Audit Exam 2
The difference between the expected and the tolerable deviation rate
Allowance for sampling risk
Used to estimate the proportion of a population that possesses a certain characteristic
Attribute sampling
Following are examples of control deficiencies that may represent significant deficiencies or material weaknesses. During its assessment of ICFR, management of First Coast BankCorp and its auditors identified the following deficiencies that individually represent significant deficiencies: the design of controls over the estimation of credit losses (a critical accounting estimate); the operating effectiveness of controls for initiating, processing, and reviewing adjustments to the allowance for credit losses; and the operating effectiveness of controls designed to prevent and detect the improper recognition of interest income. In addition, during the past year, First Coast experienced a significant level of growth in the loan balances that were subjected to the controls governing credit loss estimation and revenue recognition, and further growth is expected in the upcoming year.
Based only on these facts, the auditor should determine that the combination of these significant deficiencies represents a material weakness for the following reasons: First, the deficiency satisfies Box 1 - it relates to a financial statement assertion. Second, the combination of these deficiencies was evaluated as representing a reasonably possible likelihood that a misstatement could occur (Box 2 is answered "yes"). Third, the balances of the loan accounts affected by these deficiencies have increased over the past year and are expected to increase in the future. In addition, the growth in loan balances, coupled with the combined effect of the deficiencies described, results in a reasonably possible likelihood that a material misstatement of the allowance for credit losses or interest income could occur. Thus, Box 3 is answered "yes." Fourth, there are no effective compensating controls (Box 5 is answered "no"). Finally, it is likely that a prudent official would conclude that these deficiencies represent a material weakness (answer to Box 6 is "yes").
Following are examples of control deficiencies that may represent significant deficiencies or material weaknesses. For each of the following scenarios, indicate whether the deficiency is a significant deficiency or material weakness. Justify your decision. During its assessment of ICFR, the management of Lorenz Corporation and its auditors identified the following control deficiencies that individually represent significant deficiencies: Inadequate segregation of duties over certain information system access controls. Several instances of transactions that were not properly recorded in subsidiary ledgers. While the transactions that weren't recorded properly were not material, the gross amount of the transactions of that type totaled up to an amount several times materiality. A lack of timely reconciliations of the account balances affected by the improperly recorded transactions.
Based only on these facts, the combination of these significant deficiencies represents a material weakness for the following reasons: First, the deficiency satisfies Box 1 - it relates to a financial statement assertion. Second, the combination of these deficiencies was evaluated as representing a reasonably possible likelihood that a misstatement could occur (Box 2 is answered "yes"). Third, the gross amount of the transactions totaled an amount greater than materiality, so Box 3 is answered "yes." Fourth, there are no effective compensating controls, i.e., no timely reconciliations (Box 5 is answered "no"). Finally, it is likely that a prudent official would conclude that these deficiencies represent a material weakness (answer to Box 6 is "yes").
For each of the following cases, indicate why management and the auditors determined that the control deficiency was a material weakness. Case 1: In our assessment of the effectiveness of internal control over financial reporting as of December 31, 2021, we identified a material weakness over the accounting for and disclosure of derivatives associated with warrant instruments primarily because we lacked technical expertise and adequate procedures to develop and document our common stock warrant analysis on the applicability of ASC 815 "Derivatives and Hedging—Contracts in Entity's Own Equity" to our warrant instruments. Because of the lack of technical expertise and adequate procedures to develop and document our analysis of the applicability of ASC 815, which was characterized as a material weakness with regard to accounting for warrants, management has concluded that we did not maintain effective internal control over financial reporting as of December 31, 2021, based on the criteria in Internal Control—Integrated Framework.
Case 1 would be deemed a material weakness because the company did not have proper controls over the accounting for and disclosure of derivatives that were associated with warrants. The company's management acknowledged that it did not have the expertise within the company to properly evaluate the analysis of the warrants under ASC 815. The inability to perform such analysis by entity personnel would suggest that there is a high likelihood that a material misstatement could occur since we can assume that this financial statement account (and it related disclosures) are highly material.
For each of the following cases, indicate why management and the auditors determined that the control deficiency was a material weakness. Case 2: In the course of making our assessment of the effectiveness of internal control over financial reporting, we identified a material weakness in our internal control over financial reporting. The preparation and review process for the calculation of the tax provision was inadequate, which led to errors in the computation of deferred tax assets and related income tax benefit.
Case 2 is a material weakness because management acknowledges that its controls over the preparation of the tax provision was not adequate, and resulted in what can be assumed to be material errors. Without proper controls, there is a high likelihood that a misstatement can occur. It is also likely that the tax provision and related accounts are material to the financial statements
For each of the following cases, indicate why management and the auditors determined that the control deficiency was a material weakness. Case 3: Management identified a material weakness in First Bank Company's system of internal control over financial reporting with respect to ensuring the appropriate calculation of its allowance for loan losses. Specifically, during a process enhancement to the model that calculates the allowance for loan losses, the quarterly average loss rate was not annualized due to a computational error. Control procedures in place for reviewing the quantitative model for calculating the allowance for loan losses did not identify this error in a timely manner, and, as such, the company did not have adequately designed procedures.
Case 3 is a material weakness for a number of reasons. First, there was a computational error in the update of the calculation of the allowance for loan losses. Second, the monitoring controls for reviewing the calculation did not identify the error in a timely manner. Finally, an error did occur and the allowance for loan losses account for a bank would be highly material.
Confirmation of accounts receivable
Confirm that recorded accounts receivable are valid (existence).
The probability that the true but unknown measure of the characteristic of interest within specified limits
Desired Confidence Level
Select a sample of shipping documents, match them with related sales invoices, and determine that they have been included in the sales journal and accounts receivable subsidiary ledger.
Determine that recorded accounts receivable include all amounts owed to the client (completeness)
New customers must have credit authorized by the credit manager based on review of financial stability.
Discuss process by which credit history of customers is analyzed with credit manager. Take a sample of new customers and review customer file for evidence of the credit manager's review. For the sample, compare customer financial stability information to the company's pre-established criteria for granting credit and investigate any deviations from the policy.
Review of drafts of the financial statements
Ensure that all revenue-related disclosures are made in the financial statements.
Review of aging of accounts receivable with the credit manager.
Ensure that the allowance for uncollectible accounts is properly stated (accuracy, valuation, and allocation).
Review of bank confirmations and loan agreements
Ensure that the entity has legal title to accounts receivable (rights and obligations).
Adam Signoff-On, CPA, was auditing Defense Industries, Inc. Signoff-On sent positive accounts receivable confirmations to a number of Defense's government customers. He received a number of returned confirmations marked "We do not confirm balances because we are on a voucher system." List alternative procedures that Signoff-On might use to ensure the validity of these accounts.
In addition to sending second requests, Signoff-On can perform the following audit procedures: • Examination of subsequent cash receipts. • Examination of the customer orders, shipping documents, and duplicate sales invoices. • Examination of other entity documentation
Koss Corporation: Where were the internal controls? (Refer back to Problem 4-33 for the basic facts on the Koss Corporation embezzlement.) On September 2, 2010, the Securities & Exchange Commission brought an action against Sujata Sachdeva, vice president of finance, and Koss senior accountant and subordinate, Julie Mulvaney, who allegedly helped her cover up the fraudulent scheme. The SEC alleged that Sachdeva and Mulvaney caused Koss to submit false and misleading financial statements. Sachdeva regularly relied on Mulvaney to reconcile the cash shortfalls and to balance the books. Sachdeva and Mulvaney primarily hid the embezzlement by making false entries on the company's general journal. For example, the false journal entries disguised the theft by overstating assets, expenses, and cost of sales, and understating liabilities and sales. Mulvaney maintained binders that detailed numerous false journal entries that were made to the company's accounting books and records. With those entries, Mulvaney reclassified company funds—with no supporting documentation and no legitimate explanation. Mulvaney also maintained a series of folders that included documentation of over 100 fraudulent transactions that were included in the company's accounting books and records. Sachdeva and Mulvaney were able to hide the substantial embezzlements in part because the company did not adequately maintain internal controls to reasonably assure the accuracy and reliability of financial reporting. Koss's internal controls policy required Michael Koss to approve invoices of $5,000 or more for payment. However, Koss allegedly delegated duties typically done by the CFO to Sachdeva on a regular basis. Koss also had little or no educational background or experience in accounting or finance. Many of the cashier's checks exceeded $5,000, and some exceeded $100,000. However, its controls did not prevent Sachdeva and Mulvaney from processing large wire transfers and cashier's checks outside of the accounts payable system to pay for Sachdeva's personal purchases without seeking or obtaining Michael Koss's approval. In addition, many account reconciliations were not prepared, maintained, or reviewed as part of Koss's accounting records. Koss's computerized accounting system was almost 30 years old. Sources: SEC Complaint, US Securities and Exchange Commission v. Sujata Sachdeva, and Julie Mulvaney, August 31, 2010; SEC, Accounting and Auditing Enforcement Release No. 3330/October 24, 2011; and SEC v. Koss Corporation and Michael J. Koss, Civil Case No. 2:11-cv-00991, USDC, E.D., Wisc. Required: List the major internal controls that were absent within Koss Corporation's internal control system.
In their complaint against Koss Corporation, the SEC noted the following internal control deficiencies: • Lack of segregation of duties over disbursements and bank reconciliations. • Old and weak accounting system, leaving little audit trail and enabling post-closing entries, among other weaknesses. • Lack of documentation for journal entries. • Failure to perform monthly bank reconciliations. • Lack of required review of wire transfers prior to execution (note the distinction between a preventive policy and a preventive control). • Lack of an after-the-fact review of journal entries. • Lack of detailed review of financial information by CEO (very cursory). • Insufficient monthly analytical procedures (e.g., no monitoring of even gross margins). • Failure to change passwords on a regular basis, along with other IT security and control deficiencies.
Dixon, Illinois: Using Public Funds to Support a Show Horse Operation. On February 14, 2013, former city comptroller and treasurer of Dixon, IL, Rita Crundwell was sentenced to 191̸2 years in prison for diverting $53 million from city funds for her own benefit. It appears that the fraud began in 1990 at a relatively small amount, but the level of her embezzlements increased significantly in the last years of the embezzlement (e.g., in 2008 she embezzled $5.8 million). Crundwell used the proceeds to finance her horse breeding business and her lavish lifestyle. She purchased 400 horses, farms, trucks, a $2 million RV, and jewelry. Her position as city treasurer paid about $80,000 a year at the time of her arrest. Rita Crundwell was one of the most trusted people in Dixon, IL's city government. She started working for the finance department for the city while still in high school in 1970. In 1983, she was appointed as the comptroller/treasurer. As comptroller, Crundwell handled all of the finances for the city of Dixon. Crundwell participated in budget meetings for the city with other city council members and voiced a need for Dixon to make spending cuts due to a lack of sufficient funds. Many of the city officials who held elected position were not full-time employees of the city. The process by which Crundwell was able to obtain the funds was not extremely complicated. According to the indictment, Crundwell opened a bank account at Fifth Third Bank in 1990 in the name of the city of Dixon and RSCDA (Reserve Sewer Capital Development Account). That account appeared to be for the benefit of the city of Dixon, but Crundwell was the only signatory and the only person who wrote checks from that account. Crundwell was able to deposit city funds from other sources into the Capital Development Fund account. After she created false invoices, Crundwell would write checks from that fund payable to "Treasurer." She then deposited those checks directly into the RSCDA account. The Fifth Third Bank assumed the money in the RSCDA account was for the city. Crundwell repeatedly transferred city funds into the RSCDA account and used the money to pay for her own personal and private business expenses. In October 2011, when Crundwell was away from work, another individual employed by the city of Dixon, requested Fifth Third Bank to forward all of the city's bank statements. This employee realized that the account appeared to be inappropriate and informed Mayor James Burke of the account. Burke determined that the account did not relate to any legitimate business of the city. Burke then notified the Federal Bureau of Investigation. In September 2013, the city announced it settled its lawsuit against the auditors and bank for $40 million. During the time of the fraud, Dixon's financial statements were audited by CliftonLarsonAllen (formerly Clifton Gunderson LLP). The firm agreed to pay $35.15 million and Fifth Third Bank agreed to pay $3.85 million. CliftonLarsonAllen conceded it shared in the "responsibility for the fact that the fraud was not detected." The attorney for the city stated that the Mayor also faulted Fifth Third Bank for violating banking standards by allowing Crundwell to open a city account in 1990 without proper documentation, even if employees knew she worked for the city. Sources: W. Pavlo, "Fmr Dixon, IL Comptroller, Rita Crundwell, Sentenced to 19 ½ Years In Prison," available online at: http://onforb.es/Yb217S; M. Jenco, "Dixon blames phony invoices, lax auditors for $54M fraud," Chicago Tribune (September 27, 2013); United States District Court Northern District of Illinois Western Division, United States of America v. Rita A. Crundwell, Criminal Complaint, April 13, 2012; S. R. Strahler, "How Dixon's auditors missed the biggest embezzler of all time," (February 2, 2013), ChicagoBusiness.com. Required: Identify the internal control deficiencies that allowed the fraud to occur and to continue for such a long period of time.
Many of the same issues found in the Koss fraud existed in the Dixon, IL fraud. • Lack of segregation of duties. • Little oversight or monitoring by the part-time city administrators. • Ability to deposit funds from one account to another without approval or review. • Lack of review of bank statements and reconciliations. • It does not appear that the city had a mandatory vacation policy where someone performed Crundwell's job.
Relies on the auditor's judgement to determine sample size, select the sample, or evaluate the results
Nonstatistical sampling
All checks received must be restrictively endorsed
Observe person opening the mail to see that checks are restrictively endorsed immediately. Take a sample of checks received and note that endorsement is restrictive (i.e., For Deposit Into Acct XX Only)
Prenumbered invoices and remittance advices are used
Observe that invoices and advices are pre-numbered. Discuss process by which document sequence is monitored with management. If invoices and remittance advices are numbered by the IT system, verify that the system sequentially numbers the documents and will not allow the same document number to be used twice
Segregation of the following duties: receiving payment, recording and delivering to bank
Observe that these duties are separate. Take a sample of deposits and verify that person signing deposit slip is different than person recording the payment as received and person delivering payments to bank.
Adam Signoff-On, CPA, was auditing Defense Industries, Inc. Signoff-On sent positive accounts receivable confirmations to a number of Defense's government customers. He received a number of returned confirmations marked "We do not confirm balances because we are on a voucher system." Assuming all the procedures you list are viable options for the Defense audit, which procedure do you believe provides the highest-quality evidence and why?
Of the three procedures listed, examination of subsequent cash receipts provides the highest quality evidence. If the customer has paid the accounts receivable, it provides strong evidence that the receivable was valid.
Pre-numbered checks
Review checks to see that they are pre-numbered. Discuss with management the process by which the check sequence is monitored. If checks are numbered by the IT system, verify that the system sequentially numbers checks and will not allow the same check number to be used twice.
All or a subset of the items that constitute the class of transactions
Sampling population
The possibility that the sample drawn is not representative of the population and leads to an incorrect conclusion
Sampling risk
Jenny Jacobs, CPA, is planning to use attribute sampling in order to determine the degree of reliance to be placed on an entity's system of internal control over sales. Jacobs has begun to develop an outline of the main steps in the sampling plan as follows: 1. State the test objectives (for example, to test the reliability of internal controls over sales). 2. Define the population (the period covered by the test, the sampling unit, the completeness of the population). 3. Define the sampling unit (for example, sales invoices). What are the remaining steps in the outline that Jacobs should include in the statistical test of sales invoices?
Table 8-2 provides 7 steps in attribute sampling. The list in Table 8-2 includes Jenny's step 3 within the second step of attributes sampling. The remaining steps of attribute sampling are as follows: • Define remaining population characteristics—define the control deviation conditions. • Determine sample size, using the following inputs. • Determine the desired confidence level. • Determine the tolerable deviation rate. • Determine the expected population deviation rate. • Select sample items. • Perform the audit procedures—understand and analyze any deviations observed. • Calculate the sample deviation and computed upper deviation rates. • Draw final conclusions.
Shipment of goods must be accompanied by a customer order
Take a sample of bills of lading and vouch each to associated customer order.
Disbursement must be accompanied by supporting documents: purchase order, receiving document, and vendor invoice
Take a sample of cash disbursements from the disbursements journal and vouch each entry to associated check, purchase order, receiving document and vendor invoice.
Deface documents when an invoice has been paid and match amount paid to the invoice amount
Take a sample of cash receipts and vouch to invoice. Note defacement and that amount received matches associated invoice.
Only authorized personnel can sign checks.
Take a sample of checks and verify that appropriate personnel have signed each check.
All sales must be authorized by a credit manager. Existing customers have general authorization up to the credit limit.
Take a sample of customer orders on credit and verify that initials of appropriate personnel (given the customer and amount of credit) are present in proper location on order. Run a query to identify all customers who have exceeded their credit limit. (depending on how many come from query) Test a sample of those who have exceeded their credit limit and obtain evidence of approval.
Pricing must be consistent with an authorized price list.
Take a sample of invoices and verify that prices are consistent with authorized price list.
A manager must authorize returns (segregation of duties): authorization of the return, recording of the return, the receipt of the return, and disbursement
Take a sample of large dollar amount returns over the cut-off amount. Verify that the appropriate level of management approved the return as evidence by initial and date. Understand procedures and observe duties being performed.
Authorized purchasing agents have maximum and minimum purchasing limits. Purchases made outside of the limits must be authorized by the department manager
Take a sample of purchases both above and below the purchase limits to determine if authorized by the appropriate department manager.
A/P is recorded once you have a receiving document signed by both the freight carrier & receiving clerk
Take a sample of receiving documents and verify that it is signed by the freight carrier and receiving clerk. Trace the receiving document to the vendor invoice and the A/P Trial Balance. (if concerned about it being recorded without the receiving document) Take a sample from the AP trial balance and tie to the vendor invoice and the receiving document noting signatures of both parties.
For returns without receipts, customers are granted company credit only.
Take a sample of recorded returns and note those for which customer had no receipt. Review credit memo to ensure that any selected "no receipt" returns were given store credit.
The customer returning goods must have original document from sale.
Take a sample of recorded returns and vouch each to a proof of purchase.
Shipping document is required to record all sales. BOL must be signed by freight carrier
Take a sample of recorded sales and vouch to the sales invoice and the BOL. Take a sample of BOLs and verify initials of carrier are present and dated.
Return periods are for a pre-specified length of time and items accepted as returns must be unopened
Take a sample of returns and ensure that the original date of purchase is within company guidelines (i.e., 30 days before the return date). Also, locate the items for those goods that were returned and not yet re-sold. Inspect item and note if it has ever been opened.
If merchandise is claimed to be defective, customers will only be able to return and exchange.
Take a sample of returns. For those returns of items for defectiveness, trace to credit memo to ensure that exchange was made (and that cash/credit was not granted).
Jenny Jacobs, CPA, is planning to use attribute sampling in order to determine the degree of reliance to be placed on an entity's system of internal control over sales. Jacobs has begun to develop an outline of the main steps in the sampling plan as follows: 1. State the test objectives (for example, to test the reliability of internal controls over sales). 2. Define the population (the period covered by the test, the sampling unit, the completeness of the population). 3. Define the sampling unit (for example, sales invoices). What are the advantages of using statistical audit sampling? (AICPA, adapted)
The advantages of using a statistical sampling methodology are that it helps the auditor (1) design an efficient sample, (2) measure the sufficiency of the evidence obtained, and (3) quantify sampling risk. By using a statistical sampling methodology, the auditor can limit sampling risk to an acceptable level.
The maximum deviation rate from a prescribed control that an auditor is willing to accept
Tolerable deviation rate
Price changes can only be made by an authorized person. Authorized personnel must have the password to make any price changes.
Try to enter in random passwords into the system where price changes are made. Inquire of company personnel regarding the granting and safekeeping of passwords to the system.
Segregation of duties b/w authorizing credit and writing off and selling product
Understand procedures and observe duties being performed. Take a sample of customer write-offs and verify authorized by someone other than who granted the credit.
Segregation of the following duties: ordering, receiving goods and making disbursement
Understand the procedures and observe duties performed. Take a sample of checks and related purchase orders and receiving documents and verify that check signer is different than person authorizing the order and receiving the goods.
Select a sample of shipping documents for a few days before and after year-end.
Verify that all accounts receivable are recorded in the correct period (cutoff).
After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because the auditor a. Believes the internal controls are unlikely to be effective. b. Determines that the pertinent internal control components are not well documented. c. Performs tests of controls to restrict detection risk to an acceptable level. d. Identifies internal controls that are likely to prevent material misstatements.
a
An auditor should perform alternative procedures to substantiate the existence of accounts receivable when a. No reply to a positive confirmation request is received. b. No reply to a negative confirmation request is received. c. The collectibility of the receivables is in doubt. d. Pledging of the receivables is probable.
a
In auditing a public company, Natalie, an auditor for N. M. Neal & Associates, identifies four deficiencies in ICFR. Three of the deficiencies are unlikely to result in financial misstatements that are material. One of the deficiencies is reasonably likely to result in misstatements that are not material but significant. What type of audit report should Natalie issue? a. An unqualified report. b. An adverse report. c. A disclaimer of opinion. d. An exculpatory opinion.
a
Questions 8-15 and 8-16 are based on the following information: An auditor desired to test credit approval on 10,000 sales invoices processed during the year. The auditor designed a statistical sample that would provide 1 percent risk of assessing control risk too low for the assertion that not more than 7 percent of the sales invoices lacked approval. The auditor estimated from previous experience that about 2½ percent of the sales invoices lacked approval. A sample of 200 invoices was examined, and 7 of them were lacking approval. The auditor then determined the computed upper deviation rate to be 8 percent. In the evaluation of this sample, the auditor decided to increase the level of the preliminary assessment of control risk because the a. Tolerable deviation rate (7 percent) was less than the computed upper deviation rate (8 percent). b. Expected population deviation rate (7 percent) was more than the percentage of errors in the sample (3½ percent). c. Computed upper deviation rate (8 percent) was more than the percentage of errors in the sample (3½ percent). d. Expected population deviation rate (2½ percent) was less than the tolerable deviation rate (7 percent).
a
Samples to test internal controls are intended to provide a basis for an auditor to conclude whether a. The controls are operating effectively. b. The financial statements are materially misstated. c. The risk of incorrect acceptance is too high. d. Materiality for planning purposes is at a sufficiently low level.
a
The negative request form of accounts receivable confirmation is useful particularly when - The Assessed Level of Control Risk Relating to Receivables Is - The Number of Small Balances Is - Consideration by the Recipient Is a. Low High Likely b. Low Low Unlikely c. High Low Likely d. High High Likely
a
The risk of incorrect acceptance relates to the a. Effectiveness of the audit. b. Efficiency of the audit. c. Planning materiality. d. Allowable risk of tolerable misstatement.
a
When assessing the tolerable deviation rate, the auditor should consider that, while deviations from control procedures increase the risk of material misstatements, such deviations do not necessarily result in misstatements. This explains why a. A recorded disbursement that does not show evidence of required approval may nevertheless be a transaction that is properly authorized and recorded. b. Deviations would result in errors in the accounting records only if the deviations and the misstatements occurred on different transactions. c. Deviations from pertinent control procedures at a given rate ordinarily would be expected to result in misstatements at a higher rate. d. A recorded disbursement that is properly authorized may nevertheless be a transaction that contains a material misstatement.
a
Which of the following audit techniques would most likely provide an auditor with the least assurance about the effectiveness of the operation of a control? a. Inquiry of entity personnel. b. Reperformance of the control by the auditor. c. Observation of entity personnel. d. Walkthrough.
a
Which of the following most likely represents a weakness in internal control of an IT system? a. The systems analyst reviews output and controls the distribution of output from the IT department. b. The accounts payable clerk prepares data for computer processing and enters the data into the computer. c. The systems programmer designs the operating and control functions of programs and participates in testing operating systems. d. The control clerk establishes control over data received by the IT department and reconciles control totals after processing.
a
Which of the following statements concerning control deficiencies is true? a. The auditor should communicate to management, in writing, all control deficiencies in internal control identified during the audit. b. All significant deficiencies are material weaknesses. c. All control deficiencies are significant deficiencies. d. An auditor must immediately report material weaknesses and significant deficiencies discovered during an audit to the PCAOB.
a
Following are examples of control deficiencies that may represent significant deficiencies or material weaknesses. For each control deficiency, indicate whether it is a significant deficiency or material weakness. Justify your decision. The entity uses a standard sales contract for most transactions. Individual sales transactions are not material to the entity. Sales personnel are allowed to modify sales contract terms. The entity's accounting function reviews significant or unusual modifications to the sales contract terms but does not review changes in the standard shipping terms. The changes in the standard shipping terms could require a delay in the timing of revenue recognition. Management reviews gross margins on a monthly basis and investigates any significant or unusual relationships. In addition, management reviews the reasonableness of inventory levels at the end of each accounting period. The entity has experienced limited situations in which revenue has been inappropriately recorded in advance of shipment, but amounts have not been material.
a) Based only on these facts, this deficiency represents a significant deficiency for the following reasons: First, the deficiency satisfies Box 1 - it relates to a financial statement assertion. Second, the controls do not effectively address the detection of misstatements as evidenced by situations in which transactions that were not material were improperly recorded. Therefore, there is a reasonable possibility that a misstatement could occur. Thus, the answer to Box 2 is "yes." In addressing Box 3, the magnitude of a financial statement misstatement resulting from this deficiency would reasonably be expected to be significant but not material because individual sales transactions are not material. Furthermore, the risk of material misstatement is limited to revenue recognition errors related to shipping terms as opposed to broader sources of error in revenue recognition. Thus, the answer to Box 3 is "no." Because the misstatements that could occur from this deficiency are significant, the answer to Box 4 is "yes." However, the possible misstatements are not material so the answer to Box 6 is "no," leading to a conclusion of a significant deficiency. It should be noted that there is a compensating detective controls that operates monthly and at the end of each financial reporting period that should reduce the likelihood of a material misstatement going undetected. However, the compensating detective controls are only designed to detect material misstatements.
For each of the following independent situations, indicate the type of report on ICFR you would issue. Justify your report choice. a. Hansen, Inc., has restated previously issued financial statements to reflect the correction of a misstatement. b. Shu & Han Engineering does not have effective oversight of the entity's external financial reporting. c. Kim Semiconductor has an ineffective audit committee. d. The internal audit function at Smith Components, a very large manufacturing company, was ineffective. The entity's auditor has determined that the internal audit function needed to be effective in order for the entity to have an effective monitoring component. e.The auditors of Benron identified significant financial statement fraud by the entity's chief financial officer. f. Conroy Trucking Company has an ineffective control environment. g. Edwards & Eddins, CPAs, communicated significant deficiencies to Waste Disposal's management and the audit committee for the last two years. At the end of the current year, these significant deficiencies remain uncorrected.
a) If the misstatement resulted in a restatement of the financial statements, the misstatement would likely be considered material. Material misstatements are strong indicators of material weaknesses, thus necessitating an adverse opinion. b) If other controls over financial reporting are present, the auditor may issue an unqualified opinion. However, in most cases when oversight is considered seriously deficient, an adverse opinion would be issued. c) The auditor would most likely issue an adverse opinion because of the importance of the audit committee in the control process. d) If the ineffective monitoring component is a material weakness, then an adverse opinion should be issued. Because the auditor determined that an effective internal audit function was critical to effective monitoring, an adverse opinion would most likely be considered appropriate. e) The significance of financial fraud by the CFO is a material weakness and an adverse opinion should be issued. f) Depending on the amount of risk of material misstatement due to the ineffective control environment, the auditor will issue an adverse opinion or an unqualified opinion. In most cases, an ineffective control environment will result in an adverse opinion because it is considered a pervasive entity-level control. g) Given the lack of management's concern for internal control, which can be considered a control environment issue, an adverse opinion would most likely be issued, depending on the nature and severity and the combined effect of the significant deficiencies that were left uncorrected.
For each of the following independent situations relating to the audit of ICFR, indicate the reason for and the type of audit report you would issue. a. During the audit of Wood Pharmaceuticals, you are surprised to find several control deficiencies in the entity's internal control. You determine that there is a reasonable possibility that any one of them could result in a misstatement that is significant. Although the odds are extremely low that the deficiencies, singly or taken together, will result in a material misstatement of the entity's financial statements, the large number of problems causes you concern. Management's written assessment concludes that the entity's ICFR was effective as of the report date. b. You agreed to perform an audit for Rodriguez & Co., after the entity's year-end. Due to time constraints, your audit firm could not complete a full audit of ICFR. However, the evidence you did collect suggests that the entity has exceptionally strong ICFR. You seriously doubt that a material weakness would have been found if time had permitted a more thorough audit. Management's written assessment concludes that the entity's ICFR was effective as of the report date. c. George & Diana Company's internal audit function identified a material weakness in the entity's ICFR. The entity corrected this weakness about four months prior to the end of the annual reporting period. Management reassessed controls in the area and found them effective. After reevaluating and retesting the relevant controls, you believe the controls to have been effective for a sufficient period of time to provide adequate evidence that they were designed and operating effectively as of the end of the entity's reporting period. Management's written assessment concludes that the entity's internal control was effective as of the report date. d. Reynolds' Distilleries identified what you agree is a material weakness and made an adverse assessment in its report on ICFR. The entity had not corrected the material weakness as of the end of the reporting period. e. Cindy & David Company's management identified a material weakness in the entity's ICFR during its assessment process. The entity corrected this weakness about a month prior to the end of the annual reporting period. Management reassessed controls in the area and believes they were effective as of the end of the reporting period. After reevaluating and retesting the relevant controls, you agree that the new controls are well designed, but since the controls over this particular area are applied only once at the end of each month (i.e., the controls have only operated two times since being corrected), you do not believe you have sufficient audit evidence to assess their operating effectiveness. Management's written assessment concludes that the entity's internal control was effective as of the report date. f. During the audit of ICFR for Big Al & Larry Industries, you discover several control deficiencies. You determine that there is more than a reasonable possibility that any one of them could result in a financial statement misstatement. Although you do not believe that any of the deficiencies taken individually will result in a material misstatement, you believe there is a moderately low likelihood that, taken together, the deficiencies could produce a material misstatement. Management's written assessment concludes that the entity's internal control was effective as of the report date.
a) The auditor would most likely issue an unqualified opinion on the effectiveness of internal control. Significant deficiencies do not necessitate an adverse opinion. In this case, the likelihood is extremely low that the deficiencies taken individually or together will result in a material misstatement, meaning that there is no material weakness. If the significant deficiencies remain uncorrected in future years, the auditor may conclude that management's attitude toward internal control reflects a poor control environment and may issue an adverse opinion in that future period. b) A disclaimer of opinion on the effectiveness of internal control because the auditor has a scope limitation. The auditor must have sufficient appropriate evidence to conclude that the entity's ICFR is effective—surmising based on partial results does not constitute a high level of assurance. c) Unqualified opinion on the effectiveness of internal control. The audit of internal control is "as of" the report date. In other words, so long as the auditor has sufficient evidence that the entity's internal control was operating effectively as of the end of the reporting period, an unqualified opinion can be expressed. This gives management an opportunity to remediate weaknesses and avoid an adverse opinion so long as enough time is left for management to reassess and for the auditor to retest controls and obtain sufficient competent evidence that controls were effective as of the report date. d) An adverse opinion with respect to effectiveness of ICFR. The presence of a material weakness as of the report date necessitates an adverse opinion with respect to internal control. e) The auditor would most likely issue a disclaimer on the effectiveness of internal control due to a scope limitation. The auditor's inability to collect sufficient data to assess the operating effectiveness of the control constitutes a scope limitation, and the opinion should be modified accordingly. However, after the auditor completes testing in the following year and if controls were found to be operating effectively, an interim report on the effectiveness of internal controls could be issued. f) Adverse opinion on the effectiveness of internal control. Because the significant deficiencies identified, taken together, produce a "moderately low" risk of material misstatement in the financial statements, this likelihood assessment is within the range of "reasonably possible," and thus, this combination of deficiencies is considered a material weakness.
A control deviation caused by an employee performing a control procedure that he or she is not authorized to perform is always considered a a. Deficiency in design. b. Deficiency in operation. c. Significant deficiency. d. Material weakness.
b
An auditor's flowchart of an entity's accounting system is a diagrammatic representation that depicts the auditor's a. Program for tests of controls. b. Understanding of the system. c. Understanding of the types of fraud that are probable, given the present system. d. Documentation of the study and evaluation of the system.
b
Assessing control risk below high involves all of the following except a. Identifying specific controls to rely on. b. Concluding that controls are ineffective. c. Performing tests of controls. d. Analyzing the achieved level of control risk after performing tests of controls.
b
Based on the information above, the planned allowance for sampling risk was a. 5½ percent. b. 4½ percent. c. 3½ percent. d. 1 percent.
b
Considering each independently, a change in which of the following sample planning factors would influence the sample size for a substantive test of details for a specific account? - Expected Misstatement - Tolerable Misstatement a. No Yes b. No Yes c. No Yes d. Yes No
b
How would increases in tolerable misstatement and assessed level of control risk affect the sample size in a substantive test of details? - Increase in Tolerable Misstatement - Increase in Assessed Level of Control Risk a. Decrease sample size Decrease sample size b. Increase sample size Increase sample size c. Decrease sample size Increase sample size d. Decrease sample size Increase sample size
b
If the financial reporting risks for a location are low and the entity has good entity-level controls, management may rely on which of the following for its assessment? a. Document and test controls over specific risks. b. Self-assessment processes in conjunction with entity-level controls. c. Document and test entity-level controls over the entire entity. d. Selective control test at that location.
b
In evaluating the adequacy of the allowance for doubtful accounts, an auditor most likely reviews the entity's aging of receivables to support management's financial statement assertion of a. Existence. b. Valuation and allocation. c. Completeness. d. Rights and obligations.
b
Smith Corporation has numerous customers. A customer file is maintained and includes a customer record with a name, an address, a credit limit, and an account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. The best procedure for the auditor to follow would be to a. Develop test data that would cause some account balances to exceed the credit limit and determine if the system properly detects such situations. b. Develop a routine in IDEA or an audit data analytic to compare credit limits with account balances and identify any account with a balance exceeding its credit limit. c. Request a printout of all account balances so that they can be manually checked against the credit limits. d. Request a printout of a sample of account balances so that they can be individually checked against the respective credit limits.
b
The following table depicts the possible outcomes for the auditor's estimated computed upper deviation rate based on a sample relative to the auditor's tolerable deviation rate (i.e., the computed upper deviation rate will either be above or below the tolerable deviation rate). The table also depicts the two possible states of the actual population deviation rate compared with the auditor's tolerable deviation rate (the actual population deviation rate is unknown to the auditor). Auditor's Estimate Based on Sample Results Actual Population Deviation Rate Is Less Than Tolerable Deviation Rate Actual Population Deviation Rate Exceeds Tolerable Deviation Rate Computed upper deviation rate is less than tolerable deviation rate. 1 3 Computed upper deviation rate exceeds tolerable deviation rate. 2 4 Suppose as a result of sample testing of controls, an auditor assesses control risk higher than necessary given the actual (but unknown) population deviation rate and thereby increases substantive testing. This is illustrated by which of the four possible outcome conditions in the table above? a. 1. b. 2. c. 3. d. 4.
b
The highest-quality and most reliable audit evidence that segregation of duties is properly implemented is obtained by a. Inspection of documents prepared by a third party but which contain the initials of those applying entity controls. b. Observation by the auditor of the employees performing control activities. c. Inspection of a flowchart of duties performed and available personnel. d. Inquiries of employees who apply control activities.
b
Following are examples of control deficiencies that may represent significant deficiencies or material weaknesses. For each control deficiency, indicate whether it is a significant deficiency or material weakness. Justify your decision. The entity has a standard sales contract, but sales personnel frequently modify the terms of the contract. The nature of the modifications can affect the timing and amount of revenue recognized. Individual sales transactions are frequently material to the entity, and the gross margin can vary significantly for each transaction. The entity does not have procedures in place for the accounting function to regularly review modifications to sales contract terms. Although management reviews gross margins on a monthly basis, the significant differences in gross margins on individual transactions make it difficult for management to identify potential misstatements. Improper revenue recognition has occurred, and the amounts have been material.
b) Based only on these facts, this deficiency represents a material weakness for the following reasons: First, the deficiency satisfies Box 1 - it relates to a financial statement assertion. Second, the controls do not effectively address the detection of misstatements as evidenced by improper revenue recognition that has occurred. Therefore, the likelihood of material misstatements occurring is probable. Thus, the answer to Box 2 is "yes." The answer to Box 3 is "yes" since the magnitude of a financial statement misstatement resulting from this deficiency would reasonably be expected to be material. Individual sales transactions are frequently material and gross margin can vary significantly with each transaction. The answer to Box 5 is "no" since the compensating detective controls based on a reasonableness review are ineffective. Taken together, the magnitude and likelihood of misstatement of the financial statements resulting from this internal control deficiency meet the definition of a material weakness (Box 6).
An advantage of statistical sampling over nonstatistical sampling is that statistical sampling helps an auditor to a. Eliminate the risk of nonsampling errors. b. Reduce audit risk and materiality to a relatively low level. c. Measure the sufficiency of the evidential matter obtained. d. Minimize the failure to detect errors and fraud.
c
AnnaLisa, an auditor for N. M. Neal & Associates, is prevented by the management of Lileah Company from auditing controls over inventory. Lileah is a public company. Management explains that controls over inventory were recently implemented by a highly regarded public accounting firm that the entity hired as a consultant and insists that it is a waste of time for AnnaLisa to evaluate these controls. Inventory is a material account, but procedures performed as part of the financial statement audit indicate the account is fairly stated. AnnaLisa found no material weaknesses in any other area of the entity's internal control relating to financial reporting. What kind of report should AnnaLisa issue on the effectiveness of Lileah's internal control? a. An unqualified report. b. An adverse report. c. A disclaimer of opinion. d. An exculpatory opinion.
c
As a result of sampling procedures applied as tests of controls, an auditor incorrectly assesses control risk lower than appropriate. The most likely explanation for this situation is that a. The deviation rates of both the auditor's sample and the population exceed the tolerable deviation rate. b. The deviation rates of both the auditor's sample and the population are less than the tolerable deviation rate. c. The deviation rate in the auditor's sample is less than the tolerable deviation rate, but the deviation rate in the population exceeds the tolerable deviation rate. d. The deviation rate in the auditor's sample exceeds the tolerable deviation rate, but the deviation rate in the population is less than the tolerable deviation rate.
c
Entity-level controls can have a pervasive effect on the entity's ability to meet the control criteria. Which one of the following is not an entity-level control? a. Controls to monitor results of operations. b. Management's risk assessment process. c. Controls to monitor the inventory taking process. d. The period-end financial reporting process.
c
For the control activities to be effective, employees maintaining the accounts receivable subsidiary ledger should not also approve a. Employee overtime wages. b. Credit granted to customers. c. Write-offs of customer accounts. d. Cash disbursements.
c
In auditing ICFR for a public company, Emily finds that the entity has a significant subsidiary located in a foreign country. Emily's accounting firm has no offices in that country, and the entity has thus engaged another reputable firm to conduct the audit of internal control for that subsidiary. The other auditor's report indicates that there are no material weaknesses in the foreign subsidiary's ICFR. What should Emily do? a. Disclaim an opinion because she cannot rely on the opinion of another auditor in dealing with a significant subsidiary. b. Accept the other auditor's opinion and express an unqualified opinion, making no reference to the other auditor's report in her audit opinion. c. Accept the other auditor's opinion after evaluating the auditor's work and make reference to the other auditor's report in her audit opinion. d. Qualify the opinion because she is unable to conduct the testing herself, and this constitutes a significant scope limitation.
c
Regardless of the assessed level of control risk, an auditor would perform some a. Tests of controls to determine the effectiveness of internal controls. b. Analytical procedures to verify the design of internal controls. c. Substantive procedures to restrict detection risk for significant transaction classes. d. Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.
c
Significant deficiencies and material weaknesses must be communicated to an entity's audit committee because they represent a. Material fraud or illegal acts perpetrated by high-level management. b. Disclosures of information that significantly contradict the auditor's going concern assumption. c. Significant deficiencies in the design or operation of internal control. d. Potential manipulation or falsification of accounting records.
c
Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent a. Disclosures of information that significantly contradict the auditor's going concern assumption. b. Material fraud or illegal acts perpetrated by high-level management. c. Significant deficiencies in the design or operation of the internal control. d. Manipulation or falsification of accounting records or documents from which financial statements are prepared.
c
Which of the following combinations results in the greatest decrease in sample size in an attribute sample for a test of controls? - Desired Confidence Level - Tolerable Deviation Rate - Expected Population Deviation Rate a. Decrease Decrease Increase b. Increase Increase Decrease c. Decrease Increase Decrease d. Decrease Increase Increase
c
Which of the following controls would most likely be tested during an interim period? a. Controls over nonroutine transactions. b. Controls over the period-end financial reporting process. c. Controls that operate on a continuous basis. d. Controls over transactions that involve a high degree of subjectivity.
c
Which of the following internal controls would be most likely to deter the lapping of collections from customers? a. Independent internal verification of dates of entry in the cash receipts journal with dates of daily cash summaries. b. Authorization of write-offs of uncollectible accounts by a supervisor independent of the credit approval function. c. Segregation of duties between receiving cash and posting the accounts receivable ledger. d. Supervisory comparison of the daily cash summary with the sum of the cash receipts journal entries.
c
Which of the following is not a factor that might affect the likelihood that a control deficiency could result in a misstatement in an account balance? a. The susceptibility of the related assets or liability to loss or fraud. b. The interaction or relationship of the control with other controls. c. The financial statement amounts exposed to the deficiency. d. The nature of the financial statement accounts, disclosures, and assertions involved.
c
Following are examples of control deficiencies that may represent significant deficiencies or material weaknesses. For each control deficiency, indicate whether it is a significant deficiency or material weakness. Justify your decision. The entity has a standard sales contract, but sales personnel frequently modify the terms of the contract. Sales personnel frequently grant unauthorized and unrecorded sales discounts to customers without the knowledge of the accounting department. These amounts are deducted by customers in paying their invoices and are recorded as outstanding balances on the accounts receivable-aging. Although these amounts are individually insignificant, when added up they are material and have occurred regularly over the past few years.
c) Based on only these facts, this deficiency represents a material weakness for the following reasons: First, the deficiency satisfies Box 1 - it relates to a financial statement assertion. Second, the likelihood of material misstatement of the financial statements resulting from this internal control deficiency is reasonably possible (even assuming that the amounts were fully reserved for in the company's allowance for uncollectible accounts) due to the likelihood of material misstatement of the gross accounts receivable balance (Box 2 is answered "yes"). The magnitude of a financial statement misstatement resulting from this deficiency would reasonably be expected to be material, because the frequency of occurrence allows insignificant amounts to become material in the aggregate (Box 3 is answered "yes"). The answer to Box 5 is "yes" since there are no compensating controls present. It is concluded that a prudent official would deem this deficiency to be a material weakness (answer to Box 6 is "yes").
A number of factors influence the sample size for a substantive test of details of an account balance. All other factors being equal, which of the following would lead to a larger sample size? a. Greater reliance on internal controls. b. Greater reliance on analytical procedures. c. Smaller expected frequency of misstatements. d. Smaller amount of tolerable misstatement.
d
A primary advantage of using generalized audit software packages to audit the financial statements of an entity that uses an IT system is that the auditor may a. Consider increasing the use of substantive tests of transactions in place of analytical procedures. b. Substantiate the accuracy of data through self-checking digits and hash totals. c. Reduce the level of required tests of controls to a relatively small amount. d. Access information stored on computer files while having a limited understanding of the entity's hardware and software features.
d
A walkthrough is one procedure used by an auditor as part of the internal control audit. A walkthrough requires an auditor to a.Tour the organization's facilities and locations before beginning any audit work. b. Trace a transaction from every class of transactions from origination through the entity's information system. c. Trace a transaction from each major class of transactions from origination through the entity's information system. d. Trace a transaction from each major class of transactions from origination through the entity's information system until it is reflected in the entity's financial reports.
d
An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus? a. Data capture controls. b. Application controls. c. Output controls. d. General controls.
d
An auditor's primary consideration regarding an entity's internal controls is whether they a. Prevent Management Override b. Relate to the control environment. c. Reflect management's philosophy and operating style. d. Affect the financial statement assertions.
d
Assume an auditor is evaluating a statistical attribute sample of 50 items that resulted in three deviations. What should the auditor conclude if the tolerable deviation rate is 7 percent, the expected population deviation rate is 5 percent, and the allowance for sampling risk is 2 percent? a. The planned assessed level of control risk should be modified because the tolerable deviation rate plus the allowance for sampling risk exceeds the expected population deviation rate. b. The sample results should be accepted as support for the planned assessed level of control risk because the sample deviation rate plus the allowance for sampling risk exceeds the tolerable deviation rate. c. The sample results should be accepted as support for the planned assessed level of control risk because the tolerable deviation rate less the allowance for sampling risk equals the expected population deviation rate. d. The planned assessed level of control risk should be modified because the sample deviation rate plus the allowance for sampling risk exceeds the tolerable deviation rate.
d
Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective? a. Effectiveness and efficiency of operations. b. Reliability of financial reporting. c. Compliance with applicable laws and regulations. d. All of the above are correct.
d
Monitoring is a major component of the COSO Internal Control— Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component? a. Monitoring can be an ongoing process. b. Monitoring can be conducted as a separate evaluation. c. Monitoring and other audit work conducted by internal audit staff can reduce external audit costs. d. The independent auditor can serve as part of the entity's control environment and continuous monitoring.
d
SOC 1, Type 2 reports issued by the service organization's auditor typically a. Provide reasonable assurance that their financial statements are free of material misstatements. b. Ensure that the entity will not have any misstatements in areas related to the service organization's activities. c. Ensure that the entity is billed correctly. d. Assess whether the service organization's controls are suitably designed and operating effectively.
d
The Sarbanes-Oxley Act of 2002 requires management to include a report on the effectiveness of ICFR in the entity's annual report. It also requires auditors to report on the effectiveness of ICFR for large public companies. Which of the following statements concerning these requirements is false? a. The auditor should evaluate whether internal controls over financial reporting are designed and operating effectively. b. Management's report should state its responsibility for establishing and maintaining an adequate internal control system. c. Management should identify material weaknesses in its report. d. The auditor should provide recommendations for improving internal control in the audit report.
d
When auditors report on the effectiveness of internal control "as of" a specific date and obtain evidence about the operating effectiveness of controls at an interim date, which of the following items would be the least helpful in evaluating the additional evidence to gather for the remaining period? a. Any significant changes that occurred in internal control subsequent to the interim date. b. The length of the remaining period. c. The specific controls tested prior to the "as of" date and the results of those tests. d. The walkthrough of the control system conducted at interim.
d
Which of the following controls is most likely to help ensure that all credit revenue transactions of an entity are recorded? a. The billing department supervisor sends a copy of each approved sales order to the credit department for comparison to the customer's authorized credit limit and current account balance. b. The accounting department supervisor independently reconciles the accounts receivable subsidiary ledger to the accounts receivable control account each month. c. The accounting department supervisor controls the mailing of monthly statements to customers and investigates any differences reported by customers. d. The billing department supervisor matches prenumbered shipping documents with entries in the sales journal.
d
Which of the following statements about internal control is correct? a. A properly maintained internal control system reasonably ensures that collusion among employees cannot occur. b. The establishment and maintenance of internal control is an important responsibility of the internal auditor. c. An exceptionally strong internal control system is enough for the auditor to eliminate substantive procedures on a significant account balance. d. The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.
d
Which of the following statements is correct concerning statistical sampling in tests of controls? a. Deviations from controls at a given rate usually result in misstatements at a higher rate. b. As the population size doubles, the sample size should also double. c. The qualitative aspects of deviations are not considered by the auditor. d. There is an inverse relationship between the sample size and the tolerable deviation rate.
d