Exam

Name___________________________________

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.

1) When planning the audit, the auditor's decision on the appropriate assessed level of control risk to 1)
use is
A) an economic issue, trading off the costs of testing controls against the cost of testing balances.
B) calculated by using a standard formula.
C) calculated by using the audit risk model.
D) determined by using actuarial tables.

2) Carrie is the manager of the Bay Street Pharmacy. Carrie is considering implementing a security 2)
tag system to reduce the losses related to stolen goods at their store. The system Carrie is looking at
currently costs $60,000 and is expected to be effective for 5 years. In order to justify the
implementation of the security tag system, average theft per year should be at least
A) $12,000. B) $1,000.
C) $60,000. D) theft should be prevented at all costs.

3) The essence of an effectively controlled organization lies in the 3)

A) attitude of its management. B) effectiveness of its auditor.
C) attitude of its employees. D) effectiveness of its internal auditor.

4) Which of the following duties would indicate a weakness in internal controls? 4)

A) The accounting function is under the controller.
B) The custodianship of cash is the responsibility of the treasurer's function.
C) The custodianship of buildings and equipment is the responsibility of the controller's
function.
D) The internal auditor reports to the board of directors.

5) Once an understanding of internal controls is obtained that is sufficient for audit planning, then the 5)
auditor must first assess
A) the level of control risk supported by the understanding obtained.
B) whether the financial statements are auditable.
C) the level of control risk to use.
D) whether a lower level of control risk could be supported.

6) Management safeguards assets by 6)

A) controlling access and by comparison of physical items to records.
B) having the internal auditors conduct periodic counts of physical assets.
C) requiring the external auditors to do surprise audits.
D) having management sign a management representation letter.

7) A well-designed organizational structure at an entity 7)

A) clearly defines authority and responsibility assignments.
B) has operations and programming personnel tasks combined.
C) has the internal audit department report to the Chief Financial Officer.
D) requires that wage rates are recorded and tracked by the human resources department.

1
 8) An essential characteristic of the persons performing internal check procedures is 8)
A) an analytical and inquisitive mind.
B) independence from the original data preparer.
C) a thorough knowledge of accounting.
D) all of the above.

9) The reliance placed on substantive tests in relation to the reliance placed on internal control varies 9)
in a relationship that is ordinarily
A) inverse. B) equal. C) parallel. D) direct.

10) The most important type of protective measure for safeguarding assets and records is 10)
A) adequate segregation of duties among personnel.
B) the use of physical precautions.
C) proper authorization of transactions.
D) adequate documentation.

11) Internal controls can never be regarded as completely effective. Even if systems personnel could 11)
design an ideal system, its effectiveness depends on the
A) competency and dependability of the people using it.
B) proper implementation by management.
C) adequacy of the computer system.
D) ability of the internal audit staff to maintain it.

12) It is important for the public accountant to consider the competence of the audit clients' employees 12)
because their competence bears directly and importantly upon the
A) achievement of the objectives of the system of internal control.
B) timing of the tests to be performed.
C) comparison of recorded accountability with assets.
D) cost/benefit relationship of internal controls.

13) Ideally, tests of controls should be applied to controls 13)

A) at the balance sheet date. B) at the beginning of the fiscal period.
C) for the entire period under audit. D) at each quarterly interim period.

14) Management's objectives with respect to internal control include 14)

A) providing reasonable assurance that the goals and objectives important to the entity have
been met.
B) having reasonable assurance that the financial statements are in accordance with GAAP.
C) ensuring that all policies and procedures are clearly documented to reduce employee training
costs.
D) preventing fraud and illegal activities at all costs.

15) Which one of the following is an example of a specific authorization? 15)

A) The computer systems automatically reorder inventory when quantities fall below the
economic order quantity.
B) Grocery sales clerks may approve returns of goods less than ten dollars in value.
C) The highest credit limit allowed for accounts receivable customers is $100,000.
D) Each sales transaction that exceeds the credit limit of a customer must be approved by the
controller.

2
16) The operational responsibility and the recording of transactions are normally kept separate 16)
A) because operational personnel rarely has the necessary accounting skills to record
transactions.
B) to avoid unauthorized transactions.
C) to ensure unbiased information is recorded.
D) to centralize activities in order to be more cost efficient.

17) To comply with the second examination standard, the auditor need not be concerned with all areas 17)
of internal control that apply to management. The auditor's primary concerns are with the system's
ability to
A) provide reliable data and safeguard assets.
B) maintain reliable control systems.
C) prevent and detect fraud and error.
D) promote efficiency and encourage adherence to policy.

18) After considering a client's internal controls, an auditor has concluded that it is well designed and 18)
is functioning as intended. Under these circumstances, the auditor would most likely
A) perform tests of controls to the extent outlined in the audit program.
B) use a combined audit approach that includes tests of controls and substantive tests.
C) determine the control procedures that should prevent or detect errors and irregularities.
D) determine whether transactions are recorded to permit preparation of financial statements in
accordance with generally accepted accounting principles.

19) Why is it important to separate systems development (or acquisition) and program maintenance 19)
activities from accounting?
A) Custody of media is important to help ensure ongoing operations.
B) Lack of separation could result in unauthorized changes to programs and systems.
C) This allows accounting to reconcile transaction totals to transaction details.
D) Accounting personnel have the expertise to evaluate program changes that have been
implemented.

20) A major control available in a small company, which might not be feasible in a large company, is 20)
A) fewer transactions to process.
B) the owner-manager's personal interest and close relationship with the personnel.
C) a wider segregation of duties.
D) a voucher system.

21) An act of two or more employees to misstate records is called 21)

A) collusion. B) malfeasance. C) felony. D) defalcation.

22) A system of internal control consists of policies and procedures designed to provide management 22)
with
A) assurance that fraud will be prevented or detected.
B) reasonable assurance that the company achieves its objectives.
C) reasonable assurance that fraud will be prevented or detected.
D) assurance that the firm's resources will be used in the optimal way.

3
23) The control environment consists of actions, policies and procedures that 23)
A) help implement the ethical attitudes at the organization, such as a computer usage policy.
B) reflect the overall attitudes of top management, the directors and the owners of an entity
about control and its importance.
C) are recorded on the web site, for example, access policies to data.
D) govern access to particular applications, such as how employees use passwords to change
master file payroll rates.

24) Management assesses risks as a part of designing and operating internal controls to minimize fraud 24)
and errors. Auditors assess risks to
A) enable them to assess the completeness of internal controls.
B) fully implement the audit risk model.
C) make sure that the company will continue to operate over the next year.
D) decide the evidence needed in the audit.

25) The methods that management uses to supervise the entity's activities are called 25)
A) methods of assigning authority and responsibility.
B) management's operating style.
C) management control methods.
D) personnel practices.

26) The auditor's primary concern about the development and implementation of the client's systems 26)
and procedures is ensuring that
A) issues such as the client's policy on ethical and social issues are considered.
B) the organizational structure of the systems development department defines the lines of
responsibilities and authority.
C) programs throughout the year were adequately controlled.
D) employees in the systems development group are properly trained.

27) Understanding components of internal control and assessing the level of control risk are primarily 27)
used by the auditor to
A) design effective tests of the financial statement balances for each audit assertion.
B) modify the initial assessments of inherent risk and preliminary judgments about materiality
levels.
C) determine whether procedures and records concerning the safeguarding of assets are reliable.
D) ascertain whether the opportunities to allow any person to both perpetrate and conceal frauds
are minimized.

28) FiddleWare Limited uses application software to handle the processing of its transactions. An 28)
important control that management should implement with respect to information systems is the
A) use of a formal systems development methodology.
B) use of appropriate checkpoints and milestones during development.
C) evaluation of potential new systems against organizational objectives.
D) tracking of routine program maintenance changes.

29) Which one of the following is an example of a general authorization? 29)

A) Grocery supervisors approve each transaction reversal over five dollars.
B) The highest credit limit allowed for accounts receivable is $50,000.
C) Each supervisory wage rate must be approved by the executive manager.
D) ABC Company has a credit limit of $25,000.

4
30) Narratives, flowcharts, and internal control questionnaires are three commonly used methods of 30)
A) designing the audit manual and procedures.
B) documenting the auditor's understanding of internal controls.
C) documenting the auditor's understanding of client's organizational structure.
D) testing internal controls.

31) The accuracy of the results of the accounting system (account balances) is heavily dependent upon 31)
A) the adequacy of the entity level controls.
B) the training provided to the personnel.
C) the accuracy of the inputs and processing (transactions).
D) the knowledge and skills of the auditor.

32) Control risk is a measure of the auditor's expectation that internal controls 32)
A) will prevent material misstatements from occurring.
B) will detect and correct material misstatements.
C) will neither prevent material misstatements nor detect and correct them.
D) will either prevent material misstatements or detect and correct them.

33) Paul is in the process of performing procedures to obtain the necessary understanding of the 33)
client's internal controls. As part of this process, Paul received the client's narrative and flowcharts
and the internal control questionnaire from the client. Paul can use this information from the client
A) if there has not been any significant change in the internal controls since the prior year.
B) Paul should not use this information since it was prepared by management who may be
biased.
C) if the entity level controls and tone at the top were found to be effective.
D) as long as any subsequent reliance on controls is adequately substantiated with testing.

34) When a compensating control exists, a weakness in the system 34)

A) is no longer a concern because the potential for misstatement has been sufficiently reduced.
B) is magnified and must be removed from the sampling process and examined in its entirety.
C) could cause a material loss, so it must be tested using substantive procedures.
D) is reduced but not removed; therefore, it is still of concern to the auditor.

35) Kim has accepted a position as the internal auditor for Oporto Corp. In order for Kim to be 35)
effective in her new functions, Kim should
A) be independent from the operating department.
B) report directly to the audit committee.
C) be independent from the accounting department.
D) all of the above.

36) To help with corporate governance and a positive "tone at the top," the board of directors and its 36)
committees, such as the audit committee, should
A) follow the policies and procedures approved by management.
B) rubber stamp the financial statements once per year.
C) consist of all members of executive management.
D) take an active role in running the company.

5
37) Which of the following best describes the inherent limitations that should be recognized by an 37)
auditor when considering the potential effectiveness of an accounting system?
A) The competence and integrity of client personnel provides an environment conducive to
accounting control and provides assurance that effective control will be achieved.
B) Procedures whose effectiveness depends on segregation of duties can be circumvented by
collusion.
C) Procedures designed to assure the execution and recording of transactions in accordance with
proper authorizations are effective against irregularities perpetrated by management.
D) The benefits expected to be derived from effective accounting system usually do not exceed
the costs of such control.

38) The first step for management in the risk assessment process is to identify factors that may increase 38)
risk, for example failure to meet prior objectives. Then, management will
A) estimate the significance of that risk.
B) make sure that procedures are developed to eliminate the risk.
C) develop specific actions to reduce the risk to an acceptable level.
D) assess the likelihood of the risk occurring.

39) When the auditor identifies opportunities for the client to make operational improvements in the 39)
internal control system, it will be communicated to the client's audit committee in the
A) engagement letter. B) reportable conditions letter.
C) management letter. D) audit report.

40) The procedures to test effectiveness of control policies and procedures in support of a reduced 40)
assessed control risk are called
A) analytical tests. B) tests of controls.
C) a walk-through. D) tests of details of balances.

41) A secondary objective of the auditor's study and evaluation of internal control is that the study and 41)
evaluation provide
A) an assurance that the records and documents have been maintained in accordance with
existing company policies and procedures.
B) a basis for constructive suggestions concerning improvements in internal control.
C) a basis for reliance on the accounting system.
D) a basis for the determination of the resultant extent of the tests to which auditing procedures
are to be restricted.

42) A procedure that would most likely be used by an auditor in performing tests of control procedures 42)
that involve segregation of functions and that leave no transaction trail is
A) reconciliation. B) observation. C) reperformance. D) inspection.

43) Which one of the following controls would be of concern to management, but not to the auditor? 43)
Controls over the
A) collection of accounts receivable amounts.
B) cost of inventory items as recorded in the perpetual inventory system.
C) distribution of promotional information to present and potential clients.
D) entry of payroll wage rates into the computer systems.

6
 44) External auditor Mary Smith may not rely on the work of internal auditor Ray Jones unless 44)
A) Smith obtains evidence that supports the competence, integrity, and objectivity of Jones.
B) Jones is supervised by Smith.
C) Jones is independent of the client.
D) Jones is certified (CA, CGA or CMA).

45) An example of general computer control systems that provide reasonable assurance of 45)
authorization of systems is:
A) application system control procedures
B) operations and information systems support
C) organization and management controls
D) systems, acquisition, development and maintenance controls

46) Each key control that the auditor intends to rely on must be supported by sufficient 46)
A) analytical review procedures. B) tests of details of balances.
C) tests of controls. D) reperformance procedures.

47) The board of directors is essential for effective corporate governance because it has ultimate 47)
responsibility to
A) test internal controls and ensure they are working properly.
B) provide a report to the auditor confirming that internal controls are working properly.
C) make sure management implements proper internal control and financial reporting processes.
D) assist management in the preparation of the financial statements.

48) When the auditor attempts to determine the operation of the accounting system by tracing one or a 48)
few transactions through the accounting system, this is referred to as
A) tracing. B) tests of controls.
C) a walk-through. D) vouching.

49) Effective internal control in a small company that has an insufficient number of employees to 49)
permit proper division of responsibilities can best be enhanced by
A) delegation of full, clear-cut responsibility to each employee for the functions assigned to each.
B) engaging a public accountant to perform monthly "write-up" work.
C) direct participation by the owner of the business in the record-keeping activities of the
business.
D) employment of temporary personnel to aid in the segregation of duties.

50) Proper segregation of functional responsibilities in an effective internal control system calls for 50)
segregation of the functions of
A) authorization, recording, and custody. B) custody, execution, and reporting.
C) authorization, execution, and payment. D) authorization, payment, and recording.

ESSAY. Write your answer in the space provided or on a separate sheet of paper.

51) A) Describe the three key concepts (assumptions) in the study of internal control.

B) Describe three inherent limitations of internal control.

7
52) You have just finished documenting your understanding of cycle controls at an audit engagement.

Required:

A) Explain how you will identify the controls that will be tested.

B) What process will you follow for weakness in internal controls?

53) A) The Coso internal control components comprise five elements. Discuss each of these elements.

B) Custody of assets and reconciliation should be separated to contribute to strong internal control. List the
general categories of activities that should be separated.

54) Dimple Leather is a chain of retail stores that sells leather clothing and accessories across Canada. Each store has
point of sale equipment that is linked to a local server. At night, local accounting information is transmitted to
the head office computer and any updates to prices or other adjustments are transferred to the local office.

Required:

Define the control environment. List the components of the control environment. For each component, provide
an example of a control that might exist at Dimple Leather.

55) A) Step one in the auditor's study and evaluation of internal control is obtain understanding of internal control for
audit planning purposes. List each of the remaining steps.

B) Once the auditor has an understanding of internal control, two assessments are made. List each assessment
that must be made prior to testing controls.

C) Describe five common procedures an auditor can use to obtain an understanding of internal control design.

56) A) Describe the three broad objectives of management when designing an effective system of internal control.

B) Describe the aspect of internal control with which auditors are primarily concerned.

57) A) Discuss what is meant by the term "control environment" and identify four control environment
subcomponents that the auditor should consider.

B) List the steps that management follows in assessing risks relevant to the preparation of financial statements
in conformity with GAAP.

C) How does the auditor obtain knowledge about management's risk assessment process?

D) Explain how management's risk assessment process differs from the auditor's risk assessment process.

E) What is the relationship between management's risk assessment process and audit evidence?

8
58) Porterville, Ontario, is the home of the largest leather tanning operation in Canada. Hides from various animals
are stretched and treated, then cut into shapes for shipment to wholesalers.
Computer assisted operations are important in maintaining temperature, humidity, and proper mix
proportions in chemical solutions used for the tanning process. Computer assistance has helped improve the
quality of the tanning process, as well as provide a safer environment for employees. Computer operations and
backup is supported by the warehouse manager, Joe.
Individual hides are tagged with a bar code and tracked for quality control purposes. The HomeTown
Tanning Company uses a centralized microcomputer based system for its manufacturing and accounting
operations. The two owners of the company are active in the business, and approve all new hardware and
software acquisitions.
The controller is responsible for network upgrades as well as maintaining passwords and user
identification codes on the network. Accounting transactions are entered by accounting staff, although the
controller has the ability to review and correct transactions.

Required:

List the five categories of functions that need to be separated from each other. Does HomeTown Tanning have
these functions separated? For any functions that are not separated, indicate the potential impact upon controls
and upon the audit.

59) A) List the three types of general computer control systems.

B) Adequate segregation of duties is an important control procedure. Discuss the general guidelines for
segregation of duties to prevent both intentional and unintentional misstatements that are of significance to
auditors.

C) Adequate documents and records are important for effective internal control. Five principles dictate the
proper design and use of documents and records. One principle is that documents and records should be
prenumbered consecutively to facilitate control over missing documents, and to aid in locating documents
when they are needed at a later date. Discuss each of the other four principles of adequate documents and
records.

60) Joan is the owner of a small manufacturing company. In prior years, your firm has conducted a review
engagement of the company. However, this year, Joan obtained a loan from the federal business development
bank, and is required to have an audit on her financial statements. When you started asking about controls and
procedures at the company, Joan got pretty upset.
"All you need to be concerned about is the numbers! Why are you asking all of these questions? It takes too
much time away from my staff to answer these questions! Just check the numbers and let us get on with our
work!"
You calmed her down a bit, and reminded her about the general discussion that occurred with the
engagement letter. You invited her for coffee to briefly explain the following items:

1. Why auditors are concerned about internal controls

2. Why auditors are required to be concerned about internal controls
3. What you need to do to understand internal controls
4. What you will do once you have documented your understanding of internal controls

Required:

Explain what you would say to Joan.

9
Answer Key
Testname: CHAPTER 9

1) A
2) A
3) A
4) C
5) B
6) A
7) A
8) B
9) A
10) B
11) A
12) A
13) C
14) A
15) D
16) C
17) B
18) B
19) B
20) B
21) A
22) B
23) B
24) D
25) C
26) C
27) A
28) C
29) B
30) B
31) C
32) C
33) D
34) A
35) D
36) D
37) B
38) A
39) C
40) B
41) B
42) B
43) C
44) A
45) D
46) C
47) C
48) C
49) C
50) A
10
Answer Key
Testname: CHAPTER 9

51) A) The three concepts which underlie the study of internal control are:
· It is management's responsibility to establish and maintain internal controls.
· Reasonable but not absolute assurance should be provided because an ideal system cannot be justified on a
cost/benefit basis.
· Even the ideal internal control system has inherent limitations because of employee carelessness, lack of
understanding, or management override.

B) The effectiveness of internal controls depends on the competency and dependability of the people using it.
Inherent limitations of internal control include:
· Employee carelessness
· Lack of understanding
· Management override
· Collusion
52) A) First, the controls will be organized by transaction-related audit objectives. Then, the controls will be considered
as to their importance and quality. Those controls that are well designed and are most important for satisfying the
transaction-related audit objectives will be considered for testing.

B) After identifying the controls that are present for transaction-related audit objectives, we will be able to see which
audit objectives do not have controls. The absence of controls for a transaction-related audit objective is defined as a
weakness.
Then, the potential misstatement that could occur for each of these absences is identified. We would discuss with
the client whether any compensating controls exist for each weakness. If yes, then the compensating control would be
considered for testing. The weakness should be noted in a letter issued to management and the audit committee.
If there are no compensating controls for weak areas, then additional substantive testing may need to be designed
for those audit objectives.
53) A) Five elements of internal control are:
· The control environment: The control environment consists of the actions, policies, and procedures that reflect the
overall attitudes of top management about control and its importance to the company.
· Risk assessment: Management's identification and analysis of risks relevant to the preparation of financial
statements in conformity with GAAP
· Control activities: Control activities include the control environment (discussed above) and also include: general
control systems and procedures, and application systems (or accounting systems).
· Information and communication: Includes the process to initiate, record, process and report the entity's transactions
and to maintain accountability for the related assets.
· Monitoring: Management's ongoing and periodic assessment of the quality of internal control performance to
determine that controls are operating as intended and modified when needed

B) The six general categories of activities are:

· Custody of assets.
· Recording or data entry of transactions.
· Systems development/acquisition and maintenance.
· Computer operations.
· Reconciliation.
· Authorization of transactions and activities.

11
Answer Key
Testname: CHAPTER 9

54) Definition: The control environment consists of the actions, policies and procedures that reflect the overall attitudes of
top management, the directors, and the owners of an entity about control and its importance to the entity.

Components of the control environment with an example:

(Note that many examples are possible; the following are illustrative examples.)

Management philosophy and operating style: Management of Dimple Leather should illustrate ethical behaviour, and
have an ethical statement available on their web site.

The Board of Directors and the Audit Committee: The Audit Committee should be active in its involvement with
management and the auditors, following up to determine why management letter points have not been acted upon.

Organizational structure: The organizational structure should support adequate segregation of duties, illustrated in an
organization chart and written job descriptions.

Methods of assigning authority and responsibility: Management should have clear policies on software copyright and
information systems usage that are monitored and enforced.

Management control methods: Passwords should be required to access all accounting information systems, with clear
policies on allocation of user identification codes and password change.

Systems development methodology: User approval should be required for all maintenance program changes.

Management reaction to external influences: The company should monitor price and design changes in the industry, and
respond accordingly.

Human resource policies and practices: Employees should be interviewed and references checked prior to hiring.

Internal audit: Internal audit should submit a plan of audits to be conducted, that is in accordance with perceived risks
of error.
55) A) The remaining steps are:
· Evaluate the design effectiveness of controls.
· Assess control risk.
· Identify and assess risk of material misstatement.
· Design tests of control.
· Test controls
· Evaluate results of tests of controls.

B) The assessments are:

· Assess whether the financial statements are auditable.
· Consider design effectiveness of controls.

C) The five procedures used to obtain an understanding of the client's internal control design are:
· Update and evaluate the auditor's previous experience with the client company.
· Make inquiries of client personnel.
· Read the client's policy and systems manuals.
· Examine documents and records.
· Observe activities and operations at the client's place of business.

12
Answer Key
Testname: CHAPTER 9

56) A) Management typically has the following three broad objectives when designing an internal control system:
· Reliability of financial reporting
· Efficiency and effectiveness of operations
· Compliance with laws and regulations

B) The aspect of internal control that auditors are primarily concerned with is maintaining reliable control systems.
57) A) The control environment consists of the actions, policies, and procedures that reflect the overall attitudes of top
management, directors, and owners of an entity about control and its importance to the entity. Subcomponents
include:
· Management philosophy and operating style
· The board of directors and audit committee
· Organizational structure
· Methods of assigning authority and responsibility
· Management control methods
· Systems development methodology
· Management reaction to external influences
· Human resource policies and practices
· Internal audit

B) Management's steps include:

· Identify factors that may increase risk.
· Estimate the significance of risks.
· Assess the likelihood that risks would occur.
· Develop specific actions that need to be taken to reduce the risk to an acceptable level.

C) The auditor:
· Determines how management identifies risk relevant to financial reporting
· Evaluates the significance of these risks
· Evaluates the likelihood of the risks occurring
· Decides whether actions (not already undertaken by management) are needed to address the risks

D) Management's risk assessment process is focused upon the identification and analysis of risks relevant to the
preparation of financial statements in conformity with GAAP. Management assesses risks as a part of designing and
operating internal controls to minimize errors and fraud.
Auditors assess risks to decide the evidence needed in the audit.

E) There is an inverse relationship: if management effectively assesses and responds to risks, the auditor will typically
accumulate less evidence than when management fails to identify or respond to significant risks.

13
Answer Key
Testname: CHAPTER 9

58) 1. Separation of custody of assets from accounting: Yes. Warehousing and manufacturing operations are separate from
the accounting department.

2. Separation of operational responsibility from recording or data entry of transactions: Yes. Same as #1.

3. Separation of systems development or acquisition and maintenance from accounting: Yes. The owners approve new
systems. The owners are not in the accounting department.

4. Separation of computer operations from programming and accounting:

Yes for backup and recovery. The warehouse manager is responsible for computer operations (backup), which is
separate from accounting.

No for password control and security. The controller is responsible for maintaining security passwords, and is also
involved in accounting. The impact of this upon the audit is that the controller could record erroneous transactions and
hide this fact since she has access to the whole system. The auditor will need to look for compensating controls (such as
increased owner involvement).

5. Separation of reconciliation from data entry: No. It is not stated who is responsible for reconciliation. However, all
individuals in the accounting department, including the controller, have data entry capability. This means that one or
more of these individuals could enter incorrect or incomplete information, and hide the fact. The auditor will need to
look for compensating controls (such as increased owner involvement), or may need to increase the amounts of tests of
details.
59) A) The three types of general computer control systems are:
· Organization and management controls.
· Systems acquisition, development and maintenance controls.
· Operations and information systems support.

B) The general guidelines are:

· Custody of assets should be separated from accounting.
· Operational responsibility should be separated from recording or data entry of transactions.
· Separation of systems development or acquisition and maintenance from accounting.
· Separation of computer operations from programming and accounting.
· Separation of reconciliation from data entry.
· Proper authorization of transactions and activities.

C) Documents and records should be:

· Prepared at the time a transaction takes place, or as soon thereafter as possible.
· Pre-numbered or automatically numbered.
· Sufficiently simple to ensure that they are clearly understood.
· Designed for multiple use whenever possible, to minimize the number of different forms.
· Constructed in a manner that encourages correct preparation, such as providing a degree of internal check
within the form or record.

14
Answer Key
Testname: CHAPTER 9

60) 1. Auditors are concerned about internal controls because management uses internal controls to help ensure that
business operations run in accordance with the goals and objectives of the company. The internal controls are also
used to reduce the risk of fraud and illegal acts, and to help prevent and detect errors in the financial statements.

2. Auditors have rules, called generally accepted auditing standards (GAAS) that require them to understand and
document internal controls so that they can plan the audit. It helps auditors to know that internal controls are in place
to help prevent and detect errors, fraud and illegal acts.

3. Interviews, walkthroughs and documentation examination will be used to document internal controls so that they
can be evaluated for each major transaction cycle and audit objective (such as completeness and accuracy). This is
done for control environment, general controls and procedures, accounting systems and control procedures.

4. Once the internal controls have been documented, I will decide whether it is cheaper to test internal controls or to
simply do tests of details ("looking at the numbers"). Overall, enough evidence needs to be gathered to provide a high
level of assurance on the financial statements.

15