Audit Chapter 7
What Can Go Wrong (WCGW)
Describe where material misstatements due to error or fraud could occur in a flow of transactions or source and preparation of information that affects a relevant statement assertion
Attribute Sampling
A sampling technique used to reach a conclusion about a population in terms of a rate (frequency) of occurrence
the computer program compares all sales invoices with underlying shipping information on the bills of lading and packing slips with sales invoices. If differences are revealed, a report is generated for review and follow-up by the billing supervisor. this is and example of a(n): A. Detect control b. prevent control c. IT General control d. IT-dependent manual controls
A. Detect control
Control Exception
An observed condition that provides evidence that the control being tested did not operate as intended
Transaction-level Controls
Controls that affect a particular transaction cycle or group of transactions
Tests of Controls
The audit procedures designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.
Information and Communication System
The information and communication system relevant to financial reporting objectives consists of methods and records established to identify, assemble, analyze, classify, record and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets and liabilities. Communication involves a clear understanding of individual roles and responsibilities pertaining to ICFR.
Expected Rate of Deviation in the Population
The rate at which the auditor expects controls not to function as planned
Detect Controls
Those applied after transactions have been processed to identify whether fraud or errors have occurred, and to rectify the fraud or errors on a timely basis.
Working papers: a. document the auditors conclusion about control risk and the basis for that conclusion. b. are necessary for the junior auditor keep track of the daily work but are not important to the overall audit c. document the results of the tests but not the purpose of the control selected for testing. d. Document the purpose of the control selected for testing and conclusion made by the auditor but not the results of the test.
a. document the auditors conclusion about control risk and the basis for that conclusion.
Information technology general controls (ITGCs) are important because they: a. prevent authorized personnel from having access to data and applications b. impact the effectiveness of both application controls and IT-dependent manual controls c. prevent the reliability of electronic audit evidence d. allow client staff to change computer programs without needing to receive authorization for the change
a. prevent authorized personnel from having access to data and applications
Benchmarking
an audit testing strategy that can be used to allow evidence obtained in prior audit periods to support a conclusion about computer application controls in the current audit period
Substantive Procedures
are audit procedures designed to detect material misstatements at the assertion level
If an auditor decides to assess control risk as low based on computer application control procedures, which of the following would not be part of the auditor's strategy for testing controls? a. Testing the effectiveness of computer general control procedures. b. Testing the effectiveness of management review controls used to monitor the results of operations. c. Testing the effectiveness of manual follow-up procedures d. Testing the effectiveness of the computer application with test data.
b. Testing the effectiveness of management review controls used to monitor the results of operations.
If an auditor perform tests of controls and determines that control is not effective, what should the auditor's next step in testing controls be? a. document the results of tests of controls and proceed with a primarily substantive approach. b. determine if a compensating control exists. c. perform tests of controls on compensating controls d. document the results of tests of controls and proceed with the planned audit strategy
b. determine if a compensating control exists.
A computer program will not allow a sale to be processed if a customer is over its credit limit. This is an example of a(n): a. Detect control b. prevent control c. IT general control d. IT-dependent manual controls
b. prevent control
When obtaining an understanding of internal controls the auditor identifies important programmed application controls over the occurrence of sales. However, the auditor also has serious concerns about the adequacy for the control environment due to. weak tone at the top about control consciousness. Which of the following best describes how the auditor should respond to this situation when planning tests of controls related to the occurrence of sales? a. the auditor could assess control risk as low for an assertion after performing computer assisted audit techniques on controls relevant to that assertion. b. the auditor could assess control risk as low for an assertion after performing computer assisted audit techniques on controls relevant to that assertion and assessing the adequacy of segregation of duties. c. The auditor will probably assess control risk at the maximum irrespective of the quality of the programmed application controls. d. The auditor could assess control risk as low for an assertion if ITGC are tested and shown to be strong.
c. The auditor will probably assess control risk at the maximum irrespective of the quality of the programmed application controls.
Which of the following represents an example of a computer application control? a. The assistant controller performs a monthly bank reconciliation and follow-up of unexpected outstanding items. b. accounts receivable manager reviews credit balances in accounts receivable quarterly to determine their causes c. The computer program compares all sales invoices with underlying shipping information on the bills of lading and packing slips with sales invoices. If differences are revealed, a report is generated for review and follow-up by the billing supervisor d. all changes to computer programs must be reviewed and approved by the department affected by the computer program.
c. The computer program compares all sales invoices with underlying shipping information on the bills of lading and packing slips with sales invoices. If differences are revealed, a report is generated for review and follow-up by the billing supervisor
Benchmarking is a process that involves: a. comparing the effectiveness of one control with another control. b. an audit strategy that allows an auditor to rely on computer application controls if manual follow-up procedures are strong. c. an audit strategy that allows the auditor to use evidence from testing a computer application control in a prior period, if the computer program has not been changed. d. An audit strategy that allows the auditor to test only identified key controls rather than all controls used by the client.
c. an audit strategy that allows the auditor to use evidence from testing a computer application control in a prior period, if the computer program has not been changed.
the auditor decides which controls to test by considering: a. The points at which fraud or error can occur. b. The nature of controls implemented by management. c. the significance of each control in achieving its control objective d. All of the above
d. All of the above
Which of the following would require the auditor to increase the level of control testing for a particular control? a. the control is performed monthly instead of daily b. there are several controls relating to a particular audit objective c. the WCGW addressed by the control is not very important d. a high degree of reliance is to be placed on the control to limit the amount of substantive testing required
d. a high degree of reliance is to be placed on the control to limit the amount of substantive testing required
An auditor is going to test the clients controls over bank reconciliations. the auditor will perform which of the following audit procedures for this test of controls? a. computer assisted audit techniques using test data b. inquiry of the person performing the bank reconciliation c. reperformance of the bank reconciliation d. both b and c above
d. both b and c above
Internal Control
is a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to operations, reporting and compliance
Control Activities
policies and procedures that help ensure that management directives are carried out. Control activities are a component of internal control.
Desired Level of Assurance
represents the confidence that the evidence obtained is representative of the underlying population from which the sample was taken.
Entity-level Controls
the collective assessment of the client's control environment, risk assessment process, information system, control activities and monitoring of controls
Tolerable Deviation Rate
the maximum rate of deviation from a prescribed control that an auditor is willing to accept and still use the planned assessed level of control risk
Prevent Controls
those controls applied to each transaction that stop fraud of errors from occurring