Chapter 3 Preparatory Multiple Choice 11th ed

3-1Effective internal control over financial reporting allows for more informed decisions by internal and external users of the financial information. (T / F) T

3-2Management needs to understand its risks to reliable financial reporting before determining which internal controls would be most helpful to achieving its goal of reliable financial reporting. (T / F) T

3-3Which of the following are affected by the quality of an organization’s internal controls? D

a.Reliability of financial data.

b.Ability of management to make informed business decisions.

c.Ability of the organization to remain in business.

d.All of the above.

e.Only a and c.

3-4Which of the following creates an opportunity for committing fraudulent financial reporting in an organization? B

a.Management demands financial success.

b.Poor internal control.

c.Commitments tied to debt covenants.

d.Management is aggressive in its application of accounting rules.

3-5The purpose of internal control is to provide absolute assurance that an organization will achieve its objective of reliable financial reporting. (T / F) F

3-6Organizations use the GAAP framework of internal control as a benchmark when assessing the effectiveness of internal control over financial reporting. (T / F) F

3-7What are the components of internal control per COSO’s Internal Control–Integrated Framework? B

a.Organizational structure, management philosophy, planning, risk assessment, and control activities.

b.Control environment, risk assessment, control activities, information and communication, and monitoring.

c.Risk assessment, control structure, backup facilities, responsibility accounting, and natural laws.

d.Legal environment of the firm, management philosophy, organizational structure, control activities, and control assessment.

3-8Which of the following statements regarding internal control is false? B

a.Internal control is a process consisting of ongoing tasks and activities.

b.Internal control is primarily about policy manuals, forms, and procedures.

c.Internal control is geared toward the achievement of multiple objectives.

d.A limitation of internal control is faulty human judgment.

e.All of the above statements are true.

3-9The control environment component of internal control is a pervasive or entity-wide control because it affects multiple processes and multiple types of transactions. (T / F) T

3-10The control environment is seen as the foundation for all other components of internal control. (T / F) T

3-11Which of the following principles would not be considered a principle of an organization’s control environment? E

a.Independence and competence of the board.

b.Competence of accounting personnel.

c.Structures, reporting lines, and authorities and responsibilities.

d.Commitment to integrity and ethical values.

e.They would all be considered principles of the control environment.

3-12Which one of the following components of internal control over financial reporting sets the tone for the organization? B

a.Risk assessment.

b.Control environment.

c.Information and communication.

d.Monitoring Risk Assessment Organizations face risks of material misstatement in their financial reports.

3-13Only organizations in high-risk industries face a risk that they will not achieve their objective of reliable financial reporting. (T / F) F

3-14An organization’s risk assessment process should identify risks to reliable financial reporting from both internal and external sources. (T / F) T

3-15Which of the following statements is false regarding the risk assessment component of internal control? D

a.Risk assessment includes assessing fraud risk.

b.Risk assessment includes assessing internal and external sources of risk.

c.Risk assessment includes the identification and analysis of significant changes.

d.Economic changes would not be considered a risk that needs to be analyzed as part of the risk assessment process.

3-16Which of the following is not part of management’s fraud risk assessment process? B

a.The assessment considers ways the fraud could occur.

b.The assessment considers the role of the external auditor in preventing fraud.

c.Fraud risk assessments serve as an important basis for determining the control activities needed to mitigate fraud risks.

d.The assessment considers pressures that might lead to fraud in the financial statements.

3-17There is one standard set of control activities that all organizations should implement. (T / F) F

3-18Control activities include both preventive and detective controls. (T / F) T

3-19Which of the following scenarios provides the best example of segregation of duties? D

a.Employees perform multiple jobs, and have access to related records.

b.The internal audit function performs an independent test of transactions throughout the year and reports any errors to departmental managers.

c.The person responsible for reconciling the bank account is responsible for cash disbursements but not for cash receipts.

d.The payroll department cannot add employees to the payroll or change pay rates without the explicit authorization of the Human Resources Department.

3-20Which of the following statements about application controls is true? B

a.Organizations can have manual application controls or automated application controls, but not a combination of the two.

b.Application controls are intended to mitigate risks associated with data input, data processing, and data output.

c.Application controls are a part of the monitoring component of internal control.

d.Self-checking digits are an output control.

3-21An organization’s accounting system is part of its information and communication component of internal control. (T / F) T

3-22An organization needs information from both internal and external sources to achieve its objectives. (T / F) T

3-23Which of the following is an effective implementation of the information and communication component of COSO’s Internal Control–Integrated Framework? B

a.The organization has one-way communication with parties external to the organization.

b.The organization has a whistleblower function that allows parties internal and external to the organization to communicate concerns about possible inappropriate actions in the organization’s operations.

c.The organization has a robust process for assessing risks internal and external to the organization.

d.The organization builds in edit checks to determine whether all purchases are made from authorized vendors.

e.All of the above.

3-24Which of the following is not a principle of the information and communication component of COSO’s Internal Control–Integrated Framework? D

a.The organization identifies, obtains, and uses relevant information.

b.The organization communicates internally.

c.The organization communicates externally.

d.All of the above are principles of the information and communication component of COSO’s Internal Control– Integrated Framework.

3-25As part of monitoring, an organization will select either ongoing evaluations or separate evaluations, but not both. (T / F) F

3-26Communicating identified control deficiencies is a principle of monitoring. (T / F) T

3-27Which of the following is not an effective implementation of the monitoring component of COSO’s Internal Control– Integrated Framework? D

a.Internal audit periodically works to improve internal controls.

b.Management reviews current economic performance against expectations and investigates to determine causes of significant deviations from the expectations.

c.The organization implements software that captures all instances in which the underlying program identifies processed transactions that exceed company-authorized limits.

d.The organization builds in edit checks to determine whether all purchases are made from authorized vendors, and flags those that are not.

3-28Which of the following is the most accurate statement related to the monitoring component of COSO’s Internal Control–Integrated Framework? C

a.Monitoring is a process that is relevant only to the control activities component of COSO’s Internal Control– Integrated Framework.

b.Separate evaluations are more timely than ongoing evaluations in identifying control deficiencies.

c.Monitoring is a process that provides feedback on the effectiveness of each component of internal control.

d.Monitoring includes automated edit checks to determine whether all purchases are made from authorized vendors.

3-29Management of U.S. public companies may provide a public report on the effectiveness of their organization’s internal control over financial reporting, but management is not required to do so. (T / F) F

3-30As part of a walkthrough, management will follow a transaction from origination to when it is reflected in the financial records to determine whether the controls are effectively designed and have been implemented. (T / F) T

3-31Which of the following statements is false regarding management’s documentation of internal control over financial reporting? C

a.Management needs to maintain sufficient and appropriate documentation of the internal controls they have designed and implemented to achieve the objective of reliable financial reporting.

b.Internal control documentation is useful in training new personnel or serving as a reference tool for all employees.

c.Management only needs to maintain documentation if the company’s auditors will be providing an opinion on internal control effectiveness.

d.Documentation provides evidence that the controls are operating.

3-32Which of the following is not included in management’s report on internal control? E

a.A statement that management is responsible for internal control.

b.A definition of internal control.

c.A discussion of the limitations of internal control.

d.The criteria used in assessing internal control.

e.A description of the work that the internal auditors performed.

3-33If management identifies even one material weakness in internal control, then management will conclude that the organization’s internal control over financial reporting is not effective. (T / F) T

3-34Management will classify a control deficiency as a material weakness only if there has been a material misstatement in the financial statements. (T / F) T

3-35Assume that an organization sells software. The sales contracts with the customers often have nonstandard terms that impact the timing of revenue recognition. Thus, there is a risk that revenue may be recorded inappropriately. To mitigate that risk, the organization has implemented a policy that requires all nonstandard contracts greater than $1 million to be reviewed on a timely basis by an experienced and competent revenue accountant for appropriate accounting, prior to the recording of revenue. Management has classified this deficiency as a material weakness. Which of the following best describes the conclusion made by management? D

a.There is more than a remote possibility that a material misstatement could occur.

b.The likelihood of misstatement is reasonably possible.

c.There is more than a remote possibility that a misstatement could occur.

d.There is a reasonable possibility that a material misstatement could occur.

e.There is a reasonable possibility that a misstatement could occur.

3-36Which of the following scenarios represents a control deficiency? A

a.A missing control that is required for achieving objectives.

b.A control that operates as designed.

c.A control that provides reasonable, but not absolute assurance, about the reliability of financial reporting.

d.An immaterial individual misstatement in internal.

3-37The auditor needs to understand a client’s internal controls in order to anticipate the types of material misstatements that may occur in the financial statements and then develop sufficient appropriate audit procedures to determine whether those misstatements exist in the financial statements. (T / F) T

3-38While understanding a client’s internal control over financial reporting may help the external auditor plan the audit, the external auditor is not required to obtain this understanding for all audit engagements. (T / F) F

3-39Which of the following is a reason that the auditor obtains an understanding of the client’s internal control over financial reporting? D

a.This understanding is required by professional auditing standards.

b.Understanding of internal control is needed to properly plan the audit.

c.This understanding helps an auditor assess a client’s risk of material misstatement.

d.All of the above are reasons why the auditor obtains an understanding of the client’s internal control over financial reporting.

3-40Which of the following statements is true regarding the auditor’s assessment of a client’s internal control over financial reporting? A

a.The auditor reviews management’s documentation of its internal control and management’s evaluation and findings related to internal control effectiveness.

b.The auditor’s assessments of control deficiencies will be the same as management’s assessment of the same deficiencies.

c.In testing controls, the auditor is only concerned about the client’s control environment and risk assessment.

d.All of the above are true.