Grad Audit
wells fargo fraud: amount of fines
$185mm
wells fargo fraud: settlment amount
$3b
A financial statement audit client uses newly implemented custom software for several accounting systems. The auditor might consider using an information technology (IT) auditor to assist in which of the following? Understanding the designof internal controlsTesting the operating effectivenessof internal controls A. YesYes B. YesNo C. NoYes D. NoNo
A
According to the COSO integrated framework, policies and procedures that assist in achieving management directives would be examples of which element of internal control? A. Control activities. B. Control environment. C. Monitoring. D. Information and communication
A
An auditor discovered that a client's accounts receivable turnover is substantially lower for the current year than for the prior year. This may indicate that A. Fictitious credit sales have been recorded during the year. B. Employees have stolen inventory just before the year end. C. The client recently tightened its credit-granting policies. D. An employee has been lapping receivables in both years
A
An auditor has determined that a client has implemented well-designed internal controls over financial reporting. As a result, the auditor will most likely: A. Perform tests of controls and, if the results are satisfactory, reduce the reliance on substantive procedures. B. Reduce the reliance on substantive procedures without performing additional tests of controls. C. Perform substantive tests to determine whether the controls have been effective during the period being audited. D. Perform tests of controls to determine if there are control deficiencies that should be communicated to those charged with governance
A
Which of the following is an example of how specific internal controls in a database environment may differ from controls in a non-database environment? A. Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access. B. Controls over data sharing by diverse users within an entity should be the same for every user. C. The employee who manages the computer hardware should also develop and debug the computer programs. D. Controls can provide assurance that all processed transactions are authorized, but cannot verify that all authorized transactions are processed
A
Which of the following procedures would an auditor most likely perform when planning an audit? A. Make a preliminary judgment about materiality. B. Confirm a sample of the entity's accounts payable with known creditors. C. Obtain written representations from management that there are no unrecorded transactions.
A
Deficiency
A deficiency in ICFR exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
material weakness
A material weakness is a deficiency, or a combination of deficiencies, in ICFR, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis.
Significant Deficiency
A significant deficiency is a deficiency, or a combination of deficiencies, in ICFR that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.
Koss case: red flags of fraud
AR turnover AR high in June low customer payments in June money sent to AE reclass
what AS deals with output of risk assessment
AS 2110
responsibility for illegal acts
AS 2405 consider laws that have direct and material effect not auditors responsibility to report to investors unless changes our opinion
Which of the following procedures would an auditor most likely perform before the balance sheet date? A. Confirm with client's lawyer that all litigation probable of assertion has been disclosed to the auditor. B. Obtain an understanding of the client's internal control activities. C. Determine whether there are any liens or encumbrances on assets that have been pledged as collateral. D. Consider the client's plans and ability to meet imminent purchase commitments and cash flow obligations
B
Which of the following procedures would an auditor most likely perform in planning a financial statement audit? A. Inquire of the client's legal counsel concerning pending litigation. B. Compare the financial statements with anticipated results. C. Examine computer-generated exception reports to verify the effectiveness of internal control. D. Search for unauthorized transactions that may aid in detecting unrecorded liabilities
B
Which of the following statements is correct concerning analytical procedures used in planning an audit engagement? A. They often replace the tests of controls that are performed to assess control risk. B. They usually use financial and nonfinancial data aggregated at a high level. C. They usually involve the comparison of assertions developed by management to ratios calculated by an auditor. D. They are often used to develop an auditor's preliminary judgment about materiality
B
An auditor is performing an audit data analytic as a risk assessment procedure for all active sales divisions. The auditor determined that the results of the analysis were significantly different from the expected results because the data included a discontinued division for which other risk assessment procedures had already been planned. The auditor should A. Exclude the discontinued operation and reperform the analytic procedures. B. Raise the risk of material misstatement for the discontinued division. C. Include additional audit procedures related to the discontinued division. D. Obtain an explanation from the client about the significant difference
A
An auditor's primary consideration regarding an entity's internal control structure policies and procedures is whether the policies and procedures A. Affect the financial statements. B. Prevent management override. C. Relate to the control environment. D. Reflect management's philosophy and operating style.
A
Analytical procedures are required for which of the following? A. Audit planning. B. Tests of balances. C. Client retention decision. D. Internal control evaluation
A
Audit data analytics can be used in which of the following types of audit procedures? Risk assessmentTests of details A. YesYes B. YesNo C. NoYes D. NoNo
A
In an audit of a nonissuer's financial statements in accordance with generally accepted auditing standards, an auditor is always required to A. Document the auditor's understanding of the entity's internal control over financial reporting. B. Search for significant deficiencies in internal control over financial reporting. C. Perform tests of controls to evaluate the effectiveness of the entity's accounting system. D. Test to determine control procedures effectively prevent or detect material misstatements
A
Manual controls would most likely be more suitable than automated controls for which of the following? A. Large, unusual, or nonrecurring transactions. B. High-volume transactions that require additional calculations. C. Situations with routine errors that can be predicted and corrected. D. Circumstances that require a high degree of accuracy
A
The audit program usually cannot be finalized until the A. Consideration of the entity's internal control structure has been completed. B. Engagement letter has been signed by the auditor and the client. C. Internal control deficiencies have been communicated to the audit committee. D. Search for unrecorded liabilities has been performed and documented
A
Under which of the following circumstances would an auditor be most likely to assess control risk at the maximum level for certain assertions? A. Control policies and procedures are unlikely to relate to the assertions. B. The entity's control environment, accounting system, and control procedures are interrelated. C. Sufficient evidence to support the assertions is likely to be available. D. More emphasis on tests of controls than substantive tests is warranted
A
When applying analytical procedures during an audit, which of the following is the best approach for developing expectations? A. Identifying reasonable explanations for unexpected differences before talking to client management. B. Considering the pattern of several unusual changes without trying to explain what caused them. C. Comparing client data with client-determined expected results to reduce detailed tests of account balances. D. Considering unaudited account balances and ratios to calculate what adjusted balances should be
A
Which of the following analytical procedures most likely would be used during the planning of an audit? A. Comparing current-year to prior-year sales volumes. B. Reading the financial statements and notes and considering the adequacy of evidence. C. Comparing the current-year ratio of aggregate salaries paid to the number of employees to the prior-year's ratio. D. Reading the letter from the client's attorney and considering the threat of litigation
A
Which of the following factors most likely would heighten an auditor's concern about the risk of fraudulent financial reporting? A. Inability to generate cash flows from operations while reporting substantial earnings growth. B. Management's lack of interest in increasing the entity's stock trend. C. Large amounts of liquid assets that are easily convertible into cash. D. Inability to borrow necessary capital without granting debt covenant
A
Which of the following factors would a CPA ordinarily consider in the planning of an audit engagement? Financial statement accountslikely to contain a misstatementConditions that requireextension of audit tests A. YesYes B. YesNo C. NoYes D. NoNo
A
Which of the following is an example of an inherent risk that an auditor should consider? A. Technological developments that may render inventory obsolete. B. Posting of unauthorized journal entries. C. An incorrect formula in a worksheet used to calculate a LIFO inventory reserve. D. Inaccurate physical inventory coun
A
sales cycle - WCGW & co. responses: reported
WCGW: Incorrect amounts on FS Actions: account reconciliation, FS review
sales cycle - WCGW & co. responses: recorded
WCGW: incorrect prices, incorrect JE posting Actions: fixed price list
sales cycle - WCGW & co. responses: authorized
WCGW: sold to unauthorized customer Actions: if sufficent credit, authorized if not, go to credit mgr for approval
sales cycle - WCGW & co. responses: processed
WCGW: unauthorized shipment, premature rev rec Actions: three-way match
opportunities from COVID - Fraud
WFH less supervision budgets decreasing
ITGC: maintenance/operation control
backup, recovery
Koss case: auditor responses to fraud
bank statement review test of cash SURL AR confirmations
how auditors approach risk assessment (video)
be broad change audit procedures based on riskass
what to do if auditor cannot attend inventory count at all
camera systems with live video feeds if risk cannot be reduced, scope limitation
reliance efficiency
can test at interim dual purpose -used as both ToC and subsantive test extent of testing -can use sample size of 1
when do scope limitations for inventory happen
clients cant perform invntory count auditors unable to obtain suff. app. evidence
reel wheel case: company name
coliseum entertainment corp
who is responsible for ITGCs
combo of IT and various business groups within an entity
who established controls
company
examples of bad riskass
comparing invoice to contract w/o receiving shipping docs limiting revenue tests to those greater than certain amount or near YE
mgmt assertion: an invoice for inventory purchased and received was not sent by the vendor. consequentyly a JE was not made to reflect this purchase
completeness
application control
controls relating to procedures used to process transactions help verify trans. ocurred, authorized and completely and accurately recorded
con of audit data analytics
cost of upscaling employees false positives
sales cycle - actions: initiated
customer places order -> captured in sales order database
preventive or detective & corrective: changes to data made by users other than IT are logged and compared with requests and approvals for those changes by ppl without access to make changes
d and c
preventive or detective & corrective: changes to key configs are logged and log is reviewed by knowledgeable pople who cannot change configs being monitored
d and c
preventive or detective & corrective: logs of activities of ppl with access that created seg of duties concerns are reviewed by knowledgeable ppl who do not have such access or the changes are matched to approvals
d and c
preventive or detective & corrective: passwords and other key security settings are verified quarterly for approprite settings as defined by policy
d and c
pros of using drone technology and automated software
decrease time perform from home make it safer in dangerous environments
not material or significant but reasonably possible misstatement
deficiency
test of details
detailed verification of transactions, accts, disclosures
types of substantive procedures
details substantive analytical
SAP steps
develop independent expectation define tolerable difference compare expectation to recorded amount investigate difference
substantive strategy
dont test controls focus on substantive testing
ITGC: access control example
duo mobile
examples of application control
edit checks and validations calculations interfaces authorizations
reliance strategy
efficient test controls required for ICFR audits
Koss case: what was the fraud
embezzlement
audit planning: engagement partner is responsible for
engagement and performance
what do preliminary analytical procedures do
enhance understanding of co. identify areas of specific risk
COVID - auditor considerations
enhancing direction of less experienced increasing involvement of more senior involving specialists
what does control testing encompass
entitys control environment IT architecture and components people processes
PESTLE: economic
exchange rates, eco growth, inflation, interest, cost of living
Rationalizations from COVID - fraud
explore more opps to commit fraud
is PESTLE internal or external
external
where of risk assessment
external -laws and regs, industry, natural disasters internal -nature of co., internal control, activities
COVID - frauds that are heightened
ficticious revenue fraudulent mgmt estimates improper timing of revenue fraudulent federal relief program applications
indirect and material illegal acts example
fine from illegal acts
material weakness indicators
fraud by senior mgmt restatement of FS due to correction or misstatement identificaiton of mat. misstmt in current period ineffective audit committee
wells fargo fraud: what was it
fraudulent sales practices created accounts without customer knowledge
both reliance and substantive strategy require what
gain understanding of IC
challenges of using video for inventory count
hard to see physical condition who should hold camera
controls do what
help an org get it right
Koss case: how did fraud happen/accounts affected
hide it in AR and customer payments in June lower sales increase COGS, decrease inventory
escape room case: industry volatility
high tech advances
auditors objective for understanding business environment
identify and appropriately assess RoMM
what/output of risk assessment
identify business risk that could result in RoMM -industry developments -biz expansion -new accounting requirements -new products -reg. changes -financing requirements
purpose of substantive procedures
identify material misstmts in transactions accts and disclosures
what to do if can't access controls
increase substantive testing scope limitation
what are ITGC
information technology general controls controls that protect an entity's data and IT systems
classes of transactions
initiated approval/authorized processed recorded reported
reel wheel case: what tests to make data more reliable
inspect wheel observe rides vouch purchase orders
test of details example
inspetion of records and tangible assets
other procedures for supporting evidence for inventory
inventory price testing cutoff
PESTLE: legal
labor law, legislation
Pressures from COVID - fraud
layoffs downsizing salary cut
PESTLE: social
lifestyle choices, cultural norms, buying habits, demographics
Banking on Phone: application controls
limits to amount that can be transferred verify amounts entered prompt you to confirm transaction
COVID - companies may need to consider new risks related to
liquidity going concern cybersecurity changes in internal controls asset impairment FV estimates third-party vendor considerations industry considerations (concentration risk) geographic considerations (concentration risk) business interuption
response to fraud
look at internal controls look at JEs do unpredictable procedures heighten skepticism
audit data analytics
look for patterns, trends, info for decision making
why do ITGCs matter
make sure automated functions within application controls continue to operate correctly and that any changes made are properly authorized and tested
type of control: employees count inventory on hand at EoY; perpetual inventory records are updated based on the counts
manual
IC types
manual automated IT dependent manual
material and reasonably possible misstatement
material weakness
wells fargo fraud: how would it affect audit opinion over ICFR
maybe SD, but same opinion
who do you communicate a deficiency to
mgmt
Koss case: what responsibility did mgmt have to prevent fraud
mgmt adop sount policies and implement proper control to prevent, deter, detect fraud
do auditing standards prohibit use of technology for inventory counts
no
wells fargo fraud: was revenue or fines (185mm) material
no
are there standards on audit data analytics
no -AICPA released one -PCAOB has nothing
what type of filer does not have to comply with 404b
non-accelerated filer -bc of cost
indirect and material illegal acts auditor responsibility
none
con of using drone technology and automated software
not always correct - spend time fixing not always clear picture costs money to own and operate
responses involving NET to address RoMM
obtain more persuasive audit evidence take into account risks and their likelihoods design ToC to respond to risks and for opinion on IC
mgmt assertion: inventory for sales occuring at EoY is moved to a separate part of the warehouse where inventory is stored waiting for shipment. the company recognized sales when the goods are moved
ocurrence possibly cutoff
what to do if you cant get account confirmations
other tests scope limitation
preventive or detective & corrective: programs and data are written to backup media at least weekly and stored in a physical location separate from production equip
p
preventive or detective & corrective: programs in test environment are accessible only by a limited number of authorized appropriate people who dont have development responsibilities
p
IT dependent manual control
partially by computer, but requires human intervention to complete
automated control
performed by computer
manual control
performed by people
Banking on Phone: ITGC access control
phone and app passcode face ID
ITGC include
physical and logical ACCESS to controls program CHANGE mgmt controls computer MAINTENANCE controls (OPERATIONS)
Banking on Phone: ITGC operations control
physically operable phone
steps of audit data analytics
plan ada access and prepare data for ada consider relevance and reliability of data used perform ada evaluate results and conclude
PESTLE
political economic social technological legal environmental
PESTLE: political
political stability, trade, regs, tax
asher farms basic facts
poultry processing south US
mgmt assertion: managment doesn't show a current portion of LT debt on the FS, even though the amount is material
presentation and disclosure
fraud risk factors
pressure, opportunity, rationalization
does accounting standard allow use of drones and automated accounting software
probably yes
what activities should occur at beginning of an audit
procedures regarding continuing of client relationsihp determine compliance with independence & ethics establish understanding of terms of audit engagement
why do risk assessment
provide basis for desining and implementing response to risk -need to understand company and what challenges it is facing
Koss case: basic facts
public sold headphones Michael was son of founder -CEO,COO,CFO,Pres., Vice Chariman not accelerated filer (no ICFR audit) sujata went from acct. assistant to VP finance in 2 yrs neither had accounting or CPA background in Milwuakee
how of risk assessment
read public info about co. read transcripts of earnings calls obtain understanding of senior mgmt comp agreements preliminary analytical procedures
responsibility towards fraud
reasonable assurance AS 1001
only report D, SD, or MW if what
reasonably possible do nothing if remotely possible
SAPs most effective when
relationships are in stable environment precise expectation can be developed data is reliable
two audit strategies
reliance substantive
soc 1 type two report
report on the fairness of the presentation of management's description of the service organization's system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
escape room case: company industry
retail medical equipment and supplies
mgmt assertion: your client holds inventory on consignment for another company. the consigned inventory is included in the client's inventory balance
rights and obligations
which part of audit deals with risk and response
risk assessment
how can auditors test inventory without a site visit
rollforward and roll back video observation
responsibility for illegal acts vs responsibility for error and fraud
same
PESTLE: environmental
sanctions, move to sustaiinalble, social responsibility
why use SAP
saves time vs ToD data is more readily available, so SAP is used more
Koss case: how did mgmt fail in ICFR
separation of duties michael not reviewing ICFR authorization of checks effectiveness no accounting background
not material, but significant and reasonably possible misstatement
significant deficiency
accelerated filer stats
size: 75>X<700mm days to file 10k: 75 days to file 10Q: 40
non-accelerated filer stats
size: <75mm days to file 10k: 90 days to file 10Q: 45
large accelerated filer stats
size: >700mm days to file 10k: 60 days to file 10Q: 40
how to respond to significant risks
substantive procedures
reliance strategy: required to
test operating effectiveness of IC gain understanding of IC, including IT identify & test IT general controls that address risks (IT and non IT) verify and confirm through walkthrough
datasnipper functionalities
text snip validation snip exception snip sum snip table snip document matching form extraction find all sums
pinning
this refers to the bank's practice of assigning, without customer authorization, Personal Identification Numbers (PINs) to customer ATM card numbers with the intention of impersonating customers on the bank's computers, and enrolling those customers in online banking and online bill paying without their consent.
sandbaggin
this refers to the bank's practice of failing to open accounts when requested by customers, and instead, accumulating a number of account applications to be opened at a later date in the next sales period.
bundling
this refers to the bank's practice of incorrectly informing customers that certain products were only available in packages with other products, such as additional accounts, insurance, annuities, and retirement plans.
reel wheel case: focus of audit
ticket sales revenue
what to do if can't access client records
unable to perform audit
process of risk assessment
understand company identify risk respond to risk
Type of audit opinion: deficiency
unqualified
Type of audit opinion: significant deficiency
unqualified
two types of opinions on ICFR audits
unqualified adverse
other applications for drone tech and automated software
use drones to map hard to reach places surveying land advertise houses deliver packages tax purposes - build an addon vs new property
mgmt assertion: a competitor has introduced a new product that is half the price of one of your clients products
valuation
mgmt assertion: mgmt determines that several recorded AR will not be collected
valuation
should fraud inquiries be by phone or video
video
reliance vs. substantive: controls - what it is vs was it done well
what it is: both was it done well: reliance
ITGC: change control
who can edit code who can change grades
do clients prefer remote audits
yes
do remote audits create a more efficient experience
yes
do remote audits help retain CPAs
yes
do you need to gain an understing of IC in substantive strategy
yes
should riskass be done as a team
yes
Koss case: did GT fail
yes material misstatements
reel wheel case: is it reliable
yes public website
reel wheel case: is it stable
yes - customers and pricing
reel wheel case: is it predictable
yes - uses few key facts to determine total
wells fargo fraud: generated how much revenue
~2.4mm
Which of the following statements is correct regarding the predictability of analytical procedures in a financial statement audit? A. Relationships involving only balance sheet accounts tend to be more predictable than relationships involving income statement accounts. B. Relationships involving income statement accounts tend to be more predictable than relationships involving only balance sheet accounts. C. Relationships involving transactions subject to management discretion tend to be more predictable than automated transactions. D. Relationships in a dynamic environment tend to be more predictable than relationships in a stable environment
B
An auditor's decision whether to apply analytical procedures as substantive tests usually is determined by the A. Availability of documentary evidence that should be verified. B. Extent of accounting estimates used in preparing the financial statements. C. Precision and reliability of the data used to develop expectations. D. Number of transactions recorded just before and just after the year end
C
An entity has implemented a new control that requires the accounting manager to review and sign off on all accounts payable reconciliations. This is an example of which objective under the COSO framework for internal controls? A. Compliance with laws and regulations. B. Effectiveness and efficiency of operations. C. Accurate and reliable financial reporting. D. Access and control of financial records
C
Analytical procedures performed during an audit indicate that accounts receivable doubled since the end of the prior year. However, the allowance for credit losses as a percentage of accounts receivable remained about the same. Which of the following client explanations would satisfy the auditor? A. A greater percentage of accounts receivable are listed in the "more than 120 days overdue" category than in the prior year. B. Internal control activities over the recording of cash receipts have been improved since the end of the prior year. C. The client opened a second retail outlet during the current year and its credit sales approximately equaled the older outlet. D. The client tightened its credit policy during the current year and sold considerably less merchandise to customers with poor credit ratings
C
During the initial planning phase of an audit, a CPA most likely would A. Identify specific internal control activities that are likely to prevent fraud. B. Evaluate the reasonableness of the client's accounting estimates. C. Discuss the timing of the audit procedures with the client's management. D. Inquire of the client's attorney as to whether any unrecorded claims are probable of assertion.
C
For which of the following is an auditor required to use analytical procedures? PlanningSubstantive testingOverall review A. YesYesYes B. YesYesNo C. YesNoYes D. NoYesYes
C
The ultimate purpose of assessing inherent risk is to contribute to the auditor's evaluation of the A. Factors that raise doubts about the auditability of the financial statements. B. Operating effectiveness of internal control policies and procedures. C. Risk that material misstatements exist in the financial statements. D. Risk that a material misstatement in the financial statements will not be detected by the audit.
C
What is the most likely course of action that an auditor would take after determining that performing substantive tests on inventory will take less time than performing tests of controls? A. Assess control risk at the minimum level. B. Perform both tests of controls and substantive tests on inventory. C. Perform only substantive tests on inventory. D. Perform only tests of controls on inventory
C
When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor's best course of action in such situations? A. Assess the control risk as high. B. Use audit software to perform analytical procedures. C. Use generalized audit software to extract evidence from client databases. D. Perform limited tests of controls over electronic data
C
Which of the following is a complete and accurate list of the walkthrough procedures usually performed in an issuer's integrated audit? A. Inquiry, observation, analytical procedures, testing of controls. B. Inquiry, sampling, analytical procedures, testing of controls. C. Inquiry, observation, inspection of relevant documentation, reperformance of controls. D. Inquiry, inspection of relevant documentation, sampling, reperformance of controls
C
Which of the following is a step in an auditor's decision to assess control risk below the maximum level? A. Apply analytical procedures to both financial data and nonfinancial information to detect conditions that may indicate weak controls. B. Perform tests of details of transactions and account balances to identify potential errors and irregularities. C. Identify specific internal control policies and procedures that are likely to detect or prevent material misstatements. D. Document that the additional audit effort to perform tests of controls exceeds the potential reduction in substantive testing
C
Which of the following is an analytical procedure that an auditor most likely would perform during the final review stage of an audit? A. Comparing each individual expense account balance with the relevant budgeted amounts and investigating any significant variations. B. Testing the effectiveness of internal control procedures that appear to be suitably designed to prevent or detect material misstatements. C. Reading the financial statements and considering whether there are any unusual or unexpected balances that were not previously identified. D. Calculating each individual expense account balance as a percentage of total entity expenses and comparing the results with industry averages
C
Which of the following procedures would an auditor most likely perform on a dataset to identify unrecorded sales invoices? A. Filtering. B. Vouching. C. Sequence checking. D. Variables sampling.
C
Which of the following situations represents a limitation, rather than a failure, of internal control? A. A jewelry store employee steals a small necklace from a display cabinet. B. A bank teller embezzles several hundred dollars from the cash drawer. C. A purchasing employee and an outside vendor participate in a kickback scheme. D. A movie theater cashier sells reduced-price tickets to full-paying customers and pockets the difference
C
Which of the following steps should be performed first in applying analytical procedures? A. Determine whether the difference between the expectation and the recorded amount is reasonable. B. Investigate and evaluate significant differences from the expectation. C. Develop an expectation of a balance or ratio by using relationships that are expected to exist. D. Compare the client's recorded balance or ratio with the expectation
C
Which of the following types of audit techniques would be most useful for assessing the probability of an audit client's ability to continue as a going concern? A. Diagnostic analytics. B. Descriptive analytics. C. Predictive analytics. D. Prescriptive analytics.
C
An auditor has received a file containing sales data extracted from a continuing client's electronic sales journal. Which of the following procedures would be most effective in verifying that all the data were extracted? A. Trace physical sales invoices to the extracted file. B. Compare the extracted sales data with sales data from the prior year. C. Ask the client to explain the steps taken in the extraction process. D. Calculate a financial total in the extracted data and compare it to the source data.
D
An auditor obtains an understanding of an entity's internal controls over the proper approval of new loans. Under which of the following circumstances would an auditor decide to test the controls? A. The control replicates effective controls existing elsewhere in the structure. B. The control is designed in such a way that unauthorized employees can approve loans. C. The effort of testing the controls exceeds the effort of performing only substantive procedures. D. The design of the internal controls appears likely to prevent unauthorized loans
D
An auditor reviews a client's accounting policies and procedures when considering which of the following planning matters? A. Method of sampling to be used. B. Preliminary judgments about materiality levels. C. Nature of reports to be rendered. D. Understanding the client's operations and busines
D
An overall response to address a high assessed risk of material misstatement at the financial statement level of a nonissuer may include A. Increasing reliance on results of internal control testing. B. Emphasizing the need for more accounting staff. C. Incorporating additional predictability into the selection of procedures. D. Providing more supervision of the audit team
D
As part of its system of internal control, a company requires that all sales orders from customers receive approval from the credit department before they are fulfilled. What type of control activity is this? A. Physical control. B. Application control. C. Performance review. D. Segregation of duties
D
Assessing control risk below the maximum level most likely would involve A. Performing more extensive substantive tests with larger sample sizes than originally planned. B. Reducing inherent risk for most of the assertions relevant to significant account balances. C. Changing the timing of substantive tests by omitting intermediate testing and performing the tests at year end. D. Identifying specific internal control policies and procedures relevant to specific assertions
D
Due to a change in the economic environment, the auditor has determined that a client's inherent risk has increased in comparison to the prior year. To maintain an acceptably low level of audit risk this year, the auditor might plan to: A. Rely more on the client's internal control. B. Confirm that changes in inherent risk trend with changes in financial information. C. Reduce the assessed control risk level. D. Enhance the nature, timing, or extent of substantive testing
D
For which of the following purposes would an auditor be least likely to apply analytical procedures? A. Planning the engagement. B. Performing substantive testing. C. Overall engagement review. D. Performing tests of controls
D
If new information becomes available that could require a reevaluation of the quantitative level of materiality applied during an audit of an issuer, then the auditor should A. Not change the materiality level once it has been established. B. Lower the materiality level, but not raise it. C. Raise the materiality level, but not lower it. D. Raise or lower the materiality level as appropriate to the situatio
D
audit data analytics process
ETL
type of control: bank reconciliations are performed monthly
ITDM
type of control: compare this years inventory turnover to last years
ITDM
type of control: exception report generated by the cash disbursement application for invoices, purchase orders and receiving reports that don't match is reviewed by the cash disbursements manager
ITDM
type of control: perpetual inventory records are reconciled to the GL each month
ITDM
ITGC vs Application Controls
ITGC at entity level application at assertion level
wells fargo fraud: auditor
KPMG
reel wheel case: location
Las Vegas Strip
order from most severe to least of MW, SD, D
MW>SD>D
Koss case: describe mgmt responsibility in implementing effective IC
404a-document and assess IC 302-senior execs sign off on FS
sox 404 requirements
404a-mgmt documents controls and assess effectivene 404b-external auditors test IC over financail reporting
After testing an issuer client's internal control activities, an auditor discovers significant deficiencies in the operation of the client's internal controls. Under these circumstances, the auditor most likely would A. Issue a disclaimer of opinion about the internal controls as part of the auditor's report. B. Increase the assessment of control risk and increase the extent of substantive tests. C. Issue a qualified opinion of this finding as part of the auditor's report. D. Withdraw from the audit because the internal controls are ineffective
B
An auditor concludes that there is a heightened risk of a material misstatement. Which of the following is an appropriate action that an auditor can take? Decrease materialityIncrease acceptable detection risk level A. YesYes B. YesNo C. NoYes D. NoNo
B
Analytical procedures used in planning an audit should focus on: A. Identifying material weaknesses in internal control. B. Enhancing the auditor's understanding of the client's business. C. Testing individual account balances that depend on accounting estimates. D. Evaluating the adequacy of the evidence gathered concerning unusual balances.
B
Audit data analytics is the process of transforming large amounts of raw data into useful information for the purpose of identifying patterns and irregularities in the audit. Audit data analytics would be least useful in A. Planning the audit for a new client. B. Performing substantive procedures when the reliability of internal data is questionable. C. Performing risk assessment procedures when inherent risks are high. D. Forming a conclusion on the audit of a client that operates in a volatile industry
B
When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor most likely would increase the A. Level of detection risk. B. Extent of tests of details. C. Level of inherent risk. D. Extent of tests of controls
B
Which of the following audit data analytic techniques would most likely be used to compare information from different sources, such as invoices, purchase orders, and shipping documents, to detect errors or other unanticipated variances? A. Sorting. B. Matching. C. Trend analysis. D. Ratio analysis.
B
Which of the following is an inherent limitation of internal controls? A. Auditors using judgment sampling rather than statistical sampling. B. Employees working together to circumvent a control. C. Warehouse employees not performing timely inventory counts. D. Lacking reviews and reconciliations for department expenditures
B
A primary objective of analytical procedures used in the final review stage of an audit is to A. Identify account balances that represent specific risks relevant to the audit. B. Gather evidence from tests of details to corroborate financial statement assertions. C. Detect fraud that may cause the financial statements to be misstated. D. Assist the auditor in evaluating the overall financial statement presentatio
D
In performing interviews and examining documents related to preliminary work in a financial statement audit of a nonissuer, an auditor identifies a business risk associated with plans for a new product line. What should the auditor do as a result? A. Modify the scope of the engagement to include an analysis of the budget for the new product line and consider the new risk in conjunction with other risks after the budget items have been analyzed. B. Analyze the newly identified risk in conjunction with economic circumstances related exclusively to the new product line and consider whether there is an immediate consequence for the risk of material misstatement for affected classes of transactions. C. Modify the financial statement disclosures to include the newly identified risk if it is likely that the new product line will have an adverse effect on the company's profitability. D. Analyze the newly identified risk in conjunction with other known business risks and consider whether there is an immediate consequence for the risk of material misstatement at various levels of the audit.
D
Inherent risk and control risk differ from detection risk in that inherent risk and control risk are A. Elements of audit risk while detection risk is not. B. Changed at the auditor's discretion while detection risk is not. C. Considered at the individual account-balance level while detection risk is not. D. Functions of the client and its environment while detection risk is not
D
When planning audit data analytics to identify and assess an entity's risks of material misstatement, the auditor should consider all the following factors, except A. The availability of data. B. The reliability of data available. C. The relevance of data available. D. The confidentiality of data available
D
Which of the following constitutes a potential risk associated with the use of information technology in an entity's internal control structure? A. A reduction in the ability to monitor the entity's activities. B. The facilitation of additional analyses. C. A reduction in the circumvention of controls. D. Unauthorized changes to systems
D
Which of the following factors most likely would heighten an auditor's concern about the risk of fraudulent financial reporting? A. The audit committee's approval of the initial selection of accounting principles. B. A lack of competition in the entity's industry, accompanied by increasing profit margins. C. Management's disclosure of unresolved litigation and contingent liabilities. D. Year-end adjustments by the entity that significantly affect financial results
D
Which of the following statements is correct concerning materiality in a financial statement audit? A. Analytical procedures performed during an audit's review stage usually decrease materiality levels. B. If the materiality amount used in evaluating audit findings increases from the amount used in planning, the auditor should apply additional substantive tests. C. The auditor's materiality judgments generally involve quantitative, but not qualitative, considerations. D. Materiality levels are generally considered in terms of the smallest aggregate level of misstatement that could be considered material to any one of the financial statements.
D
Which of the following would an auditor most likely consider in evaluating the control environment of an audit client? A. Overall employee satisfaction with assigned duties. B. The number of CPAs in the accounting department. C. Management reviews of monthly financial statements. D. Management's operating style
D
tidbits from auditors approaching riskass video
Mike Mowchen (accounting prof) was there south african accent
audit plan should include
NET of risk ass NET of ToD and substantive procedures other planned audit procedures
preventive or detective & corrective: access rights no longer needed by users who are leaving entity or changed job responsibilities are ended timely based on notificaiton from HR
P
when can you use audit data anlytics
RA ToC substantive
SAP vs riskass and final review analytics
SAP you develop indepdent expection and tolerable difference
type of control: purchases are immediately processed when they are made with vendors on the approved vendor list
automated
escape room case: company
Time
higher risk areas use SAP or ToD
ToD -can still use SAP in combo
Koss case: how much was stolen
about 32mm
mgmt assertion: the AR clerk mistakenly recorded a sale as 21 instead of 12
accuracy
mgmt assertion: the cost accountant undercalculated direct labor costs. consequently, the manufactured inventory balance did not include enough direct labor costs
accuracy and allocation possibly completeness
objective of risk response
address RoMM through appropriate audit responses
PESTLE: technological
advancements, automation, AI
Type of audit opinion: material weakness
adverse
what to do if auditor cannot attend year-end inventory count
alternative date observe rescheduled counts perform additonal prcedures -rollforward -review
audit data analytics benefit
analyze large datasets or entire pops
substantive analytical prcoedures
analyzing plausible relationships in financial and nonfinancial data
to whom are ITGCs important
anyone who engages with an entity in a substantial way
Banking on Phone: ITGC change control
appropriate software
overall responses to address RoMM
assign engagement responsibilities appropriately provide supervision that is appropriate incorporate elements of unpredictability evaluate company's application of sig. acct. principles
who do you communicate material weakness to
audit committe mgmt externally
who do you communicate significant deficiency to
audit committee and management
what is the third substantive test
audit data analytics
who tests controls
auditors
type of control: overhead costs are systematically applied to the cost of inventory produced
automated
type of control: prepaid customer orders are processed without credit approval
automated