Performing Audit Procedures
Which of the following procedures would an auditor least likely perform before the balance sheet date? A. Confirmation of accounts payable B. Observation of merchandise inventory C. Assessment of control risk D. Identification of related parties
Ans A. Of the procedures listed, the one least likely to be performed before the balance sheet date would be the procedure that is attempting to verify the dollar value of an asset or a liability. Procedures that evaluate processes and procedures or are attempts to better understand the client's business and accounting environment may be effectively done at times other than the balance sheet date. Therefore, the procedure that an auditor would least likely perform before the balance sheet date would be confirmation of accounts payable.
An auditor generally tests the segregation of duties related to inventory by: A. personal inquiry and observation. B. test counts and cutoff procedures. C. analytical procedures and invoice recomputation. D. document inspection and reconciliation.
Ans A. Segregation of duties tends to be a control that requires physical observation and/or inquiry regarding actions. It does not lend itself as well to verification by inspection of written documents, especially in inventory where much of the segregation of duties pertains to the action of handling of assets. Therefore, an auditor generally tests the segregation of duties related to inventory by personal inquiry and observation.
An auditor observes the mailing of monthly statements to a client's customers and reviews evidence of follow-up on errors reported by the customers. This test of controls most likely is performed to support management's financial statement assertion of: A. presentation and disclosure. B. existence. C. both presentation and disclosure and existence. D. neither presentation and disclosure nor existence.
Ans B. Assertions tested by the auditor for classes of transactions and events for the period under audit: Occurrence—Transactions and events that have been recorded have occurred and pertain to the entity. Completeness—All transactions and events that should have been recorded have been recorded. Accuracy—Amounts and other data relating to recorded transactions and events have been recorded appropriately. Cutoff—Transactions and events have been recorded in the correct accounting period. Classification—Transactions and events have been recorded in the proper accounts. Assertions tested by the auditor for account balances at period end: Existence—Assets, liabilities, and equity interests exist. Rights and obligations—The entity holds or controls the rights to assets, and liabilities are the obligations of the entity. Completeness—All assets, liabilities, and equity interests that should have been recorded have been recorded. Valuation and allocation—Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded. If an auditor observes the mailing of monthly statements to customers and reviews evidence of follow-up errors, the auditor can determine if customer balances exist at the balance sheet date based on this evidence. The auditor can also determine that the billing transactions recorded in the sales and accounts receivable accounts occurred. The question did not ask about whether the amounts were appropriately presented and clearly expressed (which would be an assertion associated with presentation and disclosure).
An audit client sells 15 to 20 units of product annually. A large portion of the annual sales occur in the last month of the fiscal year. Annual sales have not materially changed over the past five years. Which of the following approaches would be most effective concerning the timing of audit procedures for revenue? A. The auditor should perform analytical procedures at an interim date and discuss any changes in the level of sales with senior management. B. The auditor should inspect transactions occurring in the last month of the fiscal year and review the related sale contracts to determine that revenue was posted in the proper period. C. The auditor should perform tests of controls at an interim date to obtain audit evidence about the operational effectiveness of internal controls over sales. D. The auditor should review period-end compensation to determine if bonuses were paid to meet earnings goals.
Ans B. When planning a particular sample for a substantive test of details, the auditor should consider the following: The auditor's assessment of the risk of material misstatement The assurance obtained from other substantive procedures directed at the same assertion The auditor's allowable risk of incorrect acceptance Tolerable misstatement Expected misstatement for the population Stratification of the population when performed For some sampling methods, the number of sampling units in each stratum AU-C 530.A13
In auditing an entity's computerized payroll transactions, an auditor would be least likely to use test data to test controls concerning: A. overpayment of employees for hours not worked. B. control and distribution of unclaimed checks. C. withholding of taxes and Social Security contributions. D. missing employee identification numbers.
Ans B. Test data is introduced into the client's computer system and processed with the client's software in order to determine if specified controls are operating effectively. When using test data, the auditor is looking for controls that are built into the system, not controls that operate outside of the computer. Thus, the auditor would not be testing controls concerning control over and distribution of unclaimed paychecks.
In which of the following circumstances is substantive testing of accounts receivable before the balance sheet date most appropriate? A. The client has a new sales incentive program in place. B. Internal controls during the remaining period are effective. C. There is a high turnover of senior management. D. It is a first engagement of a new client.
Ans B. When an auditor performs substantive procedures at an interim date, the risk increases that misstatements may exist at the period end that may not be detected by the auditor. When deciding whether or not to perform interim testing, the auditor would consider such factors as: the control environment and other relevant controls, the availability of information at a later date that is necessary for the auditor's procedures, the purpose of the substantive procedure, the assessed risk of material misstatement, the nature of the class of transactions or account balance and relevant assertions, and the ability of the auditor to perform appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatements that may exist at the period-end will not be detected. The answer choice, "Internal controls during the remaining period are effective," would be the circumstance that helps the auditor reduce the risk of material misstatement between the interim testing and the balance sheet dates. The other answer choices may increase audit risk.
To obtain evidence that online access controls are properly functioning, an auditor most likely would: A. create checkpoints at periodic intervals after live data processing to test for unauthorized use of the system. B. examine the transaction log to discover whether any transactions were lost or entered twice due to a system malfunction. C. enter invalid identification numbers or passwords to ascertain whether the system rejects them. D. vouch a random sample of processed transactions to assure proper authorization
Ans C. Access controls are designed to limit the use of the system and the entry to files of authorized persons. To test that online access controls are properly functioning, the auditor would enter invalid identification numbers or passwords to ascertain whether the system rejects them, thereby denying access.
Before applying principal substantive tests to the details of accounts at an interim date prior to the balance sheet date, an auditor should: A. assess control risk below the maximum for the assertions embodied in the accounts selected for interim testing. B. determine that the accounts selected for interim testing are not material to the financial statements taken as a whole. C. consider whether the amounts of the year-end balances selected for interim testing are reasonably predictable. D. obtain written representations from management that all financial records and related data will be made available.
Ans C. An auditor should consider whether the year-end balances selected for interim testing are reasonably predictable (with respect to amount, relative significance, and composition) before applying substantive tests at an interim date. It is not necessary to assess control risk below the maximum for the assertions embodied in the accounts selected for interim testing. The accounts selected for interim testing should be material to the financial statements. Obtaining management representation has no bearing on the timing of substantive testing.
An auditor confirmed accounts receivable as of an interim date, and all confirmations were returned and appeared reasonable. Which of the following additional procedures most likely should be performed at year-end? A. Send confirmations for all new customer balances incurred from the interim date to year-end. B. Resend confirmations for any significant customer balances remaining at year-end. C. Review supporting documents for new large balances occurring after the interim date, and evaluate any significant changes in balances at year-end. D. Review cash collections subsequent to the interim date and the year-end.
Ans C. Performing interim substantive procedures (before the balance sheet date) carries a risk that misstatements may exist at the end of the period that may not be detected by the auditor. To reduce this risk, the auditor should "cover the remaining period by performing: (a) substantive procedures, combined with tests of controls for the intervening period, or (b) if the auditor determines that it is sufficient, further substantive procedures only, that provide a reasonable basis for extending the audit conclusions from the interim date to the period-end." (AU-C 330.23) The auditor may choose to compare account balance information at interim and balance sheet dates, perform other analytical reviews, or perform substantive tests of details to test the intervening period. The best answer to this question is that the auditor would probably review supporting documents for new large balances occurring after the interim date, and evaluate any significant changes in balances at year-end. The auditor would not need to send confirmations for all new customer balances incurred from the date of testing to the balance sheet date, nor would he resend confirmations for significant balances remaining at year-end. Reviewing cash collections from the interim date to the year-end would not be an effective use of sampling.
Evidence concerning the proper segregation of duties for receiving and depositing cash receipts ordinarily is obtained by: A. completing an internal control questionnaire that describes the control activities. B. observing the employees who are performing the control activities. C. performing substantive tests to verify the details of the bank balance. D. preparing a flowchart of the duties performed and the entity's available personnel.
Ans C. Tests of controls include procedures such as inquiry of personnel, inspection of documents, observation of the application of the control, and reperformance of the application of the control. The only answer choice that describes a procedure to obtain evidence about a control activity is "observing the employees who are performing the control activities." Completing a questionnaire and preparing a flowchart are part of documenting the understanding of the internal control as a whole; performing substantive tests is not a method to obtain evidence regarding a control procedure.
An auditor most likely would test for the presence of unauthorized EDP program changes by running a: A. program with test data. B. check digit verification program. C. source code comparison program. D. program that computes control totals.
Ans C. A source code comparison program compares the coding of the program from its last run with the original program, testing for any unauthorized changes in the program.
Which of the following is not a major reason for maintaining an audit trail for a computer system? A. Deterrent to fraud B. Monitoring purposes C. Analytical purposes D. Query answering
Ans C. An audit trail in a computer system, as in a manual system, assists in discovering fraud and therefore acts as a deterrent to perpetration of such acts. Other major reasons for an audit trail include: monitoring the system and the data produced, and answering queries by tracking a specific transaction through the accounting records or tracing a transaction back to the original source and observing how it is processed through the system.
Before applying substantive tests to the details of asset accounts at an interim date, an auditor should assess: A. control risk below the maximum level. B. inherent risk at the maximum level. C. the difficulty in controlling the incremental audit risk. D. materiality for the accounts tested as insignificant.
Ans C. Applying substantive tests at an interim date, rather than at the balance sheet date, increases audit risk that a misstatement may occur between the interim and year-end dates and exist at the balance sheet date. This increase in risk is the incremental audit risk. Therefore, before auditing asset accounts at an interim date, an auditor should assess the difficulty in controlling the incremental audit risk (i.e., extending the audit conclusion over the remaining period from the interim date to the balance sheet date). It is not necessary to assess control risk below the maximum level, or materiality for the accounts tested as insignificant, before auditing at an interim date. If inherent risk is at the maximum level, the auditor should consider whether or not using interim procedures will be cost effective, since this assessment affects the nature, timing, and extent of substantive tests to cover the remaining period.
When there are numerous property and equipment transactions during the year, an auditor who plans to assess control risk at a low level usually performs: A. tests of controls and extensive tests of property and equipment balances at the end of the year. B. analytical procedures for current year property and equipment transactions. C. tests of controls and limited tests of current year property and equipment transactions. D. analytical procedures for property and equipment balances at the end of the year.
Ans C. The assessed level of inherent and control risk is the level of risk that the auditor uses in determining the detection risk to accept for a financial statement assertion and, accordingly, in determining the nature, timing, and extent of substantive tests. For control risk, this level may vary along a range from maximum to minimum as long as the auditor has obtained audit evidence to support that assessed level. The lower the assessed level of control risk, the fewer substantive tests that will be needed. The assessed level of control risk is arrived at by compliance testing of controls. Therefore, an auditor who plans to assess control risk at a low level usually performs tests of controls and only limited tests of details or substantive tests.
An auditor has identified the controller's review of the bank reconciliation as a control to test. In connection with this test, the auditor interviews the controller to understand the specific data reviewed on the reconciliation. In addition, the auditor verifies that the bank reconciliation is properly prepared by the accountant and reviewed by the controller as evidenced by their respective sign-offs. Which of the following types of audit procedures do these actions illustrate? A. Observation and inspection of records B. Confirmation and reperformance C. Inquiry and inspection of records D. Analytical procedures and reperformance
Ans C. Inspection of records or documents consists of examining records or documents, whether internal or external, in paper form, electronic form, or other media. By verifying that the bank reconciliation is properly prepared, the auditor is performing an inspection of the records. Inquiry consists of seeking information of knowledgeable persons, both financial and nonfinancial, inside or outside the entity. By interviewing the controller, the auditor is performing inquiry procedures.
Which of the following procedures would provide the most reliable audit evidence? A. Inquiries of the client's internal audit staff held in private B. Inspection of prenumbered client purchase orders filed in the vouchers payable department C. Analytical procedures performed by the auditor on the entity's trial balance D. Inspection of bank statements obtained directly from the client's financial institution
Ans D. AU-C 500.A2 states, "Most of the auditor's work in forming the auditor's opinion consists of obtaining and evaluating audit evidence. Audit procedures to obtain audit evidence can include inspection, observation, confirmation, recalculation, performance, and analytical procedures, often in some combination, in addition to inquiry. Although inquiry may provide important audit evidence and may even produce evidence of a misstatement, inquiry alone ordinarily does not provide sufficient audit evidence of the absence of a material misstatement at the assertion level, nor is inquiry alone sufficient to test the operating effectiveness of controls." AU-C 500.A8 states, "More assurance is ordinarily obtained from consistent audit evidence obtained from different sources or of a different nature than from items of audit evidence considered individually. For example, corroborating information obtained from a source independent of the entity may increase the assurance that the auditor obtains from audit evidence that is generated internally, such as evidence existing within the accounting records, minutes of meetings, or a management representation."
Which of the following procedures would an auditor most likely perform prior to the balance sheet date? A. Review subsequent events B. Perform search for unrecorded liabilities C. Send inquiry letter to client's legal counsel D. Review detail and test significant travel and entertainment expenses
Ans D. An auditor may perform substantive procedures at an interim date, and she is more likely to do so for certain account balances and classes of transactions over others. The auditor would favor interim testing if: the assessed risk of material misstatement is low, the controls are strong, the auditor can reduce the risk that misstatements that exist at the period-end are not detected by performing appropriate procedures, and GAAS does not require testing at the balance sheet. Travel and entertainment expenses are the only classes of transactions for which interim testing would increase the efficiency of the audit. Subsequent events are those events that occur after the balance sheet date but before the date of the report, and they cannot be tested at an interim date. The search for unrecorded liabilities also must be performed as of the balance sheet date. The response from the attorney must cover the entire year under audit and would not be useful to the auditor if it were dated prior to the balance sheet date.
Before applying principal substantive tests to an entity's accounts receivable at an interim date, an auditor should: A. consider the likelihood of assessing the risk of incorrect rejection too low. B. project sampling risk at the maximum for tests covering the remaining period. C. Ascertain that accounts receivable are immaterial to the financial statements. D. assess the difficulty in controlling the incremental audit risk.
Ans D. Applying substantive tests at an interim date, rather than at the balance sheet date, increases audit risk that a misstatement may occur between the interim and year-end dates and exist at the balance sheet date. This increase in risk is the incremental audit risk. Therefore, before auditing asset accounts at an interim date, an auditor should assess the difficulty in controlling the incremental audit risk (i.e., extending the audit conclusion over the remaining period from the interim date to the balance sheet date). The risk of incorrect rejection is part of sampling risk, and it is present whether the tests of details are performed at an interim date or as of the balance sheet date. Likewise, sampling risk (the risk that the auditor's conclusion based on a sample might be different from the conclusion that would be reached by examining every item in the entire population) is not dependent upon when the tests are applied. Materiality considerations are not linked to the timing of audit procedures.
Which of the following is "not" generally considered necessary if an auditor applies principal substantive tests to details of balance sheet accounts at an interim date? A. The auditor should assess the difficulty in controlling the incremental audit risk associated with applying substantive tests at an interim date. B. The auditor should consider whether the year-end balances of the particular asset or liability accounts that might be selected for interim examination are reasonably predictable with respect to amount, relative significance, and composition. C. The auditor should consider whether there are rapidly changing business conditions or circumstances that might predispose management to misstate financial statements in the remaining period. D. Assessing control risk below the maximum is required in order to have a reasonable basis for extending audit conclusions from an interim date to the balance sheet date.
Ans D. Assessing control risk below the maximum is not required to have a reasonable basis for extending audit conclusions from an interim date to the balance sheet date. However, if the auditor assesses control risk at the maximum during the remaining period, he or she should consider whether the effectiveness of certain of the substantive tests to cover that period will be impaired.
When an auditor tests a computerized accounting system, which of the following is true of the test data approach? A. Test data must consist of all possible valid and invalid conditions. B. The program tested is different from the program used throughout the year by the client. C. Several transactions of each type must be tested. D. Test data is processed by the client's computer programs under the auditor's control
Ans D. By definition, the test data approach is the use of simulated transactions to test the processing and controls of the client's computer programs while the client's computerized accounting system is under the auditor's control. Control of the program by the auditor is necessary because the client could possibly substitute another program or make changes in the existing program which would produce output different from the program being tested. The program being tested is the same program used throughout the year by the client. Only a limited number of simulated transactions, some containing errors (but not all possible valid and invalid conditions) need to be tested.
When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor will most likely increase the: A. level of detection risk. B. extent of tests of controls. C. level of inherent risk. D. extent of tests of details.
Ans D. Overall audit risk (AR) is a combination of inherent risk (IR), control risk (CR) (IR and CR together are the risk of material misstatement (RMM)), and detection risk (DR). The equation is: AR = IR × CR × DR, or AR = RMM × DR If control risk is high, this means that the auditor must have a low detection risk in order to keep the audit risk at a low level. In order to lower detection risk, the auditor would perform more tests of details (substantive procedures). In other words, the auditor would increase the extent of tests of details.
Which of the following "computer-assisted auditing techniques" processes client input data on a controlled program under the auditor's control to test controls in the computer system? A. Test data B. Review of program logic C. Integrated test facility D. Parallel simulation
Ans D. Parallel simulation is when the auditor uses client data and auditor-controlled software to obtain output. The auditor's output is compared to the output from the client. Differences indicate potential weaknesses or problems with the client's software. Test data is introduced into the client's computer system using the same program to operate the application being tested. This type of control testing is not under the auditor's control, as it uses the client's actual program. A review of program logic would not assist the auditor with testing the operating controls of the computer system. It may, however, provide information about the design of the automated controls. An integrated test facility introduces a fictitious entity (such as a fake employee or customer) with real entries in the master files of the client's computer system. The auditor then compares the processing of data through the fictitious entity with what should be there in order to test that the data processing is reliable. Like the test data (or test deck) approach, an integrated test facility uses the client's system and is not under the auditor's control.
An auditor plans to apply substantive tests to the details of asset and liability accounts as of an interim date rather than as of the balance sheet date. The auditor should be aware that this practice: A. eliminates the use of certain statistical sampling methods that would otherwise be available. B. presumes that the auditor will reperform the tests as of the balance sheet date. C. should be especially considered when there are rapidly changing economic conditions. D. potentially increases the risk that errors that exist at the balance sheet date will not be detected.
Ans D. Performing interim substantive procedures (before the balance sheet date) carries a risk that misstatements may exist at the balance sheet date that may not be detected by the auditor. The auditor does not need to reperform the same tests as of the balance sheet date. Rather, to reduce the risk associated with interim testing, the auditor should "cover the remaining period by performing: (a) substantive procedures, combined with tests of controls for the intervening period, or (b) if the auditor determines that it is sufficient, further substantive procedures only, that provide a reasonable basis for extending the audit conclusions from the interim date to the period-end." (AU-C 330.23) Interim testing may not be the best choice in a period of rapidly changing economic conditions, as the auditor needs to have a reasonable basis for extending audit conclusions from the interim date to the period end. Changing economic conditions may increase the risk of material misstatement such that performing tests at an interim period does not significantly lower the risk of material misstatement for the relevant assertion. Interim testing can still utilize statistical sampling methods.
An auditor reviews the reconciliation of payroll tax forms that a client is responsible for filing in order to: A. verify that payroll taxes are deducted from employees' gross pay. B. determine whether internal control activities are operating effectively. C. uncover fictitious employees who are receiving payroll checks. D. identify potential liabilities for unpaid payroll taxes.
Ans D. The auditor can review the reconciliation of payroll tax forms to determine the taxes due. The auditor can then trace the tax records to the client's records to determine the accuracy of the liability.
Which of the following statements is not true of the test data approach to testing an accounting system? A. Test data is processed by the client's computer programs under the auditor's control. B. The test data need consist of only those valid and invalid conditions that interest the auditor. C. Only one transaction of each type need be tested. D. The test data must consist of all possible valid and invalid conditions.
Ans D. Test data cannot consist of all possible valid and invalid conditions. This is because there are an infinite number of conditions that could exist in a particular situation, and it is virtually impossible for the auditor to construct test data that would test all these possibilities. The other three statements are true: Test data is processed by the client's computer programs under the auditor's control. The test data need consist of only those valid and invalid conditions that interest the auditor. Only one transaction of each type need be tested.
Which of the following is a computer-assisted audit technique that permits an auditor to insert the auditor's version of a client's program to process data and compare the output with the client's output? A. Test data module B. Frame relay protocol C. Remote node router D. Parallel simulation
Ans D. The use of parallel simulation requires the auditor to use a computer simulation that mimics the client's production programs. The auditor processes actual client data through the simulated program and compares the results with the client' processed data.
An auditor's tests of controls over the issuance of raw materials to production would most likely include: A. reconciling raw materials and work-in-process perpetual inventory records to general ledger balances. B. inquiring of the custodian about the procedures followed when defective materials are received from vendors. C. observing that raw materials are stored in secure areas and that storeroom security is supervised by a responsible individual. D. examining material requisitions and re-performing client controls designed to process and record issuances.
Ans D. Material requisitions are received by the store's department for the purpose of issuing such materials to production. Thus, examining material requisitions and then re-performing client controls designed to process and record issuances is the best method to test controls.
