UL Refresher Course in Accountancy

Auditing – Module 1.3

1.3 Understanding the Entity and its Environment including its Internal Control and Assessing the Risks of Material
Misstatement
1.3.1 Industry, regulatory and other external factors, including the applicable financial reporting framework
1.3.1.1 Nature of the entity
1.3.1.2 Objectives and strategies and related business risks
1.3.1.3 Measurement and review of the entity’s financial performance
1.3.2 Internal Control
1.3.2.1 Basic concepts and elements of internal control
1.3.2.2 Consideration of accounting and internal control systems
1.3.2.2.1 Understanding and documentation
1.3.2.2.2 Assessment of control risks
1.3.2.2.2.1 Test of controls
1.3.2.2.2.2 Documentation
1.3.3 Assessing the risks of material misstatement
1.3.3.1 Fraud and errors
1.3.3.2 Risk assessment procedures
1.3.3.3 Discussion among the engagement team
1.3.3.4 Significant risks that require special audit consideration
1.3.3.5 Risks for which substantive procedures alone do not provide sufficient appropriate audit
evidence
1.3.3.6 Revision of risk assessment
1.3.4 Communicating with those charged with governance and management

PSA 315
IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL
MISSTATEMENT THROUGH UNDERSTANDING THE
ENTITY AND ITS ENVIRONMENT

FOCUS NOTES:

 Objective: The auditor should obtain an understanding of the entity and its environment, including its internal
control:
 in order to identify and assess the risks of material misstatement of the financial statements;
 thereby providing a basis for designing and implementing responses to the assessed risks of material
misstatement.

 Definitions
 Assertions – Representations by management, explicit or otherwise, that are embodied in the financial
statements, as used by the auditor to consider the different types of potential misstatements that may occur.
 Business risk – A risk resulting from significant conditions, events, circumstances, actions or inactions that could
adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of
inappropriate objectives and strategies.
 Internal control – The process designed, implemented and maintained by those charged with governance,
management and other personnel to provide reasonable assurance about the achievement of an entity’s
objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and
compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the
components of internal control.
 Risk assessment procedures – The audit procedures performed to obtain an understanding of the entity and its
environment, including the entity’s internal control, to identify and assess the risks of material misstatement,
whether due to fraud or error, at the financial statement and assertion levels.
 Significant risk – An identified and assessed risk of material misstatement that, in the auditor’s judgment, requires
special audit consideration.

 Requirements:
UL Refresher Course in Accountancy
Auditing – Module 1.3

 The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of
risks of material misstatement at the financial statement and assertion levels.
 The risk assessment procedures shall include the following:
a. Inquiries of management, of appropriate individuals within the internal audit function (if the function exists),
and of others within the entity who in the auditor’s judgment may have information that is likely to assist in
identifying risks of material misstatement due to fraud or error.
b. Analytical procedures.
c. Observation and inspection.
 The auditor shall consider whether information obtained from the auditor’s client acceptance or continuance
process is relevant to identifying risks of material misstatement.
 If the engagement partner has performed other engagements for the entity, the engagement partner shall consider
whether information obtained is relevant to identifying risks of material misstatement.
 Where the auditor intends to use information obtained from the auditor’s previous experience with the entity and
from audit procedures performed in previous audits, the auditor shall determine whether changes have occurred
since the previous audit that may affect its relevance to the current audit.
 The engagement partner and other key engagement team members shall discuss the susceptibility of the entity’s
financial statements to material misstatement, and the application of the applicable financial reporting framework
to the entity’s facts and circumstances. The engagement partner shall determine which matters are to be
communicated to engagement team members not involved in the discussion.
 The auditor shall obtain understanding of the entity and its environment by understanding of the following
aspects:
a. Industry, regulatory, and other external factors, including the applicable financial reporting framework;
b. Nature of the entity:
i. its operations;
ii. its ownership and governance structures;
iii. the types of investments that the entity is making and plans to make, including investments in special-
purpose entities; and
iv. the way that the entity is structured and how it is financed,

to enable the auditor to understand the classes of transactions, account balances, and disclosures to be
expected in the financial statements;

c. Entity’s selection and application of accounting policies, including reasons for changes thereto;
d. Objectives and strategies and the related business risks that may result in a material misstatement of the
financial statements; and
e. Measurement and review of the entity’s financial performance.
 The auditor shall obtain an understanding of Internal Control
 Those relevant to audit; mostly financial reporting controls but not necessarily all financial reporting controls;
as to which is relevant, auditor uses professional judgment.
 Obtaining understanding of internal control means evaluating the design and determining whether they have
been implemented
 auditor uses the understanding of internal control to
a. identify types of potential misstatements;
b. consider factors that affect the risks of material misstatement; and
c. design the nature, timing, and extent of further audit procedures.
 Internal control is the process designed and effected by those charged with governance, management, and
other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard
to
a. reliability of financial reporting;
b. effectiveness and efficiency of operations; and
c. compliance with applicable laws and regulations.
 Internal control, as discussed in this PSA, consists of the following components:
a. The control environment.
b. The entity’s risk assessment process.
c. The information system, including the related business processes, relevant to financial reporting, and
communication.
d. Control activities.
UL Refresher Course in Accountancy
Auditing – Module 1.3

e. Monitoring of controls.
 Obtaining an understanding of internal control involves evaluating the design of a control and determining
whether it has been implemented.
 Evaluating the design of a control involves considering whether the control, individually or in combination with
other controls, is capable of effectively preventing, or detecting and correcting, material misstatements
 Implementation of a control means that the control exists and that the entity is using it.
 Identifying and Assessing the Risks of Material Misstatement (RMM)
a. at the financial statement level; and
b. at the assertion level for classes of transactions, account balances, and disclosures

Assessment of RMM - basis for designing and performing further audit procedures.

 For this purpose, the auditor:

a. Identifies risks throughout the process of obtaining an understanding of the entity and its environment,
including relevant controls that relate to the risks, and by considering the classes of transactions, account
balances, and disclosures in the financial statements;
b. Relates the identified risks to what can go wrong at the assertion level;
c. Considers whether the risks are of a magnitude that could result in a material misstatement of the financial
statements; and
d. Considers the likelihood that the risks could result in a material misstatement of the financial statements.

 Risks that Require Special Audit Consideration. As part of the risk assessment, the auditor shall
determine whether any of the risks identified are, in the auditor’s judgment, a significant risk. In exercising
this judgment, the auditor shall exclude the effects of identified controls related to the risk. In exercising
judgment as to which risks are significant risks, the auditor shall consider at least the following:

a. Whether the risk is a risk of fraud;

b. Whether the risk is related to recent significant economic, accounting or other developments and,
therefore, requires specific attention;
c. The complexity of transactions;
d. Whether the risk involves significant transactions with related parties;
e. The degree of subjectivity in the measurement of financial information related to the risk, especially
those measurements involving a wide range of measurement uncertainty; and
f. Whether the risk involves significant transactions that are outside the normal course of business for the
entity, or that otherwise appear to be unusual.

 If the auditor has determined that a significant risk exists, the auditor shall obtain an understanding of the
entity’s controls, including control activities, relevant to that risk.

 Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate Audit
Evidence. In respect of some risks, the auditor may judge that it is not possible or practicable to obtain
sufficient appropriate audit evidence only from substantive procedures. Such risks may relate to the
inaccurate or incomplete recording of routine and significant classes of transactions or account balances, the
characteristics of which often permit highly automated processing with little or no manual intervention. In such
cases, the entity’s controls over such risks are relevant to the audit and the auditor shall obtain an
understanding of them.

 Documentation: auditor shall include in the audit documentation:

a. The discussion among the engagement team where required by paragraph 10 of PSA 315, and the
significant decisions reached;
b. Key elements of the understanding obtained regarding each of the aspects of the entity and its environment
and of each of the internal control components; the sources of information from which the understanding
was obtained; and the risk assessment procedures performed;
c. The identified and assessed risks of material misstatement at the financial statement level and at the
assertion level; and
d. The risks identified, and related controls about which the auditor has obtained an understanding.
UL Refresher Course in Accountancy
Auditing – Module 1.3

CONSIDERATION OF CLIENT’S INTERNAL CONTROL SYSTEM

PART 1 – OBTAINING UNDERSTANDING OF IC

 Nature and Extent of the Understanding of Relevant Controls (Evaluating the design of control and whether
control is implemented)
 Evaluating the design of a control involves considering whether the control, individually or in combination with
other controls, is capable of effectively preventing, or detecting and correcting, material misstatements.
 Implementation of a control means that the control exists and that the entity is using it.
 There is little point in assessing the implementation of a control that is not effective, and so the design of a
control is considered first. An improperly designed control may represent a significant deficiency in internal
control.
 Risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls
may include:
 Inquiring of entity personnel.
 Observing the application of specific controls.
 Inspecting documents and reports.
 Tracing transactions through the information system relevant to financial reporting.

Note: Inquiry alone is not sufficient for such purposes. Obtaining an understanding of an entity’s controls is not
sufficient to test their operating effectiveness, unless there is some automation that provides for the consistent
operation of the controls.

PART 2 – TESTS OF CONTROLS (this will be covered in PSA 330, the next module)
________________________________________________________________________________________________
PLANNING

Audit Process Model:

PHASE I: Client Acceptance
PHASE II: Planning the Audit
PHASE III: Testing and Evidence
PHASE IV: Evaluation and Reporting

PHASE II: PLANNING THE AUDIT

Objective Determine the amount and type of evidence and review required to give the auditor reasonable
assurance that there is no material misstatement of the financial statements (that is to reduce audit risk
to an acceptably low level).
Procedures 1. Perform audit procedures to understand the entity and its environment, including internal control.
2. Assess the risks of material misstatements of the financial statements.
3. Determine materiality.
4. Prepare the planning memorandum an audit and audit program containing the auditor’s response to
identified risks

PHASE III: TESTING and EVIDENCE GATHERING

Perform further audit procedures 1. Test of controls
2. Substantive testing
a. Analytical procedures
b. Test of details

INTERNAL CONTROL

FOCUS NOTES:

Auditors Consider Internal Control in Performing Audit:

 The auditor should obtain an understanding of internal control relevant to the audit.
 The auditor uses the understanding of internal control:
UL Refresher Course in Accountancy
Auditing – Module 1.3

 to identify types of potential misstatements,

 consider factors that affect the risks of material misstatement, and
 design the nature, timing, and extent of further audit procedures.

Concepts of Internal Control:

 Internal control is the process designed and effected by those charged with governance, management, and other
personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to:
 reliability of financial reporting,
 effectiveness and efficiency of operations and
 compliance with applicable laws and regulations.
 The definition embodies 4 concepts:
 Internal controls is a process, not a single event
 Internal control is accomplished by people at every level in an organization
 Internal control is not an end in itself, but rather a means to achieve organizational goals
 Internal controls provide reasonable, not absolute, assurance
 Internal control consists of the following components:
a. The control environment.
b. The entity’s risk assessment process.
c. The information system, including the related business processes, relevant to financial reporting, and
communication.
d. Control activities.
e. Monitoring of controls.
 Control environment - Management’s and the board of director’s attitude, awareness, and actions toward internal
control concerning
 Integrity and ethical values
 Commitment and competence
 Board of directors or audit committee (participation of people charged with governance)
 Management’s philosophy and operating style
 Organizations structure
 Assignment of authority and responsibility
 Human resource policies and practices
 Entity’s Risk assessment Process
 Every entity faces risks, both external (such as technological developments) and internal (such as employee
pilferage)
 Management’s task is to identify the risks that bear on their operations, financial reporting, and compliance
objectives and to take the action necessary to manage them
 The information system, including the related business processes, relevant to financial reporting, and
communication.
 An information system consists of infrastructure (physical and hardware components), software, people,
procedures, and data.
 The information system relevant to financial reporting objectives, which includes the financial reporting system,
consists of the procedures and records established to initiate, record, process, and report entity transactions (as
well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity.
 Accordingly, an information system encompasses methods and records that:
 Identify and record all valid transactions.
 Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions
for financial reporting.
 Measure the value of transactions in a manner that permits recording their proper monetary value in the
financial statements.
 Determine the time period in which transactions occurred to permit recording of transactions in the proper
accounting period.
 Present properly the transactions and related disclosures in the financial statements.
 Communication involves providing an understanding of individual roles and responsibilities pertaining to internal
control over financial reporting.
 Communication takes such forms as policy manuals, accounting and financial reporting manuals, and
memoranda. Communication also can be made electronically, orally, and through the actions of management.
 Control activities
- the policies and procedures that help ensure that management directives are carried out, for example, that
necessary actions are taken to address risks that threaten the achievement of the entity’s objectives.
UL Refresher Course in Accountancy
Auditing – Module 1.3

- Generally, control activities that may be relevant to an audit may be categorized as policies and procedures that
pertain to the following:
 Performance reviews.
 Information processing.
 Physical controls.
 Segregation of duties.
 Monitoring of controls
- a process to assess the quality of internal control performance over time.
- it involves assessing the design and operation of controls on a timely basis and taking necessary corrective
actions.
- Monitoring is done to ensure that controls continue to operate effectively. For example, if the timeliness and
accuracy of bank reconciliations are not monitored, personnel are likely to stop preparing them.
- Monitoring of controls is accomplished through ongoing monitoring activities, separate evaluations, or a
combination of the two.

ASSESSMENT OF CONTROL RISK

 The reason for the auditor's assessment of control risk

A. PSA 315 requires auditor to obtain understanding of internal control.

B. PSA 315 requires auditor to assessed the risk of material misstatement (both at the overall FS level and
at assertion level)
C. Inherent risk and control risk are components of the risk of material misstatement at the assertion level.
D. Control risk is a component of overall audit risk needed to calculate detection risk

 The auditor's approach to assessing control risk

 Identify risks throughout the process of obtaining an understanding of the entity and its environment, including
relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and
disclosures in the financial statements;
 Relate the identified risks to what can go wrong at the assertion level;
 Consider whether the risks are of a magnitude that could result in a material misstatement of the financial
statements; and
 Consider the likelihood that the risks could result in a material misstatement of the financial statements.

 Document understanding
 Internal control memorandum
- Advantage-rigor of analysis
- Disadvantage-difficult for reviewer to follow
 Internal control questionnaire and/or checklist
- Advantage-easy to complete and covers all points
- Disadvantage-tendency toward cursory review given ease of completion.
 Internal control flowchart
- Advantage-easy to review given graphic representation; strengths and weaknesses highlighted
- Disadvantage-lacks detail
 Combination of the above forms of documentation is preferred by most auditors

COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE

 The auditor is required to obtain an understanding of internal control relevant to the audit when identifying and
assessing the risks of material misstatement. In making those risk assessments, the auditor considers internal control
in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an
opinion on the effectiveness of internal control. The auditor may identify deficiencies in internal control not only during
this risk assessment process but also at any other stage of the audit. PSA 265 requires the auditor to communicate
appropriately to those charged with governance and management deficiencies in internal control that the auditor has
identified during the audit and that, in the auditor’s professional judgment, are of sufficient importance to merit their
respective attentions (significant deficiency in internal control).
UL Refresher Course in Accountancy
Auditing – Module 1.3

MULTIPLE CHOICE

1. Which of the following is NOT a required understanding by the auditor in an audit of financial statements?
a. Relevant industry, regulatory, and other external factors, including the applicable financial reporting framework.
b. Nature of the entity, its operations, ownership and governance structures, the types of investments that the entity
is making and plans to make, including investments in special-purpose entities and the way that the entity is
structured and how it is financed.
c. Entity’s selection and application of accounting policies, including reasons for changes thereto.
d. Objectives and strategies and the related business risks that may result in a material misstatement of the financial
statements.
e. Measurement and review of the entity’s financial performance.
f. All controls pertaining to financial reporting.

2. Which of the following is the reason why auditors obtain understanding of the nature of the entity’s operations,
ownership and governance structures, the types of investments that the entity is making and plans to make, including
investments in special-purpose entities and the way that the entity is structured and how it is financed?

a. To provide a basis for designing and performing further audit procedures.

b. To enable the auditor to understand the classes of transactions, account balances, and disclosures to be expected
in the financial statements.
c. To determine the performance materiality to be used in developing audit plan.
d. To determine the control activities that should be implemented by the entity.

3. What is the correct order of the following audit activities?

a. Obtain understanding of the entity and its environment including its internal control.
b. Perform procedures regarding the continuance of the client relationship and the specific audit
engagement.
c. Design and perform further audit procedures.
d. Identify and assess the risks of material misstatement of the financial statement
a. ABCD
b. BADC
c. DCBA
d. CBAD

4. The procedures used by the auditor to obtain understanding of the entity and its environment including its internal
control are called:

a. tests of controls
b. substantive procedures
c. analytical procedures
d. risks assessment procedures

5. All of the following procedures are risk assessment procedures except one. Which is it?

a. inquiries
b. observation and inspection
c. analytical procedures
d. test of details of transaction

6. Understanding of the client’s internal control is used by the auditor to:

a. Identify the types of potential misstatement that could occur.

b. Consider factors that affect the risk of material misstatement.
c. Design the nature, timing and extent of audit procedures.
d. All of the above.
UL Refresher Course in Accountancy
Auditing – Module 1.3

7. It sets the tone of an organization influencing the control consciousness of its people. It is the foundation for
effective internal control.

a. control activities
b. control environment
c. accounting system
d. internal control

8. It refers to the overall attitude, awareness and actions of directors and management regarding the internal control
and its importance in the entity.

a. control activities
b. control environment
c. accounting system
d. internal control

9. The entity’s process for identifying business risks relevant to financial reporting objectives and deciding about
actions to address those risks and the results thereof.

a. risk assessment process

b. control environment
c. control activities
d. monitoring of controls

10. Consists of the procedures and records established to initiate, record, process and report entity transactions and to
maintain accountability for the related assets, liabilities and equity. It encompasses the accounting system. This
element of internal control is:

a. risk assessment process

b. control environment
c. information system
d. monitoring of controls

11. Policies and procedures that help ensure that management directives are carried out.

a. risk assessment process

b. control environment
c. control activities
d. monitoring of controls

12. The process to assess the effectiveness of internal control performance over time. It involves assessing the design
and operation of controls on a timely basis and taking necessary corrective actions modified for changes in
conditions.

a. risk assessment process

b. control environment
c. information system
d. monitoring of controls

13. After obtaining an understanding of the client’s accounting and internal control systems, the auditor makes a
preliminary assessment of control risk. If the auditor wants to reduce the preliminary assessment of control risk to
less than high, the auditor should:

a. perform tests of controls

b. substantiate the account balances
c. make attribute sampling
d. observe the segregation of duties

14. For an audit in accordance with PSA, which of the following is a required documentation?
UL Refresher Course in Accountancy
Auditing – Module 1.3

a. Understanding of the client’s accounting and internal control system.

b. The assessment of control risk.
c. The basis for concluding that the control risk is less than high.
d. All of the above.

15. Tests of controls are performed to obtain evidence about the:

a. Effectiveness of the design and operation of the internal controls throughout the period.
b. Nature, timing and extent of audit procedures.
c. Appropriateness of the materiality level.
d. All of the above.

16. Evidence of the effectiveness of the design and operation of internal control is used by the auditor to:

a. Make preliminary assessment of control risk.

b. Support any assessment of control risk at less than high.
c. Determine the nature, timing and extent of substantive test.
d. Set the aggregate materiality level.

17. Identify the correct order of the following activities.

a. Perform tests of controls.
b. Obtain understanding of the internal control.
c. Make preliminary assessment of control risk.
a. abc
b. cba
c. bca
d. cab

18. Which of the following techniques could an auditor use to obtain evidence of the effectiveness of the design and
operation of internal control?

a. inquiry
b. observation
c. inspection
d. reperformance
e. all of the choices.

19. Which of the following is the correct order for performing the auditing procedures A through C below?

A = Tests of controls.
B = Preparation of a flowchart depicting the client's internal control structure.
C = Substantive tests.
a. ABC.
b. BAC.
c. ACB.
d. BCA.

20. A secondary purpose of the auditor's consideration of internal control is to provide

a. A basis for constructive suggestions about improvements in internal control structure.
b. A basis for assessing control risk.
c. An assurance that the records and documents have been maintained in accordance with existing company
policies and procedures.
d. A basis for the determination of the resultant extent of the tests to which auditing procedures are to be restricted.

21. The primary purpose of the auditor's consideration of internal control is to provide a basis for
a. Determining whether procedures and records that are concerned with the safeguarding of assets are reliable.
b. Constructive suggestions to clients concerning deficiencies in internal control.
c. Determining the nature, timing, and extent of audit tests to be applied.
UL Refresher Course in Accountancy
Auditing – Module 1.3

d. The expression of an opinion.

22. In obtaining an understanding of an entity’s internal controls that are relevant to audit planning, an auditor is required
to obtain knowledge about the:
a. Design of relevant internal controls pertaining to financial reporting in each of the five internal control components.
b. Effectiveness of the internal controls that have been place in operation.
c. Consistency with which the internal controls are currently being applied.
d. Controls related to each principal transaction class and account balances.

23. The audit program usually cannot be finalized until the:

a. Consideration of the entity’s internal control has been completed.

b. Engagement letter has been signed by the auditor and the client.
c. Audit findings have been communicated to the audit committee of the board of directors.
d. Search for unrecorded liabilities has been performed and documented.

24. Which of the following elements is not a part of an entity's internal controls?
a. Control risk.
b. The accounting system.
c. Control activities.
d. The control environment.

25. Which of the following is not true concerning control activities?

a. Control procedures are another term for control activities.
b. Transaction authorization is a control activity.
c. Control activities generally fall into the two categories of preventive controls and detective controls.
d. Information and communication is an important component of control activities.

26. Auditors trace a transaction through the system

a. Via an audit trail.
b. When making inquiries of the internal auditor.
c. By making inquiries of the audit committee.
d. Near the close of the engagement.

27. Limiting access to assets and records might be accomplished by

a. Audit trails documenting who had authorization to access assets and records.
b. A control environment, which discourages access to assets and records.
c. Access codes for those parties with authorization to access assets and records.
d. Risk assessment of the parties with authorization to access assets and records.

28. When obtaining understanding of an entity’s control environment, an auditor should concentrate on the substance of
management’s policies and procedures rather than their form because:
a. The auditor may believe that the policies and procedures are inappropriate for that particular entity.
b. The board of directors may not be aware of management’s attitude toward the control environment.
c. Management may establish appropriate policies and procedures but not act on them.
d. The policies and procedures may be so weak that no reliance is contemplated by the auditor.

29. The auditor is studying internal control policies and procedures within the sales, shipping, and billing subset of the
revenue cycle. Which of the following conditions suggests a need for additional testing of controls?
a. Internal control is found to be weak with regard to shipping and billing.
b. Internal control over sales, billing, and shipping appears strong, but 80% of the sales revenue is attributable to
three major customers.
c. Internal control over billing and shipping is thought to be strong and the auditor considers additional testing of
selected controls will result in a major reduction in substantive testing.
d. Internal control over the recording of sales is found to be weak and the sales are evenly divided among a large
number of customers.

30. The auditor’s understanding of internal control is documented in order to substantiate:

a. Conformity of the accounting records with GAAP.
UL Refresher Course in Accountancy
Auditing – Module 1.3

b. Representation as to adherence to requirements of management.

c. Representation as to compliance with PSA.
d. The fairness of the financial statement presentation.

31. When considering internal control, an auditor must be aware of the concept of reasonable assurance which
recognizes that:
a. The employment of competent personnel provides assurance that the objectives of the internal control will be
achieved.
b. The establishment and maintenance of a system of internal control is an important responsibility of the
management and not of the auditor.
c. The cost of internal control should not exceed the benefits expected to be derived from internal control.
d. The segregation of incompatible functions is necessary to obtain assurance that the internal control is effective.

32. Flowcharting as a means of internal control evaluation provides the following advantage over the use of
questionnaires and descriptive narratives:
a. Ease of preparation. c. Simplicity.
b. Comprehensive coverage of controls. d. Ease in following information flow.

33. Which of the following statements is correct concerning the understanding of internal control needed by auditors?
a. The auditors must understand the information system, not the accounting system
b. The auditors must understand monitoring and all preliminary accounting controls
c. The auditors must have a sufficient understanding to assess the risks of material misstatement
d. The auditors must understand the control environment, risk assessment, and all control activities

34. The effectiveness of controls is not generally tested by:

a. Inspection of documents and reports
b. Performance of analytical procedures
c. Observation of the application of accounting policies and procedures
d. Inquiries of appropriate client personnel

35. On financial statement audits, it is required that the auditors obtain an understanding of internal control, including:
a. Its operating effectiveness
b. Whether it has been implemented (placed in operation)
c. Performing tests of controls for all material controls
d. Its ability to provide reasonable assurance

36. Which of the following is most likely to be considered a risk assessment procedure relating to internal control?
a. Confirm accounts receivable
b. Perform a test of a control relating to payroll
c. Take test counts of the year-end inventory
d. Trace a transaction through the information system relevant to financial reporting

37. Which statement is correct concerning the relevance of various types of controls to a financial statement audit?
a. An auditor may ordinarily ignore the consideration of controls when a substantive audit approach is used
b. Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit, but other controls
may also be relevant
c. Controls over safeguarding assets and liabilities are of primary importance, while controls over the reliability of
financial reporting may also be relevant
d. All controls are ordinarily relevant to an audit

38. Which of the following is an advantage of describing internal control through the use of a standardized
questionnaire?
a. Questionnaires highlight weaknesses in the system
b. Questionnaires are more flexible than other methods of describing internal control
c. Questionnaires usually identify situations in which internal control weaknesses are compensated for by other
strengths in the system
d. Questionnaires provide a clearer and more specific portrayal of a client's system than other methods of describing
internal control
UL Refresher Course in Accountancy
Auditing – Module 1.3
39. Which of the following is not a factor that is considered a part of the client's overall control environment?
a. The organizational structure
b. The information system
c. Management philosophy and operating style
d. Board of directors

40. After documenting the client's prescribed internal control, the auditors will often perform a walk-through of each
transaction cycle. An objective of a walk-through is to:
a. Verify that the controls have been implemented (placed in operation)
b. Replace tests of controls
c. Evaluate the major strengths and weaknesses in the client's internal control
d. Identify weaknesses to be communicated to management in the management letter

END OF MODULE 1.3

Refer to the google answer sheet for instruction in answering the MC questions in this module which will
serve as assessment.

12