456
An intention of the SOX sections related to internal control reporting was to provide the public with an early warning, i.e., by disclosing material weaknesses in internal controls. Answer the following questions about this topic. What is the definition of a material control weakness?
A material control weakness is a control deficiency, or combination of deficiencies, that create a reasonable possibility that a material misstatement will occur (in the future) and not be prevented or detected on a timely basis.
The following are examples of IT controls - select the correct classification: Left section: In the It function, there is segregation of duties between programmers and security administration personnel In the IT function, there is segregation of duties between programmers and security administration personnel Right section: A user's access to the network is revoked after three attempts A. General General B. Application Application C. General Application D. Application General
A; these are both examples of general IT controls. Application controls would pertain more directly to specific applications, as opposed to the organization as a whole.
Listed below are common controls in the Sales Revenue, i.e., OTC "order to cash" cycle (the steps between the customer order to collection of cash). Beside each control, list one (and only one) Balance Sheet Account (related to the recording of Revenue amounts) and Assertion (one and only one) that the control is meant to address. Briefly explain your reasoning why. Assume all sales are credit sales. Control: A credit manager approves the customer's credit before each sale is made.
Account/Assertion the control addresses and your brief reasoning why: Accuracy/Valuation of Allowance for Bad Debts - if this control fails, the company risks selling to less creditworthy customers (i.e., so the Allowance for Bad Debts would be inaccurate, specifically, understated).
Listed below are common controls in the Sales Revenue, i.e., OTC "order to cash" cycle (the steps between the customer order to collection of cash). Beside each control, list one (and only one) Balance Sheet Account (related to the recording of Revenue amounts) and Assertion (one and only one) that the control is meant to address. Briefly explain your reasoning why. Assume all sales are credit sales. Control: The sales journal is reconciled with the accounts receivable ledger on a daily basis.
Account/Assertion the control addresses and your brief reasoning why: Completeness of Accounts Receivable - if this control fails, the company could fail to post customer A/R balances for recorded sales. Accuracy/Valuation of Accounts Receivable - if this control fails, the company could post inaccurate A/R amounts to the A/R subledger, i.e., that do not match the sales revenue. Existence of Accounts Receivable - if this control fails, the company could post balances to the A/R subledger for which there is no revenue earned (i.e., that are not recorded in the sales journal). *You would just need to provide one of these.
Listed below are common controls in the Sales Revenue, i.e., OTC "order to cash" cycle (the steps between the customer order to collection of cash). Beside each control, list one (and only one) Balance Sheet Account (related to the recording of Revenue amounts) and Assertion (one and only one) that the control is meant to address. Briefly explain your reasoning why. Assume all sales are credit sales. Control: Customers are billed (with a sales invoice) only if there are both a customer order and shipping document.
Account/Assertion the control addresses and your brief reasoning why: Existence of Accounts Receivable- if this control fails, sales employees could create fictitious sales (i.e., where inventory was not shipped out and/or ordered in the first place).
Assume sampling risk is LOWER - which of the following are likely to also be true? Sample size Audit Risk A. Lower Lower B. Higher Higher C. Higher Lower D. Lower Higher
C: higher sample size and lower audit risk
Which of the following analytical procedures are required by audit standards to be performed in a financial statement audit? I. Risk assessment analytical procedures used during audit planning. II. Final analytical procedures used during the final review stage. A. I only. B. II only. C. Both I and II. D. Neither I or II.
C; both planning and final analytical procedures are required as part of planning the audit (i.e., as part of inherent risk assessment) and the final review stage of the audit (i.e., due to acting as a final "sniff test" or check, as well as because the final numbers will have changed at that point, due to managers correcting misstatements that the auditor found).
All of the following EXCEPT which statement are true? A. For companies subject to the SOX 404 requirement, management must issue a report on the company's internal control effectiveness, and auditors must provide an opinion on the company's internal control effectiveness. B. As part of providing an opinion in an internal control audit, auditors must evaluate both the design and operating effectiveness of internal controls. C. As part of the SOX 404 requirement, auditors must communicate significant deficiencies and material weaknesses in internal control to investors. D. After testing internal controls, auditors may, based on their findings, revise their preliminary assessment of control risk
C; while the auditor does issue a report (with an opinion) that communicates material weaknesses to investors, this report does NOT communicate significant deficiencies. These are only required to be communicated to the audit committee and management. The other statements are all true.
We learned that there are both complementary and compensating controls. Both of these distinctions are important in the auditor's evaluation of the design and operating effectiveness of internal controls. Briefly define each of these control types, including how the auditor would use each of these types of controls in their evaluation.
Compensating controls refer to controls that ALSO address a risk of material misstatement that is covered by another control. The auditor considers these when conducting test of controls, when they have determined that a control is not operating effectively. This may not lead to a deficiency, if there is a compensating control sufficiently addressing this same risk that is operating effectively. Complementary controls refer to controls that are necessary for the effective functioning of other controls. The auditor would consider these in assessing control effectiveness; for example, if general IT controls are insufficient, application controls are likely to be ineffective.
Beside each error below, list one (and only one) control activity that could have prevented or detected the error. Be very specific in your description of the control activity, and also make it realistic. For example, do not say: "have 10 people watch this person do his/her job." Error: Sales that occurred in January 2022 were recorded in December 2021.
Control activity that could have prevented/detected error: For a sale to be recorded in the sales journal, there must be a valid shipping document indicating that inventory has just been shipped out (we're assuming free on board shipping point).
Beside each error below, list one (and only one) control activity that could have prevented or detected the error. Be very specific in your description of the control activity, and also make it realistic. For example, do not say: "have 10 people watch this person do his/her job." Error: Customers paid less than the full amount they owed but their accounts were credited for the full amount owed.
Control activity that could have prevented/detected error: Periodically reconcile the A/R ledger with the cash receipts journal. The IT system includes a validity check whereby the cash coming in must match the amount credited to the A/R balance for that invoice # (or this process automatically occurs).
Beside each error below, list one (and only one) control activity that could have prevented or detected the error. Be very specific in your description of the control activity, and also make it realistic. For example, do not say: "have 10 people watch this person do his/her job." Error: A sales clerk stole cash receipts from customers and covered it by not recording some sales.
Control activity that could have prevented/detected error: Proper segregation of duties, i.e., whereby one person cannot have custody of cash and also record sales. Various security measures like cameras that record sales clerk's actions.
Beside each error below, list one (and only one) control activity that could have prevented or detected the error. Be very specific in your description of the control activity, and also make it realistic. For example, do not say: "have 10 people watch this person do his/her job." Error: An employee placing a customer order entered an incorrect (invalid) product number in the system, such that the sales invoice generated by the system was inaccurate.
Control activity that could have prevented/detected error: The IT system includes drop-down menus, such that invalid product numbers cannot be entered in the first place. If sales invoices have invalid product numbers, the system creates an exception that is forwarded to a manager for resolution.
Which of the following statements is TRUE about internal controls? A. While manual controls are subject to vulnerabilities due to humans operating them (e.g., judgment biases and errors), IT controls are not subject to any limitations. B. The absence of a material misstatement is evidence of there NOT being a material weakness in internal control. C. Reperformance is considered a less persuasive test of controls than observation. D. The presence of a material misstatement is evidence of there being a material weakness in internal control.
D; if the auditor finds a material misstatement, this suggests a material weakness in internal controls - because there must have been a lapse in the company's controls that allowed for such a misstatement to occur. A material weakness involves a reasonable possibility of a material misstatement resulting due to a lapse in the company's internal controls (i.e., the controls failing to prevent or detect the misstatement). Answer A is not true because IT controls are subject to limitations, a key one being if general controls are weak, then the effectiveness of application controls can be severely limited. Answer B is not true because a material weakness represents a reasonable possibility that a material misstatement could result - it doesn't have to in fact have occurred. Answer C is not true because reperformance is a MORE persuasive test than observation. The "persuasiveness hierarchy" is, from most to least persuasive, reperformance, inspection, observation, and inquiry.
The Internal Audit Function is an important part of the monitoring component of the COSO framework. List (yep, just list☺) two distinct and specific characteristics of a highly effective internal audit function
Examples include internal audit departments that are: - Taking continuing education courses, certified. - Fully staffed, i.e., enough people to fulfill their duties. - Competently carry out their work on the job (remember the auditor must test their work, if relying on this!) - Report to the audit committee instead of management.
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: TBONE: I remember you stating that you were working on inventory. Didn't you do an analytical procedure to assess risk in this account as part of audit planning?
NA - no statement here
Auditors often use sampling when testing controls. Answer the following questions about sampling and tests of controls.: The next-to-last step when doing tests of controls that involve sampling is figuring out the worst-case scenario with regard to the population (i.e., the maximum population deviation rate given the deviation rate observed in a sample). What does the auditor do with the information about the maximum population deviation rate? That is, what is the last step when doing tests of controls?
Once the auditor has the maximum population deviation rate, s/he compares it to the tolerable deviation rate originally set based on the level of control risk that s/he wanted/expected to have. If this is greater than the tolerable deviation rate, must revise control risk upward and detection risk downward, thereby increasing the quality and/or quantity of substantive testing. If it is less than the tolerable deviation rate, control risk (and detection risk) can stay at the original levels from planning.
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: ALVINA: Good stuff, Tbone - and on a side note, I brought treats for our late night work session. Along with some Starbucks! And speaking of fraud...I know that the fraud triangle is super important. The fraud triangle includes incentives/pressures to commit fraud, opportunities to commit fraud, and rationalization.
RIGHT. Alvina has correctly defined the fraud triangle.
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: TBONE, continued: As part of assessing inherent risk, we also need to consider base rates - accounts payable is the account with the highest likelihood of fraud occurring.
Tbone's statement is WRONG. You could correctly answer with one of these two reasons: - The account with the highest risk of fraud is Revenue. - You could also state that Accounts Payable does have a high likelihood of errors.
Beside each control activity below, list one (and only one) test, incorporating the specific name (do not use Inquiry or Observation; we want more persuasive evidence) that could be done to determine if the control is functioning. Be specific in describing the test, i.e., don't just write the name of the test, but also describe how it is performed. Control Activity: Online sales orders cannot be over $5,000 (the program has a limit of this amount). If a customer wishes to place an order over $5,000, he or she must call and speak to the sales manager, who then provides authorization and overrides the program.
Test to determine if functioning: Inspect orders > and < $5,000 from sales journal to orders to see if approval is appropriately noted/not noted. Reperform the control by sending through fake orders, especially ones over $5,000 to see if system rejects them and order is rerouted to sales manager.
Beside each control activity below, list one (and only one) test, incorporating the specific name (do not use Inquiry or Observation; we want more persuasive evidence) that could be done to determine if the control is functioning. Be specific in describing the test, i.e., don't just write the name of the test, but also describe how it is performed. Control Activity: The sales journal clerk periodically accounts for the sequence of sales invoices recorded.
Test to determine if functioning: Inspect the clerk's documentation of the process of accounting for the sequence, e.g., a memo, an email, etc. Reperform the sequence accounting yourself for a given period of time (after determining which numbers of invoices were used during that period of time).
Beside each control activity below, list one (and only one) test, incorporating the specific name (do not use Inquiry or Observation; we want more persuasive evidence) that could be done to determine if the control is functioning. Be specific in describing the test, i.e., don't just write the name of the test, but also describe how it is performed. Control Activity: The billing department sends bills to customers only after receiving copies of customer orders and shipping documents.
Test to determine if functioning: Vouch from a sample of sales invoices back to the orders and shipping documents (as this would verify that the customer order and shipping document existed). *Note: starting with the customer orders or shipping documents would not be an effectively targeted test.
Auditors often use sampling when testing controls. Answer the following questions about sampling and tests of controls.: Samples must be selected using sample selection techniques that produce a representative sample. List one such technique (either statistical or nonstatistical) that is allowed by auditing standards - yep, just list it
The answers include (you would just need one): Haphazard selection, Random selection, Systematic selection.
Auditors often use sampling when testing controls. Answer the following questions about sampling and tests of controls.: Step 1 entails defining the "attribute of interest" and what constitutes a "deviation." What is meant by each of these terms? Include a brief example.
The attribute is the control activity of interest itself (i.e., the credit manager stamps "approved" if the customer is approved for a credit sale). A deviation is how the control activity NOT operating effectively would be evidenced in the test (e.g., the stamp is in the wrong location on the form; there is a missing form - remember, a missing document is a deviation because the auditor cannot determine whether the control was operating effectively or not).
As part of the Deloitte Trueblood Case, we learned criteria that auditors use to evaluate the design effectiveness of controls. List and briefly define TWO of these criteria.
The criteria included (you would only need to provide two): - Purpose of the control - is it targeted toward preventing or detecting misstatements? - Level of aggregation - is it granular and precise enough (i.e., the level at which it operates) to achieve its objective? - Consistency of performance - is it performed frequently enough and performed regularly (i.e., not sporadically)? - Correlation to relevant assertion/risk of material misstatement - how directly is it related to the targeted, relevant assertion/risk? - Criteria to investigate, including threshold (if applicable) - is this precise enough? - Predictability of expectations (if applicable) - is this sufficiently precise?
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: ALVINA: I do at least know a couple of key factors affecting inherent risk at the entity-level related to errors. These are (1) pressures on management to reach earnings targets (e.g., from compensation tied to Net Income) and (2) management personality traits that predict reporting aggressively, such as narcissism and the other Dark Triad personalities. These components can also affect the auditors' assessment of the control environment.
The first part of Alvina's statement is WRONG. To answer correctly, you could provide one of two reasons: - These are instead entity level risk factors related to fraud and earnings management. - The two key correct entity-level risk factors related to errors are (1) quality of information technology systems and (2) quality of accounting personnel. The second part is RIGHT: pressures on management and management personality would affect auditors' assessment of the control environment (i.e., in the COSO framework).
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: ALVINA: I did. I compared this year's Inventory to last year's Inventory. The best expectation to use in analytical procedures is last year's numbers. Analytical procedures in general are good because they use this particular client's numbers, as opposed to are more general risk factors (like volume of transactions) that would apply across clients.
The first statement is WRONG. Last year's numbers are too simplistic to be the BEST (though they are used). To fully show your understanding, you could explain WHY this is the case (e.g., that the client KNOWS your expectation so can manage the numbers toward it, such that a fraud could be concealed). Another way you could demonstrate your understanding of why is to provide an example of a more sophisticated expectation (e.g., that incorporates nonfinancial measures, as we saw in the Laramie Wire case). The second statement is RIGHT. This is an advantage of analytical procedures that we discussed.
Auditors often use sampling when testing controls. Answer the following questions about sampling and tests of controls.: List one reason why statistical (as opposed to non-statistical) sampling is MORE defensible in the case of a lawsuit whereby the auditor missed a material fraud. Both list the reason, and briefly explain the reasoning why it is more defensible.
The reasons include (you would just need one): - Can quantify the worst case scenario (i.e., strongly supports an appropriate level of control risk, and thus, detection risk and audit risk). - Would by necessity use a sample selection technique in which the probability of selection of each item is KNOWN (you can assert there is a VERY SMALL, specific chance that the fraud would have been in your sample in the first place). - Can quantify sampling risk (i.e., show that your choices in testing, such as sample size, were based on a SMALL, specific chance - 5 or 10% - of drawing the wrong conclusion due to the sample not being representative of the population; this also supports the control risk, detection risk, and audit risk being appropriate).
As part of making SOX 404 more "reasonable" (i.e., in terms of costs and time), there were two key changes that were made to the standard. List these two changes.
The two changes are: - Only needing to test controls over significant accounts and significant locations/business units. o Note: As illustrated in our Sarbox case activity, the auditor would determine which are significant and potentially "scope out" accounts or locations/business units that are not significant (i.e., not test these controls). This could be determined based on quantitative materiality thresholds. Auditors might "scope back in" some of these if the account or location/business unit is high risk (e.g., there is fraud risk concern). - Can rely on entity-level controls when appropriate to reduce testing of assertion- level controls.
Auditors often use sampling when testing controls. Answer the following questions about sampling and tests of controls.: Auditors assess control risk using tests of controls. Tests of controls, if they involve sampling, are not perfect. That is, auditors may draw the wrong conclusion from tests of controls that involve sampling. What is the wrong conclusion that auditors are most concerned about drawing from tests of controls that use sampling (NOTE: there are two of these wrong conclusions, but we care more about one)? Next, in detail, what are the consequences for the rest of the audit from drawing this wrong conclusion?
The wrong conclusion from tests of controls about which auditors are most concerned is to that a control is operating effectively when it is not and, thus, setting control risk too low. If control risk is too low, detection risk is too high, and the auditor will do insufficient/inappropriate substantive testing, and, thus, run a higher than audit risk chance of missing a material misstatement (put another way, the auditor will take too high a chance of missing a material misstatement and, therefore, audit risk will be higher than it should be).
An intention of the SOX sections related to internal control reporting was to provide the public with an early warning, i.e., by disclosing material weaknesses in internal controls. Answer the following questions about this topic. What is the alternative category "just below" a material weakness? List and define this alternative.
This alternative is a significant deficiency. This is a deficiency that is less severe than a material weakness, but that still warrants attention.
Auditors often use sampling when testing controls. Answer the following questions about sampling and tests of controls.: How does the auditor determine the Expected Deviation Rate in the population? List one specific way.
This is often based on the actual exception rate in the sample from last year's test. Other possibilities could be pilot testing of a sample, or the auditor's knowledge of the effectiveness of the internal control.
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: TBONE: Let's shift gears to think about inherent risk at the account/assertion level. I am worried because I am working on accounts that involve a high volume of transactions. This increases inherent risk at the account/assertion level related to fraud!
WRONG. You could provide one of two reasons: - This factor is instead related to the inherent risk of errors at the entity-level. - Correct inherent risk of fraud factors would include heavy estimation, non-routine transactions, related party transactions, etc. *Note that some of these could ALSO pertain to risk of errors (e.g., as accounts that are non-routine would also create more errors, as management is not familiar with the process).
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: TBONE, continued: I am at least not worried about identifying misappropriation of assets. This does not lead to material misstatements in the financial statements.
WRONG. As discussed and in standards, misappropriation of assets can absolutely lead to material misstatements. An example (which you would need to provide to fully illustrate your knowledge) would be an employee pocketing cash that a customer paid to pay off their credit balance and pretending the cash never came in, like we saw in the Koss case (i.e., this would lead to Accounts Receivable being overstated, and cash being understated). There are other examples we went through in the scanned class notes.
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: ALVINA, continued: It's also super important to know the client's unaudited current year F/S numbers at the very beginning of performing analytical procedures at planning.
WRONG. This is a bad idea for at least two reasons. You would want to provide one: - Knowledge of unaudited current year F/S balances when forming the expectation causes auditors to favor evidence supporting the client's reported amounts later in the audit (the research study we discussed) (i.e., Step 4 of the analytical procedures process). - Knowledge of the unaudited current year balances can also bias the auditor's determination of the threshold, as we saw in the example I showed in class (i.e., Step 2 of the analytical procedures process).
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: ALVINA: I am working on Accounts Payable, and, when doing my analytical procedures, I noticed that it is quite a bit lower than last year. I asked the Accounts Payable clerk, and he told me that he paid two big bills early to take advantage of discounts. I inspected copies of a couple of recent checks to the suppliers he mentioned, which is all that I need to do related to verifying his explanation for this fluctuation.
WRONG. This was not all that Alvina needed to do. Alvina failed to also obtain non-confirming evidence. She should have selected a couple of suppliers NOT mentioned by the client. She would then want to verify that Account Payable balances that should be reported as of year-end for those suppliers are properly reported on the Balance Sheet. You would need to provide this level of detail to fully demonstrate your understanding.
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: ALVINA: It's unfortunate though that analytical procedures using the new "analytics" methods don't allow us to improve audit effectiveness. These methods also don't improve audit efficiency. OK, time to break open those treats!☺
WRONG. We discussed that these do improve audit effectiveness and efficiency. Specifically, because analytics allow us to hone in on the areas of higher risk (by drilling down further, such as by location or product line), this allows us to test the specific areas with the highest risk of material misstatement, which improves effectiveness. Likewise, drilling down further in this way allows us to identify areas of low risk, so do less testing in those areas, which increases efficiency.
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: TBONE: I am concerned that management is engaging in accruals-based earnings management, as they are selling off a piece of PP&E... it appears that they are doing so to achieve a financial statement gain to achieve higher net income, as opposed to for a business purpose.
WRONG: You could give one of two reasons here. - This is instead an example of REAL earnings management with PP&E. - A correct example of accruals-based earnings management with PP&E to increase net income would be overestimating the useful life of PP&E (which reduces depreciation expense, so increases net income).
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: TBONE: I remember learning that, when I am conducting inherent risk assessment procedures using numbers from the client's accounting system, that this REALLY is capturing both inherent risk and control risk. There's no real reason why though.
While Tbone's statement is RIGHT, he is WRONG in that there is a specific reason. The reason is that the client's numbers have come through the reporting process, which by construction, also reflect control risk (i.e., given they are produced by the client's accounting systems, which include their internal controls over financial reporting). Put another way, misstatements occurring, while occurring as a result of inherent risk, also must have come through the company's internal controls (i.e., the controls failed to prevent or detect the misstatement).
Read their conversation, then evaluate their statements. Say whether each statement is right or wrong, then explain why. NOTE 1: You don't need to evaluate every single thing they say - just the substantive statements that have something to do with auditing. NOTE 2: Some boxes will have more than one statement to evaluate. NOTE 3: In your explanation of why a statement is wrong, show me that you understand the correct concept (e.g., define the term correctly if Alvina or Tbone misunderstood a definition; if they said "increase" but the answer is "decrease," don't just say "decrease" but also explain WHY it is a decrease; if an example that Alvina or Tbone give is wrong, give me a correct example). Statement: ALVINA: I'm worried about the audit we're working on now. I know that inherent risk is important to evaluate, but there aren't any procedures to evaluate inherent risk.
Wrong: ☺List two distinct (with little overlap) procedures that the auditor could perform to assess inherent risk: Examples include: - Inquiry (e.g., of management, employees) - Observation (e.g., of management behavior) - Inspection (e.g., of industry reports). Note: in answering this question, you need to be reasonably specific, i.e., include detail at the level of the examples I provide in the parentheses.