Page | 1
ACCN 7110 EXAM 2 STUDY GUIDE
2026 LATEST QUESTIONS AND
ANSWERS| ACE YOUR GRADES.
What are preventive controls? - correct answer -designed to
prevent misstatements from occurring (e.g., physical control of
warehouse)
When possible, preventive controls are preferred
Usually more effective to prevent the problems than to correct
them
What are detective controls? - correct answer -designed to find
misstatements after they have occurred but before issuance of
the financial statements (e.g., inventory count)
In what phase of the audit do performing tests of controls occur? -
correct answer -second phase
Risk response --> test of controls
What is the substantive approach? - correct answer -used in
early audits
, Page | 2
Focused on the balance sheet and tested income accounts
indirectly by proving the changes in retained earnings
Still used for small clients who have weak controls
What happened with audits in the mid 1970s? - correct answer -
re-organized around transaction cycles so that auditors could
improve testing efficiency and effectiveness by making the audit
responsive to controls
What happened with audits in the late 1990s? - correct answer -
EY, Arthur Andersen, and KPMG re-organized their audits around
the client's business processes and emphasized preliminary risk
assessment in planning and reliance on analytical procedures
("strategic systems auditing")
What happened with audits in 2004? - correct answer -for
publicly traded companies, section 404 of SOX required:
managers to provide an assertion regarding the effectiveness of
their controls, and auditors to audit the truthfulness of that
assertion, integrated audits of the controls and financial
statements
, Page | 3
What are the control testing requirements for public companies? -
correct answer -both AU-C 315 and AS 2201 require the auditor
to apply the COSO (or equivalent) framework for evaluating
control systems
Under section 404 of SOX, auditors of public companies are
required to perform integrated audits of controls and the financial
statements
Report on ICFR is on effectiveness of controls at the balance
sheet date
What are the control testing requirements for private companies?
- correct answer -under AU-C 315: auditors of private companies
are required to evaluate control design risk and to determine
whether controls have been placed into operation, they are NOT
required to test control operations
Under AU-C 330: auditors are encouraged to test control
operations when control tests are necessary to obtain adequate
assurance about financial statements assertions, or control
testing reduces overall audit costs by reducing substantive testing
What are the auditor's responsibilities for public companies? -
correct answer -apply the COSO (or equivalent) framework to
evaluate controls
When performing integrated audits, evaluate both control design
and operating effectiveness
, Page | 4
MUST test controls: not required to test all controls - only controls
whose failure could result in a reasonable risk of material
misstatements
What are the auditor's responsibilities for private companies? -
correct answer -apply the COSO (or equivalent) framework to
evaluate controls
Evaluate control system design and determine whether controls
have been placed into operation
NOT required to assess operating effectiveness by testing control
operations
MAY choose to test control operations if: necessary to obtain a
reasonable level of assurance regarding the risk of material
misstatement in the financial statement assertions, or reduces
overall audit costs
What are the steps in the process for understanding ICFR and
assessing control risk? - correct answer -understand entity-level
controls
Understand the flow of transactions
Identify what can go wrong (WCGW) for financial statement
assertions; identify relevant controls to test; determine preliminary
audit strategy
Perform tests of controls
ACCN 7110 EXAM 2 STUDY GUIDE
2026 LATEST QUESTIONS AND
ANSWERS| ACE YOUR GRADES.
What are preventive controls? - correct answer -designed to
prevent misstatements from occurring (e.g., physical control of
warehouse)
When possible, preventive controls are preferred
Usually more effective to prevent the problems than to correct
them
What are detective controls? - correct answer -designed to find
misstatements after they have occurred but before issuance of
the financial statements (e.g., inventory count)
In what phase of the audit do performing tests of controls occur? -
correct answer -second phase
Risk response --> test of controls
What is the substantive approach? - correct answer -used in
early audits
, Page | 2
Focused on the balance sheet and tested income accounts
indirectly by proving the changes in retained earnings
Still used for small clients who have weak controls
What happened with audits in the mid 1970s? - correct answer -
re-organized around transaction cycles so that auditors could
improve testing efficiency and effectiveness by making the audit
responsive to controls
What happened with audits in the late 1990s? - correct answer -
EY, Arthur Andersen, and KPMG re-organized their audits around
the client's business processes and emphasized preliminary risk
assessment in planning and reliance on analytical procedures
("strategic systems auditing")
What happened with audits in 2004? - correct answer -for
publicly traded companies, section 404 of SOX required:
managers to provide an assertion regarding the effectiveness of
their controls, and auditors to audit the truthfulness of that
assertion, integrated audits of the controls and financial
statements
, Page | 3
What are the control testing requirements for public companies? -
correct answer -both AU-C 315 and AS 2201 require the auditor
to apply the COSO (or equivalent) framework for evaluating
control systems
Under section 404 of SOX, auditors of public companies are
required to perform integrated audits of controls and the financial
statements
Report on ICFR is on effectiveness of controls at the balance
sheet date
What are the control testing requirements for private companies?
- correct answer -under AU-C 315: auditors of private companies
are required to evaluate control design risk and to determine
whether controls have been placed into operation, they are NOT
required to test control operations
Under AU-C 330: auditors are encouraged to test control
operations when control tests are necessary to obtain adequate
assurance about financial statements assertions, or control
testing reduces overall audit costs by reducing substantive testing
What are the auditor's responsibilities for public companies? -
correct answer -apply the COSO (or equivalent) framework to
evaluate controls
When performing integrated audits, evaluate both control design
and operating effectiveness
, Page | 4
MUST test controls: not required to test all controls - only controls
whose failure could result in a reasonable risk of material
misstatements
What are the auditor's responsibilities for private companies? -
correct answer -apply the COSO (or equivalent) framework to
evaluate controls
Evaluate control system design and determine whether controls
have been placed into operation
NOT required to assess operating effectiveness by testing control
operations
MAY choose to test control operations if: necessary to obtain a
reasonable level of assurance regarding the risk of material
misstatement in the financial statement assertions, or reduces
overall audit costs
What are the steps in the process for understanding ICFR and
assessing control risk? - correct answer -understand entity-level
controls
Understand the flow of transactions
Identify what can go wrong (WCGW) for financial statement
assertions; identify relevant controls to test; determine preliminary
audit strategy
Perform tests of controls
