Another Audit Quiz
Which of the following statements most likely represents a disadvantage for an entity that keeps digital computer files rather than manually prepared files? A. Attention is focused on the accuracy of the programming process rather than errors in individual transactions. B. It is usually easier for unauthorized persons to access and alter the files. C. Random error associated with processing similar transactions in different ways is usually greater. D. It is usually more difficult to compare recorded accountability with physical count of assets.
Answer (B) is correct. In a manual system, one individual is assigned responsibility for maintaining and safeguarding the records. However, in a computer environment, the data files may be subject to change by others without documentation or indication of who made the changes.
An auditor anticipates relying on the operating effectiveness of controls in a computerized environment. Under these circumstances, on which of the following activities would the auditor initially focus? A. Programmed controls. B. Application controls. C. Output controls. D. General controls.
D
Control activities constitute one of the five components of internal control described in the COSO model. Control activities do not encompass A. Performance reviews. B. Information processing. C. Physical controls. D. An internal auditing function.
D
If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll computer application? A. Hours worked. B. Total debits and total credits. C. Net pay. D. Department numbers.
D
Which of the following procedures most likely would assist an auditor to identify litigation, claims, and assessments? A. Inspect checks included with the client's cutoff bank statement. B. Obtain a letter of representations from the client's underwriter of securities. C. Apply ratio analysis on the current-year's liability accounts. D. Read the file of correspondence from taxing authorities.
D
According to the auditing standards, which of the following terms identifies a requirement for audit evidence? A. Appropriate. B. Adequate. C. Reasonable. D. Disconfirming.
Answer (A) is correct. AU-C 500, Audit Evidence, requires the auditor to obtain sufficient appropriate audit evidence on which to base the opinion. Appropriate evidence is relevant and reliable in supporting conclusions on which the opinion is based.
Internal control has five components: the control environment, risk assessment, information and communication, monitoring, and control activities. Control activities relevant to an audit may be categorized as policies and procedures that pertain to A. Reviewing actual performance. B. Making a commitment to competence. C. Developing a proper organizational structure. D. Maintaining effective human resource policies.
Answer (A) is correct. According to AU-C 315, control activities are the policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address the risks that threaten the achievement of the entity's objectives. Control activities, whether automated or manual, that may be relevant to an audit pertain to (1) performance reviews, (2) information processing, (3) physical controls, (4) authorization, and (5) segregation of duties.
A client uses a suspense account for unresolved questions whose final accounting has not been determined. If a balance remains in the suspense account at year-end, the auditor would be most concerned about A. Suspense debits that management believes will benefit future operations. B. Suspense debits that the auditor verifies will have realizable value to the client. C. Suspense credits that management believes should be classified as "current liability." D. Suspense credits that the auditor determines to be customer deposits.
Answer (A) is correct. Although the auditor must evaluate relevant assertions about all accounts, the greatest risks are overstated assets and understated liabilities. The unverified suspense debits represent assets that may not exist.
Which of the following procedures is an auditor most likely to include in the planning phase of a financial statement audit? A. Obtain an understanding of the entity's risk assessment process. B. Identify specific controls designed to prevent fraud. C. Evaluate the reasonableness of the entity's accounting estimates. D. Perform cutoff tests of the entity's sales and purchases.
Answer (A) is correct. An auditor should obtain an understanding of the entity's risk assessment process and the other components of internal control when obtaining an understanding of the entity and its environment, including its internal control (AU-C 315).
Evidence supporting the financial statements consists of the accounting records and all other information available to the auditor. Which of the following is an example of other information? A. Minutes of meetings. B. General and subsidiary ledgers. C. Reconciliations. D. Worksheets supporting cost allocations.
Answer (A) is correct. Audit evidence is all information used by the auditor to draw the conclusions on which the auditor's opinion is based. It consists of (1) accounting records and (2) sources of information other than accounting records. Accounting records by themselves do not provide sufficient appropriate evidence. They include initial entries (manual or electronic) and supporting records. Examples are (1) checks, (2) electronic funds transfers (EFTs), (3) invoices, (4) contracts, (5) the general and subsidiary ledgers, (6) journal entries and other adjustments of the statements, (7) worksheets, (8) spreadsheets, (9) reconciliations, (10) cost allocations, (11) computations, and (12) disclosures. Sources of information other than accounting records include (1) minutes of meetings; (2) external confirmations; (3) analysts' reports; (4) comparable data about competitors; and (5) information obtained by the auditor from (a) inquiries (e.g., management's written representations), (b) observation, (c) inspection, (d) recalculation, (e) reperformance, and (f) analytical procedures.
Which of the following characteristics distinguishes computer processing from manual processing? A. Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing. B. Errors or fraud in computer processing will be detected soon after their occurrence. C. The potential for systematic error is ordinarily greater in manual processing than in computerized processing. D. Most computer systems are designed so that transaction trails useful for audit purposes do not exist.
Answer (A) is correct. Computer processing uniformly subjects like transactions to the same processing instructions. A computer program defines the processing steps to accomplish a task. Once the program is written and tested appropriately, it will perform the task repetitively and without error. However, if the program contains an error, all transactions will be processed incorrectly.
Basic to a proper control environment are the quality and integrity of personnel who must perform the prescribed procedures. Which is not a factor in providing for competent personnel? A. Segregation of duties. B. Hiring practices. C. Training programs. D. Performance evaluations
Answer (A) is correct. Human resource policies and practices are an element in the control environment component of internal control. They affect the entity's ability to employ sufficient competent personnel to accomplish its objectives. Policies and practices include those for recruitment, orientation, training, evaluation, promotion, compensation, and remedial actions. Although control activities based on the segregation of duties are important to internal control, they do not in themselves promote employee competence.
Which of the following factors most likely would cause a CPA not to accept a new audit engagement? A. The prospective client's unwillingness to permit inquiry of its legal counsel. B. The inability to review the predecessor auditor's working papers. C. The CPA's lack of understanding of the prospective client's operations and industry. D. The indications that management has not investigated employees in key positions before hiring them.
Answer (A) is correct. Management is responsible for adopting policies and procedures to identify, evaluate, and account for litigation, claims, and assessments. If the client refuses the auditor's request to obtain corroborating information from legal counsel, a scope limitation exists that could result in a disclaimer of an opinion or withdrawal from the audit (AU-C 501).
Each of the following might, by itself, form a valid basis for an auditor to decide to omit a procedure except for the A. Difficulty and cost involved in testing a particular item. B. Assessment of the risks of material misstatement at a low level. C. Inherent risk involved. D. Relationship between the cost of obtaining evidence and its usefulness.
Answer (A) is correct. The costs and benefits of obtaining evidence should have a rational relationship. However, the difficulty, time, or cost required to perform a procedure is not in itself a valid reason for its omission if no alternative is available. Such matters also do not justify being satisfied with audit evidence that is less than persuasive (AU-C 500).
The auditor's inventory observation test counts are traced to the client's inventory listing to test for which of the following financial statement assertions? A. Completeness. B. Rights and obligations. C. Valuation and allocation. D. Presentation and disclosure.
Answer (A) is correct. Tracing the details of test counts to the final inventory schedule assures the auditor that items in the observed physical inventory are included in the inventory records.
An Internet firewall is designed to provide adequate protection against which of the following? A. A computer virus. B. Unauthenticated logins from outside users. C. Insider leaking of confidential information. D. A Trojan horse application.
Answer (B) is correct. A firewall is a device that separates two networks and prevents passage of specific types of network traffic while maintaining a connection between the networks. Generally, an Internet firewall is designed to protect a system from unauthenticated logins from outside users, although it may provide several other features as well.
Management provides the auditor with information regarding litigation, claims, and assessments. Which of the following is the auditor's primary means of initiating action to corroborate such information? A. Request that legal counsel undertake a reconsideration of litigation, claims, and assessments with which they were consulted during the period under examination. B. Request that management prepare a letter of inquiry to legal counsel with whom management consulted regarding litigation, claims, and assessments. C. Request that legal counsel provide a legal opinion on the policies and procedures adopted by management to identify, evaluate, and account for litigation, claims, and assessments. D. Request that management engage external legal counsel to suggest wording for the text of a note to the financial statements explaining the nature and probable outcome of existing litigation, claims, and assessments.
Answer (B) is correct. A letter of inquiry to legal counsel is the auditor's primary means of corroborating information provided by management regarding litigation, claims, and assessments. The letter should be prepared by management, but it should be transmitted by the auditor.
Transaction authorization within an organization may be either specific or general. An example of specific transaction authorization is the A. Setting of automatic reorder points for material or merchandise. B. Approval of a detailed construction budget for a warehouse. C. Establishment of requirements to be met in determining a customer's credit limits. D. Establishment of sales prices for products to be sold to any customer.
Answer (B) is correct. A specific transaction authorization is applicable to a unique decision. A general authorization establishes criteria and authorizes the routine making of decisions subject to the criteria. Approving a detailed construction budget for a warehouse is a one-time decision.
Which of the following presumptions is least likely to relate to the reliability of audit evidence? A. The more effective internal control is, the more assurance it provides about the accounting data and financial statements. B. An auditor's opinion is formed within a reasonable time to achieve a balance between benefit and cost. C. Evidence obtained from independent sources outside the entity is more reliable than evidence secured solely within the entity. D. The auditor's direct personal knowledge obtained through observation and inspection is more persuasive than information obtained indirectly.
Answer (B) is correct. Appropriate audit evidence is relevant and reliable. Evidence is usually more reliable when it (1) is obtained from independent sources; (2) is generated internally under effective internal control; (3) is obtained directly by the auditor; (4) is in documentary form, whether paper, electronic, or other medium; and (5) consists of original documents. However, the need for (1) reporting to be timely and (2) maintaining a balance between benefit and cost are inherent limitations of the audit. Thus, for the opinion to be relevant, it must be formed within a reasonable period of time.
Which statement about audit evidence is false? A. The auditor is seldom convinced beyond all doubt with respect to all aspects of the statements being audited. B. The auditor should not perform a procedure that provides persuasive evidence rather than conclusive evidence. C. The auditor evaluates the degree of risk involved in deciding the kind of evidence to gather. D. The auditor balances the benefits of the evidence and the cost to obtain it.
Answer (B) is correct. In most cases, evidence that is obtained to enable an auditor to draw reasonable conclusions on which to base the opinion is necessarily persuasive rather than conclusive. The cost of obtaining conclusive evidence may outweigh the benefits. But the difficulty, time, or cost is not in itself a valid reason (1) to omit an audit procedure for which no alternative exists or (2) to be satisfied with less than persuasive evidence (AU-C 200).
The refusal of a client's legal counsel to provide information requested in an inquiry letter generally is considered A. Grounds for an adverse opinion. B. A limitation on the scope of the audit. C. Reason to withdraw from the engagement. D. A significant deficiency in internal control.
Answer (B) is correct. Legal counsel's refusal to furnish the information requested in an inquiry letter either in writing or orally may be a limitation on the scope of the audit sufficient to preclude an unmodified opinion.
Which of the following procedures would an auditor most likely perform regarding litigation? A. Confirm directly with the clerk of the court that the client's litigation is properly disclosed. B. Discuss with management its policies and procedures for identifying and evaluating litigation. C. Inspect the legal documents in the possession of the entity's external legal counsel regarding pending litigation. D. Confirm the details of pending litigation with the legal representatives of the entity's adversaries.
Answer (B) is correct. Management is responsible for adopting policies and procedures for identifying, evaluating, and accounting for litigation, claims, and assessments. Thus, the auditor inquires of management about these matters. The auditor also obtains written representations that all known actual or possible litigation, claims, and assessments that should be considered in preparing the statements have been disclosed and accounted for in accordance with the applicable reporting framework.
The following statements were made in a discussion of audit evidence between two CPAs. Which statement about evidence is not valid? A. "I am seldom convinced beyond all doubt, with respect to all aspects of the statements being audited." B. "I would not undertake that procedure because at best the results would only be persuasive and I'm looking for convincing evidence." C. "I evaluate the degree of risk involved in deciding the kind of evidence I will gather." D. "I evaluate the usefulness of the evidence I can obtain against the cost to obtain it."
Answer (B) is correct. Most evidence on which the auditor bases the opinion is persuasive, not conclusive, because of the inherent limitations of the audit: (1) the nature of financial reporting (e.g., use of accounting estimates dependent on forecasts), (2) the nature of audit procedures (e.g., the possibility of fraud involving collusion or the failure of management to provide all the information requested), and (3) the need to perform the audit (a) within a reasonable period of time and (b) to achieve a balance between benefit and cost. However, the difficulty, time, or cost of obtaining evidence is not a valid reason for (1) omitting an audit procedure for which no alternative exists or (2) being satisfied with evidence that is less than persuasive (AU-C 200).
Proper segregation of functional responsibilities to achieve effective internal control calls for separation of the functions of A. Authorization, execution, and payment. B. Authorization, recording, and custody. C. Custody, execution, and reporting. D. Authorization, payment, and recording.
Answer (B) is correct. One person should not be responsible for all phases of a transaction, i.e., for authorization of transactions, recording of transactions, and custodianship of the related assets. These duties should be performed by separate individuals to reduce the opportunities to allow any person to be in a position both to perpetrate and conceal fraud or error in the normal course of his or her duties.
A small client recently put its cash disbursements system on a server. About which of the following internal control features would an auditor most likely be concerned? A. Programming of the applications are in BASIC, although COBOL is the dominant, standard language for business processing. B. The server is operated by employees who have cash custody responsibilities. C. Only one employee has the password to gain access to the cash disbursement system. D. There are restrictions on the amount of data that can be stored and on the length of time that data can be stored.
Answer (B) is correct. Separation of duties is a basic category of control activities (AU-C 315). Functions are incompatible if a person is in a position both to perpetrate and conceal fraud or errors. Hence, the duties of authorizing transactions, recording transactions, and custody of assets should be assigned to different people. Those employees that operate the server may be able to override the controls to change records to conceal a theft of cash.
An auditor is obtaining an understanding of a client's Internet controls. Which of the following is most likely the least effective control? A. The client requires all users to select passwords that are not easily guessed. B. The client requires users to share potentially useful downloaded programs from public electronic sources with only authorized employees. C. The client uses digital signatures to authenticate transmitted documents. D. The client uses a firewall system that produces reports on Internet usage patterns
Answer (B) is correct. Sharing programs from public electronic sources with authorized employees is an ineffective control. The programs are available to anyone with access to the public electronic sources.
Which of the following documents are examples of audit evidence generated by the client? A. Customer purchase orders and bank statements. B. Shipping documents and receiving reports. C. Vendor invoices and packing slips. D. Bills of lading and accounts receivable confirmations.
Answer (B) is correct. Shipping documents and receiving reports are a result of the operations of the client. As goods are shipped to customers, a shipping document is prepared by the client. As goods are received from vendors, a receiving report is prepared by the client.
So that the essential control features of a client's computer system can be identified and evaluated, the auditor of a nonissuer must, at a minimum, have A. A basic familiarity with the computer's operating system. B. A sufficient understanding of the entire computer system. C. An expertise in computer systems analysis. D. A background in programming procedures.
Answer (B) is correct. The audit should be performed by a person having adequate technical training and proficiency as an auditor. That auditor is required to obtain a sufficient understanding of internal control to plan the audit and determine the nature, timing, and extent of tests to be performed. Hence, the auditor should have the training and proficiency that are necessary to understand controls relevant to the computer system.
The strongest criticism of the reliability of audit evidence that the auditor physically observes is that A. The client may conceal items from the auditor. B. The auditor may not be qualified to evaluate the items (s)he is observing. C. Such evidence is too costly in relation to its reliability. D. The observation must occur at a specific time, which is often difficult to arrange.
Answer (B) is correct. The auditor may not be qualified to evaluate the quality or condition of the items observed, e.g., the quality of diamonds or the quantity of oil reserves. In such cases, the reliability of the evidence obtained is doubtful, and the auditor typically uses the work of an auditor's specialist. Moreover, observation does not verify the cost or ownership of assets. Ordinarily, observation is best suited to verifying the existence of an asset.
When compared with a nineteenth-century auditor, today's auditor places less relative emphasis upon A. External confirmation. B. Examination of documentary support. C. Overall tests of ratios and trends. D. Physical observation.
Answer (B) is correct. The auditor ordinarily should perform certain auditing procedures, such as external confirmation of receivables (AU-C 505), observation of inventory (AU-C 501), and analytical procedures (AU-C 520), instead of relying completely on documentary evidence.
Which of the following components of internal control includes development and use of training policies that communicate prospective roles and responsibilities to employees? A. Monitoring of controls. B. Control environment. C. Risk assessment process. D. Control activities.
Answer (B) is correct. The control environment sets the tone of an organization. It includes human resource policies and practices relative to hiring, orientation, training, evaluating, counseling, promoting, compensating, and remedial actions.
The client's computer exception reporting system helps an auditor to conduct a more efficient audit because it A. Condenses data significantly. B. Highlights abnormal conditions. C. Decreases the need for tests of computer processing controls. D. Is an efficient computer output control.
Answer (B) is correct. The exception reporting system highlights abnormal conditions and allows the auditor to focus on problem areas. Exception reports, also called error listings, suspense listings, and edit reports indicate the errors discovered by the controls. They permit the auditor to evaluate the effectiveness with which errors are investigated and corrected and the corrected transactions resubmitted.
Which of the following statements about litigation, claims, and assessments extracted from a letter from a client's legal counsel is most likely to cause the auditor to request clarification? A. "I believe that the possible liability to the company is nominal in amount." B. "I believe that the action can be settled for less than the damages claimed." C. "I believe that the plaintiff's case against the company is without merit." D. "I believe that the company will be able to defend this action successfully."
Answer (B) is correct. The letter of inquiry requests, among other things, that legal counsel evaluate the likelihood of pending or threatened litigation, claims, and assessments. It also requests that legal counsel estimate, if possible, the amount or range of potential loss. Thus, the auditor is concerned about the amount of the expected settlement as well as the likelihood of the outcome. The statement that the action can be settled for less than the damages claimed is an example given in AU-C 501 of an evaluation that is unclear about the likelihood of an unfavorable outcome.
Effective internal control in a small company that has an insufficient number of employees to permit proper division of responsibilities can best be enhanced by A. Employment of temporary personnel to aid in the segregation of duties. B. Direct participation by the owner of the business in the recordkeeping activities of the business. C. Engaging a CPA to perform monthly write-up work. D. Delegation of full, clear-cut responsibility to each employee for the functions assigned to each.
Answer (B) is correct. The manner in which control objectives are achieved varies with the size and complexity of the entity. Thus, direct participation of an owner-manager in the recordkeeping and other activities of the business facilitates monitoring of employee actions. Such effective involvement may preclude the need for extensive accounting procedures, sophisticated information systems, or written policies.
Which of the following types of audit evidence provides the least assurance of reliability? A. Receivable confirmations received from the client's customers. B. Prenumbered receiving reports completed by the client's employees. C. Prior months' bank statements obtained from the client. D. Municipal property tax bills prepared in the client's name.
Answer (B) is correct. The reliability of information used as audit evidence is affected by (1) its source, (2) its nature, and (3) how it is obtained. These circumstances include controls over its preparation and maintenance. Evidence is generally more reliable when it is (1) obtained from knowledgeable independent sources outside the entity, (2) generated internally by the entity under effective internal control, (3) obtained directly by the auditor, (4) in documentary form (in any medium), and (5) represented by original documents (rather than photocopies). Thus, prenumbered receiving reports completed by the client's employees tend to be less reliable than such externally produced documents as receivable confirmations, bank statements, and tax bills.
Which of the following could be difficult to determine because electronic evidence may not be retrievable after a specific period? A. The acceptance level of detection risk. B. The timing of control and substantive tests. C. Whether to adopt substantive or reliance test strategies. D. The assessed level of inherent risk.
Answer (B) is correct. The timing of control and substantive tests are, at least in part, determined based on the availability and retrievability of evidence over a period of time.
To test for unsupported entries in the ledger, the direction of audit testing should be from the A. Journal entries. B. Ledger entries. C. Original source documents. D. Externally generated documents.
Answer (B) is correct. To discover unsupported entries in the ledger, a sample of entries should be selected to determine whether any entry lacks proper support. The direction of testing is from the ledger entries to the books of original entry, then to the source documents.
Which of the following is a network security system that is used to control network traffic and to set up a boundary that prevents traffic from one segment from crossing over to another? A. Router. B. Gateway. C. Firewall. D. Heuristic.
Answer (C) is correct. A firewall separates an internal from an external network (e.g., the Internet) and prevents passage of specific types of traffic. It identifies names, Internet Protocol (IP) addresses, applications, etc., and compares them with programmed access rules.
If the auditor determines that an inquiry of a client's external legal counsel is necessary, who should make the inquiry? A. The auditor. B. The stockholders. C. Client management. D. The auditor's attorney.
Answer (C) is correct. A letter of inquiry to a client's legal counsel is the auditor's primary means of corroborating information furnished by management about litigation, claims, and assessments. Evidence obtained from the client's legal department may provide the needed corroboration, but it does not substitute for information that external legal counsel may refuse to furnish. Thus, the auditor should request management to send a letter of inquiry to legal counsel with whom management consulted. Without the client's consent, legal counsel may not respond (AU-C 501).
The firewall system that limits access to a computer by routing users to replicated Web pages is A. A packet filtering system. B. Kerberos. C. A proxy server. D. An authentication system.
Answer (C) is correct. A proxy server maintains copies of web pages to be accessed by specified users. Outsiders are directed there, and more important information is not available from this access point.
Which of the following best describes the primary purpose of audit procedures? A. To detect fraud or error. B. To comply with generally accepted accounting principles. C. To gather evidence. D. To verify the accuracy of account balances.
Answer (C) is correct. According to AU-C 500, Audit Evidence, most of the auditor's work in forming an opinion on financial statements consists of obtaining and evaluating audit evidence. Audit evidence is the information used by the auditor in drawing the conclusions on which the auditor's opinion is based. It includes the information contained in the accounting records and sources of information other than accounting records.
The primary source of information to be reported about litigation, claims, and assessments is the A. Client's legal counsel. B. Court records. C. Client's management. D. Independent auditor.
Answer (C) is correct. According to AU-C 501, "Management is responsible for adopting policies and procedures to identify, evaluate, and account for litigation, claims, and assessments as a basis for the preparation of financial statements in accordance with the requirements of the applicable financial reporting framework." The auditor should discuss with management its policies and procedures for identifying and evaluating these matters.
AU-C 500 describes five generalizations about the reliability of evidence. The situations given below indicate the relative degrees of assurance provided by two types of evidence obtained in different situations. Which describes an exception to one of the generalizations? A. The auditor has obtained greater assurance about the balance of sales at Plant A, where (s)he has made limited tests of details because of effective internal control, than at Plant B, where (s)he has made extensive tests of details because of ineffective internal control. B. The auditor's computation of interest payable on outstanding bonds provides greater assurance than reliance on the client's calculation. C. The report of an auditor's specialist regarding the valuation of a collection of paintings held as an investment provides greater assurance than the auditor's physical observation of the paintings. D. The schedule of insurance coverage obtained from the company's insurance agent provides greater assurance than one prepared by the internal audit staff.
Answer (C) is correct. Appropriate audit evidence is relevant and reliable. Evidence is usually more reliable when it (1) is obtained from independent sources; (2) is generated internally under effective internal control; (3) is obtained directly by the auditor; (4) is in documentary form, whether paper, electronic, or another medium; and (5) consists of original documents. Preference for the report of an auditor's specialist over the auditor's physical observation of works of art is acceptable because the auditor is not expected to have such expertise. Physical observation provides evidence of the existence of assets but often does not verify their value, ownership, cost, or condition. Consequently, the generalization in favor of the auditor's direct knowledge is overcome in this case.
In determining whether transactions have been recorded, the direction of the audit testing should begin from the A. General ledger balances. B. Adjusted trial balance. C. Original source documents. D. General journal entries.
Answer (C) is correct. Determining whether transactions have been recorded is a test of the completeness assertion. Thus, beginning with the original source documents and tracing the transactions to the appropriate accounting records determines whether they were recorded.
The use of message encryption software A. Guarantees the secrecy of data. B. Requires manual distribution of keys. C. Increases system processing costs. D. Reduces the need for periodic password changes.
Answer (C) is correct. Encryption software uses a fixed algorithm to manipulate plain text and an encryption key (a set of random data bits used as a starting point for the application of the algorithm) to introduce variation. The machine instructions necessary to encrypt and decrypt data require additional processing. As a result, processing costs increase.
Which of the following audit techniques most likely will provide an auditor with the most assurance about the effectiveness of the operation of a control? A. Inquiry of client personnel. B. Recomputation of account balance amounts. C. Observation of client personnel. D. Confirmation with outside parties.
Answer (C) is correct. Evidence about the effectiveness of the operation of a control obtained directly, such as by observation of client personnel, is more reliable than evidence obtained indirectly, such as through inquiry. Thus, evidence obtained by the auditor's own observation of a client employee's application of a control most likely provides greater assurance than an inquiry about the application of the control. Moreover, mere inquiry without corroboration ordinarily will not provide sufficient appropriate evidence to support a conclusion about the effectiveness of the operation of the control.
Some data processing controls relate to all computer processing activities (general controls) and some relate to specific tasks (application controls). General controls include A. Controls designed to ascertain that all data submitted to computer processing have been properly authorized. B. Controls that relate to the correction and resubmission of data that were initially incorrect. C. Controls for documenting and approving programs and changes to programs. D. Controls designed to assure the accuracy of the processing results.
Answer (C) is correct. General controls are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. General controls commonly include controls over data center and network operations; systems software acquisition and maintenance; access security; and application system acquisition, development, and maintenance. Accordingly, they include (1) controls over operations to ensure efficient and effective operations of the computer activity; (2) the procedures for acquiring, developing, testing, documenting, and approving systems or programs and changes thereto; (3) controls over access to equipment and data files; and (4) other data and procedural controls affecting overall computer operations.
At the conclusion of an audit, an auditor is reviewing the audit evidence obtained. With regard to the valuation of inventory, the auditor concludes that the evidence obtained is not sufficient to support management's assertions. Which of the following actions is the auditor most likely to take? A. Consult with the audit committee and issue a disclaimer of opinion. B. Consult with the audit committee and issue a qualified opinion. C. Obtain additional evidence regarding the valuation of inventory. D. Obtain a statement from management supporting the inventory valuation.
Answer (C) is correct. If the audit evidence is not sufficient and appropriate, the auditor should perform other procedures, such as tests of details or analytical procedures.
An auditor has identified the controller's review of the bank reconciliation as a control to test. In connection with this test, the auditor interviews the controller to understand the specific data reviewed on the reconciliation. In addition, the auditor verifies that the bank reconciliation is properly prepared by the accountant and reviewed by the controller as evidenced by their respective sign-offs. Which of the following types of audit procedures do these actions illustrate? A. Observation and inspection of records. B. External confirmation and reperformance. C. Inquiry and inspection of records. D. Analytical procedures and reperformance.
Answer (C) is correct. Inquiry is seeking information from knowledgeable persons. The controller, who is usually the chief accounting officer, is such a person. Inspection of records or documents is the examination of records or documents, whether internal or external, in paper, electronic, or other media. The auditor's verification of the reconciliation and the controller's review are procedures requiring inspection of the underlying records or documents.
Which of the following is a component of internal control? A. Financial reporting. B. Operating effectiveness. C. Risk assessment.
Answer (C) is correct. Internal control has five components: (1) the control environment, (2) risk assessment process, (3) control activities, (4) information systems, and (5) monitoring of controls. The control environment sets the tone of an organization, influences control consciousness, and provides a foundation for the other components. The risk assessment process is the identification, analysis, and management of risks relevant to achievement of objectives. Control activities help ensure that management directives are executed. The information system, including the related business processes relevant to financial reporting and communication, consists of (1) physical and hardware components, (2) software, (3) people, (4) procedures, and (5) data. Monitoring assesses the performance of internal control over time (AU 315). D. Organizational structure.
An auditor of a nonissuer exercising professional skepticism with respect to the risks of material misstatement due to fraud will most appropriately A. Adopt an attitude of acceptance unless evidence indicates otherwise. B. Authenticate documents used as audit evidence. C. Consider the reliability of information to be used as audit evidence. D. Assess the entity's document-retention controls before using documents as audit evidence.
Answer (C) is correct. Professional skepticism should be maintained in considering the risk of material misstatement due to fraud. When the auditor exercises professional skepticism with respect to the risks of material misstatement due to fraud, the auditor should consider the reliability of information to be used as audit evidence.
The objective of tests of details of transactions performed as substantive procedures is to A. Comply with generally accepted auditing standards. B. Attain assurance about the reliability of the accounting system. C. Detect material misstatements at the relevant assertion level. D. Evaluate whether management's policies and procedures operated effectively.
Answer (C) is correct. Substantive procedures are (1) tests of the details of transaction classes, balances, and disclosures and (2) substantive analytical procedures. They are performed to detect material misstatements at the relevant assertion level. The auditor performs substantive procedures as a response to the related assessment of the RMMs (AU-C 330).
For control purposes, which of the following should be organizationally separated from the computer operations function? A. Data conversion. B. Surveillance of video display messages. C. Systems development. D. Minor maintenance according to a schedule.
Answer (C) is correct. Systems analysts survey the existing system, analyze the organization's information requirements, and design new computer systems to meet those needs. These design specifications guide the preparation of specific programs by computer programmers. The console operator should not be assigned programming duties, much less responsibility for systems design, and should not have the opportunity to make changes in programs and systems as (s)he operates the equipment.
An auditor should obtain evidence relevant to all the following factors relevant to third-party litigation against a client except the A. Period in which the underlying cause for legal action occurred. B. Probability of an unfavorable outcome. C. Jurisdiction in which the matter will be resolved. D. Amount of potential loss.
Answer (C) is correct. The auditor is least interested in determining where the particular matter in litigation will be resolved. The major issue is the effect of the litigation on the fair presentation of the financial statements. Accordingly, the auditor should obtain evidence relevant to (1) the period in which the underlying cause for legal action occurred, (2) the degree of probability of an unfavorable outcome, and (3) the amount or range of potential loss.
Which of the following is a management control method that most likely could improve management's ability to supervise company activities effectively? A. Monitoring compliance with internal control requirements imposed by regulatory bodies. B. Limiting direct access to assets by physical segregation and protective devices. C. Establishing budgets and forecasts to identify variances from expectations. D. Supporting employees with the resources necessary to discharge their responsibilities.
Answer (C) is correct. The control activities component of internal control includes performance reviews. Performance reviews involve comparison of actual performance with budgets, forecasts, or prior performance. Identifying variances alerts management to the need for investigative and corrective actions. Such actions are necessary for effective supervision.
Which of the following statements about internal control is correct? A. Internal control should provide reasonable assurance that collusion among employees cannot occur. B. The establishment and maintenance of internal control are important responsibilities of the internal auditor. C. Exceptionally effective internal control is enough for the auditor to eliminate substantive procedures on a significant account balance. D. The cost-benefit relationship is a primary criterion that should be considered in designing internal control.
D
Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because A. Errors in some transactions may cause rejection of other transactions in the batch. B. The identification of errors in input data typically is not part of the program. C. There are time delays in processing transactions in a batch system. D. The processing of transactions in a batch system is not uniform.
Answer (C) is correct. Transactions in a batch computer system are grouped together, or batched, prior to processing. Batches may be processed either daily, weekly, or even monthly. Thus, considerable time may elapse between the initiation of the transaction and the discovery of an error.
Which of the following is an example of a validity check? A. The computer ensures that a numerical amount in a record does not exceed some predetermined amount. B. As the computer corrects errors and data are successfully resubmitted to the system, the causes of the errors are printed out. C. The computer flags any transmission for which the control field value did not match that of an existing file record. D. After data for a transaction are entered, the computer sends certain data back to the terminal for comparison with data originally sent.
Answer (C) is correct. Validity checks test identification numbers or transaction codes for validity by comparison with items already known to be correct or authorized. For example, a validity check may identify a transmission for which the control field value did not match a pre-existing record in a file.
One of the major problems in a computer system is that incompatible functions may be performed by the same individual. One compensating control is the use of A. Echo checks. B. A check digit system. C. Computer-generated hash totals. D. A computer access log.
D
The appropriate date for the client to specify as the effective date in the audit inquiry to legal counsel is A. The balance-sheet date. B. Seven working days after the request is received by legal counsel. C. The date of the audit inquiry itself. D. As close to the date of the auditor's report as possible.
D
Which of the following is not an audit procedure that the auditor performs with respect to litigation, claims, and assessments? A. Inquire of and discuss with management the policies and procedures adopted for litigation, claims, and assessments. B. Obtain from management a description and evaluation of litigation, claims, and assessments that existed at the balance sheet date. C. Obtain assurance from management that it has disclosed all unasserted claims that legal counsel has advised are probable of assertion and must be disclosed. D. Confirm directly with the client's legal counsel that all claims have been recorded in the financial statements.
D
Which of the following procedures should an auditor perform concerning litigation, claims, and assessments? A. Inspect legal documents in the possession of the client's legal counsel that are relevant to pending litigation and unasserted claims and assessments. B. Discuss with the client's legal counsel its philosophy of defending litigation, claims, and assessments that have a high probability of being resolved unfavorably. C. Confirm directly with the client's legal counsel that all litigation, claims, and assessments have been properly recorded in the financial statements. D. Obtain a list from management that discloses all unasserted claims that it considers to be probable of assertion.
D
Which of the following statements about evidence is true? A. Appropriate evidence supporting management's assertions should be conclusive rather than merely persuasive. B. Effective internal control contributes little to the reliability of the evidence created within the entity. C. The cost of obtaining evidence is not an important consideration to an auditor in deciding what evidence should be obtained. D. A client's accounting records cannot be considered sufficient appropriate audit evidence on which to base the auditor's opinion.
D
A client is a defendant in a patent infringement lawsuit against a major competitor. Which of the following items would least likely be included in legal counsel's response to the auditor's letter of inquiry? A. A description of potential litigation in other matters unrelated to the patent infringement lawsuit. B. A discussion of case progress and the strategy currently in place by client management to resolve the lawsuit. C. An evaluation of the probability of loss and a statement of the amount or range of loss if an unfavorable outcome is reasonably possible. D. An evaluation of the ability of the client to continue as a going concern if the verdict is unfavorable and maximum damages are awarded.
d
A proper segregation of duties requires that an individual A. Authorizing a transaction records it. B. Authorizing a transaction maintain custody of the asset that resulted from the transaction. C. Maintaining custody of an asset be entitled to access the accounting records for the asset. D. Recording a transaction not compare the accounting record of the asset with the asset itself.
d
The appropriateness of evidence available to an auditor is least likely to be affected by the A. Relevance of such evidence to the financial statement assertion being investigated. B. Relationship of the preparer of such evidence to the entity being audited. C. Timeliness of such audit evidence. D. Sampling method employed by the auditor to obtain a sample of such evidence.
d
Which of the following is a factor in the control environment? A. Segregation of duties. B. Information processing. C. Performance reviews. D. Management's philosophy and operating style.
d
Which of the following procedures would provide the most reliable audit evidence? A. Inquiries of the client's internal audit staff held in private. B. Inspection of prenumbered client purchase orders filed in the vouchers payable department. C. Analytical procedures performed by the auditor on the entity's trial balance. D. Inspection of bank statements obtained directly from the client's financial institution.
d