ECON132A chapter 8
Assessing control risk at below the maximum level most likely would involve a) Identifying specific internal control structure policies and procedures relevant to specific assertions. b) Changing the timing of substantive tests by omitting interim-date testing and performing the tests at year end. c) Reducing inherent risk for most of the assertions relevant to significant account balances. d) Performing more extensive substantive tests with larger sample sizes than originally planned.
A
If an auditor decides to assess control risk as low based on IT application control procedures, which of the following would not be part of the auditor's strategy for testing controls? a) Testing the effectiveness of management review controls used to monitor the results of operations. b) Testing the effectiveness of the application with test data. c) Testing the effectiveness of IT general control procedures. d) Testing the effectiveness of manual follow-up procedures.
A
Benchmarking is a process that involves: a) an audit strategy that allows an auditor to rely on IT application controls if manual follow-up procedures are strong. b) an audit strategy that allows the auditor to use evidence from testing an IT application control in a prior period, if the application has not been changed. c) an audit strategy that allows the auditor to test only identified key controls rather than all controls used by the client. d) comparing the effectiveness of one control with another control.
B
If an auditor performs tests of controls and determines that the control is not effective, what should the auditor's next step in testing controls be? a) Document the results of tests of controls and proceed with the planned audit strategy. b) Determine if a compensating control exists. c) Perform tests of controls on compensating controls. d) Document the results of tests of controls and proceed with a primarily substantive approach.
B
In auditing an entity's computerized payroll transactions, an auditor would be least likely to use test data to test controls concerning a) Overpayment of employees for hours not worked. b) Control and distribution of unclaimed checks. c) Missing employee identification numbers. d) Withholding of taxes and Social Security contributions.
B
The software application compares all sales invoices with underlying shipping information on the bills of lading and packing slips with sales invoices. If differences are revealed, a report is generated for review and follow-up by the billing supervisor. This is an example of a(n): a) IT general control. b) detective control. c) preventive control. d) IT-dependent manual control.
B
When obtaining an understanding of internal controls, the auditor identifies important programmed application controls over the occurrence of sales. However, the auditor also has serious concerns about the adequacy of the control environment due to a weak tone at the top about control consciousness. Which of the following best describes how the auditor should respond to this situation when planning tests of controls related to the occurrence of sales? a) The auditor could assess control risk as low for an assertion if ITGCs are tested and shown to be strong. b) The auditor will probably assess control risk at the maximum irrespective of the quality of the programmed application controls. c) The auditor could assess control risk as low for an assertion after performing software-based audit techniques on controls relevant to that assertion. d) The auditor could assess control risk as low for an assertion after performing software-based audit techniques on controls relevant to that assertion and assessing the adequacy of segregation of duties.
B
A software application will not allow a sale to be processed if a customer is over its credit limit. This is an example of a(n): a) IT-dependent manual control. b) detective control. c) preventive control. d) IT general control.
C
An auditor is going to test the client's controls over bank reconciliations. The auditor will perform which of the following audit procedures for this test of controls? a) Software-based audit techniques using test data. b) Inquiry of the person performing the bank reconciliation. c) Inquiry of the person performing the bank reconciliation and reperformance of the bank reconciliation procedure. d) Reperformance of the bank reconciliation procedure.
C
ITGCs are important because they: a) prevent the reliability of electronic audit evidence. b) impact the effectiveness of manual controls. c) prevent unauthorized personnel from having access to data and applications. d) allow client staff to change programs without needing to receive authorization for the change.
C
Which of the following represents an example of an IT application control? a) All changes to software applications must be reviewed and approved by the department affected by the application. b) The accounts receivable manager reviews credit balances in accounts receivable quarterly to determine their causes. c) The software application compares all sales invoices with underlying shipping information on the bills of lading and packing slips with sales invoices. If differences are revealed, a report is generated for review and follow-up by the billing supervisor. d) The assistant controller performs a monthly bank reconciliation and follow-up of unexpected outstanding items.
C
Which of the following would require the auditor to increase the level of control testing for a particular control? a) There are several controls relating to a particular audit objective. b) The WCGW addressed by the control is not very important. c) A high degree of reliance is to be placed on the control to limit the amount of substantive testing required. d) The control is performed monthly instead of daily.
C
The auditor decides which controls to test by considering: a) the points at which fraud or error can occur. b) the nature of controls implemented by management. c) the significance of each control in achieving its control objective. d) All of these answer choices are correct.
D
The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the a) Operating effectiveness of internal control policies and procedures. b) Factors that raise doubts about the auditability of the financial statements. c) Possibility that the nature and extent of substantive tests may be reduced. d) Risk that material misstatements exist in the financial statements.
D
Working papers: a) document the results of the tests but not the purpose of the control selected for testing. b) document the purpose of the control selected for testing and the conclusion made by the auditor but not the results of the test. c) are necessary for the first-year auditor to keep track of the daily work but are not important to the overall audit. d) document the auditor's conclusion about control risk and the basis for that conclusion.
D