 |
| 1 | |
The requirements of Section 404 of the Sarbanes-Oxley Act of 2002 apply to |
| | A) | All companies that are subject to an independent audit. |
| | B) | Most publicly-held companies. |
| | C) | All privately-held companies. |
| | D) | All companies with sales in excess of $500 million. |
|
|
|
| 2 | |
The role of the registered independent auditing firm relative to its clients' internal controls under the Sarbanes-Oxley Act of 2002 is to |
| | A) | Express an opinion on whether the entity is subject to all provisions of the Securities Exchange Act of 1934. |
| | B) | Express an opinion on the effectiveness of the entity's control. |
| | C) | Report to both the PCAOB and SEC those entities with unsatisfactory internal controls. |
| | D) | Provide report feedback but disclaim an opinion on management's assessment. |
|
|
|
| 3 | |
Which of the following statements concerning control deficiencies is true? |
| | A) | Auditors are required to report all control deficiencies to the audit committee. |
| | B) | A control deficiency is a type of significant deficiency. |
| | C) | Significant deficiencies are a subset of material weaknesses that must be reported to the public. |
| | D) | The two dimensions of control deficiencies are likelihood of occurrence and magnitude. |
|
|
|
| 4 | |
Which of the following steps or procedures is least likely to be performed as part of management's assessment of the effectiveness of internal controls? |
| | A) | Engaging the external auditors to conduct cutoff tests. |
| | B) | Determining the locations or business units to be evaluated. |
| | C) | Evaluating the design effectiveness and operating effectiveness of selected controls. |
| | D) | Communication of its findings to the external auditors. |
|
|
|
| 5 | |
Which of the following statements is false concerning the audit requirements of the Sarbanes-Oxley Act of 2002 and AS5 related to internal controls? |
| | A) | Management's report should state its responsibility for establishing and maintaining effective internal control. |
| | B) | Management should identify material weaknesses in its report. |
| | C) | The auditor should evaluate whether the internal controls are effective in accurately and fairly reflecting the entity's transactions. |
| | D) | The auditor should provide recommendations to the audit committee for improving internal control as part of the auditor's assessment. |
|
|
|
| 6 | |
Which of the following types of audit reports would not be appropriate for an auditor to issue on the effectiveness of an entity's internal controls? |
| | A) | Unqualified [no material weaknesses identified]. |
| | B) | Adverse [a material weakness exists]. |
| | C) | Qualified [a significant deficiency exists]. |
| | D) | Disclaimer [unable to perform key audit procedures]. |
|
|
|
| 7 | |
Which of the following statements best describes how the requirements under Sarbanes-Oxley changed the auditor's responsibility for issuing an opinion in connection with the audits of most public companies? |
| | A) | CPA firms are now required to add a second opinion related to the timeliness of the financial information provided to the public in addition to an opinion on the overall fairness of the financial statements. |
| | B) | CPA firms are required to rely less on their own direct evidence to support their opinion regarding the effectiveness of controls. |
| | C) | CPA firms are now required to issue a second opinion related to their evaluation of the effectiveness of internal controls in addition to an opinion on the overall fairness of the financial statements. |
| | D) | While the CPA firm is required to issue an additional opinion, that opinion is for internal use only and does not need to be made available in the entity's annual report. |
|
|
|
| 8 | |
With regard to entities that have locations or business units that are judged to have financial reporting risks, the auditor |
| | A) | Need not perform any audit procedures. |
| | B) | Must first determine whether those risks are adequately addressed by entity-level controls. |
| | C) | Must first determine whether the internal audit staff has performed testing at such locations. |
| | D) | Must first evaluate the risk of financial reporting fraud. |
|
|
|
| 9 | |
Generalized audit software (GAS) would likely be used in the audit of accounts receivable for all of the following except: |
| | A) | Selection and printing of sample accounts to be confirmed. |
| | B) | Identifying weaknesses in the documentation of entity controls. |
| | C) | Performing analytical procedures using entity's trial balance data. |
| | D) | Recomputing an estimate of the allowance for doubtful accounts based on an accounts receivable aging analysis. |
|
|
|
| 10 | |
Which of the following statements is false regarding the use of the test data approach in the evaluation of an accounting system? |
| | A) | The test data should consist of only valid conditions. |
| | B) | Only one transaction generally needs to be tested. |
| | C) | The test data should consist of only those valid and invalid conditions of interest to the auditor. |
| | D) | The test data should be processed on the entity's operating system under the auditor's control. |
|
|
|
| 11 | |
All of the following factors should be considered by the auditor when deciding on the extent of controls testing except: |
| | A) | The nature of the control to be tested. |
| | B) | The time the auditor has to test controls before a report must be issued. |
| | C) | The frequency with which the control is applied. |
| | D) | The importance of the control. |
|
|
|
| 12 | |
Place the following steps in the top-down, risk-based approach to the audit of ICFR in their proper order:
1. Identify significant accounts and disclosures and their relevant assertions.
2. Select controls to test.
3. Understand likely sources of misstatement.
4. Identify entity level controls. |
| | A) | 1, 2, 3, 4. |
| | B) | 4, 1, 3, 2. |
| | C) | 4, 2, 1, 3. |
| | D) | 3, 4, 1, 2. |
|
|
|
| 13 | |
All of the following controls may mitigate the risk of fraud and management override except: |
| | A) | Controls over related-party transactions. |
| | B) | Controls over period-end adjusting entries. |
| | C) | Controls related to significant management estimates. |
| | D) | Controls related to executive compensation. |
|
|
|
| 14 | |
Which of the following is not a requirement for management under Section 404 of the Sarbanes-Oxley Act of 2002? |
| | A) | Guarantee effectiveness of the entity's ICFR. |
| | B) | Accept responsibility for the effectiveness of the entity's ICFR. |
| | C) | Support the evaluation of the entity's ICFR with sufficient evidence, including documentation. |
| | D) | Present a written assessment regarding the effectiveness of the entity's ICFR as of the end of the most recent fiscal year. |
|
|
|
| 15 | |
"Remediation" refers to |
| | A) | Management's required annual communication to the Audit Committee regarding changes in the ICFR. |
| | B) | The auditor's required annual communication to the Audit Committee regarding weaknesses found in the ICFR. |
| | C) | Management's testing of a new control designed to eliminate a previous material weakness. |
| | D) | Corrective actions taken by management to eliminate a material weakness. |
|
|
.