ACC 550 FINAL EXAM QUESTIONS AND VERIFIED
ANSWERS
The group of individuals within an organization who is most often associated with
committing financial statement fraud. - Answers - Senior Management
Describe the audit procedures/steps auditors can take to eliminate fraud in the financial
statements. - Answers - You can't eliminate fraud in the financial statements. They're
made by humans, and humans will always have an element of the fraud triangle to
consider.
How testing journal entries can lead to detection of fraud - Answers - There is always a
possibility that management can override controls. Auditors cannot fail to evaluate the
risk management override can have on the FS.
Describe when/how materiality is used during the audit. - Answers - a. Planning
b. Audit Process
i. Material misstatements & material weaknesses
ii. Adjust for audit results - does it challenge previous assumptions?
c. Evaluation - F/S taken as a whole
i. Known and likely misstatements
ii. Errors, fraud and illegal acts
iii. Qualitative and quantitative factors
d. Communication
i. Management
ii. Those charged with governance
Define performance materiality - Answers - Maximum error in a population (account,
transaction, disclosure) the auditor is willing to accept
Be able to give examples of qualitative factors to determine materiality - Answers -
Changes a loss into income or income to loss
Hides a failure to meet analysts' expectations
Concealment of an unlawful transaction
Per professional standards, name and explain the two categories of laws and
regulations. - Answers - Direct effect on financial statements
-Any law or regulation that have a direct impact on the FS. For example, tax laws that
affect accruals or Industry Specific Reporting Requirements
Do not have direct effect on financial statements
-Laws and regulations that are mandatory for operations, but don't directly have a FS
impact. For example, required operating licenses or employment regulations.
, Describe two audit procedures an auditor should considering performing when potential
violations of laws and regulations are identified - Answers - Obtain understanding of the
nature of the act and circumstances in which the violation occurred
Obtain further information to evaluate the possible effect on the financial statements
Discuss matter with management
Communicate with those charged with governance
Explain the difference between Section 404a and Section 404b of the Sarbanes-Oxley
Act of 2002. - Answers - Section A deals with management responsibilities over internal
controls
Section B deals with the auditor responsibilities over internal controls
Explain the overall approach that is take to audit internal controls over financial
reporting. - Answers - Top down risked based approach.
The auditors aren't going to test each individual control. What drives the testing of the
controls is the risk assessment. After figuring out the areas with the most risk, you have
to figure out what makes them risky and then select and test the controls that can
mitigate those risks.
Provide an example of a "suitable control framework" to evaluate internal controls over
financial reporting. - Answers - COSO framework. The video also mentioned a COCO
framework. (might've spelled the acronym wrong)
In the context of a service organization, explain the difference between the
responsibilities of a "service auditor" and a "user auditor". - Answers - The service
auditor audits a service that the user entity uses from a service organization. If ABC
company uses Square to complete transactions, then Square is the service
organization. Whoever audit's there technology and process would be the service
auditor.
The user auditor audits the user entity (ABC company), but will have to verify the
reports the service auditor reports for the service organization (Square).
Based to COSO's Internal Control - Integrated Framework, define/describe technology
general controls. - Answers - The information technology general controls (ITGC) are
similar to the control environment for an organization. It's almost the umbrella for how
effective the automated, manual, and IT-dependent controls will be. ITGC's would be:
-who has access to programs and data and who can authorize the access
-How are program changes implemented
-If new programs are developed what are the controls around implementation and
training
ANSWERS
The group of individuals within an organization who is most often associated with
committing financial statement fraud. - Answers - Senior Management
Describe the audit procedures/steps auditors can take to eliminate fraud in the financial
statements. - Answers - You can't eliminate fraud in the financial statements. They're
made by humans, and humans will always have an element of the fraud triangle to
consider.
How testing journal entries can lead to detection of fraud - Answers - There is always a
possibility that management can override controls. Auditors cannot fail to evaluate the
risk management override can have on the FS.
Describe when/how materiality is used during the audit. - Answers - a. Planning
b. Audit Process
i. Material misstatements & material weaknesses
ii. Adjust for audit results - does it challenge previous assumptions?
c. Evaluation - F/S taken as a whole
i. Known and likely misstatements
ii. Errors, fraud and illegal acts
iii. Qualitative and quantitative factors
d. Communication
i. Management
ii. Those charged with governance
Define performance materiality - Answers - Maximum error in a population (account,
transaction, disclosure) the auditor is willing to accept
Be able to give examples of qualitative factors to determine materiality - Answers -
Changes a loss into income or income to loss
Hides a failure to meet analysts' expectations
Concealment of an unlawful transaction
Per professional standards, name and explain the two categories of laws and
regulations. - Answers - Direct effect on financial statements
-Any law or regulation that have a direct impact on the FS. For example, tax laws that
affect accruals or Industry Specific Reporting Requirements
Do not have direct effect on financial statements
-Laws and regulations that are mandatory for operations, but don't directly have a FS
impact. For example, required operating licenses or employment regulations.
, Describe two audit procedures an auditor should considering performing when potential
violations of laws and regulations are identified - Answers - Obtain understanding of the
nature of the act and circumstances in which the violation occurred
Obtain further information to evaluate the possible effect on the financial statements
Discuss matter with management
Communicate with those charged with governance
Explain the difference between Section 404a and Section 404b of the Sarbanes-Oxley
Act of 2002. - Answers - Section A deals with management responsibilities over internal
controls
Section B deals with the auditor responsibilities over internal controls
Explain the overall approach that is take to audit internal controls over financial
reporting. - Answers - Top down risked based approach.
The auditors aren't going to test each individual control. What drives the testing of the
controls is the risk assessment. After figuring out the areas with the most risk, you have
to figure out what makes them risky and then select and test the controls that can
mitigate those risks.
Provide an example of a "suitable control framework" to evaluate internal controls over
financial reporting. - Answers - COSO framework. The video also mentioned a COCO
framework. (might've spelled the acronym wrong)
In the context of a service organization, explain the difference between the
responsibilities of a "service auditor" and a "user auditor". - Answers - The service
auditor audits a service that the user entity uses from a service organization. If ABC
company uses Square to complete transactions, then Square is the service
organization. Whoever audit's there technology and process would be the service
auditor.
The user auditor audits the user entity (ABC company), but will have to verify the
reports the service auditor reports for the service organization (Square).
Based to COSO's Internal Control - Integrated Framework, define/describe technology
general controls. - Answers - The information technology general controls (ITGC) are
similar to the control environment for an organization. It's almost the umbrella for how
effective the automated, manual, and IT-dependent controls will be. ITGC's would be:
-who has access to programs and data and who can authorize the access
-How are program changes implemented
-If new programs are developed what are the controls around implementation and
training
