AUD #11 Audit Risk
Control risk should be assessed in terms of: a. Specific controls. b. Financial statement assertions. c. Control environment factors. d. Types of potential irregularities.
b. Financial statement assertions. The auditor identifies internal controls relevant to specific financial statement assertions, and then performs tests of controls to evaluate their effectiveness in preventing material misstatements in those assertions. Control risk should be assessed in terms of financial statement assertions.
An auditor assesses control risk because it: a. Affects the level of detection risk that the auditor may accept. b. Is relevant to the auditor's understanding of the control environment. c. Indicates to the auditor where inherent risk may be the greatest. d. Provides assurance that the auditor's materiality levels are appropriate.
a. Affects the level of detection risk that the auditor may accept. Choice "a" is correct. The auditor uses the assessed level of control risk (together with the assessed level of inherent risk) to determine the assessed risk of material misstatement, which in turn affects the acceptable level of detection risk for financial statement assertions. Choice "b" is incorrect. The auditor assesses control risk after obtaining an understanding of internal control. Assessment is not required to obtain an understanding of the control environment or any of the other four components of internal control.
In an audit of a nonissuer's financial statements, projected misstatement is: a. An auditor's best estimate of misstatements in a population extrapolated from misstatements identified in an audit sample. b. The only amount that the auditor considers in evaluating materiality and fairness of the financial statements. c. The likely amount of misstatement in the subsequent-period's financial statements if a control is not properly implemented. d. An auditor's best estimate, before performing audit procedures, of misstatements that the auditor expects to find during the audit.
a. An auditor's best estimate of misstatements in a population extrapolated from misstatements identified in an audit sample. Choice "a" is correct. Projected misstatement is an auditor's best estimate of misstatements in a population extrapolated from misstatements identified in an audit sample. Choice "d" is incorrect. Expected misstatement is the auditor's best estimate, before performing audit procedures, of misstatements that the auditor expects to find during the audit.
On the basis of audit evidence gathered and evaluated, an auditor decides to increase the assessed level of control risk, and therefore the risk of material misstatement, from that originally planned. To achieve an overall audit risk level that is substantially the same as the planned audit risk level, the auditor would: a. Decrease detection risk. b. Decrease substantive testing. c. Increase materiality levels. d. Increase inherent risk.
a. Decrease detection risk. Overall audit risk is made up of the risk of material misstatement and detection risk. The risk of material misstatement is itself comprised of two separate risks, inherent risk and control risk. When the assessed level of control risk is increased, the risk of material misstatement also increases, and detection risk must be decreased to achieve an overall audit risk level that is substantially the same as the planned audit risk level. Choice "b" is incorrect. If the assurance directly provided from substantive tests decreased, detection risk would increase because direct tests have become less beneficial.
Which of the following courses of action is the most appropriate if an auditor concludes that there is a high risk of material misstatement? a. Select more effective substantive tests. b. Increase of tests of controls. c. Use smaller, rather than larger, sample sizes. d. Perform substantive tests as of an interim date.
a. Select more effective substantive tests. Choice "a" is correct. When the auditor determines that the overall risk of material misstatement is high, the acceptable level of detection risk decreases and the auditor must perform more effective substantive procedures. Choice "d" is incorrect. The performance of substantive tests on an interim basis is inappropriate when the risk of material misstatement is high because interim testing increases (rather than reduces) the risk that the auditor will not detect material misstatements in the financial statements.
Which of the following is a definition of control risk? a. The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls. b. The risk that the auditor will not detect a material misstatement. c. The risk that the auditor's assessment of internal controls will be at less than the maximum level. d. The susceptibility of material misstatement assuming there are no related internal control, policies, or procedures.
a. The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls. Choice "a" is correct. Control risk is the risk that a material misstatement that could occur in a relevant assertion will not be prevented or detected (and corrected) on a timely basis by the entity's internal control. Choice "d" is incorrect. This statement describes inherent risk.
In an engagement to examine management's discussion and analysis (MD&A), which of the following best defines control risk? a. The risk that material misstatements in the MD&A presentation will not be prevented in a timely manner. b. The risk of detecting misstatements that are material to the MD&A presentation taken as a whole. c. The risk that an assertion within the MD&A will lead to a material misstatement. d. The risk that the practitioner will not uncover a material misstatement within an MD&A assertion.
a. The risk that material misstatements in the MD&A presentation will not be prevented in a timely manner. Choice "a" is correct. Control risk is the risk that a material misstatement that could occur in an assertion within MD&A will not be prevented or detected on a timely basis. Choice "c" is incorrect. Inherent risk is the susceptibility of an assertion within MD&A that will lead to a material misstatement, assuming that there are no related controls.
As the acceptable level of detection risk increases, an auditor may change the: a. Timing of substantive tests from year-end to an interim date. b. Assessed level of control risk from low to high. c. Assurance provided by tests of controls by using a larger sample size than planned. d. Nature of substantive tests from a less effective to a more effective procedure.
a. Timing of substantive tests from year-end to an interim date. Choice "a" is correct. As the acceptable level of detection risk increases, the assurance (effectiveness) that must be provided from substantive tests can decrease. Thus, the auditor may change the timing of substantive tests from year-end to an interim date. Choice "b" is incorrect. The assessed level of control risk is used to determine the acceptable level of detection risk, not vice versa.
While performing interim audit procedures of accounts receivable, numerous unexpected errors are found resulting in a change of risk assessment. Which of the following audit responses would be most appropriate? a. Use more experienced audit team members to perform year-end testing. b. Send negative accounts receivable confirmations instead of positive accounts receivable confirmations. c. Increase the dollar threshold of vouching customer invoices. d. Move detailed analytical procedures from year end to interim.
a. Use more experienced audit team members to perform year-end testing. Choice "a" is correct. Numerous unexpected errors would result in an increase in the assessment of risk. An increase in risk of material misstatement would result in a decrease in detection risk, which means the assurance provided from substantive procedures should increase. Performing testing at year-end as well as utilizing more experienced audit team members to perform those tests would be an appropriate response. Choice "d" is incorrect. Moving procedures from year-end to interim results in less assurance and would be an incorrect response to an increase in assessment of risk.
Which of the following is an important consideration when deciding the nature of tests to use in a financial statement audit? a. Tests of details typically provide a low level of assurance. b. The procedures to be applied on a particular engagement are a matter of the auditor's professional judgment. c. The use of tests of controls should be considered without regard to the level of assurance required. d. Analytical procedures are an inefficient means of obtaining assurance.
b. The procedures to be applied on a particular engagement are a matter of the auditor's professional judgment. Choice "b" is correct. The nature of tests to be applied on a particular engagement is a matter of the auditor's professional judgment. Choice "c" is incorrect. The use of test of controls should be considered when deciding the level of assurance required and the nature of tests to be used. For example, if test of controls indicate that controls are not operating effectively, this will result in a lower detection risk. As the acceptable level of detection risk decreases, the assurance provided from substantive procedures should increase. In this case, the auditor may change the nature of substantive tests from a less effective to more effective procedure.
When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor would most likely increase the: a. Extent of tests of controls. b. Level of detection risk. c. Extent of tests of details. d. Level of inherent risk.
c. Extent of tests of details. Choice "c" is correct. As the assessed level of control risk increases, the acceptable level of detection risk for financial statement assertions decreases. To attain a decreased level of detection risk, greater assurance is needed from substantive tests. Increasing the extent of tests will provide greater assurance. Choice "b" is incorrect. As the assessed level of control risk increases, the acceptable level of detection risk decreases. In this way, the auditor can keep total audit risk to an acceptable level.
Under which of the following circumstances should an auditor consider confirming the terms of a large complex sale? a. When the assessed level of control risk over the sale is low. b. When the combined assessed level of inherent and control risk over the sale is moderate. c. When the combined assessed level of inherent and control risk over the sale is high. d. When the assessed level of detection risk over the sale is high
c. When the combined assessed level of inherent and control risk over the sale is high. The auditor would consider confirming a large complex sale when the risk of material misstatement (RMM) is high. The risk of material misstatement includes both inherent risk and control risk. If both inherent risk and control risk are high, then RMM is high and the auditor would minimize detection risk by performing more reliable auditing procedures, such as confirmation of the terms of large complex sale. Choice "d" is incorrect. High detection risk implies a low risk of material misstatement. If the risk of material misstatement is low, the auditor is less likely to confirm the terms of a large complex sale.
The acceptable level of detection risk is inversely related to the: a. Risk of failing to discover material misstatements. b. Preliminary judgment about materiality levels. c. Risk of misapplying auditing procedures. d. Assurance provided by substantive tests.
d. Assurance provided by substantive tests. Choice "d" is correct. The acceptable level of detection risk is inversely related to the assurance provided by substantive tests. For example, if the acceptable level of detection risk decreases, more assurance is required from substantive tests. Choice "a" is incorrect. The acceptable level of detection risk is directly related to the risk of failing to discover material misstatements (audit risk).
Detection risk differs from both control risk and inherent risk in that detection risk: a. Arises from risk factors relating to fraud. b. Exists independently of the financial statement audit. c. Should be assessed in nonquantitative terms. d. Can be changed at the auditor's discretion.
d. Can be changed at the auditor's discretion. Choice "d" is correct. Detection risk can be changed at the auditor's discretion, whereas control risk and inherent risk exist independently of the financial statement audit, and cannot be changed by the auditor. Choice "b" is incorrect. Detection risk is a function of the effectiveness of audit procedures and of the manner in which they are applied, so it does not exist independently of the financial statement audit.
When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor most likely would increase the: a. Level of inherent risk. b. Extent of tests of controls. c. Level of detection risk. d. Extent of tests of details.
d. Extent of tests of details. Choice "d" is correct. An increase in the assessed level of control risk means that the assessed risk of material misstatement has also increased, and this requires a corresponding decrease in detection risk to maintain the same (presumably low) level of overall audit risk. Increasing the extent of tests of details will result in a reduction in detection risk. Choice "b" is incorrect. If the auditor has already determined that certain control activities are ineffective, increasing the extent of those tests is not likely to be helpful. The auditor needs to find a way to compensate for the increased level of risk in order to keep overall audit risk to a low level.
As the acceptable level of detection risk decreases, an auditor may: a. Lower the assessed level of control risk. b. Reduce substantive testing by relying on the assessments of inherent risk and control risk. c. Eliminate the assessed level of inherent risk from consideration as a planning factor. d. Postpone the planned timing of substantive tests from interim dates to the year-end.
d. Postpone the planned timing of substantive tests from interim dates to the year-end. As the acceptable level of detection risk decreases, the assurance provided from substantive tests should increase. Consequently, the auditor should do one or more of the following: 1) change the nature of substantive tests from a less effective to a more effective procedure, 2) change the timing of the substantive tests, such as performing them at year-end rather than at an interim date, or 3) change the extent of substantive tests, such as using a larger sample size.
Regardless of the assessed level of control risk, an auditor would perform some: a. Analytical procedures to verify the design of internal control. b. Tests of controls to determine the effectiveness of internal control. c. Dual purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk. d. Substantive tests to restrict detection risk for significant transaction classes.
d. Substantive tests to restrict detection risk for significant transaction classes. Choice "d" is correct. Regardless of the assessed level of control risk, an auditor would perform some level of substantive tests to restrict detection risk for significant transaction classes. Even with the lowest possible assessed level of control risk, substantive testing cannot be entirely eliminated for significant transaction classes or balances. Choice "b" is incorrect. An auditor generally would not perform tests of controls if it would not be efficient to do so.