Chapter 1Auditing and Internal ControlReview Questions1

  • Published on

  • View

  • Download

Embed Size (px)


Chapter 1Auditing and Internal ControlReview Questions1.WhatisthepurposeofanITaudit?Response:The purpose of an IT audit is to provide an independent assessment of sometechnology- or systems-related object, such as proper IT implementation, or controls overcomputer resources.Because most modern accounting information systems use IT, IT plays asignificant role in a financial (external audit), where thepurpose is to determine the fairness andaccuracy of the financial statements.2.Discusstheconceptofindependencewithinthecontextofafinancialaudit.Howisindependence different for internal auditors?Response: The auditor cannot be an advocate ofthe client, but must independently attest towhether GAAP and other appropriate guidelines have been adequately met. Independence forinternal auditors is different because they are employed by theorganization, and cannot be asindependent as the external auditor. Thus internal auditors must use professional judgment andindependent minds in performing IAactivities.3.Whataretheconceptualphasesofanaudit?Howdotheydifferbetweengeneralauditing and IT auditing?Response: The three conceptual phases of auditing are:i.Auditplanning,ii.Tests of internal controls, andiii.Substantivetests.Conceptually, no difference exists between IT auditing and general auditing. IT auditing istypically a subset of the overall audit; theportion that involves computer technology is the subset.4.Distinguishbetweentheinternalandexternalauditors.Response: External auditors represent the interests of third-party stakeholders in theorganization, such as stockholders, creditors, andgovernment agencies. External auditing isconducted by certifiedpublic accountants whoare independent of the organizationsmanagement. Internal auditors represent the interests of management. Internal auditing tasksinclude conducting financial audits, examining an operations compliancewith legal obligations,evaluating operational efficiency, detecting and pursuing fraud within the firm, and conducting ITaudits. External auditors also conduct IT audits as asubset of financial audits.5.Whatarethefourprimaryelementsdescribedinthedefinitionofauditing?Response:a. auditing standardsb. systematic processc.managementassertions and audit objectivesd.obtainingevidence6.Explaintheconceptofmateriality.Response: Materiality refers to the size of the effect of a transaction. From a cost-benefitpoint of view, a threshold is setabove which the auditor is concerned withthe correct recordingand effects of transactions. Rather than using standard formulas,auditors use their professionaljudgment to determine materiality.7.HowdoestheSarbanes-Oxley Act of 2002 affectmanagements responsibility forinternal controls?Response: The Sarbanes-Oxley Act (S-OX) specifically holds management responsible forinternal controls. S-OX requires an annual report oninternal controls that is the responsibility ofmanagement; external auditors must attest to the integrity of the report.Management must assessthe effectiveness of the internal control structure andprocedures for financial reporting as of theend of the most recent fiscal year and identify any controlweaknesses. An attestation by externalauditors reports on managements assessment statement.8.Whatarethefourbroadobjectivesofinternalcontrol?Response:a. to safeguard the assets of the firmb. to ensure the accuracy and reliability of accountingrecords and informationc. to promote efficiency inthe firms operationsd. to measure compliance with managements prescribed policies and procedures9.Whatarethefourmodifyingassumptionsthatguidedesignersandauditorsofinternal control systems?Response:Management responsibility, reasonable assurance, methods of data processing,and limitations.10.Giveanexampleofapreventivecontrol.Response: Locked doors, passwords, and data-entry controls for each field (e.g.,rangechecks).11.Giveanexampleofadetectivecontrol.Response:A log of users, a comparison with computer totals and batch totals.12.Giveanexampleofacorrectivecontrol.Response: Manual procedures to correct a batchthat is not accepted because of anincorrectsocial security number. A clerical workerwould need to investigate and determine either thecorrect hash total or thecorrect social security number that should be entered. A responsible partyis then needed to readexception reports and follow up on anomalies.13.WhatarethefiveinternalcontrolcomponentsdescribedintheCOSOframework?Response:a. Control Environmentb. Risk Assessmentc. Information and Communicationd. Monitoringe. Control Activities14. What are the six broad classes of control activities defined by COSO?Response:The six broad classes of control activities defined by COSO are:a.transactionauthorization,b.segregation of duties,c. supervision,d.accountingrecords,e.accesscontrol,andf. independent verification