Exam 2 Audit
Which of the following would require the auditor to increase the level of control testing for a particular control? A high degree of reliance is to be placed on the control to limit the amount of substantive testing required. The WCGW addressed by the control is not very important. The control is performed monthly instead of daily. There are several controls relating to a particular audit objective.
A high degree of reliance is to be placed on the control to limit the amount of substantive testing required.
What step follows planning the ADA? Evaluating results and concluding whether the purpose of the ADA has been achieved. Considering the relevance and reliability of data used. Accessing and preparing the data for ADA. Performing the ADA.
Accessing and preparing the data for ADA.
An external confirmation sent to a bank: requests information about the bank balances and loan amounts. requests information about interest rates paid on deposits and charged on loans. is relevant to the audit of interest revenue and expense. All of these answer choices are correct.
All of these answer choices are correct.
It is important for an auditor to understand a public company's system of internal control in order to: audit internal control over financial reporting. make a preliminary assessment of control risk. develop an audit strategy. All of these answer choices are correct.
All of these answer choices are correct.
The auditor decides which controls to test by considering: the points at which fraud or error can occur. the nature of controls implemented by management. the significance of each control in achieving its control objective. All of these answer choices are correct.
All of these answer choices are correct.
When performing ADA as a risk assessment procedure, a notable item: is indicative of a risk of material misstatement not previously identified by the auditor. is indicative of a higher risk of material misstatement than anticipated by the auditor. provides information useful in designing procedures to address the risk of material misstatement. All of these answer choices describe notable items.
All of these answer choices describe notable items.
Which of the following would not be a reason to increase the extent of a substantive test? The risk of material misstatement is high. Qualitative factors suggest there may be errors in the account. Auditors have time to test more items. Internal controls are weak.
Auditors have time to test more items.
Which of the following represent a common categorization of control activities? Authorization controls, information-processing controls, physical controls, and segregation of duties. Authorization controls, control over human error, information-processing controls, physical controls, and segregation of duties. Authorization controls, performance reviews, information-processing controls, physical controls, and segregation of duties. Authorization controls, control over human error, information-processing controls, and segregation of duties.
Authorization controls, performance reviews, information-processing controls, physical controls, and segregation of duties.
In a good system of segregation of duties, which of the following duties should be segregated? Authorization of transactions, recording transactions, and management. Physical access to assets, recording of transactions, and consideration. Authorization of transactions, physical access to assets, and management. Authorization of transactions, physical access to assets, and recording transactions.
Authorization of transactions, physical access to assets, and recording transactions.
Which is generally the most reliable form of evidence? Externally generated evidence held by the client. Externally generated evidence sent directly to the auditor. Internally generated evidence from the client's IT system. Internally generated evidence based on discussions with upper management.
Externally generated evidence sent directly to the auditor.
Which assertion is typically related to income statement accounts rather than balance sheet accounts or presentation and disclosure? Accuracy. Completeness. Cutoff. Rights and obligations.
Cutoff.
If an auditor performs tests of controls and determines that the control is not effective, what should the auditor's next step in testing controls be? Determine if a compensating control exists. Perform tests of controls on compensating controls. Document the results of tests of controls and proceed with a primarily substantive approach. Document the results of tests of controls and proceed with the planned audit strategy.
Determine if a compensating control exists.
Which of the following situations increases the reliability of data being used for substantive analytical procedures? Broad industry averages will be used in comparison with the client's data. The source of the data is the client's internal budget reports. During the prior-year audit, the data was subjected to audit testing. Controls over the data have not been tested.
During the prior-year audit, the data was subjected to audit testing.
Which of the following characteristics of an accounting estimate would lead to lower estimation uncertainty? Estimate is derived from a model developed by the client. Estimate is related to complex transactions. Estimate involves assumptions that cannot be observed in a public market. Estimate is related to routine transactions.
Estimate is related to routine transactions.
Which of the following can be used as both a risk assessment procedure and a substantive procedure for the audit of accounting estimates? Gain an understanding of what is required by the applicable financial reporting framework. Inspect documentation for proper approval of the accounting estimate. Inspect events happening after year-end and up to the date of the auditor's report. Inquire of management about the methods and assumptions used in developing the estimate.
Inquire of management about the methods and assumptions used in developing the estimate.
An auditor is going to test the client's controls over bank reconciliations. The auditor will perform which of the following audit procedures for this test of controls? Inquiry of the person performing the bank reconciliation. Reperformance of the bank reconciliation procedure. Inquiry of the person performing the bank reconciliation and reperformance of the bank reconciliation procedure. Software-based audit techniques using test data.
Inquiry of the person performing the bank reconciliation and reperformance of the bank reconciliation procedure.
Which of the following situations would most likely preclude an auditor from performing substantive procedures during an interim period? Internal controls are strong and the risk of material misstatement is low. Internal controls are strong and the risk of material misstatement is high. Internal controls are weak and the risk of material misstatement is low. Internal controls are weak and the risk of material misstatement is high.
Internal controls are weak and the risk of material misstatement is high.
An auditor is using regression analysis to investigate battery expense for a computer manufacturer that purchases batteries. Which of the following would be a good choice of independent variable for the regression? Revenues. Square footage of manufacturing space. Number of computers sold. Number of employees.
Number of computers sold.
Which audit procedure is being used when an auditor checks the calculations in a client-prepared spreadsheet? Reperformance. Scanning. Analytical procedure. Recalculation.
Recalculation.
When an auditor identifies internal control deficiencies, what levels of internal control deficiencies must be reported to those charged with governance of the entity? Material weaknesses only. Deficiencies and significant deficiencies in internal control. Significant deficiencies only. Significant deficiencies and material weaknesses in internal control.
Significant deficiencies and material weaknesses in internal control
If an auditor decides to assess control risk as low based on IT application control procedures, which of the following would not be part of the auditor's strategy for testing controls? Testing the effectiveness of manual follow-up procedures. Testing the effectiveness of IT general control procedures. Testing the effectiveness of management review controls used to monitor the results of operations. Testing the effectiveness of the application with test data.
Testing the effectiveness of management review controls used to monitor the results of operations.
When obtaining an understanding of internal controls, the auditor identifies important programmed application controls over the occurrence of sales. However, the auditor also has serious concerns about the adequacy of the control environment due to a weak tone at the top about control consciousness. Which of the following best describes how the auditor should respond to this situation when planning tests of controls related to the occurrence of sales? The auditor could assess control risk as low for an assertion after performing software-based audit techniques on controls relevant to that assertion and assessing the adequacy of segregation of duties. The auditor could assess control risk as low for an assertion if ITGCs are tested and shown to be strong. The auditor could assess control risk as low for an assertion after performing software-based audit techniques on controls relevant to that assertion. The auditor will probably assess control risk at the maximum irrespective of the quality of the programmed application controls.
The auditor will probably assess control risk at the maximum irrespective of the quality of the programmed application controls.
Which of the following is an example of data that needs to be cleaned before it can be analyzed? The data has dates in two different formats (MM/DD/YY and DD/MM/YY). The data contains misstatements. The data comes from a system with poor internal controls. The data has information from customers in data files from two different divisions.
The data has dates in two different formats (MM/DD/YY and DD/MM/YY).
An auditor is performing a cluster analysis and sorts a client's customers into groups based on the aging of accounts receivable. The auditor is most likely auditing which of the following assertions? Existence. Completeness. Rights and obligations. Valuation and allocation.
Valuation and allocation.
Which of the following represents an example of an IT application control? All changes to software applications must be reviewed and approved by the department affected by the application. The accounts receivable manager reviews credit balances in accounts receivable quarterly to determine their causes. The assistant controller performs a monthly bank reconciliation and follow-up of unexpected outstanding items. The software application compares all sales invoices with underlying shipping information on the bills of lading and packing slips with sales invoices. If differences are revealed, a report is generated for review and follow-up by the billing supervisor.
The software application compares all sales invoices with underlying shipping information on the bills of lading and packing slips with sales invoices. If differences are revealed, a report is generated for review and follow-up by the billing supervisor.
Which of the following is a good example of an IT application control over the occurrence of revenue transactions? Strong segregation of duties exists between IT operations and IT program development. The software application compares information on a sales invoice with information from the bill of lading to ensure that sales invoices are only prepared for actual shipments. Any exceptions are not processed and are set aside for manual follow-up. The software changes to the revenue program must be tested and authorized before they may be used with live data. Physical access to IT systems is limited only to specific personnel who work in the revenue cycle.
The software application compares information on a sales invoice with information from the bill of lading to ensure that sales invoices are only prepared for actual shipments. Any exceptions are not processed and are set aside for manual follow-up.
Which of the following would be the most likely reason to include more unpredictability in the selection and performance of audit procedures? Client has a strong internal control environment. Client was not audited in the previous year. Unpredictability provides the audit team with more variety. There is heightened risk of fraud.
There is heightened risk of fraud.
Analytical procedures: are substantive procedures and cannot be used at any other stage of the audit. are used to test controls and are not substantive procedures. are required during the planning and substantive testing phases of the audit. can be used as substantive tests but cannot be used as primary tests of a balance.
are used to test controls and are not substantive procedures
Internal control is defined as: a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to operations, reporting, and compliance. a process, implemented by management, to ensure the integrity of the entity's management information system. the entity's system to ensure that management and those charged with governance of the entity have quality information for decision making. the entity's system to prevent, or detect and correct, misstatements in the financial statements.
a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to operations, reporting, and compliance.
Benchmarking is a process that involves: an audit strategy that allows an auditor to rely on IT application controls if manual follow-up procedures are strong. an audit strategy that allows the auditor to test only identified key controls rather than all controls used by the client. comparing the effectiveness of one control with another control. an audit strategy that allows the auditor to use evidence from testing an IT application control in a prior period, if the application has not been changed.
an audit strategy that allows the auditor to use evidence from testing an IT application control in a prior period, if the application has not been changed.
A detailed listing of the specific audit procedures to be used to gather evidence for an account is called the: permanent file. audit program. audit strategy. accounting records.
audit program.
Documenting internal controls: is always handled through the use of checklists and preformatted questionnaires. is not done for smaller clients because of the risk of management override. can be handled with a combination of narratives and flowcharts or logic diagrams. is done after internal controls are tested so that the results can be included in the documentation.
can be handled with a combination of narratives and flowcharts or logic diagrams.
A key aspect of testing the completeness of a data set is: determining that every customer has a transaction. checking the numerical continuity of the data. the data contains misstatements. the data has information from customers in data files from two different divisions.
checking the numerical continuity of the data.
The three categories of management assertions are: classes of transactions, account balances, and presentation and disclosure. journal entries, ledgers, and trial balances. journal entries, account balances, and financial statements. transactions, ledgers, and account balances.
classes of transactions, account balances, and presentation and disclosure.
When an auditor inspects loan documentation and traces the details to recording in the client's records, the auditor is gathering evidence to support the: completeness assertion. rights and obligations assertion. existence assertion. valuation and allocation assertion.
completeness assertion
When analyzing the results of substantive procedures, auditors should beware of: professional skepticism. audit engagement deadlines. confirmation bias. weak internal controls.
confirmation bias.
A management letter: is only required for public company audits. is written by management to the auditor at the start of the audit. contains recommendations for improving significant deficiencies and material weaknesses in internal control discovered during the course of the audit. lists only the material weaknesses discovered during the audi
contains recommendations for improving significant deficiencies and material weaknesses in internal control discovered during the course of the audit.
The assertion related to recording transactions in the correct accounting period is: completeness. accuracy. cutoff. occurrence.
cutoff
The software application compares all sales invoices with underlying shipping information on the bills of lading and packing slips with sales invoices. If differences are revealed, a report is generated for review and follow-up by the billing supervisor. This is an example of a(n): preventive control. IT-dependent manual control. detective control. IT general control.
detective control.
A key aspect of preparing the data for ADA is: evaluating the reliability of internally generated evidence. determining the validity of data obtained from an external source. determining if the data is complete. determining the source of the data.
determining if the data is complete
Working papers: are necessary for the first-year auditor to keep track of the daily work but are not important to the overall audit. document the results of the tests but not the purpose of the control selected for testing. document the auditor's conclusion about control risk and the basis for that conclusion. document the purpose of the control selected for testing and the conclusion made by the auditor but not the results of the test.
document the auditor's conclusion about control risk and the basis for that conclusion.
When an auditor inspects a tangible asset to support a balance in the client's records, the auditor is gathering evidence to support the: completeness assertion. valuation and allocation assertion. rights and obligations assertion. existence assertion.
existence assertion.
An auditor is using ADA as a substantive test to validate accounts receivable because consumers are poor at responding to confirmations. In this case, the auditor validates the receivable by: tracing shipping documents to bills of lading. finding electronic evidence that the receivable is supported by subsequent cash receipt in the same amount. vouching the receivable back to sales orders. finding electronic evidence of strong internal controls.
finding electronic evidence that the receivable is supported by subsequent cash receipt in the same amount.
A "false positive" is: a notable item that requires further investigation. indicative of a higher risk of material misstatement. another term for a notable item. incorrectly identified as a notable item and requires no further response to identify new or higher risks.
incorrectly identified as a notable item and requires no further response to identify new or higher risks.
An entity's risk assessment process: is established only if the entity is subject to unusually high risk. is designed to help an entity think about risk in the same way that an auditor thinks about risk. is the entity's process for identifying and responding to business risks and the results of those risks. never allows management of an entity to decide to accept a risk without taking any action.
is the entity's process for identifying and responding to business risks and the results of those risks.
If a specialist is engaged to assist with the audit: the PCAOB must be contacted and permission obtained before the specialist starts work. it means the auditors should not have taken on the audit because they are not qualified. it means the auditor does not have the requisite skill and knowledge to assess the item. the auditor does not have to take responsibility for the fair presentation of the item in the financial statements.
it means the auditor does not have the requisite skill and knowledge to assess the item.
The nature of an audit procedure refers to: its purpose and its type. the assessed level of detection risk. when the procedure is performed. the sample size required to perform the procedure.
its purpose and its type.
The objectives of internal control include: operations objectives, internal control objectives, and financial reporting objectives. risk assessment objectives, compliance objectives, and reporting objectives. operations objectives, reporting objectives, and compliance objectives. operations objectives, control environment objectives, and financial reporting objectives.
operations objectives, reporting objectives, and compliance objectives.
An auditor normally obtains an understanding of transaction-level controls by: conducting an interview with senior management. testing the entity's risk assessment process. reading the prior year's management letter. performing a system walkthrough.
performing a system walkthrough.
ITGCs are important because they: impact the effectiveness of manual controls. prevent unauthorized personnel from having access to data and applications. prevent the reliability of electronic audit evidence. allow client staff to change programs without needing to receive authorization for the change.
prevent unauthorized personnel from having access to data and applications.
A software application will not allow a sale to be processed if a customer is over its credit limit. This is an example of a(n): IT general control. IT-dependent manual control. detective control. preventive control.
preventive control.
The control environment: sets the tone of an entity with respect to internal control and influences the control consciousness of its people. is focused on how the entity addresses information technology risks. directly addresses adequacy of segregation of duties. only applies to public companies.
sets the tone of an entity with respect to internal control and influences the control consciousness of its people.
If the auditor is able to collect evidence that IT general controls are strong, then the auditor can conclude that: the risk of batch totals failing to detect misstatements is low. IT transactions are adequately supported by source documents. software applications are more likely to operate consistently over time. application controls function properly and put the correct transactions on exception reports.
software applications are more likely to operate consistently over time.
The internal control component that addresses how an organization holds an individual accountable for his or her internal control responsibilities in pursuit of objectives is related to: the control environment. control activities. information and communication. risk assessment.
the control environment.
Designing substantive procedures responds to: the risk of all types of misstatements at the assertion level. the risk of material misstatement at the entity level. the risk of all types of misstatements at the entity level. the risk of material misstatement at the assertion level.
the risk of material misstatement at the assertion level.
When performing ADA as a substantive test, the auditor: relies solely on the client's system of internal controls. uses ADA to match electronic information that otherwise would have been audited manually. uses ADA to identify high-risk transactions and balances and then audits those high-risk items with traditional audit tests. uses ADA to identify breakdowns in the client's system of internal control.
uses ADA to match electronic information that otherwise would have been audited manually.
The quantity of evidence that an auditor will gather: depends on the size of the audit team. varies with the assessed risk of material misstatement. is the same for most audits because it has to be appropriate. is the same for clients in the same industry.
varies with the assessed risk of material misstatement.
All of the following are initial procedures performed on an account balance except: vouching items from the trial balance to supporting documentation. footing a trial balance for mathematical accuracy. agreeing the opening balance to the audited ending balance from the prior year's working papers. scanning account details for unusual items.
vouching items from the trial balance to supporting documentation.