Modern Auditing and Assurance Services 6th Edition Leung Test Bank

Modern Auditing and Assurance
Services 6th Edition Leung Test Bank

Visit to download the full and correct content document: https://testbankdeal.com/dow
nload/modern-auditing-and-assurance-services-6th-edition-leung-test-bank/
Testbank
to accompany
Modern Auditing and

Assurance Services 6e
By
Philomena Leung, Paul Coram, Barry J. Cooper
and Peter Richardson
Prepared by
Jenny James
© John Wiley & Sons Australia, Ltd 2015
Chapter 9: Audit risk assessment

Multiple-choice questions
1. The importance of internal control to management and auditors has been recognised for
many years. Which of the following is likely to be cited as a major factor contributing to
this importance?
a. The operations of the business entity have become so unwieldy that management
must rely on the chief financial officer to effectively control operations.
b. Checks and reviews protect against employee collusion and reduce the chance of
employee fraud.
c. Internal control procedures must be utilised to maintain accurate accounting records.
d. It is impractical for auditors to audit most companies within economic fee limitations
without relying on the client’s system of internal controls.
The correct option is d.

Learning objective 9.4 ~ appreciate the importance of internal control to an entity and to its
independent auditors.
2. Which of these is not one of the fundamental concepts in the COSO report’s definition of
internal control?
a. Internal control is a guarantee.
b. Internal control is a process.
c. Internal control is affected by people.
d. Internal control is geared to the achievement of objectives in the overlapping
categories of financial reporting, compliance and operations.
The correct option is a.

3. ASA 315.A51 (ISA 315.A51) includes all of the following as components of internal
control except:
a. risk assessment.
b. information system.
c. legal environment.
d. control environment.
The correct option is c.

4. Essential to both management and auditors is a chain of evidence in the accounting

system provided by coding, cross references, and documentation connecting account
balances and other summary results with original data. This chain of evidence is referred
to as the:
a. control trail.
b. audit trail.
© John Wiley & Sons Australia, Ltd 2015 9.2

Testbank to accompany Modern Auditing and Assurance Services 6e
c. tracing trail.
d. accounting trail.
The correct option is b.

5. Which of these is not a category of application controls?

a. Output controls.
b. Input controls.
c. General controls.
d. Processing controls.

6. Incompatible duties are those that allow an irregularity to be perpetrated:

a. and concealed through collusive actions.
b. by two or more employees.
c. and concealed by a single employee.
d. by accounting personnel.

7. Which of the following is incorrect concerning the segregation of duties within an

organisation?
a. All accounting records can generally be kept by the same person.
b. The various steps involved in executing a transaction should be separated.
c. The responsibility for executing a transaction, recording it and maintaining custody
of resulting assets should be assigned to different individuals or departments.
d. All of the above are correct statements.

8. Management is responsible for implementing effective controls to control risks identified

in a risk assessment. Which of these would not be considered to impact on management’s
risk assessment?
a. Expanding foreign exchange operations.
b. Changing the external auditor.
c. New personnel.
d. New technology.


9. Which of the following is not generally considered one of the factors that make up the
control environment?
a. Board of directors.
b. Audit committee.
c. Organisational structure.
d. Accounting package used.

10. A characteristic of management's philosophy and operating style is:

a. being sufficiently skilled.
b. exercising disciplinary action for violations of expected behaviour.
c. the experience and stature of directors.
d. the approach taken to monitoring business risks.

11. Which factor concerning boards of directors and audit committees would be considered
least influential in its impact on the control environment?
a. The sex of directors.
b. Experience and stature of directors.
c. The extent of director’s involvement and scrutiny of management’s activities.
d. Independence from management.

12. Which of these is not an inherent limitation of an internal control structure?

a. Collusion.
b. Mistakes in judgement.
c. Accounting override.
d. Management override.


13. Restricting the use of the information system to particular authorised personnel by use of
passwords is an example of:
a. organisational controls.
b. systems development and maintenance controls.
c. data and procedural controls.
d. access controls.

14. Which of these would be considered a limitation of internal controls?

a. Internal control systems focus on routine transactions.
b. Management participating in the supervision of operations.
c. They compare actual performance with budgeted performance.
d. All of the above.

15. The true statement is:

a. Internal controls are more important when companies grow in size and complexity.
b. Effective internal controls are able to provide absolute assurance for an entity’s
management and board.
c. Auditors have a statutory legal obligation to report on internal controls within the
entity.
d. The control environment is the auditor’s overall attitude, awareness and actions
regarding internal control and its importance in the entity.

16. The least likely procedure to obtain an understanding of the internal control structure
would be:
a. confirming transactions.
b. inspecting documents and records.
c. enquiring of appropriate management.
d. reviewing previous experience with the client.

Learning objective 9.5 ~ indicate the procedures for obtaining and documenting an
understanding of the entity’s internal control.
17. A transaction walk-through review is most commonly associated with:

a. documenting the understanding.

b. tests of controls.
c. substantive tests.
d. procedures to obtain an understanding.

18. Which of the following is an example of how an auditor might document the
understanding of internal control?
a. Internal control questionnaire.
b. Flow chart and narrative memoranda.
c. Both of the above.
d. None of the above.

19. Which of these is not a major advantage of the internal control questionnaire?
a. It may be completed in a mechanical fashion.
b. It reduces errors of omission.
c. It provides guidance for less experienced staff.
d. It is usually developed by experienced professionals.

20. Smaller entities are best able to overcome their absence of safeguards by:
a. developing a culture that emphasises integrity, ethical values and competence.
b. removing authority from the owner/manager.
c. implementing a strict segregation of duties policy.
d. creating an audit committee.

21. Why is it important to obtain an understanding of the internal control system?

a. Weak internal controls may increase the risk of material misstatement.
b. To determine the level of inherent risk.
c. Because strong internal controls indicate management integrity.

22. A way to prevent unauthorised access to computer systems is:

a. good access controls.
b. strong firewalls.
c. controls to detect attempts at unauthorised access.
d. all of the above.

23. Flowcharts should depict all of the following except:

a. the method of processing.
b. the extent of segregation of duties.
c. the audit procedures conducted.
d. all operations performed in processing the class of transactions.

24. When the lower assessed level of control risk approach is used, the final assessment of
control risk is made after completing:
a. the procedures to obtain an understanding.
b. the documentation of the understanding.
c. all the planned tests of controls.
d. all the above.

25. Which of these is one of the three components of audit risk?

a. Control risk.
b. Rejection risk.
c. Acceptance risk.
d. Deception risk.

Learning objective 9.7 ~ explain the importance of the concept of audit risk and its three
components.
26. Inherent risk is defined in terms of:

a. the existing controls.

b. the standard controls for the client's industry.

c. a total absence of controls.
d. an ideal set of controls.

components.
27. The assessment of inherent risk requires consideration of matters that have a pervasive
effect on the entity as a whole and matters that may affect only specific accounts. Which
of the following is an example of a “pervasive effect” matter?
a. Industry of operation.
b. Susceptibility to misappropriation.
c. Sensitivity of valuations to economic factors.

components.
28. For a particular assertion, control risk is the risk that:

a. a material misstatement will occur in the accounting process.
b. audit procedures will fail to detect a weak control system.
c. control procedures will not detect a material misstatement that occurs.
d. the prescribed control procedures will not be applied uniformly.

components.
29. For a given assertion, the relationship between the level of detection risk (DR) and
assessed control risk (CR) and inherent risk (IR) is shown correctly in which of the
following, where + means increase, - means decrease:
a. +DR if +CR and +IR.
b. +DR if -CR and -IR.
c. +DR if +CR and -IR.
d. +DR if -CR and +IR.

components.
30. If inherent risk and control risk are both assessed as low, detection risk will be:
a. the same as audit risk.
b. medium.
c. high.
d. low.


components.

Short answer questions

Short Answer 9-1
The control environment means management’s overall attitude, awareness and actions
regarding internal control and its importance in the entity. Identify and describe four factors
that constitute part of the control environment.
Answer 9-1
Any four of the following:
Integrity and ethical values: management should exhibit integrity and ethical values. This can
be achieved by setting the tone by example, communicating expected behaviour, and by
reducing or eliminating incentives and temptations that encourage negative behaviour.
Commitment to competence: Personnel at every level in the organisation must possess the
knowledge and skills needed to perform their jobs effectively.
Participation by those charged with governance: the entity’s board of directors and audit
committee should be effective in that they should be independent from management, have
accounting knowledge, experience and stature, and be involved in scrutinising management’s
activities. They should also communicate with internal and external auditors and help
enhance the independence of these audit functions.
Management’s philosophy and operating style: This includes management’s approach to
taking and monitoring business risks, whether they have formal or informal communications,
their attitudes and actions towards financial reporting, whether they select accounting policies
that are aggressive or conservative, whether they are conservative in accounting estimates
and their attitudes to information processing and accounting functions and personnel.
Organisational structure: the organisational structure contributes to an entity’s ability to meet
its objectives by providing an overall framework for planning, executing, controlling and
monitoring the entity’s activities. The structure should appropriately designate key areas of
authority and responsibility, as well as appropriate lines of reporting.
Assignment of authority and responsibility: This is an extension of the development of the
organisational structure. It includes the particulars of how and to whom authority and
responsibility are assigned, and should enable employees to know how their actions
contribute to the achievement of objectives and their accountability.
Human resource policies and practices: Policies and practices such as appropriate recruiting
policies, screening potential employees, familiarising new personnel with the culture and
operating style, training programs that communicate roles and responsibilities, disciplinary
actions, evaluating, counselling and promoting people based on appraisals, and compensation
programs that motivate and reward superior performance and promote ethical behaviour.
Reference: Learning objective 9.4 ~ appreciate the importance of internal control to an entity
and to its independent auditors.
Short Answer 9-2

List the fundamental concepts that are embodied in the definition of internal control as per
the COSO report:
…a process, effected by an entity’s board of directors, management and other
personnel, designed to provide reasonable assurance regarding the achievement of objectives
in the following categories:
• reliability of financial reporting
• compliance with applicable laws and regulations

• effectiveness and efficiency of operations.
Answer 9-2
• Internal control is a process. It is a means to an end, not an end in itself. It consists of a
series of actions that are pervasive and integrated with, not added onto, an entity’s
infrastructure.
• Internal control is effected by people. It is not merely having policy manuals and forms,
but by the actions of people at every level of an organisation, including the board of
directors, management, and other personnel.
• Internal control can be expected to provide only reasonable assurance, not absolute
assurance, for an entity’s management and board because of limitations inherent in all
internal control systems and the need to consider the relative costs and benefits of
establishing controls.
• Internal control is geared to the achievement of objectives in the overlapping categories of
financial reporting, compliance, and operations.
Short Answer 9-3

Control activities are detailed policies and procedures that management establishes to help
ensure that its directives are carried out. List the four different categories of control activities
and give an example of each.
Answer 9-3
Information processing controls: acceptable examples would involve either general controls
(organisational controls, systems development and maintenance controls, access controls or
data and procedural controls) or application controls (input controls, processing controls or
output controls) that are specific to a computerised system.
Segregation of duties: acceptable examples should adhere to the following principles:
• Responsibility for executing a transaction, recording the transaction and maintaining
custody of the assets resulting from the transaction should be assigned to different
people.
• The various steps involved in executing a transaction should be assigned to different
individuals or departments.
• Responsibility for certain accounting operations should be segregated.
Physical controls: acceptable examples would be either direct or indirect controls that
physically limit access to assets and important records.
Performance reviews: acceptable examples include management reviewing reports,
considering actual performance compared to expected or past performance, or analysing the
relationships of different sets of data.
Short Answer 9-4

Identify what category of control activity each of the following belong to:

1. Management reviews the sales of each salesperson on a monthly basis.

2. Access to the cash office is restricted by entry code.
3. There is an automated stop placed on payroll if the amounts entered exceed a certain
reasonable amount.
4. Authority to approve credit is the responsibility of the cash office, not the sales
department.
5. All sales are processed on a cash register which produces receipts and a journal roll for
the office.
6. Before new information systems are approved they are extensively tested for
weaknesses.
7. When entering data the system will prompt for an entry if there is an empty or
incomplete field.
8. Management reviews the actual versus budget report each week.
Answer 9-4
1. Performance reviews 5. Physical controls
2. Physical controls 6. Information processing controls
3. Information processing controls 7. Information processing controls
4. Segregation of duties 8. Performance reviews.
Short Answer 9-5

Internal control can only provide reasonable assurance as there are inherent limitations within
an entity’s control structure. Identify and describe three of these limitations.
Answer 9-5
Any three of the following:
Costs versus benefits: the cost of an entity’s internal control structure should not exceed the
benefits that are expected to ensue.
Management override: management can overrule prescribed policies or procedures for
illegitimate purposes, such as personal gain or enhanced presentation of an entity’s financial
condition.
Non-routine transactions: internal control systems focus on routine transactions which means
there will generally be an increased risk associated with non-routine transactions within the
entity.
Mistakes in judgement: occasionally management and other personnel may exercise poor
judgement in making business decisions or performing routine duties.
Collusion: individuals acting together may evade the planned segregation of duties to
perpetrate and conceal an irregularity.
Breakdowns: breakdowns may occur in established controls because personnel
misunderstand instructions or make errors.
Changes in conditions: over time, conditions may change that may result in procedures
becoming inadequate.

Short Answer 9-6

1. List the four procedures necessary to obtain an understanding of the entity’s internal
control.
2. Explain what a transaction walk-through review consists of.
Answer 9-6
1. The four procedures are:
• reviewing previous experience with the entity
• enquiring of appropriate management, supervisory and staff personnel
• inspecting documents and records
• observing entity activities and operations.
2. A transaction walk-through review is a procedure that reinforces an understanding of the

information system and control procedures. It involves the auditor tracing one or a few
transactions from within each major asset class through the transaction trail to confirm
the documented understanding.
Reference: Learning objective 9.5 ~ indicate the procedures for obtaining and documenting
an understanding of the entity’s internal control.
Short Answer 9-7

1. Explain what an internal control questionnaire is and why it is used.
2. List three advantages of using questionnaires.
Answer 9-7
1. An internal control questionnaire consists of a series of questions about accounting and
control policies and procedures that the auditor considers necessary to prevent material
misstatements in the financial statements. Auditors use the questionnaire to gain an
understanding of the entity’s internal control and to document that understanding.
2. Any three of the following:

i. They are developed by experienced professionals.
ii. They provide guidance for less experienced staff.
iii. They are easy to use.
iv. They reduce the possibility that the auditor may overlook important internal control
matters.
Reference: Learning objective 9.5 ~ indicate the procedures for obtaining and documenting
an understanding of the entity’s internal control.
Short Answer 9-8

1. Identify and define the components of the quantified audit risk model.
2. Indicate which of these components is under the control of the auditor and indicate the
relationship of this component to the other components of audit risk.

Answer 9-8
1. The audit risk model is: AR = IR X CR X DR, where:
AR = Audit Risk, which is the risk of failing to modify the audit report when the
financial statements are materially misstated.
IR = Inherent Risk, which is the risk that an error will occur for a given assertion,
assuming that there are no related internal control structure policies or procedures.
CR = Control Risk, which is the risk that a material misstatement that has occurred will
not be detected or corrected by the internal control policies and procedures in place.
DR = Detection Risk, which is the risk that the auditor’s substantive procedures will not
detect a material misstatement that exists in an assertion.
2. The component that is under the control of the auditor is detection risk. There is an
inverse relationship between inherent and control risks and the level of detection risk that
the auditor can accept for an assertion.
Reference: Learning objective 9.7 ~ explain the importance of the concept of audit risk and
its three components.

Modern Auditing and Assurance Services 6th Edition Leung Test Bank

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Modern Auditing and Assurance Services 6th Edition Leung Test Bank

Uploaded by

Copyright:

Available Formats

Modern Auditing and Assurance

Services 6th Edition Leung Test Bank

Modern Auditing and

© John Wiley & Sons Australia, Ltd 2015

Chapter 9: Audit risk assessment

The correct option is d.

The correct option is a.

The correct option is c.

4. Essential to both management and auditors is a chain of evidence in the accounting

© John Wiley & Sons Australia, Ltd 2015 9.2

The correct option is b.

5. Which of these is not a category of application controls?

The correct option is c.

6. Incompatible duties are those that allow an irregularity to be perpetrated:

The correct option is c.

7. Which of the following is incorrect concerning the segregation of duties within an

The correct option is a.

8. Management is responsible for implementing effective controls to control risks identified

© John Wiley & Sons Australia, Ltd 2015 9.3

The correct option is b.

The correct option is d.

10. A characteristic of management's philosophy and operating style is:

The correct option is d.

The correct option is a.

12. Which of these is not an inherent limitation of an internal control structure?

The correct option is c.

© John Wiley & Sons Australia, Ltd 2015 9.4

The correct option is d.

14. Which of these would be considered a limitation of internal controls?

The correct option is a.

15. The true statement is:

The correct option is a.

The correct option is a.

17. A transaction walk-through review is most commonly associated with:

© John Wiley & Sons Australia, Ltd 2015 9.5

The correct option is d.

The correct option is c.

The correct option is a.

The correct option is a.

21. Why is it important to obtain an understanding of the internal control system?

The correct option is a.

© John Wiley & Sons Australia, Ltd 2015 9.6

22. A way to prevent unauthorised access to computer systems is:

The correct option is d.

23. Flowcharts should depict all of the following except:

The correct option is c.

The correct option is d.

25. Which of these is one of the three components of audit risk?

The correct option is a.

26. Inherent risk is defined in terms of:

© John Wiley & Sons Australia, Ltd 2015 9.7

b. the standard controls for the client's industry.

The correct option is c.

The correct option is d.

28. For a particular assertion, control risk is the risk that:

The correct option is c.

The correct option is b.

© John Wiley & Sons Australia, Ltd 2015 9.8

The correct option is c.

© John Wiley & Sons Australia, Ltd 2015 9.9

Short answer questions

Short Answer 9-2

© John Wiley & Sons Australia, Ltd 2015 9.10