More MCQs
HOME
Categories
Courses
Audit and Assurance MCQs
» ISA 260 Communication with those charged with governance MCQs
» ISA 265 Communicating deficiencies in internal control MCQs
» ISA 300 Planning an audit of financial statements MCQs
» ISA 315 Identifying and assessing the risks of material misstatement MCQs
» ISA 320 Materiality in planning and performing an audit MCQs
ISA 315, Identifying and assessing the risks of material misstatement through understanding the entity and its environment
ISA 315 states that the objective of the auditor is to identify and assess the risk of material misstatement, whether due to fraud or error, at the financial statement and assertion levels. Here on MCQs.club we have prepared easy Multiple-Choice Questions (MCQs) on ISA 315 revised IFAC, the ISA 315 summary, ISA 315 MCQs with answers. These MCQ on SA 315 are helpful for Competitive exams, Business management exams and Professional Accountancy exams.
- ISA 315 states that the objective of the auditor is to identify and assess the risk of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity’s internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.’
- The above statement is correct
- The above statement is incorrect
- The Risk assessment procedures includes:
- Enquiries with management
- Analytical procedures
- Observation
- Inspection
- All of the above
- In order to identify the risks of material misstatement in the financial statements the auditor is required to obtain an understanding of:
- their clients
- their clients’ environments
- their clients’ internal controls
- All of the above
- The Understanding the entity and its environment generally include:
- Relevant industry, regulatory and other external factors
- Entity’s selection and application of accounting policies.
- Entity’s objectives, strategies and related business risks
- Internal controls relevant to the audit
- All of the above
- The auditor is required to perform analytical procedures as risk assessment procedures in accordance with ISA 315 in order to:
- Identify aspects of the entity of which the auditor was unaware.
- Assist in assessing the risks of material misstatement in order to provide a basis for designing and implementing responses to the assessed risks.
- Help identify the existence of unusual transactions or events, and amounts, ratios, and trends that might indicate matters that have audit implications.
- Assist the auditor in identifying risks of material misstatement due to fraud.
- All of the above
- ISA 315 requires the auditor to perform analytical procedures as risk assessment procedures in order to help the auditor:
- to obtain an understanding of the entity
- assess the risk of material misstatement.
- Both A&B
- None
- Which of the following is correct regarding Business risks?
- The risks occurring as a result of significant conditions, events, circumstances, actions or inactions that could affect an entity’s ability to reach its objectives and carry out its strategies.
- Business risks can occur as a result of setting of inappropriate objectives, strategies or goals.
- Both A&B
- None
- If the entity has an internal audit function then auditor shall obtain an understanding of the nature of the internal audit function’s responsibilities, its organizational status, and the activities performed, or to be performed.
- The above statement is correct
- The above statement is incorrect
- The auditor should try to reach a judgment about how strong (or weak) the internal controls are, in order to make a decision about the amount of testing that should be carried out in the audit. He should consider:
- his previous knowledge of the client company
- any recent changes
- any known problems in the internal controls of the client
- the effect of any new auditing or accounting requirements.
- All of the above
- Assertions – Representations by management, explicit or otherwise, that are embodied in the financial statements, as used by the auditor to consider the different types of potential misstatements that may occur.
- True
- False
- Categories of assertions as set out in ISA 315 are:
- Assertions about classes of transactions and events and related disclosures for the period under audit (i.e. income statement assertions)
- Assertions about account balances and related disclosures at the period end (i.e. statement of financial position assertions)
- Both A&B
- None
- Assertions about classes of transactions and events and related disclosures include:
- Occurrence, Completeness, Accuracy
- Cut-off, Classification and Presentation
- Both A&B
- None
- Assertions about account balances and related disclosures include:
- Existence, Rights and obligations, Completeness
- Accuracy, valuation and allocation, Classification
- Both A&B
- None
- The auditor is required by ISA 315 to identify and assess the risks of material misstatement at:
- financial statement level
- assertion level
- Both A&B
- None
- Financial statement level risks –
- refers to risks which are pervasive to the financial statements as a whole and which potentially affect many assertions
- refers to specific objectives of the financial statements, for example, that all liabilities have been recorded and that recorded assets exist.
- Both A&B
- None
- The assertion level risks –
- refers to risks which are pervasive to the financial statements as a whole and which potentially affect many assertions
- refers to specific objectives of the financial statements, for example, that all liabilities have been recorded and that recorded assets exist.
- Both A&B
- None
- Risk assessment is an important aspect of planning an audit. Issues to consider are:
- the areas where risk of misstatement (error) appear to exist, and the nature of the risk
- when an error should be considered material, and when it may be ignored
- what aspects of the audit will be the most difficult to plan because of the high risk of misstatement.
- All of the above
- For Risk assessment the auditor should consider:
- assessments of inherent risks and control risks, and the identification of significant audit areas
- setting materiality levels
- the possibility of material misstatements, including those arising because of fraud
- the identification of complex accounting areas, particularly those involving accounting estimates.
- All of the above
- The responses at the assertion level involve the auditor selecting appropriate audit procedures. The choice of audit procedures will depend on the auditor’s assessment of both:
- inherent risk
- control risk
- Both A&B
- None
- The auditor can never eliminate the need for substantive procedures entirely because there are inherent limitations to the reliance that can be placed on internal controls due to:
- Human error, Ineffective controls.
- Collusion of staff in circumventing controls.
- The abuse of power by those with ultimate controlling responsibility (i.e. management override).
- Use of management judgment on the nature and extent of controls it chooses to implement.
- All of the above
- Internal control may be defined as the process designed, put in place and maintained to provide assurance of a reasonable level regarding the achievement of the objectives of an entity. These objectives relate to:
- the reliability of the financial reports
- the efficiency and effectiveness of operations
- adherence to relevant and applicable laws and regulations.
- All of the above
- The degree of effectiveness of an internal control system will depend on:
- The design of the internal control system and the individual internal controls.
- The proper implementation of the controls.
- Both A&B
- None
- ISA 315 Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment, states that auditors need to understand an entity’s internal controls. To assist this process, it identifies components of an internal control system including:
- The control environment
- The risk assessment process
- The information system
- Control activities and Monitoring of controls
- All of the above
- The control environment –
- The control environment includes the governance and management function of an organisation.
- It focuses largely on the attitude, awareness and actions of those responsible for designing, implementing and monitoring internal controls.
- Both A&B
- None
- Elements of the control environment that are relevant when the auditor obtains an understanding include the following:
- Communication and enforcement of integrity and ethical values
- Commitment to competence
- Participation by those charged with governance
- Management’s philosophy and operating style
- Organisational structure
- Assignment of authority and responsibility
- Human resource policies and practices.
- All of the above
- (I) (III) and (VI) only
- (II) (III) and (V) only
- None
- In evaluating the control environment, the auditor should consider such factors as:
- management participation in the control process, including participation by the board of directors
- management’s commitment to a control culture
- the existence of an appropriate organisation structure with clear divisions of authority and responsibility
- an organisation culture that expects ethically-acceptable behaviour from its managers and employees
- All of the above
- ISA 315 requires the auditor to gain an understanding of risk assessment processes used by the client company’s management. Risks can arise or change due to circumstances such as:
- changes in the entity’s operating environment
- new business models, products or activities
- new accounting pronouncements
- All of the above
- The “information system” refers to all of the business processes relevant to financial reporting and communication. It includes the procedures within both information technology and manual systems.
- True
- False
- An information system consists of:
- infrastructure (physical and hardware components)
- software, people, procedures, and data.
- Both A&B
- None
- The information system includes all of the procedures and records which are designed to:
- Initiate, record, process and report transactions.
- Maintain accountability for assets, liabilities and equity.
- Resolve incorrect processing of transactions.
- Process and account for system overrides.
- Transfer information to the general/nominal ledger.
- Capture information relevant to financial reporting for other events and conditions.
- Ensure information required to be disclosed is appropriately reported.
- (I) (III) and (V) only
- (II) (IV) and (VII) only
- All of the above
- None
- ISA 315 requires the auditor to gain an understanding of the business information systems (including the accounting systems) used by management. This aspect of the auditor’s work will involve identifying and understanding:
- how the transactions and other events relevant to the financial reporting process are “captured” (identified and recorded) by the entity.
- the accounting records used, both manual and computerised, to support the figures appearing in the financial statements.
- the processes used in the preparation of the financial statements
- All of the above
- Control activities are the specific procedures designed:
- to prevent errors that may arise in processing information
- to detect and correct errors that may arise in processing information.
- Both A&B
- None
- The control activities include all policies and procedures designed to ensure that management directives are carried out throughout the organisation. Examples of specific control activities include those relating to:
- Authorisation, Performance review, Information processing
- Physical controls and Segregation of duties.
- Both A&B
- None
- Preventive Controls – These controls are designed to stop errors or anomalies from occurring. Examples of preventive controls are:
- Adequate segregation of Duties
- Proper authorization of transactions
- Adequate documentation and control of assets
- All of the above
- Detective Controls – These controls are designed to find errors or irregularities after they have occurred. Examples of detective controls are:
- Exception reports: Computerised reports to identify unexpected results or unusual conditions that require follow-up.
- Reconciliations: An employee relates different sets of data to one another, identifies and investigates differences, and takes corrective action, when necessary.
- Periodic audits: Both internal audit and independent external audit are done to detect error, irregularities and non-compliance with laws and regulations.
- All of the above
- Corrective controls – are designed to prevent errors and irregularities from reoccurring once they are discovered. Examples of these corrective controls are:
- policies and procedures for reporting errors and irregularities so they can be corrected.
- training employees on new policies and procedures developed as part of the corrective actions.
- Both A&B
- None
- IT affects the way in which control activities are implemented. It is important that auditors assess how controls over IT maintain the integrity and security of information held. Such controls are normally divided into:
- Application controls.
- General controls.
- Both A&B
- None
- Application controls –
- Application controls are either manual or automated and typically operate at the business process level.
- Application controls relate to data integrity and ensure that only valid data is being processed and is being processed completely and accurately.
- Both A&B
- None
- Examples of Application controls include:
- Sequence checks (to ensure the number sequence is complete and no items are missing).
- Authorisation of transaction entries (to ensure the transaction is valid and should be processed).
- Arithmetic checks (to verify arithmetical accuracy).
- All of the above
- General controls –
- Are policies and procedures that relate to many applications.
- They support the effective functioning of application controls by helping to ensure the continued proper operation of information systems.
- Both A&B
- None
- Examples of General controls include:
- System software acquisition – tendering, testing, controls during installation, training.
- Program change and maintenance – testing, authorisation, restricted access.
- Both A&B
- None
- When evaluating the general controls and application controls in a client’s computer systems, the auditor needs to take account of the type of computer-based information system that the client is using. Common types of system that may require special attention include:
- microcomputer systems
- online systems
- electronic data interchange (EDI) systems.
- All of the above
- Controls over data transmission help to ensure data is transmitted both intact (complete and as intended) and also securely without fear of breach of confidentiality. Controls over data transmission include:
- Programme controls that ensure data is transmitted in the correct format
- Firewalls to prevent intrusion into the programs that send and receive data
- Restricting access to source data that is transmitted
- All of the above
- Procedures used to obtain evidence regarding the design and implementation of controls include:
- Enquiries of relevant personnel.
- Observing the application of controls.
- Tracing a transaction through the system to understand what happens (a walkthrough test).
- Inspecting documents, such as internal procedure manuals.
- All of the above
- The auditor must document the client’s control systems before evaluating whether the system is adequate and working effectively. Possible ways of documenting systems include:
- Narrative notes – a written description of a system.
- Flowcharts – diagrammatical representation of the system.
- Questionnaires – Such as Internal Control Questionnaire (ICQ) and Internal Control Evaluation Questionnaire (ICEQ)
- All of the above
- The idea behind the ICEQ is to draw up a small number of key control questions designed to establish whether major weaknesses may exist in a control system. Which of the following is correct?
- Using an ICQ, the auditor is looking for „good news‟ and expects to find particular controls in place.
- Using an ICEQ, the auditor is on the look-out for „bad news‟ and the possibility that controls may be weak.
- Both A&B
- None
- The advantages of flowcharts are:
- A complete flowchart is an easily evaluated and informative description of the system.
- Flowcharts ensure that a system is recorded in its entirety as all documents have to be traced from the beginning to end.
- It serves as a permanent record of a system that can be subject to a minor amendment on a year to year basis.
- All of the above
- The limitations of flowcharts are:
- Flowcharts are not appropriate for recording systems with further classifications of subsystems or subroutines.
- Flowcharts are difficult to amend because a single amendment may require changes in the entire chart.
- Both A&B
- None
- Different types of flowcharts are:
- Linear
- Deployment
- Opportunity
- All of the above
- A test of control involves the auditor obtaining evidence that the client has implemented the controls they say they have, and that they have worked effectively, during the period. Typical methods of controls testing include:
- Observation of control activities
- Inspection of documents recording performance of the control
- Computer assisted audit techniques
- All of the above
- Segregation of duties – means dividing the work to be done between two or more individuals, so that the work done by one individual acts as a check on the work of the others. This reduces the risk of error or fraud.
- True
- False
- A log file is a file that records events taking place in the execution of a system. This generates an audit trail that can be used to understand the activity of the system and to diagnose problems. Examples of system logs include:
- Which user logged-in, when and where from
- Changes made to a program – what, when and by whom
- Which web pages a user accessed
- All of the above
- Internal control systems are never fool proof. All systems, no matter how effective they may appear to be, have several limitations such as:
- Human error may result in incomplete or inaccurate processing which may not be detected by control systems.
- It may not be cost-effective to establish certain types of controls within an organisation.
- Controls may be in place, but they may be ignored or overridden by employees or management.
- All of the above
—more to come soon—