AC437EXAM3
Select the three nonverbal cues that may be observed when making inquiries of an individual who is being deceitful. Nonverbal cues
1. Creating physical barriers by blocking their mouth 2. Leaning away from the auditor 3. Signs of stress such as sweating or fidgeting
Select the three verbal cues that may be observed when making inquiries of an individual who is being deceitful. Verbal cues
1. Filler terms such as 'well' or 'to tell the truth' 2. Forgetfulness or acknowledgements of nervousness 3. Frequent rephrasing of the question
Which action regarding fraud is an activity related to performance of risk assessment procedures? 1. Document the results of procedures used to address the risk of fraud. 2. Discussions among the engagement team members regarding the risks of material misstatement due to fraud. 3. Consider the characteristics of journal entries, particularly those made near year end. 4. Consider whether estimates prepared and recorded by management could indicate a bias in reporting.
2
Which of the following circumstances is most likely to cause an auditor to increase the assessment of the risk of material misstatement of the financial statements due to fraud? 1. Property and equipment are usually sold at a loss before being fully depreciated. 2. Unusual discrepancies exist between the entity's records and confirmation replies. 3. Monthly bank reconciliations usually include several in-transit items. 4. Clerical errors are listed on a computer-generated exception report.
2
Which of the following statements reflects an auditor's responsibility for detecting fraud? 1. An auditor is responsible for detecting employee errors and simple fraud, but not for discovering fraudulent acts involving employee collusion or management override. 2. An auditor should plan the audit to detect fraud caused by departures from GAAP. 3. An auditor is not responsible for detecting fraud unless the application of auditing standards would result in such detection. 4. An auditor should design the audit to provide reasonable assurance of detecting errors and fraud that are material to the financial statements.
4
Define fraudulent financial reporting and give two examples that illustrate fraudulent financial reporting. A. Fraudulent financial reporting is an intentional misstatement or omission of amounts or disclosures with the intent to deceive users. Two examples include (1) accelerating the timing of recording sales revenue to increased reported sales and earnings, and (2) recording expenses as fixed assets to increase earnings. B. Fraudulent financial reporting is an intentional misstatement or omission of amounts or disclosures with the intent to deceive users. Two examples include (1) incentives/pressure, and (2) opportunities. C. Fraudulent financial reporting is fraud that involves theft of an entity's assets. Two examples include (1) the intentional omission of accounts payable and/or other liabilities, and (2) the capitalization of assets that should otherwise be expensed. Your answer is not correct. D. Fraudulent financial reporting is fraud that involves theft of an entity's assets. Two examples include (1) an accounts payable clerk issuing payments to a fictitious company controlled by the clerk, and (2) a sales clerk failing to record a sale and pocketing the cash receipts.
A
Select the definition of tests of controls? A. Audit procedures to test the operating effectiveness of control policies and procedures in support of a reduced assessed control risk. B. Audit procedures testing for monetary misstatements to determine the seven transactions-related objectives have been satisfied for each class of transactions. C. Audit procedures testing for monetary misstatements to determine whether the nine balance-related audit objectives have been satisfied for each significant account balance. D. Use of comparisons and relationships to assess whether account balances or other data appear reasonable.
A
What is the primary focus of the monitoring component of internal control? A. For management to conduct ongoing and periodic assessments of the quality of internal control to determine that controls are operating as intended and they are modified as appropriate for changes in conditions. B. Management's identification and analysis of risks relevant to the preparation of financial statements in accordance with appropriate accounting frameworks such as GAAP or IFRS. C. To ensure proper enforcement of the policies and procedures that management has established to meet its objectives for financial reporting. D. Management's identification of actions, policies, and procedures that reflect the overall attitude of top management, directors, and owners of an entity about internal control and its importance.
A
What parts follow understanding internal control and assessing control risk? A. Only finalizing the audit strategy and audit plan follow understanding internal control and assessing control risk. B. Only assessing the inherent risk follows understanding internal control and assessing control risk. C. Only identifying significant risks due to fraud or error follows understanding internal control and assessing control risk. D. There are no parts that follow understanding internal control and assessing control risk.
A
Distinguish a significant deficiency in internal control from a material weakness in internal control. How will the presence of one significant deficiency affect an auditor's report on internal control under PCAOB standards? How will the presence of one material weakness affect an auditor's report on internal control under PCAOB standards?
A significant deficiency exists if there are one or more control deficiencies that are less severe than a material weakness, but important enough to merit attention by those responsible for oversight of the company's financial reporting. A material weakness exists if a deficiency, by itself or in combination with other deficiencies, results in a reasonable possibility that internal control will not prevent or detect material financial statement misstatements.
Describe the types of overall responses by auditors to address fraud risk. (Select all that apply.) A. Design and perform audit procedures to address fraud risks B. Discuss the auditor's findings about fraud risk with management to obtain management's views of the potential for fraud and the existing controls designed to prevent or detect misstatements. C. Consider whether antifraud programs and controls mitigate the identified risks of material misstatement due to fraud. D. Place greater emphasis on management's choice of accounting principles with special attention given to those that involve subjective measurements or complex transactions. E. Perform analytical procedures as the only useful indicator of fraud. F. Assign more experienced personnel to the engagement G. If the risk of material misstatement due to fraud is increased, the auditor should increase communications among audit team. H. Critical evaluation of audit evidence should be discussed with management and then collaborate in developing an audit procedure to eliminate the risk of fraud.
A,B,C,D,F
What must the auditor document in the working papers related to this brainstorming session?
Auditing standards require that the audit documentation include significant decisions made during the discussion among engagement team personnel in planning the audit about the susceptibility of the entity's financial statements to material fraud, including how and when the discussion occurred and who participated.
What other factors likely explain the different approaches to the audit of acquisitions and payments and accounts payable for these three engagements? (Select all that apply.) A. Number of auditors assigned to the audit B. Makeup of populations C. Degree of client integrity D. Existence of unusual transactions E. Initial vs. repeat engagement F. Reliance by third parties on the audited financial statements G. Motivation of the client to misstate the financial statements H. Materiality of the account balance I. Size of the populations J. Results of the current and previous audits K. Results of industry audits L. Number of people employed by the client
B,C,D,E,F,G,H,I,J
List the types of specific control activities and provide one specific illustration of a control in the sales area for each control activity. (Select five categories that apply.) A. Testing of risk assessment−A fear that if the control risk is set to the maximum, the auditor may decide to withdraw from the engagement. B. Proper authorization of transactions and activities−The granting of credit is authorized before shipment takes place. C. Adequate documents and records−Recording of sales is supported by authorized shipping documents and approved customer orders. D. Reporting requirement reviews−Auditor's report lists requirements needed to complete the audit prior to the audit start date. E. Adequate separation of duties−The following two functions are performed by different people: processing customer orders and billing of customers. F. Physical control over assets and records−A password is required before an entry can be made into the computerized accounts receivable master file. G. Reliance on prior year's audit evidence−If the auditor performed the audit in prior years, no new key controls or testing of controls are required. H. Independent checks on performance−Bill clerk verifies prices and quantities on an sales invoices before they are sent to customers. I. Observation of control-related activities−A study from the auditor ensuring controls are being treated correctly within the company.
B,C,E,F,H
Select two examples of a substantive test of transactions. A. Observe whether shipping documents are forwarded daily to billing and observe when they are billed. B. Examination of vendor invoices in support of amounts recorded in the acquisitions journal for purchases of inventories. C. Observe whether personnel responsible for handling cash have no accounting responsibilities and inquire as to their duties. D. Analytical review of the gross margin percent. E. Tracing of selected customer cash receipts to the accounts receivable master file, agreeing customer names and amounts.
B,E
Define parallel simulation with audit software and provide an example of how it can be used to test a client's payroll system. A. Parallel simulation with audit software involves a method of auditing an IT system that uses the auditor's test data to determine whether the client's computer program correctly processes valid and invalid transactions. Parallel simulation could be used in the audit of payroll by writing a program that calculates the accrued vacation pay liability for each employee using information contained in the employee master file. The total liability calculated by the auditor's software program would then be compared to the client's calculation to determine if the liability for accrued vacation pay is fairly stated at year-end. B. Parallel simulation with audit software involves auditing a company's computer testing approach that implements a new system in just one part of the organization, while maintaining the old system at other locations. Parallel simulation could be used in the audit of payroll by writing a program that calculates the accrued vacation pay liability for each employee using information contained in the employee master file. The total liability calculated by the auditor's software program would then be compared to the client's calculation to determine if the liability for accrued vacation pay is fairly stated at year-end. C. Parallel simulation with audit software involves the auditor's use of an auditor-controlled software program to perform parallel operations to the client's software by using the same data files. Because the auditor's software is designed to parallel an operation performed by the client's software, this strategy is referred to as parallel simulation testing. Parallel simulation could be used in the audit of payroll by writing a program that calculates the accrued vacation pay liability for each employee using information contained in the employee master file. The total liability calculated by the auditor's software program would then be compared to the client's calculation to determine if the liability for accrued vacation pay is fairly stated at year-end. D. None of the above.
C
Explain the relationship between the methodology for designing tests of controls and substantive tests of transactions. The approach to designing tests of controls and substantive tests of transactions emphasizes satisfying the balance-related audit objectives. The primary focus of these objectives is on the fair presentation of account balances in the financial statements. The extent of testing depends, in part, on the results of the tests of controls and substantive tests of transactions. B. The approach to designing tests of controls and substantive tests of transactions emphasizes key controls that should reduce control risk for each transaction-related audit objective. The extent of testing depends, in part, on the results of the tests of controls and substantive tests of transactions. C. The approach to designing tests of controls and substantive tests of transactions emphasizes satisfying the transaction-related audit objectives. These objectives focus on the proper functioning of the accounting system. D. The approach to designing tests of controls and substantive tests of transactions emphasizes key controls that should reduce control risk for each transaction-related audit objective. These objectives focus on the proper functioning of the accounting system.
C
Explain what is meant by the test data approach. A. The test data approach involves auditing a company's computer testing approach that implements a new system in just one part of the organization, while maintaining the old system at other locations. Because the auditor designs the test data, the auditor is able to identify which test items should be accepted or rejected by the computer. B. The test data approach involves the auditor's use of audit software, either purchased or programmed by the auditor, to replicate some part of a client's application system. Because the auditor designs the test data, the auditor is able to identify which test items should be accepted or rejected by the computer. C. The test data approach involves processing the auditor's test data using the client's computer system and the client's application software program to determine whether the computer-performed controls correctly process the test data. Because the auditor designs the test data, the auditor is able to identify which test items should be accepted or rejected by the computer. D. None of the above.
C
Select two examples of tests of controls. A. Sending confirmation to the bank to confirm loan balances. B. Sending confirmation to customers to confirm their accounts receivable balances. C. The examination of vendor invoices for indication that they have been tested for accuracy, matched to a receiving report and purchase order, and approved for payment. D. Examination of employee time records for approval of overtime hours worked.
C, D
Explain the methodology for designing tests of details of balances. A. The methodology of designing tests of details of balances emphasizes the appropriate tests of controls for all internal controls that are used to reduce the preliminary assessment of control risk below maximum. These objectives focus on the proper functioning of the accounting system. B. The methodology of designing tests of details of balances emphasizes satisfying the transaction-related audit objectives. These objectives focus on the proper functioning of the accounting system. C. The methodology of designing tests of details of balances emphasizes satisfying the transaction-related audit objectives. These objectives focus on the proper functioning of the accounting system. D. The methodology of designing tests of details of balances emphasizes satisfying the balance-related audit objectives. The primary focus of these objectives is on the fair presentation of account balances in the financial statements. The extent of testing depends, in part, on the results of the tests of controls and substantive tests of transactions.
D
How will the presence of one material weakness affect an auditor's report on internal control under PCAOB standards? A. The auditor must express a disclaimer of opinion. B. The auditor can still express an unqualified opinion. C. The auditor must express a qualified opinion. D. The auditor must express an adverse opinion.
D
Select an example of a substantive test of transactions for the acquisition and payment cycle. A. Observing whether shipping documents are forwarded daily to billing and observe when they are billed. B. Tracing of selected customer cash receipts to the accounts receivable master file, agreeing customer names and amounts. C. Sending confirmations to a selection of suppliers to confirm their account payable balance as of the date of the financial statements. D. Tracing amounts from a file of vouchers to the acquisitions journal.
D
Select an example of a test of details of balances for the acquisition and payment cycle. A. Examination of employee time cards for approval of overtime hours worked. B. Sending confirmation to the bank to confirm loan balances. C. Sending confirmation to customers to confirm their accounts receivable balances. D. Physically examine a sample of the client's fixed assets.
D
Select the definition of a substantive test of transactions. A. Use of comparisons and relationships to assess whether account balances or other data appear reasonable. B. Audit procedures testing for monetary misstatements to determine whether the nine balance-related audit objectives have been satisfied for each significant account balance. C. Audit procedures to test the operating effectiveness of control policies and procedures in support of a reduced assessed control risk. D. Audit procedures testing for monetary misstatements to determine whether the seven transaction-related audit objectives have been satisfied for each class of transactions.
D
What are the major difficulties with using this approach? A. When using this approach the auditor should assess how certain he or she is that the application programs being tested by the auditor's test data are the same programs as those used by the client throughout the year to process actual transactions. B. When using this approach the auditor should assess how certain he or she is that test data is effectively eliminated from the client's records once testing is completed. C. When using this approach the auditor should assess how effectively the test data represent all relevant conditions that the auditor wants to test. D. All of the above.
D
What parts precede understanding internal control and assessing control risk? A. (1) accept client and perform initial audit planning, (2) understand the client's business and industry, (3) perform preliminary analytical procedures, (4) set preliminary judgment of materiality and performance materiality, (5) assess inherent risk, (6) identify significant risks due to fraud or error, and (7) finalize overall audit strategy and audit plan. B. (1) understand the client's business and industry, (2) accept client and perform initial audit planning, (3) perform preliminary analytical procedures, and (4) finalize overall audit strategy and audit plan. C. (1) accept client and perform initial audit planning, (2) understand the client's business and industry, (3) set preliminary judgment of materiality and performance materiality, (4) perform preliminary analytical procedures, and (5) finalize overall audit strategy and audit plan. D. (1) accept client and perform initial audit planning, (2) understand the client's business and industry, (3) perform preliminary analytical procedures, (4) set preliminary judgment of materiality and performance materiality, (5) identify significant risks due to fraud or error, and (6) assess inherent risk.
D
Describe how the nature of evidence used to evaluate the control environment differs from the nature of evidence used to evaluate control activities.
For many control activities, documentation of their performance is more objectively evaluated in contrast to the evaluation of the control environment. Due to the nature of the subcomponents that constitute the control environment, such as integrity and ethical values and commitment to competence, the nature of evidence used to evaluate the control environment may differ somewhat from the nature of evidence used to evaluate control activities. While auditors examine similar types of evidence to assess both the control environment and control activities, they often perform more extensive inquires and observation to assess the design and implementation of control environment subcomponents, such as the entity's code of conduct and whistleblowing system, so they can evaluate whether employees understand those policies and procedures and to gain a sense as to the overall ethical tone and perception of management's integrity. Because of the more judgmental nature of many of the control environment subcomponents, auditors often make numerous inquiries and perform extensive observation of client personnel in the performance of policies and procedures to evaluate those subcomponents of the control environment. While inquiry and observation may also be performed to evaluate control activities, auditors frequently inspect documentation that demonstrates a control activity was performed, such as examining approvals of transactions or matching of documentation supporting a transaction, and they often reperform certain client performed procedures, such as the calculation of a transaction amount.
An audit client is creating a Web-based sales ordering system for customers to purchase products using personal credit cards for payment. Identify three risks related to an online sales system that management should consider. For each risk, identify an internal control that could be implemented to reduce that risk.
Potential risk: An unauthorized third party may attempt to transact business with the client company. Digital Signatures Customer data is susceptible to interception by unauthorized third parties. The client company's data, programs, and hardware are susceptible to potential interception or sabotage by external parties. Internal control to reduce risk: Digital Signatures Firewall Encryption techniques
SUBSTANTIVE TESTS OF TRANSACTIONS
Tests performed to verify the accuracy of a clients accounting system. This is accomplished by determining whether individual transactions are correctly recorded and summarized in the journals, master files, and general ledger.
TEST OF DETAILS OF BALANCE
Tests performed to verify the ending balance in an individual account on the financial statements.
What is the auditor's responsibility under auditing standards for detecting fraud?
The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. Thus, the auditor's detection responsibility for fraud is no different from the auditor's detection responsibility for errors.
Who should attend the brainstorming session and when should the session be held?
The brainstorming meeting should involve the key members of the audit team. This meeting should also include audit specialists who work on the engagement. The meeting should be held during planning so the audit plan can be adjusted to address the identified risks, and emphasize professional skepticism throughout the engagement.
What is the purpose of the audit team's brainstorming session?
The purpose of the audit team's brainstorming session is for the audit team to exchange ideas about how and where they believe the entity's financial statements might be susceptible to material misstatement. They also look at how management could perpetrate and conceal fraudulent financial reporting, and how assets of the entity could be misappropirated.
What is the role of the two staff auditors in the brainstorming session?
The two staff members on the engagement are just as responsible for engaging in the exchange of ideas as other members of the engagement team. While they may not be familiar with engagement specifics, they do provide a fresh perspective of possible ways management might engage in fraud. They benefit from hearing the exchange of ideas from other members of the audit team and that should help heighten their professional skepticism as they perform the audit.
What is the auditor's responsibility for obtaining an understanding of internal control? How does that responsibility differ for audits of public and nonpublic companies?
The auditor's responsibility for obtaining an understanding of internal control for a large public company, when an opinion is issued on the effectiveness of internal controls, is significantly greater than the understanding necessary when the auditor is solely expressing an opinion on the financial statements. To express an opinion on internal controls for a large public company, the auditor obtains an understanding of controls for all significant account balances, classes of transactions, including disclosures and related assertions in the financial statements. In contrast, for an audit of a nonpublic company or a smaller public company, the auditor will obtain an understanding of internal controls that are relevant to the financial statement audit in order to assess the risks of material misstatement. Thus, the level of understanding of internal controls required for the audit of internal controls exceeds the level required for an audit of only the financial statements.
How will the presence of one significant deficiency affect an auditor's report on internal control under PCAOB standards? A. If the deficiency is deemed to be a material weakness, the auditor's report would contain a qualified opinion. B. If the deficiency is not deemed to be a material weakness, the auditor's report would contain an unqualified opinion. C. If the deficiency is deemed to be a material weakness, the auditor's report would contain an unqualified opinion. D. If the deficiency is not deemed to be a material weakness, the auditor's report would contain an adverse opinion.
b
Understanding internal control and assessing control risk is part __ of the planning phase of an audit.
seven