The flashcards below were created by user
on FreezingBlue Flashcards.
The primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with
Knowledge necessary for audit planning.
The auditor is required to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement of the financial statements, whether due to fraud or error, to provide a basis for responding to the assessed RMMs. The auditor obtains the understanding and assesses the RMMs to plan the audit. The audit plan describes (1) the risk assessment procedures, (2) further audit procedures at the assertion level, and (3) other procedures required by GAAS.
So that the essential control features of a client’s computer system can be identified and evaluated, the auditor of a nonissuer must, at a minimum, have
A sufficient understanding of the entire computer system.
The audit should be performed by a person having adequate technical training and proficiency as an auditor. That auditor is required to obtain a sufficient understanding of internal control to plan the audit and determine the nature, timing, and extent of tests to be performed. Hence, the auditor should have the training and proficiency that are necessary to understand controls relevant to the computer system.
A conceptually logical approach to the auditor’s consideration of relevant controls consists of the following four steps:
1 Determine whether the relevant controls are capable of preventing, or detecting and correcting, material misstatements and have been implemented.
2 Evaluate the operating effectiveness of relevant controls.
3 Assess the risks of material misstatement.
4 Design further audit procedures.
What is the most logical order in which these four steps are performed?
1, 3, 4 ,2
When obtaining an understanding of internal control, the auditor should perform risk assessment procedures to evaluate the design of relevant controls and to determine whether they have been implemented. This understanding is used to (1) identify types of misstatements, (2) identify factors affecting the risks of material misstatement, and (3) design further audit procedures. After obtaining the understanding, the RMMs should be assessed. In response to the risk assessment, the auditor designs further audit procedures. If the auditor relies on controls (has an expectation of their operating effectiveness), (s)he should perform tests of controls to evaluate their operating effectiveness (AU-C 315 and AU-C 330). Thus, the most logical order of the listed steps is the following:
Evaluate the design of relevant controls and determine whether they have been implemented,
Assess the RMMs,
Design further audit procedures, and Test controls.
Which of the following is a factor in the control environment?
C.Segregation of duties.
D.Management’s philosophy and operating style.
Management’s philosophy and operating style.
The control environment is the foundation for all other control components. It provides discipline and structure, sets the tone of the organization, and influences the control consciousness of employees. Its components include (1) participation of those charged with governance, (2) integrity and ethical values, (3) organizational structure, (4) management’s philosophy and operating style, (5) assignment of authority and responsibility, (6) human resource policies and practices, and (7) commitment to competence.
The firewall system that limits access to a computer by routing users to replicated Web pages is
A proxy server.
A proxy server maintains copies of web pages to be accessed by specified users. Outsiders are directed there, and more important information is not available from this access point.