accounting system, which of the following is true of the test data approach?

d. Test data are processed by the client's computer programs under the auditor's control

23. To obtain evidence that online access controls are properly functioning, an auditor is most likely to

c. Enter invalid indentification numbers or passwords to ascertain whether the system rejects them

24. Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without the knowledge of client operating personnel?

a. Integrated test facility (ITF)

25. A small client recently put its cash disbursements system on a microcomputer. About which of the following is an auditor most likely to be concerned?

b. The microcomputer is operated by employees who have other, noncomputer-processing job responsibilites

26. Matthews Corp. has changed from a system of recording time worked on clock cards to a computerized payroll system in which employees record time in and out with magnetic cards. The computer system automatically updates all payroll records. Because of

b. Part of the audit trail is altered

27. A primary advantage for using generalized audit software (GAS) packages in auditing the financial statements of a client that uses a computer system is that the auditor may

c. Access information stored on computer files without a complete understanding of the client's hardware and software features

28. An auditor is least likely to use computer software to

d. Assess computer control risk

29. The two requirements crucial to achieving audit efficiency and effectiveness with a microcomputer are selecting

a. The appropriate audit tasks for microcomputer applications and the appropriate software to perform the selected audit tasks

30. Which of the following audit procedures would an auditor be least likely to perform using generalized audit software (GAS)?

b. Investigating inventory balances for possible obsolescence

31. Smith Co. has numerous customers. A customer file is kept on disk storage. Each customer record contains the name, address, credit limit and account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. T

b. Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit

32. An auditor using audit software probably would be least interested in which of the following fields in a computerized perpetual inventory system?

a. Economic order quantity

33. Auditors often make use of computer programs that perform routine processing functions, such as sorting and merging. These programs are made available by computer companies and others and are specifically referred to as

c. Utility programs