Audit 8.2
If an auditor wishes to decrease the acceptable level of audit risk, which of the following changes in the substantive procedures performed will not effectively provide greater assurance?
A change in the timing of substantive procedures from year-end to interim dates. bc: A lower acceptable level of audit risk increases the assurance to be provided by substantive procedures. To obtain greater assurance, the auditor may change the nature, timing, or extent of substantive procedures. For example, as the risks of material misstatement increase, the auditor is more likely to perform substantial procedures at period-end rather than interim dates. This change reduces the risk of not detecting material misstatements that may exist at period-end (AU-C 330).
Which of the following is least likely to indicate the need to increase the assurance provided by substantive testing?
A decrease in the assessed inherent risk. bc: Substantive procedures are performed to detect material misstatements in management's assertions. The nature, timing, and extent of substantive procedures are determined by the acceptable level of audit risk. For a given audit risk, the acceptable detection risk is inversely related to the assessed risks of material misstatement. The assessed RMMs are combined assessments of control risk and inherent risk. Thus, a decrease in the assessed inherent risk (1) decreases the assessed RMMs for a given assessed control risk, (2) increases the acceptable detection risk, and (3) does not indicate a need for more persuasive audit evidence (AU-C-200).
Which of the following types of evidence would an auditor most likely consider to determine whether internal controls are operating effectively?
A questionnaire completed by an employee in the receiving department concerning her duties and responsibilities. bc: Tests of controls are directed toward operating effectiveness. They include inquiries of entity personnel (e.g., a questionnaire completed by an employee in the receiving department); inspection of documents, reports, and electronic files indicating performance of the controls; observation of the application of the controls; and reperformance of the controls by the auditor.
Tests of controls in a financial statement audit are least likely to be omitted with regard to
Accounts representing many transactions. bc: For high-volume accounts, the auditor ordinarily tests controls because of efficiency considerations. The auditor tests suitably designed controls given an expectation that controls are operating with some degree of effectiveness.
A nonissuer audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in an audit of financial statements?
Adopt a substantive audit approach. bc: The assessment of risks is a basis for choosing the audit approach. A substantive audit approach is based only on substantive procedures. A combined audit approach applies tests of controls and substantive procedures. For example, the risk assessment procedures may not identify effective controls for the relevant assertion, or testing controls may be inefficient, e.g., because client documentation is not available. The result is that the effect of controls is excluded from the risk assessment. In these cases, if the auditor adopts the substantive audit approach, (s)he needs to be satisfied that it will be effective in reducing audit risk to an acceptable level. For example, the substantive audit approach may not be feasible when the processing of routine transactions is highly automated with little manual intervention. In this case, the combined audit approach is chosen. Moreover, the auditor should design and perform some substantive procedures for all relevant assertions related to each material transaction class, account balance, or disclosure regardless of the assessment of the RMMs or the choice of audit approach.
Providing more supervision during an audit of a nonissuer in response to assessed risks of material misstatement at the financial statement level is an example of
An overall response. bc: Overall responses apply to the assessed RMMs at the financial statement level. The following are examples of overall responses: (1) An emphasis on professional skepticism in evidence gathering and evaluation; (2) increased supervision; (3) assignment of staff with greater experience or expertise; (4) greater unpredictability in the choice of further audit procedures; and (5) changing the nature, timing, and extent of audit procedures, such as modifying the nature of a procedure to obtain more persuasive evidence (AU-C 330).
Which of the following explanations best describes why an auditor may decide to reduce tests of details for a particular audit objective?
Analytical procedures have revealed no unusual or unexpected results. bc: Analytical procedures performed as risk assessment procedures provide a basis for assessing the risks of material misstatement. When those procedures do not identify unusual transactions or events or amounts, ratios, and trends with audit significance, the assessment of the RMMs is lower. The lower assessment may justify reducing tests of details.
How would an auditor of a nonissuer most appropriately respond to a heightened assessed risk of material misstatement?
By assigning more experienced staff or those with specialized skills to high-risk areas. bc: Overall responses apply to the assessed RMMs at the financial statement level. The following are examples of overall responses: (1) an emphasis on professional skepticism in evidence gathering and evaluation; (2) increased supervision; (3) assignment of staff with greater experience or expertise; (4) greater unpredictability in the choice of further audit procedures; and (5) changing the nature, timing, and extent of audit procedures, such as modifying the nature of a procedure to obtain more persuasive evidence. At the relevant assertion level, the response is to change the nature, timing, or extent of further audit procedures.
An auditor is least likely to test controls that provide for
Classification of revenue and expense transactions by product line. bc: The auditor is primarily concerned with the fairness of external financial reporting and therefore with controls relevant to a financial statement audit. (S)he is less likely to test controls over records used solely for internal management purposes than those used to prepare financial statements for external distribution. Assertions about the presentation of transactions by product line are not typically made. Thus, the auditor is unlikely to expend significant audit effort in testing such classifications.
Which of the following procedures is not used in tests of controls over purchases?
Confirm inventory held in public warehouses. bc: The confirmation of inventory held in public warehouses is a substantive procedure performed on an account balance in the purchasing cycle.
An auditor may decide to perform only substantive procedures for certain assertions because the auditor believes
Controls are not relevant to the assertions. bc: The auditor's risk assessment procedures may not have identified any suitably designed and implemented controls that are relevant to the assertions. Another possibility is that testing of controls may be inefficient. But the auditor needs to be satisfied that performing only substantive procedures will be effective in reducing audit risk to an acceptable level.
An auditor uses the assessed risks of material misstatement to
Determine the acceptable level of detection risk for financial statement assertions. bc: For a given audit risk, the acceptable detection risk (the auditor's risk) is inversely related to the assessed RMMs (the entity's risks) at the assertion level. Detection risk is the risk that audit procedures will not detect a material misstatement. It relates to the nature, timing, and extent of procedures performed to reduce audit risk to an acceptably low level. Thus, it depends on the effectiveness of audit procedures and their application by the auditor (AU-C 330).
The objective of tests of details of transactions performed as tests of controls is to
Evaluate whether internal controls operated effectively. bc: The auditor may use tests of details of transactions concurrently as tests of controls (i.e., as dual-purpose tests). As substantive procedures, their objective is to support relevant assertions or detect material misstatements in the financial statements. As tests of controls, their objective is to evaluate whether a control operated effectively.
Which of the following tests of controls most likely will help assure an auditor that goods shipped are properly billed?
Examine shipping documents for matching sales invoices. bc: The proper starting point to determine whether all goods shipped were properly billed is the shipping documents. Tracing the shipping documents to the matching sales invoices provides assurance that controls worked effectively to ensure that all goods shipped were billed.
When an auditor increases the assessment of the risks of material misstatement because certain controls were determined to be ineffective, the auditor will most likely increase the
Extent of tests of details. bc: An auditor should obtain an understanding of internal control to assess the RMMs. The greater (lower) the assessment of the RMMs, the lower (greater) the acceptable detection risk for a given level of audit risk. In turn, the acceptable audit risk affects substantive testing. For example, as the acceptable audit risk decreases, the auditor changes the nature, timing, or extent of substantive procedures to increase the reliability and relevance of the evidence they provide.
Which of the following levels would most likely address the risk of material misstatement by the auditor's consideration of an entity's control environment?
Financial statements. bc: The (1) assessment of the risks of material misstatement (RMM) at the financial statement level and (2) the auditor's overall responses depend on the understanding of the control environment. An effective control environment improves the reliability of internally generated audit evidence. However, the nature, timing, and extent of further audit procedures respond to the assessed RMMs at the assertion level. NOTE: We understand that this question may seem to be awkwardly written. There is a chance that you will encounter poorly written questions on your exam. You must answer each question to the best of your ability, even if it means making an educated guess, and then move on to the next question.
Which of the following is a step in an auditor's decision to rely on internal controls?
Identify specific controls that are likely to prevent, or detect and correct, material misstatements and perform tests of controls. bc: An auditor should obtain an understanding of controls relevant to the audit. Thus, the auditor should evaluate their design and determine whether they have been implemented. The evaluation of design considers whether the controls can effectively prevent, or detect and correct, material misstatements (AU-C 315 and AS 2110). The auditor then tests relevant controls to obtain sufficient appropriate evidence about their operating effectiveness if (1) the auditor intends to rely on them in determining the nature, timing, and extent of substantive procedures, or (2) substantive procedures alone cannot provide sufficient appropriate evidence at the relevant assertion level (AU-C 330 and AS 2301).
Determining that controls are operating effectively most likely involves
Identifying specific controls relevant to specific assertions. bc: The auditor obtains an understanding of internal controls to evaluate their design and determine whether they have been implemented (AU-C 315). Tests of controls are performed only on controls that are suitably designed to prevent, or detect and correct, a material misstatement in a relevant assertion (AU-C 330).
An auditor may compensate for a high assessed risk of material misstatement by
Increasing the extent of substantive analytical procedures. bc: When designing further audit procedures, the auditor obtains more persuasive evidence the higher the risk assessment. Thus, the auditor may increase the quantity of evidence or obtain more relevant or reliable evidence. Furthermore, the extent of audit procedures generally increases as the RMMs increase. For example, the auditor may increase sample sizes or perform more detailed substantive analytical procedures (AU-C 330).
To obtain evidence about the operating effectiveness of controls, an auditor selects tests from a variety of methods, including
Inquiries bc: The auditor should perform other procedures in combination with inquiry to obtain evidence about the operating effectiveness of controls. Thus, inquiry by itself is not sufficient. Accordingly, inquiry combined with inspection, recalculation, or reperformance may be preferable to inquiry and observation. An observation is relevant only at a moment in time (AU-C 330). Inquiries may be formal or informal (oral). They seek information from knowledgeable people that may be financial or nonfinancial and internal or external to the entity (AU-C 500).
When the operating effectiveness of a control is not evidenced by written documentation, an auditor should obtain evidence about the control's effectiveness by
Inquiry and other procedures such as observation. bc: Tests of controls evaluate their operating effectiveness. However, for some controls, documentation may not be available or relevant. For example, documentation of operation may not exist for (1) some factors in the control environment, such as assignment of authority and responsibility, or (2) some controls, such as computer controls. In such cases, evidence about effectiveness of operation may be obtained through inquiry combined with other procedures, e.g., observation or computer-assisted audit techniques.
If the auditor intends to rely on the operating effectiveness of relevant controls, which test of controls is necessary to obtain sufficient appropriate evidence?
Inquiry. bc: According to AU-C 330, an auditor's tests of controls include other audit procedures in combination with inquiry. For this purpose, inquiry combined with inspection, reperformance, or recalculation may be preferable to inquiry and observation. Observation is relevant only at a moment in time.
Which of the following most likely should be included as part of an auditor's tests of controls?
Inspection bc: The auditor should perform other procedures in combination with inquiry to obtain evidence about the operating effectiveness of controls. Thus, inquiry by itself is not sufficient. Accordingly, inquiry combined with inspection, recalculation, or reperformance may be preferable to inquiry and observation. An observation is relevant only at a moment in time (AU-C 330). Inspection is an examination of internal or external records or documents in any medium. Inspection also includes physical examination of an asset (AU-C 500).
After obtaining an understanding of internal control and assessing the risks of material misstatement in a financial statement audit, an auditor decided to perform tests of controls. The auditor most likely decided that
It would be efficient to perform tests of controls that would result in a reduction in substantive procedures. bc: The auditor may rely on the operating effectiveness of controls in determining the nature, timing, and extent of substantive procedures. Thus, the auditor should weigh the cost of performing tests of controls against the expected savings from devoting less audit effort to substantive testing.
Which of the following actions should the auditor take in response to discovering a deviation from the prescribed control?
Make inquiries to understand the potential consequence of the deviation. bc: Once a deviation is discovered by an auditor, (s)he should investigate it further by making inquiries to understand the potential consequences of the deviation.
Which of the following is true related to the auditor's consideration of controls?
Misstatements detected by the auditor's substantive procedures should be considered when testing the effectiveness of related controls. bc: Misstatements detected by the auditor's substantive procedures should be considered when testing the effectiveness of related controls. The auditor may need to assess the RMMs at a higher level if fraud or error is detected that should have been detected by the entity's controls.
After obtaining an understanding of internal control in a financial statement audit, an auditor has concluded that it is well designed and is operating effectively. Under these circumstances, the auditor would most likely
Not increase the extent of substantive procedures. bc: The auditor should obtain reasonable assurance about whether the financial statements are free from material misstatement to permit expression of an opinion on whether they are fairly presented. To obtain reasonable assurance, the auditor collects sufficient appropriate evidence to reduce audit risk to an acceptable level. For the given audit risk and the assessed inherent risk, a lower assessed control risk results in lower assessed risks of material misstatement and a higher acceptable detection risk. Detection risk relates to the nature, timing, and extent of audit procedures. For a higher acceptable detection risk, the less persuasive the audit evidence the auditor requires and the less need to increase the extent of substantive procedures (AU-C 200).
For certain controls, such as assignment of authority and responsibility, documentary evidence may not exist. An auditor would most likely test the controls by
Observation and inquiry. bc: When documentary evidence does not exist, evidence about the effectiveness of the operation of controls may be obtained through such methods as observation, inquiry, or computer-assisted techniques. Inquiry alone, however, will not ordinarily provide sufficient appropriate evidence to support the conclusion that the control is operating effectively.
An auditor wishes to evaluate the design and perform tests of controls over a client's cash disbursements procedures. If the controls leave no audit trail of documentary evidence, the auditor most likely will test the procedures by
Observation and inquiry. bc: When the auditor obtains an understanding of controls relevant to the audit, (s)he performs risk assessment procedures to obtain evidence about their design and implementation. These procedures may include (1) inquiries, (2) observations of the application of the controls, (3) inspection of documents and reports, and (4) tracing transactions through the financial reporting system. Although risk assessment procedures and tests of controls differ, they may use the same types of procedures. Thus, the auditor may decide that it is efficient to test operating effectiveness and evaluate design and implementation at the same time. Furthermore, some risk assessment procedures may provide evidence about operating effectiveness. For example, the auditor may (1) inquire about the use of budgets, (2) observe comparison of budgets and actual results, and (3) inspect reports on the investigation of variances (AU-C 330 and AS 2301). In the absence of documentary evidence, the auditor performs observation and inquiry procedures and traces transactions through the system.
Which of the following procedures concerning accounts receivable is an auditor most likely to perform to obtain evidence in support of the effectiveness of controls?
Observing an entity's employee prepare the schedule of past due accounts receivable. bc: To test the effectiveness of controls, an auditor performs procedures such as inquiry, observation, inspection, recalculation, and reperformance of a control. Thus, observing an entity's employee prepare the schedule of past due accounts receivable provides evidence of the effectiveness of certain controls over accounts receivable.
Audit evidence concerning undocumented monitoring controls ordinarily is best obtained by
Observing the employees as they apply controls. bc: For some controls, documentation may not be available or relevant. For example, documentation of operation may not exist for (1) some factors in the control environment, such as assignment of authority and responsibility, or (2) some controls, such as computer controls. In such cases, evidence about effectiveness of operation may be obtained through inquiry combined with other procedures, e.g., observation or computer-assisted audit techniques
The auditor should perform tests of controls when the auditor's risk assessment includes an expectation
Of the operating effectiveness of internal control. bc: The purpose of tests of controls is to evaluate the effectiveness of controls in preventing, or detecting and correcting, material misstatements. When the auditor intends to rely on the controls, tests of their effectiveness should be performed.
What is the most likely course of action that an auditor would take after determining that performing substantive procedures on inventory will take less time than performing tests of controls?
Perform only substantive procedures on inventory. bc: According to AU-C 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained, the auditor may in some cases perform only substantive procedures and exclude the effect of controls from the relevant risk assessment. For example, (1) testing the operating effectiveness of controls may be inefficient, or (2) risk assessment procedures may not have identified effective controls relevant to the assertions. In these cases, the auditor does not intend to rely on controls.
After obtaining an understanding of internal control for the audit of a nonissuer's financial statements, an auditor decided not to perform tests of controls. The auditor most likely decided that
Performing only substantive procedures would effectively reduce audit risk to an acceptably low level. bc: The assessment of risks is a basis for choosing the audit approach. A substantive audit approach is based only on substantive procedures. A combined audit approach applies tests of controls and substantive procedures. For example, the risk assessment procedures may not identify effective controls for the relevant assertion, or testing controls may be inefficient, e.g., because client documentation is not available. The result is that controls are not a factor in the risk assessment. In these cases, if the auditor adopts the substantive audit approach, (s)he needs to be satisfied that it will be effective in reducing audit risk to an acceptable level. For example, the substantive audit approach may not be feasible when the processing of routine transactions is highly automated with little manual intervention. In this case, the combined audit approach is chosen.
An auditor generally tests the segregation of duties related to inventory by
Personal inquiry and observation. bc: The segregation of duties reduces the opportunity for an individual to perpetrate and conceal fraud or error in the normal course of his or her duties. Authorization of transactions, recording of transactions, and custody of assets should be segregated. The best evidence that controls based on segregation of duties are operating as planned is provided by the auditor's own observation and inquiries.
To obtain evidence about the effectiveness of controls, an auditor ordinarily selects tests from a variety of methods, including
Reperformance bc: The auditor should perform other procedures in combination with inquiry to obtain evidence about the operating effectiveness of controls. Thus, inquiry by itself is not sufficient. Accordingly, inquiry combined with inspection, recalculation, or reperformance may be preferable to inquiry and observation. An observation is relevant only at a moment in time (AU-C 330). Reperformance is the independent performance of procedures or controls that are part of the entity's internal controls (AU-C 500).
To test the effectiveness of controls, an auditor ordinarily selects from a variety of techniques, including
Reperformance and observation. bc: Inquiry alone is not sufficient to test the operating effectiveness of controls. Other audit procedures performed in combination with inquiry may include inspection, recalculation, and reperformance of a control that pertains to an assertion.
A client maintains perpetual inventory records in both quantities and dollars. If the assessment of the risks of material misstatement is high, an auditor will probably
Request the client to schedule the physical inventory count at the end of the year. bc: If the assessment of the RMMs is high, the acceptable detection risk for a given level of audit risk decreases. The auditor should change the nature, timing, or extent of substantive procedures to increase the reliability and relevance of the evidence they provide. Thus, extending work done at an interim date to year end might be inappropriate. Observation of inventory at year end provides more reliable and relevant evidence.
Which of the following statements about the auditor's response to assessed risks of material misstatement in a financial statement audit is true?
Risk assessment procedures performed to obtain an understanding of an entity's internal control also may serve as tests of controls. bc: Performing risk assessment procedures to obtain an understanding of the entity and its environment involves, among other things, evaluating the design of controls and determining whether they have been implemented. Tests of controls evaluate their operating effectiveness in preventing, or detecting and correcting, material misstatements at the assertion level. Although risk assessment procedures and tests of controls differ, they may use the same types of procedures. Thus, the auditor may decide that it is efficient to test operating effectiveness and evaluate design and implementation at the same time. Furthermore, some risk assessment procedures may provide evidence about operating effectiveness. For example, the auditor may (1) inquire about the use of budgets, (2) observe comparison of budgets and actual results, and (3) inspect reports on the investigation of variances (AU-C 330 and AS 2301).
Which of the following courses of action is the most appropriate if an auditor concludes that there is a high risk of material misstatement?
Select more effective substantive procedures bc: Answer (D) is correct. The nature, timing, and extent of the auditor's further audit procedures should respond to the assessed RMMs at the relevant assertion level. The greater the assessed RMMs, the more persuasive audit evidence should be. To obtain more persuasive audit evidence, the auditor may increase its quantity or obtain evidence that is more relevant or reliable. Accordingly, for high RMMs, the evidence should be more appropriate (relevant and reliable), and the auditor should select more effective substantive procedures.
During an audit of a nonissuer's financial statements, an auditor should perform tests of controls to obtain sufficient appropriate audit evidence about the operating effectiveness of relevant controls if
Substantive procedures alone cannot provide sufficient appropriate audit evidence. bc: The auditor tests suitably designed controls at the relevant assertion level when the risk assessment is based on the expectation that controls are operating with some degree of effectiveness (i.e., the auditor intends to rely on the controls). The greater the reliance on controls, the more persuasive the evidence of their effectiveness should be. Controls also are tested when substantive procedures alone are inadequate to obtain sufficient appropriate evidence. Tests of controls are necessary for IT processing of routine, high-volume transactions with little manual intervention or hardcopy documentation.
Regardless of the assessed risks of material misstatement, an auditor should perform some
Substantive procedures to restrict detection risk for significant transaction classes. bc: Regardless of the assessed RMMs (or the effectiveness of the relevant controls), the auditor should design and perform substantive procedures for all relevant assertions related to each material transaction class, account balance, and disclosure.
An auditor examines a sample of copies of December and January sales invoices for the initials of the person who verified the quantitative data. The purpose is to determine the operating effectiveness of the verification. This audit procedure is an example of a
Test of controls. bc: Tests of controls are used to determine whether controls are operating effectively. Checking for initials provides evidence that a person has verified the quantitative data as prescribed. Finding items that were corrected verifies that the control was effective. Finding uncorrected errors indicates the control was not in operation or not effective.
When an auditor plans to rely on controls that have changed since they were last tested, which of the following courses of action would be most appropriate?
Test the operating effectiveness of such controls in the current audit. bc: Controls that have changed must be tested for operating effectiveness before they can be relied on.
Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertions and risks?
Testing the operating effectiveness of the relevant controls would not be efficient. bc: The assessment of risks is a basis for choosing the audit approach. The risk assessment procedures may not identify effective controls for the relevant assertion, or testing controls may be inefficient. In these cases, the auditor may wish to use a substantive audit approach.
When numerous property and equipment transactions occur during the year, an auditor who assesses the risks of material misstatement at a low level usually performs
Tests of controls and limited tests of current-year property and equipment transactions. bc: The auditor usually performs tests of controls and substantive procedures (the combined audit approach). The auditor must make decisions about the nature, timing, and extent of substantive procedures that are most responsive to the assessment of the RMMs. These decisions are affected by whether the auditor has tested controls. Thus, the extent of relevant substantive procedures may be reduced when control is found to be effective.
A senior auditor conducted a dual-purpose test on a client's invoice to determine whether the invoice was approved and to ascertain the amount and other terms of the invoice. Which of the following lists two tests that the auditor performed?
Tests of controls and tests of details bc: Dual-purpose testing involves performing (1) a test of details and (2) a test of controls on the same transaction. Tests of controls are used to determine whether controls are operating effectively. Determining whether the invoice was approved verifies that the control was effective. Ascertaining the amount and terms of the invoice is used to detect material misstatements in financial statement assertions, which is a test of details.
If interim substantive procedures for an account identified no exceptions, which of the following would the auditor not perform on that account at year end?
Tests of details for the entire year under audit. bc: Substantive procedures may be performed at an interim date. The auditor then should cover the remaining period by performing substantive procedures combined with tests of controls to provide a reasonable basis for extending conclusions. (But the auditor may determine that performing only substantive procedures suffices.) If unexpected misstatements are detected at the interim date, the auditor may conclude that the planned substantive procedures for the remaining period need to be modified. Modification may include extending or repeating at period end the procedures performed at the interim date. Accordingly, if no misstatements (exceptions) for an account are identified at the interim date, the auditor does not perform substantive procedures (tests of details) on the account at period end for the entire year under audit. Thus, the auditor does not repeat procedures performed at the interim date.
After gaining an understanding of a client's computer processing internal control, a financial statement auditor may decide not to test the effectiveness of the computer processing control procedures. Which of the following is not a valid reason for choosing to omit tests of controls?
The assessment of the risks of material misstatement permits the auditor to rely on the controls. bc: Although controls appear to be effective based on the understanding of internal control, the auditor should perform tests of controls when the assessment of the RMMs at the relevant assertion level includes an expectation of their operating effectiveness. This expectation reflects the auditor's intention to rely on the controls in determining the nature, timing, and extent of substantive procedures.
An auditor of a nonissuer should design tests of details to ensure that sufficient audit evidence supports which of the following?
The planned level of assurance at the relevant assertion level. bc: Tests of details of transaction classes, account balances, and disclosures are substantive procedures. Some substantive procedures should be performed for all relevant assertions related to each material transaction class, balance, and disclosure. With respect to obtaining audit evidence, the auditor's objective is to obtain sufficient appropriate evidence to be able to draw reasonable conclusions as a basis for an opinion on whether statements are materially misstated. To design and perform further audit procedures (substantive procedures and tests of controls), the auditor assesses the risks of material misstatement at the financial statement and relevant assertion levels.
In performing tests of controls, the auditor will normally find that
The rate of deviations in the sample exceeds the rate of error in the accounting records. bc: When testing controls, the auditor is directly concerned with deviations from specific controls. Failure to comply with a control does not necessarily result in an error in the records. For example, the absence of an authorization signature does not necessarily mean that the transaction was improperly recorded. Accordingly, the rate of deviations from a control normally exceeds the error rate in the records.
As the acceptable level of detection risk increases for a given audit risk, an auditor may change the
Timing of substantive procedures from year end to an interim date. bc: For a given audit risk, the acceptable detection risk (the auditor's risk) is inversely related to the assessed RMMs (the entity's risks) at the assertion level. Detection risk is the risk that audit procedures will not detect a material misstatement. It relates to the nature, timing, and extent of procedures performed to reduce audit risk to an acceptably low level. Thus, it depends on the effectiveness of audit procedures and their application by the auditor (AU-C 330). For example, as the acceptable level of detection risk for a given audit risk increases, the audit effort devoted to substantive procedures may be reduced. The auditor may change the nature, timing, or extent of substantive procedures, for example, by changing the timing to an interim date.
While performing interim audit procedures on accounts receivable, numerous unexpected errors are found resulting in a change of risk assessment. Which of the following audit responses would be most appropriate?
Use more experienced audit team members to perform year-end testing. bc: The higher the risk assessment, the more persuasive the audit evidence should be. Audit evidence should be sufficient and appropriate. Sufficiency relates to quantity and appropriateness to relevance and reliability. To obtain more persuasive evidence, the auditor may increase its quantity or obtain evidence that is more relevant or reliable. The higher the risk assessment, the more likely that performing substantive procedures at or near to period-end is more effective (results in more reliable evidence) than performing them at an interim date. Moreover, assigning more experienced audit team members may result in obtaining more reliable evidence because of their greater competence. Using more experienced audit team members is an example of an overall response to the risk assessment.
Tests of controls are concerned primarily with each of the following questions except
Were the controls approved by the board of directors? bc: The purpose of tests of controls is to evaluate their effectiveness in preventing, or detecting and correcting, material misstatements at the assertion level. Thus, the auditor performs inquiry and other audit procedures to obtain evidence about such matters as the following: (1) how the controls were applied at relevant times, (2) the consistency of application, and (3) by whom and by what means they were applied. The auditor also should determine whether the controls depend on indirect controls and whether such controls should be tested. For example, when an auditor tests user review of exception reports, the controls over information in the reports are indirect controls (AU-C 330 and AS 2301).
In an environment that is highly automated, an auditor determines that it is not possible to obtain sufficient appropriate audit evidence solely by performing substantive procedures on transactions. Under these circumstances, the auditor most likely would
perform tests of controls bc: For some RMMs, the auditor may determine that it is not feasible to obtain sufficient appropriate audit evidence only from substantive procedures. These RMMs may relate to routine, significant transactions subject to highly automated processing with no documentation except what is recorded in the IT system. In such circumstances, the controls over the RMMs are relevant to the audit. Thus, the auditor should obtain an understanding of, and test, the controls.