Auditing

A transaction-level internal control activity is

An action taken by client personnel for the purpose of preventing, detecting, and correcting errors and frauds in transactions to eliminate or mitigate risks identified by the company

Fraud risk factors are events or conditions that indicate

An incentive to perpetrate fraud. An opportunity to carry out the fraud. An attitude or rationalization that justifies the fraud.

A device designed helps the audit team obtain evidence about the accounting and control activities of an audit client

An internal control questionnaire

Analytical procedures:

Analytical procedures alone may provide the appropriate level of assurance for some assertions: because analytical procedures may in certain circumstances provide the appropriate level of assurance for some assertions.

Analytical procedures are used to?

Analytical procedures used when planning an audit should concentrate on Accounts and relationships that can represent specific potential problems and risks in the financial statements.

The most important fundamental concept of an entity's Internal controls

Are the people who operate the control system

It is acceptable under GAAS for an audit team to

Assess risk of material misstatement at high and achieve an acceptably low audit risk by performing extensive substantive tests

A fraud brainstorming session

Assess the potential for material misstatement due to fraud

Analytical procedures is used in the final review stage of an audit to

Assist the auditor in evaluating the overall financial statement presentation

Which of the following is the primary reason that many auditors hesitate to use embedded audit modules

Auditors are required to be involved in the system design of the application to be monitored

Describe the auditors' responsibility for detecting a client's noncompliance with a law or regulation?

Auditors design tests to obtain reasonable assurance that all noncompliance with direct material financial statement are detected

In preparing the data to be used in an audit data analytic, the process of cleaning the data so that it can be analyzed is referred to as:

Before data can be used in an audit data analytic it should be cleaned to ensure format consistency, blank fields are accurate, field types are correct, etc. The process of cleaning the data so that it can be analyzed is known as "transformation."

Circumstances that would cause an audit team to perform extended procedures?

Client made several large adjustments near year end The likelihood that material misstatements may have entered the accounting system and not been detected and corrected by the client's IC is referred to as Risk of material misstatement The risk of material misstatement is composed of which audit risk components? Inherent and control risk The risk that the auditor's own testing procedures will lead to the decision that material misstatements do not exist in the financial statement when in fact such misstatements do exist is Detection risk The auditors assessed risk of material misstatement at .5 and said they wanted to achieve a .05 risk of failing to express a correct opinion on financial statements that were materially misstated.

Enterprise risk management is the responsibility of the

Company Management

An example of how specific internal controls in a database environment may differ from controls in a non database environment?

Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access.

The least persuasive type of audit evidence?

Copies of sales invoices inspected by the auditor, because copies of sales invoices represent internally generated evidence, which is considered less reliable than externally generated evidence received directly by the auditor.

What is not one of the risk assessment procedures to obtain an understanding of the entity and its environment, including internal control that the auditor should perform?

Corroboration of effectiveness of internal controls. The auditor corroborates the effectiveness of internal controls when, as a result of risk assessment procedures, the auditor decides to rely on a control and wants to determine if it is functioning as intended by performing a test of detail.

Database Environment

Data is stored in a single location to reduce redundancy and improve access. As a result, it is important to establish controls that prevent individuals from accessing data inappropriately. Different users have different needs and different levels of authority, controls will be unique to individuals or groups of individuals, not the same of every user.

An auditor is testing sales transactions. One step is to trace a sample of debit entries from the accounts receivable subsidiary ledger back to the supporting sales invoices. What would the auditor intend to establish by this step?

Debit entries in the accounts receivable subsidiary ledger are properly supported by sales invoices; because the auditor would appropriately conclude that entries in the accounts receivable subsidiary ledger are properly supported by sales invoices.

Which of the following risk types increase when an auditor performs substantive analytical audit procedures for financial statement accounts at an interim date?

Detection

According to the PCAOB, testing of internal controls during the audit, the ultimate objective of testing the design effectiveness of internal control is to

Determine that the companies controls will satisfy the objectives and effectively prevent detect errors or fraud that could result in material misstatements, if they operate as prescribed

The primary purpose for obtaining an understanding of a nonpublic audit client's internal control is

Determine the nature, timing, and extent of further audit tests to be performed

Which of the following is an encryption feature that can be used to authenticate the originator of a document and ensure that the message is intact and has not been tampered with?

Digital signatures.

Which of the following characteristics distinguishes electronic data interchange (EDI) from other forms of electronic commerce?

EDI transactions are formatted using standards that are uniform worldwideA unique characteristic of EDI is that transactions are uniformly formatted so that they can be transmitted among parties electronically. EDI transactions, like all transactions, are required to be reported in accordance with GAAP. Most e-commerce, including EDI transactions, is conducted over the Internet. Whenever transactions are conducted electronically over the Internet, security and privacy are always major concerns.

Which of the following matters relating to an entity's operations would an auditor most likely consider as an inherent risk factor in planning an audit?

Entity enters significant derivative transactions as hedges

When auditors become aware of noncompliance with a law or regulation committed by client personnel, the primary reason that the auditors should obtain a better understanding of the nature of the act is to

Evaluate the effect of the noncompliance on the financial statements

When auditing related-party transactions, an auditor places primary emphasis on

Evaluating the disclosure of the related-party transactions, because the auditor should view related-party transactions within the framework of existing pronouncements, placing primary emphasis on the adequacy of disclosure.

When evaluating whether accounting estimates made by management are reasonable, auditors would be most interested in?

Evidence of a conservative systematic bias

Common characteristics of management fraud

Falsification of documents to misappropriate funds

Heuristic processing uses judgmental rules in analyzing data rather than a logical approach, which requires greater cognitive skills. It is useful in analyzing data but nit in authenticating it and making certain it has not been tampered with.

Heuristic processing

IT system can process data very quickly and efficiently, an auditor would be able to test a greater amount of data at a relatively small additional cost. As a result, a great deal of the client's data could be processed through a parallel system to determine if the client's results match those of the auditor.

IT system

Auditors perform analytical procedures in the planning stage of an audit to

Identifying unusual conditions that deserve more auditing effort

Accounts receivable

If sales were overstated by recording a false credit sale at the end of the year, where could you find the false "dangling debit"?

risk assessment procedures that are used when obtaining an understanding of the entity, including its internal control.

Inquiries, analytical procedures, and observation and inspection

Auditors are not responsible for account estimates with respect to

Making the estimates

In building an electronic data interchange (EDI) system, what process is used to determine which elements in the entity's computer system correspond to the standard data elements?

Mapping

Mapping is used to determine which elements correspond to the standards in an EDI system. Decoding, translation and encryption are all part of the process to convert the data into the appropriate form to enable the transaction (decoding and translation) and to limit access to the intended party (encryption).

Mapping

Default settings are simply the standard settings that a manufacturer or programmer creates to deal with the most common situations

Not used to authenticate the originator of a document.

perimeter switch refers to the ability for someone to enter into the system.

Not used to authenticate the originator of a document.

Tests of controls in a GAAS audit are required for

Obtaining evidence about the operating effectiveness of client control activities

Which of the following is a computer-assisted audit technique that permits an auditor to insert the auditor's version of a client's program to process data and compare the output with the client's output?

Parallel simulation; Parallel simulation involves running client data through a program that is under the control of the auditor that is presumed to be identical to the client's program, enabling the auditor to detect unauthorized modifications to the program if the output differs from the client's.

A retail entity uses electronic data interchange (EDI) in executing and recording most of its purchase transactions. The entity's auditor recognizes that the documentation of the transactions will be retained for only a short period of time. To compensate for this limitation, the auditor most likely would

Perform tests several times during the year, rather than only at year end.

The AICPA's Guide to Audit Data Analytics identifies a five-Step approach to using ADAs. The fourth step, dealing with performing the ADA,

Plan the Step 1: Plan the Audit data Analytics (ADA) because industries can be very different auditors must customize the ADA application to the audit client. This involves where significant times should be spent. Brainstorming sessions can be used, involving all members of the audit team. Step 2: Access and prepare the data for ADA. The auditor must assess the data, make copies of client data, and prepare the data for analysis. Step 3: Consider the relevance and reliability of the data used. It is important the data is relevant to the assertation being tested. The data that will help the auditor determine that all transactions are recorded (completeness) in not the same data that will help auditors determine if recorded transactions are valid (occurrence). Step 4: Perform, the auditor executes the ADA. ADA can be applied as a risk assessment and/ or a substantive test. For example, when a retail company is involved the auditor may verify on-hand inventory with electronic data base inventories and the on-hand inventory agrees with financial statements. Step 5: Evaluate the results of the ADA and draw conclusions. By evaluating the results provided by the ADA, the auditor can determine if the purpose of performing the ADA have been achieved.

When an auditor selects a sample of items from the vouchers payable register for the last month of the period under audit and traces these items to underlying documents, the auditor is gathering evidence primarily in support of the assertion that

Recorded obligations were valid, because the existence of support for the recorded transactions will help the auditor to determine that the recorded obligations are valid.

Performing procedures during the interim period as opposed to at the fiscal year-end date would

Reduce the effectiveness of audit procedures

Auditing standards do not require auditors of financial statements to

Report all errors and frauds to police authorities

Under the Private Securities Litigation Reform Act (the Act), independent auditors are required to first

Report to the SEC all instances of noncompliance with the Act they believe have a material effect on financial statements if the board of directors does not first report it to the SEC

An employee wants to create a fake employee identification number as part of a fraud scheme. Which of the following controls would be most likely to prevent the employee from creating the fake identification number?

Self-checking digits

A preventive control:

Separation of duties between the payroll and personnel departments

An audit strategy memorandum contains

Specifications of procedures the auditors believe appropriate for the financial statements under the audit.

Which of the following procedures would an entity most likely include in its disaster recovery plan?

Store duplicate copies of files in a location away from the computer center. By storing duplicate copies of files in a remote location, the client would be able to recover all or most of their data in the case of a disaster that destroyed its computer operations.

An Audit Data Analytic performed to obtain an understanding of the entity and its environment would best be described as a:

Substantive analytical procedures are a type of substantive procedure designed to detect material misstatements at the relevant assertion level.

When data is only available for a short period of time, the auditor will be required to perform tests while the data is available, indicating testing throughout the period as well as at year-end. The length of time data is available would not affect sample size, nor would it influence the percentage of inventory that the auditor felt it was necessary to observe to obtain satisfaction that it exists and is in saleable condition.

The fact that documentation of transactions will only be retained for a short length of time would likely increase control risk rather than decrease it.

Your firm has been engaged to audit a computer hardware manufacturer. At the request of the audit team, the client has provided data files for all sales transactions for the year under audit. The audit team plans to use these files to perform a non-statistical analysis of sales revenue trends by product type. The following information pertains to the files obtained: The record count of transactions in the file agrees with the number of transactions completed for the year under audit. The file provided is encrypted. The data does not include a field for product type. Total sales revenue agrees to the general ledger. What primary concern should the auditor have with the data files obtained?

The information states that the files are encrypted, which gives the auditor some assurance that the file was not tampered with or changed during transmission to the auditor

As one of the year-end audit procedures, the auditor instructed the client's personnel to prepare a standard bank confirmation request for a bank account that had been closed during the year. After the client's treasurer had signed the request, it was mailed by the assistant treasurer. What is the major flaw in this audit procedure?

The request was mailed by the assistant treasurer; because allowing the client to mail the confirmation directly violated the requirement that the confirmations remain under the auditor's control. The auditor is unable to ascertain whether the confirmation reached the proper party.

Which of the following is a computer program that appears to be legitimate but performs some illicit activity when it is run?

Trojan horse.A Trojan horse program is one that appears to be doing something desirable while, instead, corrupting data or inserting a virus.

Which of the following factors would likely influence an auditor's consideration of the reliability of data for purposes of analytical procedures?

Whether sources within the entity were independent of those who are responsible for the amount being audited.Whether the data were subjected to audit testing in the current or prior year.Whether the data were obtained from independent sources outside the entity or from sources within the entity. Whether the data were processed in a computerized system or in a manual accounting system. Whether sources within the entity were independent of those who are responsible for the amount being audited.Whether the data were subjected to audit testing in the current or prior year.Whether the data were obtained from independent sources outside the entity or from sources within the entity. Whether the data were processed in a computerized system or in a manual accounting system.whether sources within the entity were independent of those who are responsible for the amount being audited does influence the auditor's consideration of the reliability of data for purposes of achieving audit objectives. whether the data were subjected to such audit testing is a factor which influences the auditor's consideration of the reliability of data for purposes of achieving audit objectives. whether the data were obtained from independent sources is a factor which influences the auditor's consideration of the reliability of data for purposes of achieving audit objectives.

factors would least influence an auditor's consideration of the reliability of data for purposes of analytical procedures

Whether the data were processed in a computerized system or in a manual accounting system, because whether the data were processed in a computerized system or in a manual accounting system will not in and of itself influence reliability--either type of system may provide reliable (or unreliable) information.

A digital signature is a mathematical scheme primarily used to verify the authenticity of a signature but can also be used to ensure that a message, like a signature, has not been tampered with.

digital signature

Embedded audit module approach

is an audit system inserted into the client's system as a monitoring device to apply audit procedures to client data throughout the period, which can be difficult to design. Embedded audit modules are no more or less susceptible to computer viruses than other programs. Auditors are not required to monitor results continuously but can accumulate information for evaluation at any time. If properly designed, management would not be able to tamper with embedded audit modules.

An audit committee is composed of

members of a company's board of directors who are not involved in the day to day operations of the company

In parallel simulation, actual client data are reprocessed using an auditor software program. An advantage of using parallel simulation, instead of performing tests of controls without a computer, is that the size of the sample can be greatly expanded at relatively little additional cost. Parallel simulation, the auditor is in control of the program, it does not matter if the client knows when the data will be tested. Any time the client's data is handled, as would be true in a parallel simulation, there is a risk that the data will be altered, damaged, or destroyed, creating material errors.

parallel simulation

The test data approach, allows the auditor to introduce examples of valid and invalid transactions to determine how the client's system perform. A test data module involves processing auditor data through client programs to determine if they transact correct transactions appropriately and handle different types of errors or anomalies correctly.

test data approach