Вы находитесь на странице: 1из 4

I. True or false (20 points) 1.

At all cases, accounting firms could not provide advisory services or non-audit services upon the passage of SOX. - False. - SOX contained in Sections 201 and 202 of Title II. Section 201 makes it "unlawful" for the auditor to provide nine non-audit services listed in that section. The Act provides that a registered public accounting firm "may engage in any non-audit service, including tax services, that is not described [in the list of nine specifically prohibited services] for an audit client only if the activity is approved in advance by the audit committee of the issuer" in accordance with the Act. - Section 202 Pre-Approval Requirements The Act states that "[a]ll auditing services and nonaudit services [other than those specifically prohibited] ... shall be preapproved by the audit committee of the issuer." 2. An internal audit is typically conducted by auditors who work for the organization, but this task may not be outsourced to other organizations. - False. - Can be outsourced 3. To achieve independence, internal audit departments should report to the controller or its equivalent. - False. - The Standards require that the chief audit executive (CAE) report to a level within the organization that allows the internal audit activity to fulfill its responsibilities. To achieve necessary independence, best practices suggest the CAE should report directly to the audit committee or its equivalent. For day to day administrative purposes, the CAE should report to the most senior executive (i.e., the chief executive officer [CEO]) of the organization. 4. At all times, external auditors may cooperate with and rely on work performed by internal auditors. - False. - External auditors determine the extent on which he can rely on work performed by internal auditors based on its independence and competence. 5. Audit committee is a subcommittee of the board of directors who usually consists of three people who should be outsiders. - True. - Outsider (not associated with the families of executive management nor former officers). 6. The auditors expresses an opinion as to whether the FS are in conformity with GAAS. - False. - GAAP (Generally Accepted Accounting Principle) - GAAS (Generally Accepted Auditing Standards) establishes a framework for prescribing auditor performance. 7. Assertions are used by auditors to develop their audit objectives and design audit procedures

- True. 8. Audit risk the probability that the auditor will render an unqualified opinion on financial statements that are, in fact, materially misstated. - True. 9. Errors are intentional misinterpretations. - False. - Errors are unintentional mistakes - Irregularities are intentional misinterpretations associated with the commission of fraud. 10. Inherent risk and planned detection risk are inversely related; i.e., as inherent risk increases, planned detection risk should decrease. - True. - Control risk and planned detection risk are inversely related. 11. The most important element of the audit risk model is control risk. - False - Audit risk has 3 components. Inherent risk, control risk and detection risk. 12. The weaker the internal control structure, the greater the control risk and the more substantive testing the auditor must perform. - True. 13. The establishment and maintenance of an internal control is an important management obligation. - True. 14. The internal control system should achieve the four broad objectives irregardless of the data processing method used. - False. 15. Prior to the passage of SOX, external auditors were not required to test internal controls as part of their attest function. - True. - Aside from the opinion of the fairness of FS, auditor are mandated to issue a separate opinion on internal controls - Also, SOX places responsibility on auditors to detect fraudulent activity and emphasizes the importance of controls designed to prevent or detect fraud that could lead to material misstatement of the FS. Management is responsible for implementing such controls, and auditors are expressly required to test them. 16. COSO identifies two broad groupings of IT controls: application controls and general controls. - True. 17. The purpose of access controls is to ensure that only authorized personnel have access to the firms assets. - True. 18. Organization must maintain audit trails. - True.

Audit trail enables the auditor to trace any transactions through all phases of its processing from the initiation of the event to the financial statements. 19. In small organizations that lack sufficient personnel, management must compensate for the absence of segregation controls with close supervision. - True. 20. Segregation of incompatible tasks should be physical as well as organizational. - True II. Identification (20 points) 1. These controls are designed to be application-specific. The objectives of these are to ensure the validity, completeness, and accuracy of financial transactions. Application control. 2. Independent checks of the accounting system to identify errors and misinterpretations. Independent verifications. 3. This class of controls relates primarily to the human activities employed in accounting systems. These relate to human activities that trigger and utilize the results of those tasks. Physical controls. 4. The policies and procedures used to ensure that appropriate actions are taken to deal with the organizations identified risks. control activities. 5. The process by which the quality of internal control design and operation can be assessed. This may be accomplished by separate procedures and by ongoing activities. monitoring. 6. Organizations must perform this to identify, analyze, and manage risks relevant to financial reporting. Risk assessment. 7. Sets the tone for the organization and influences the control awareness of its management and employees. - Control environment. 8. Identify undesirable events and draw attention to the problem. Detection controls. 9. Passive techniques designed to reduce the frequency of occurrence of undesirable events. Preventive controls. 10. A detailed investigation of specific account balances and transactions. Substantive testing. 11. Focuses on the computer-based aspects of an organizations information system. It audit. 12. Risk that the auditors are willing to take that errors not detected or prevented by the control structure will also not be detected by the auditor. Detection risk. 13. Affirms that all asset and equities contained in the balance sheet exist and all transaction in the income statement actually occurred. Existence or occurrence assertion. 14. Independent attestation performed by an expert who expresses an opinion regarding the presentation of FS. External auditor. 15. Independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization internal auditors. 16. A process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objective in the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. Internal control.

17. Their objective is to investigate anomalies and gather evidence of fraud that amy lead to criminal conviction. Fraud auditor. 18. The objective of this phase is to determine whether adequate controls are in place and functioning properly. Test of control. 19. Is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. Enacted in July 29, 2002 SOX Act 2002 20. Is a joint initiative of the five private sector organizations such as FEI, IMA, AAA, AICPA and IIA. Dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. - COSO