REVIEW QUESTIONS
Describe which of the three categories of broad objectives for internal
controls are considered by the auditor in an audit of both the financial statements and internal control over financial reporting.
What two aspects of internal control must management assess when reporting on internal control to comply with Section 404 of the Sarbanes–Oxley Act?
Chapter 8 introduced the eight parts of the planning phase of audits. Which part is understanding internal control and assessing control risk? What parts precede and follow that understanding and assessing control risk?
What two aspects of internal control must the auditor assess when performing procedures to obtain an understanding of internal control?
Management must identify the framework used to evaluate the effectiveness of internal control over financial reporting. What framework is used by most U.S. public companies?
What is meant by the control environment? What is the relationship between the control environment and the other four components of internal control?
List the types of specific control activities and provide one specific illustration of a control in the sales area for each control activity.
The separation of operational responsibility from record keeping is meant to prevent different types of misstatements than the separation of the custody of assets from accounting. Explain the difference in the purposes of these two types of sepa- ration of duties. For each of the following, give an example of a physical control the client can use to protect the asset or record:
1. Computers
2. Cash received by retail clerks
3. Accounts receivable records
4. Raw material inventory
5. Hand tools
6. Manufacturing equipment
7. Marketable securities
Explain what is meant by independent checks on performance and give five specific examples.
Frank James, a highly competent employee of Brinkwater Sales Corporation, had been responsible for accounting-related matters for two decades. His devotion to the firm and his duties had always been exceptional, and over the years, he had been given increased responsibility. Both the president of Brinkwater and the partner of an independent CPA firm in charge of the audit were shocked and dismayed to discover that
James had embezzled more than $500,000 over a 10-year period by not recording billings
in the sales journal and subsequently diverting the cash receipts. What major factors permitted the embezzlement to take place?
Describe why auditors generally evaluate entity-level controls before evaluating transaction-level controls.
What is the primary focus of the monitoring component of internal control?
Explain how client internal controls can be improved through the proper installation of IT.
Identify risks for extensive IT-based accounting systems.
Identify the traditionally segregated duties in IT systems.
Explain how the effectiveness of general controls impacts the effectiveness of automated application controls.
Compare the risks associated with network systems and database systems to those associated with centralized IT functions.
An audit client is creating a Web-based sales ordering system for customers to purchase products using personal credit cards for payment. Identify three risks related to an online sales system that management should consider. For each risk, identify an internal control that could be implemented to reduce that risk.
