Audit Exam 2
For each internal control, identify the type(s) of specific control activity (or activities) for which it applies: -unmatched shipping documents are accounted for on a daily basis
-adequate docs & records -physical control
what are the types of fraudulent financial reporting?
-alteration of accounting records and documents -misrepresentation of financial statement items -intentional misapplication of accounting principles
Assessing AAR- for this factor: likelihood of client financial difficulties after audit, which methods do practitioners use? the higher this is, the ______ AAR will be
-analyze financial statements using ratios -examine cash flow statements lower
designing tests of details of balances are a function of:
-risk assessment (IR, CR, AAR, fraud risk) -results of tests of controls -results of tests of transactions -results of substantive APs -performance materiality/tolerable misstatement
Assessing AAR- for this factor: auditor's evaluation of management's integrity, which methods do practitioners use? the more questionable this is, the _______ AAR will be
-see client acceptance/continuance procedures discussed in previous chapter (in cheat sheet) lower
what are risk assessment procedures?
-used to help the auditor assess the risk of material misstatement (RMM) to obtain an understanding of controls -procedures to obtain an understanding of internal control: focus on understanding controls in order to assess CR
what are some differences between uses (planning vs. testing) for the substantive tests phase?
-year-end numbers -more detailed/lower level
when gathering fraud risk info, how can an auditor emphasize professional skepticism?
-questioning mind -critical assessment of evidence
in designing substantive tests an auditor will:
-address transactions w/ higher likelihood of misstatements -consider deficiencies in control & expected results of tests of controls
ex: assume a performance materiality of $50,000 for A/R. also, assume that the company has an A/R balance of $1.2 million. You select a sample of customer accounts representing $150,000 and you find a total of $3,000 in misstatements -Remember that we have taken a sample of the population. Assume a sampling error of 50%
$24,000 +/- $12,000 = ($12,000, $36,000); focus on worst case scenario, so use $36,000
ex: assume a performance materiality of $50,000 for A/R. also, assume that the company has an A/R balance of $1.2 million. You select a sample of customer accounts representing $150,000 and you find a total of $3,000 in misstatements -let's project the misstatements to the entire A/R population (i.e., the account balance)
($3,000/$150,000)*$1.2M = $24,000
10.4 audit tests illustration
(See photo)
10.6 tradeoff between controls and substantive tests
(see photo)
what are potential sources of fraud risk info?
-brainstorming session w/ engagement team -inquire about fraud risk & knowledge of any fraud or suspected fraud w/ management, audit committee, internal audit, & non-financial employees -evaluate existence of fraud triangle risk factors -review results of analytical procedures **unexpected results might indicate heightened fraud risk **auditor must perform analytical procedures on revenue accounts -use other info gathered on audit
Assessing AAR- for this factor: degree to which external users rely on the statements, which methods do practitioners use? the higher this is, the ______ AAR will be
-examine financial statements -read minutes of the board -examine form 10K -discuss financing plans w/ management -size, distribution of ownership & amount of debt lower
tests of controls vs. substantive tests
-exceptions in tests of controls suggest possible misstatements -exceptions in substantive tests mean actual misstatements
what are the two general types of fraud?
-fraudulent financial reporting -misappropriation of assets
what are the steps for identifying and responding to fraud risks?
-gather info to assess fraud risk -identify risk of material misstatement from fraud -consider mechanisms that may address these fraud risks -adjust the audit to respond to the remaining fraud risks
what three components make up the fraud triangle?
-incentives/pressures (e.g. bonuses, stock market) -opportunities (lack of internal controls or lack of proper function of internal controls) -attitudes/rationalizations
For each internal control, identify the type(s) of specific control activity (or activities) for which it applies: -labor hours for payroll are reviewed for reasonableness by the computer system
-independent checks -authorizations
For each internal control, identify the type(s) of specific control activity (or activities) for which it applies: -checks are signed by the company president, who compares the checks w/ the underlying supporting documents
-independent checks -segregation of duties
what are some differences between uses (planning vs. testing) for the planning phase?
-interim numbers (not yr-end numbers because year isn't over) -overall/high level
what are ways to reduce fraud risk?
-management creates a culture of honesty & high ethics (control environment -management frequently evaluates the risk of fraud (risk assessment from COSO) -management designs, implements, & monitors controls -audit committee oversees reporting & controls (control environment)
based on the optimal mix of tests of controls, substantive tests of transactions, substantive analytical procedures, and tests of details of balances, prepare the audit program (phase II-IV) to address all management assertions. what should be considered?
-materiality -evidence mix -AAR, IR, CR, and fraud risk -need for an audit of internal controls for larger public companies
what is the extent of tests of controls needed for nonpublic companies?
-no tests needed if CR is H -fewer controls tests needed to support same CR when not issuing an internal control opinion
for each internal control, state the transaction-related assertion(s) the control is meant to fulfill: -before a check is prepared to pay for acquisitions by the accounts payable department, the related purchase order & receiving report are attached to the vendor's invoice being paid. A clerk compares the quantity on the invoice w/ the receiving report & purchase order, compares the price w/ the purchase order, recomputes the extensions, re-adds the total, & examines the account number indicated on the invoice to determine whether it is correctly classified. He indicates his performance of these procedures by initialing the invoice.
-occurrence -accuracy -classification
for each internal control, state the transaction-related assertion(s) the control is meant to fulfill: -the cash disbursements clerk is prohibited from handling cash. the bank account is reconciled by another person even though the clerk has sufficient expertise & time to do it
-occurrence -completeness -accuracy
for each internal control, state the transaction-related assertion(s) the control is meant to fulfill: -before a check is signed by the controller, she examines the supporting documentation accompanying the check. At the time, she initials each vendor's invoice to indicate her approval
-occurrence* *the assertions satisfied depend upon what she examines. she might, for example, examine supporting documents for accuracy and even for account classification. in that event, those two assertions would be added.
audit department examples of monitoring of controls in larger organization
-performed by staff independent of operations & accounting -report directly to high-level of organizations -auditor might be able to rely on internal audit's work
what are further audit procedures?
-performed in response to risk of material misstatement (RMM) -Phase II: test of controls + substantive tests of transactions + -Phase III: substantive analytical procedures + tests of details of balances = sufficient appropriate evidence
what substantive analytical procedures must be performed?
-planning -completition -revenues (fraud risk)
what is the control in the flowchart? (see photo 10.5)
-prenumbered sales invoices (adequate docs/records) -Adams reviews invoices for accuracy (independent check)
what should an auditor do when fraud is suspected?
1) all misstatements should be evaluated for fraud 2) use various types of inquiry to gather more info 3) during inquiry, auditor must be critical & observant 4) auditing standards require the following when fraud is suspected: -obtain additional evidence to determine whether material fraud occurred -consider implications for other aspects of the audit -discuss w/ client personnel one level above fraud perpetrator along w/ senior mgmt & audit committee 5) any identified material fraud has implications in internal controls 6) auditor may consider withdrawing from the engagement
what are the ways that auditors respond to fraud risk?
1) change conduct of audit (assign more experienced personnel, use fraud specialist, incorporate unpredictability into audit plan) 2) design & perform audit procedures to address specific fraud risks 3) to address potential management override, the auditor must: -test journal entries & other financial statement adjustments -review accounting estimates for bias including prior period "lookback" -evaluate business rationale for significant unusual transactions 4) be alert for conditions that suggest need to update the fraud risk assessment
based on evidence gathered & evaluated, an auditor decides to increase the assessed level of control risk from that originally planned. to achieve an overall audit risk level that is substantially the same as the planned audit risk level, the auditor could: 1) decrease detection risk 2) increase materiality levels 3) decrease substantive testing 4) increase inherent risk
1) decrease detection risk
how does this scenario effect CR, IR, AAR, & planned evidence? the client's management materially decreased long-term contractual debt
CR: no effect IR: no effect AAR: increase Planned evidence: decrease
how does this scenario effect CR, IR, AAR, & planned evidence? you determined through the planning phase that working capital, debt-to-equity ratio, & other indicators of financial condition improved during the past year
CR: no effect IR: no effect AAR: increase planned evidence: decrease
how does this scenario effect CR, IR, AAR, & planned evidence? this is the 2nd year of the engagement, and there were few misstatements found in the previous year's audit. the auditor also decided to increase reliance on internal control
CR: decrease IR: decrease AAR: no effect planned evidence: decrease
how does this scenario effect CR, IR, AAR, & planned evidence? there has been a change in several key management personnel. you believe that management is somewhat lacking in personal integrity compared w/ the previous management. you believe it is still appropriate to do the audit
CR: either increase or no effect IR: no effect AAR: decrease planned evidence: increase
how does this scenario effect CR, IR, AAR, & planned evidence? in discussions w/ management, you conclude that management is planning to sell the business in the next few months. because of the planned changes, several key accounting personnel quit several months ago for alternative employment. you also observe that the gross margin percent has significantly increase compared w/ that of the preceding year
CR: increase IR: increase AAR: decrease planned evidence: increase
how does this scenario effect CR, IR, AAR, & planned evidence? the client began selling products online to customers through its web page during the year under audit. the online customers ordering process isn't integrated w/ the company's accounting system. client sales staff print out customer order info and enter that data into the sales accounting system
CR: increase IR: increase AAR: no effect planned evidence: increase
how does this scenario effect CR, IR, AAR, & planned evidence? the auditor decided to set assess control risk at the maximum (it was previously assess below the maximum)
CR: increase IR: no effect AAR: no effect planned evidence: increase
how does this scenario effect CR, IR, AAR, & planned evidence? the client acquired a new subsidiary located in Italy
CR: no effect IR: increase AAR: either decrease or no effect planned evidence: increase
how does this scenario effect CR, IR, AAR, & planned evidence? the account balance increased materially from the preceding year w/o apparent reason
CR: no effect IR: increase AAR: no effect planned evidence: increase
how does this scenario effect CR, IR, AAR, & planned evidence? the company changed from a privately held company to a publicly held company
CR: no effect IR: no effect AAR: decrease planned evidence: increase
what does segregation of duties help prevent? what are examples of segregation of duties?
Helps to prevent opportunity to perpetrate & conceal errors or fraud -separate asset custody from accounting -separate transaction authorization from related asset custody -separate operational responsibility from recordkeeping responsibility -separate IT duties from user departments
what does a low initial CR assessment lead to?
Leads to heavy emphasis on controls tests (benefit: less substantive testing)
ex: assume a performance materiality of $50,000 for A/R. also, assume that the company has an A/R balance of $1.2 million. You select a sample of customer accounts representing $150,000 and you find a total of $3,000 in misstatements -Based on this exercise, is A/R materially misstated?
No because $36,000 misstatement < $50,000 performance materiality
what would be evidence that the control failed in the flowchart?
No initial by Adams
6.11.4 Combine and Compare problem What options would an auditor have if the preliminary judgment about materiality is $75,000?
No, $75,500 > $75,000 So, auditor can: -do more testing -ask the client to record an adjustment -change report to qualified or adverse
what is the control risk matrix? (9.1.2)
a tool that an auditor might use to aid in control risk assessment
in considering materiality for planning purposes, an auditor believes that misstatements aggregating $10,000 will have a material effect on an entity's income statement, but that misstatements will have to aggregate $20,000 to materially affect the balance sheet. Ordinarily, it is appropriate to design audit procedures that are expected to detect misstatemetns that aggregate: a) $10,000 b) $15,000 c) $20,000 d) $25,000
a) $10,000
For each internal control, a) identify the types of control activity (or activities) to which it applies, b) identify a specific misstatement that is likely to be prevented if the control exists and is effective, and c) identify the transaction-related assertion(s) to which it applies: -all voided & spoiled payroll checks are properly mutilated & retained
a) 1. physical control; 2. adequate docs & records b) prevents voided checks from being cashed (understatement) c) completeness
how would a decrease in acceptable audit risk (AAR) effect: a) PDR b) planned evidence
a) PDR decrease b) planned evidence increase
how would a decrease in planned detection risk (PDR) effect: a) PDR b) planned evidence
a) PDR decrease b) planned evidence increase
how would a decrease in control risk (CR) effect: a) PDR b) planned evidence
a) PDR increase b) planned evidence decrease
how would a decrease in inherent risk (IR) effect: a) PDR b) planned evidence
a) PDR increase b) planned evidence decrease
how would a decrease in inherent risk (IR) and an increase in control risk (CR) of the same amount effect: a) PDR b) planned evidence
a) PDR no effect b) planned evidence no effect
For each internal control, a) identify the types of control activity (or activities) to which it applies, b) identify a specific misstatement that is likely to be prevented if the control exists and is effective, and c) identify the transaction-related assertion(s) to which it applies: -all prenumbered time records are accounted for before beginning data entry for preparation of payroll
a) adequate docs & records b) prevents them from missing a time record (understatement) c) completeness
which of the following statements describes why a properly designed & executed audit may not detect a material misstatement in the financial statements resulting from fraud? a) audit procedures that are effective for detecting an unintentional misstatement may be ineffective for an intentional misstatement that is concealed through collusion b) an audit is designed to provide reasonable assurance of detecting material errors, but there is no similar responsibility concerning fraud c) the factors considered in assessing control risk indicated an increased risk of intentional misstatements, but only a low risk of unintentional errors in the financial statements d) the auditor didn't consider factors influencing audit risk for account balances that have effects pervasive to the financial statements as a whole
a) audit procedures that are effective for detecting an unintentional misstatement may be ineffective for an intentional misstatement that is concealed through collusion
actions, policies, & procedures that reflect the overall attitude of management, directors & owners of the entity about internal control relate to which of the following internal control components? a) control environment b) info & communication c) risk assessment d) monitoring
a) control environment
which of the following is generally not considered a category of IT general controls? a) controls that determine whether a vendor number matches the pre-approved vendors in the vendor master file b) controls that restrict system-wide access to programs & data c) controls that oversee the acquisition of application software d) controls that oversee the day-to-day operation of IT applications
a) controls that determine whether a vendor number matches the pre-approved vendors in the vendor master file
for each audit procedure, identify: a) whether it is a test of control or substantive test b) whether it is a substantive test of transactions, a test of details of balances, or an analytical procedure c) the transaction-related audit assertion(s) being satisfied d) the balance-related audit assertions(s) being satisfied -select items from the client's perpetual inventory records & examine the items in the company's warehouse
a) substantive b) test of details of balances c) N/A d) existence
after making a preliminary assessment of the risk of material misstatement during planning & beginning to apply audit procedures, an auditor determines that this risk is actually higher than anticipated. which would be the most likely effect of this finding on the auditor's desired level of detection risk & the overall level of audit risk, as compared to the levels originally planned? a) desired level of detection risk: decrease; overall audit risk: same b) desired level of detection risk: increase; overall audit risk: same c) desired level of detection risk: same; overall audit risk: higher d) desired level of detection risk: decrease; overall audit risk: lower
a) desired level of detection risk: decrease; overall audit risk: same
which of the following is least likely to be included in the auditor's engagement letter? a) details about the preliminary audit strategy b) overview of the objectives of the engagement c) statement that management is responsible for the financial statements d) description of the level of assurance obtained when conducting the audit
a) details about the preliminary audit strategy
as lower acceptable levels of both audit risk & materiality are established, the auditor should plan more work on individual accounts to a) find smaller misstatements b) find larger misstatement c) increase the performance materiality in the accounts d) increase inherent risk in the accounts
a) find smaller misstatements
which of the following wouldn't be considered an inherent limitation of the potential effectiveness of an entity's internal control structure? a) incompatible duties b) management override c) mistakes in judgment d) collusion among employees
a) incompatible duties
For each internal control, a) identify the types of control activity (or activities) to which it applies, b) identify a specific misstatement that is likely to be prevented if the control exists and is effective, and c) identify the transaction-related assertion(s) to which it applies: -the computer calculates gross & net pay based on hours inputted & info in employee master files, & payroll accounting personnel double-check the mathematical accuracy on a test basis
a) independent checks b) prevents inaccurate calculations c) accuracy
substantive analytical procedures are most likely to be used to test which of the following accounts? a) interest income b) cash c) accounts payable d) treasury stock
a) interest income
For each internal control, a) identify the types of control activity (or activities) to which it applies, b) identify a specific misstatement that is likely to be prevented if the control exists and is effective, and c) identify the transaction-related assertion(s) to which it applies: -all checks & notices of electronic payments not distributed to employees are turned to the treasurer for safekeeping & follow-up
a) physical controls; segregation of duties b) keep checks/notices from getting misplaced c) occurrence
For each internal control, a) identify the types of control activity (or activities) to which it applies, b) identify a specific misstatement that is likely to be prevented if the control exists and is effective, and c) identify the transaction-related assertion(s) to which it applies: -written termination notices, with properly documented reasons for termination, and approval of an appropriate official are required
a) proper approval/authorization; adequate docs & records b) a terminated employee could still be on the payroll & someone else could take their check & cash it c) accuracy
For each internal control, a) identify the types of control activity (or activities) to which it applies, b) identify a specific misstatement that is likely to be prevented if the control exists and is effective, and c) identify the transaction-related assertion(s) to which it applies: -online ability to add employees or change pay rates to the payroll master file is restricted via passwords to authorized HR personnel
a) proper approval/authorization; segregation of duties b) prevent unauthorized personnel from adding unapproved pay rates/adding fake employees c) occurrence; accuracy
For each internal control, a) identify the types of control activity (or activities) to which it applies, b) identify a specific misstatement that is likely to be prevented if the control exists and is effective, and c) identify the transaction-related assertion(s) to which it applies: -HR policies require an investigation of an employment application from new employees. Investigation includes checking the employee's background, former employers, and references
a) proper authorization b) prevent inaccurate applications & having unqualified people performing audits c) occurrence; accuracy
For each internal control, a) identify the types of control activity (or activities) to which it applies, b) identify a specific misstatement that is likely to be prevented if the control exists and is effective, and c) identify the transaction-related assertion(s) to which it applies: -the payroll accounting software application won't accept data input for an employee number not contained in the employee master file
a) proper authorization b) prevent potential overstatements in payroll c) occurrence
For each internal control, a) identify the types of control activity (or activities) to which it applies, b) identify a specific misstatement that is likely to be prevented if the control exists and is effective, and c) identify the transaction-related assertion(s) to which it applies: -approval of department head or foreman on time records before preparing payroll
a) proper authorization; segregation of duties b) prevents overstatement to payroll or unauthorized person from getting paid c) occurrence
For each internal control, a) identify the types of control activity (or activities) to which it applies, b) identify a specific misstatement that is likely to be prevented if the control exists and is effective, and c) identify the transaction-related assertion(s) to which it applies: -persons preparing the payroll don't perform other payroll duties (e.g. timekeeping or distribution of checks) nor do they have access to payroll data master files or cash
a) segregation of duties b) prevent opportunity for payroll person to pay someone more than what they should get for hours worked c) occurrence
for each audit procedure, identify: a) whether it is a test of control or substantive test b) whether it is a substantive test of transactions, a test of details of balances, or an analytical procedure c) the transaction-related audit assertion(s) being satisfied d) the balance-related audit assertions(s) being satisfied -compute inventory turnover for each major product & compare w/ previous years
a) substantive b) substantive analytical procedure c) n/a d) valuation & allocation
for each audit procedure, identify: a) whether it is a test of control or substantive test b) whether it is a substantive test of transactions, a test of details of balances, or an analytical procedure c) the transaction-related audit assertion(s) being satisfied d) the balance-related audit assertions(s) being satisfied -confirm a sample of notes payable balances, interest rates, & collateral w/ lenders
a) substantive b) test of details of balances c) n/a d) existence; valuation & allocation
for each audit procedure, identify: a) whether it is a test of control or substantive test b) whether it is a substantive test of transactions, a test of details of balances, or an analytical procedure c) the transaction-related audit assertion(s) being satisfied d) the balance-related audit assertions(s) being satisfied -inquire of the credit manager whether each account receivable on the aged trial balance is collectible
a) substantive b) test of details of balances c) n/a d) valuation & allocation
for each audit procedure, identify: a) whether it is a test of control or substantive test b) whether it is a substantive test of transactions, a test of details of balances, or an analytical procedure c) the transaction-related audit assertion(s) being satisfied d) the balance-related audit assertions(s) being satisfied -use audit software to foot the accounts receivable trial balance & compare the balance w/ the general ledger
a) substantive b) test of details of balances c) n/a d) valuation & allocation
for each audit procedure, identify: a) whether it is a test of control or substantive test b) whether it is a substantive test of transactions, a test of details of balances, or an analytical procedure c) the transaction-related audit assertion(s) being satisfied d) the balance-related audit assertions(s) being satisfied -use audit software to foot & cross-foot the cash disbursements journal and trace the balance to the general ledger
a) substantive b) test of transactions c) accuracy d) N/A
for each audit procedure, identify: a) whether it is a test of control or substantive test b) whether it is a substantive test of transactions, a test of details of balances, or an analytical procedure c) the transaction-related audit assertion(s) being satisfied d) the balance-related audit assertions(s) being satisfied -examine documentation for acquisition transactions before & after the balance sheet date to determine whether they are record in the proper period
a) substantive b) test of transactions c) cutoff d) n/a
for each audit procedure, identify: a) whether it is a test of control or substantive test b) whether it is a substantive test of transactions, a test of details of balances, or an analytical procedure c) the transaction-related audit assertion(s) being satisfied d) the balance-related audit assertions(s) being satisfied -select a sample of entries in the acquisitions journal & trace each one to a related vendor's invoice to determine whether one exists
a) substantive b) test of transactions c) occurrence d) N/A
the auditor faces a risk that the audit won't detect material misstatements that occur in the accounting process. to minimize this risk, the auditor relies primarily on: a) substantive tests b) tests of controls c) internal control d) statistical analysis
a) substantive tests
for each audit procedure, identify: a) whether it is a test of control or substantive test b) whether it is a substantive test of transactions, a test of details of balances, or an analytical procedure c) the transaction-related audit assertion(s) being satisfied d) the balance-related audit assertions(s) being satisfied -examine sales invoices for evidence of internal verification of prices, quantities & entensions
a) test of controls b) N/A c) accuracy d) N/A
A client decides not to record an auditor's proposed adjustments that collectively are not material & wants the auditor to issue the report based on the unadjusted numbers. which of the following statements is correct regarding the financial statement presentation? a) the financial statements are free from material misstatement, & no disclosure is required in the notes to the financial statements b) the financial statements don't conform w/ GAAP c) the financial statements contain unadjusted misstatements that should result in a qualified opinion d) the financial statements are free from material misstatement, but disclosure of the proposed adjustment is required in the notes to the financial statements
a) the financial statements are free from material misstatement, & no disclosure is required in the notes to the financial statements
in which of the following scenarios would an auditor most likely increase tests of controls? a) when the client's IT system is extensively integrated throughout the company's accounting systems b) when the client's accounting system is largely based on manual processes c) when the auditor has decided not to rely on internal controls & instead elects to increase substantive testing d) when the auditor's assessment of inherent risk is low
a) when the client's IT system is extensively integrated throughout the company's accounting systems
For each internal control, identify the type(s) of specific control activity (or activities) for which it applies: -receiving reports are prenumbered & accounted for on a daily basis
adequate docs & records
For each internal control, identify the type(s) of specific control activity (or activities) for which it applies: -sales invoices are matched w/ shipping documents and customer orders before recording in the sales journal
adequate docs & records
for each situation, state the appropriate audit report: -the auditor determined that a deficiency in internal controls exists that won't prevent or detect a material misstatement in the financial statements
adverse
for each situation, state the appropriate audit report: -the auditor identified a material misstatement in the financial statements that wasn't detected by management of the company
adverse
Jefferson, CPA, has identified 5 significant deficiencies in internal control during the audit of Portico Industries, a nonpublic company. two of these conditions are considered to be material weaknesses. which best describes Jefferson's communication requirements? a) communicate the two material weaknesses to Portico's management & those charged w/ governance, but not the 3 significant deficiencies that aren't material weaknesses b) communicate all 5 significant deficiencies to Portico's management & those charged w/ governance, distinguishing between material weaknesses & significant deficiencies c) communicate all 5 significant deficiencies to Portico's management & those charged w/ governance, but only require a management response w/ respect to the 2 material weaknesses d) communicate all 5 significant deficiencies to Portico's management & those charged w/ governance, w/o distinction among the deficiencies
b) communicate all 5 significant deficiencies to Portico's management & those charged w/ governance, distinguishing between material weaknesses & significant deficiencies
which of the following procedures would a CPA most likely perform during the planning stage of the audit? a) evaluate the reasonableness of management's allowance for doubtful accounts b) determine areas where there is a higher risk of material misstatement c) evaluate the significance of uncorrected misstatements d) confirm a sample of accounts receivable
b) determine areas where there is a higher risk of material misstatement
which of the following is the auditor least likely to consider when developing the overall audit strategy? a) complexity of the company's operations b) evaluation of accounts receivable confirmations c) preliminary judgment about materiality d) the economic conditions affecting the industry in which the company operates
b) evaluation of accounts receivable confirmations
Dan, CPA, has been engaged to audit Modern Home, a manufacturing company that specializes in furniture. Which of the following matters related to the year under audit would most likely result in an increase of inherent risk? a) the furniture industry has experienced an overall increase in demand b) modern home recently engaged in a complex derivative transaction c) modern home experienced an increase in working capital d) modern home purchased expensive new equipment in the current year
b) modern home recently engaged in a complex derivative transaction
which of the following factors are included in an entity's control environment? a) participation of those charged w/ governance + integrity & ethical values b) participation of those charged w/ governance, integrity & ethical values + organizational structure c) integrity & ethical values + organizational structure d) participation of those charged w/ governance + organizational structure
b) participation of those charged w/ governance, integrity & ethical values + organizational structure
an auditor's decision either to apply analytical procedures as substantive tests or to perform substantive tests of transactions & account balances usually is determined by the: a) availability of data aggregated at a high level b) relative effectiveness & efficiency of the tests c) timing of tests performed after the balance sheet date d) auditor's familiarity w/ industry trends
b) relative effectiveness & efficiency of the tests
a material weakness in internal control represents a control deficiency that: a) more than remotely adversely affects a company's ability to initiate, authorize, record, process, or report external financial statements reliably b) results in a reasonable possibility that internal control won't prevent or detect material financial statement misstatements c) exists because a necessary control is missing or not properly designed d) reduces the efficiency & effectiveness of the entity's operations
b) results in a reasonable possibility that internal control won't prevent or detect material financial statement misstatements
which of the following circumstances most likely would cause the auditor to suspect that there are material misstatements in the entity's financial statements? a) the entity's management places no emphasis on meeting publicized earnings projections b) significant differences between the physical inventory count & the accounting records aren't investigated c) monthly bank reconciliations ordinarily include several large outstanding checks d) cash transactions are electronically processed & recorded, leaving no paper audit trail
b) significant differences between the physical inventory count & the accounting records aren't investigated
the primary objective of performing tests of controls is to obtain: a) a reasonable degree of assurance that the client's internal controls are operating effectively on a consistent basis throughout the year b) sufficient appropriate audit evidence to afford a reasonable basis for the auditor's opinion, w/o the need for additional evidence c) assurances that informative disclosures in the financial statements are reasonably adequate d) knowledge & understanding of the client's prescribed procedures & methods
b) sufficient appropriate audit evidence to afford a reasonable basis for the auditor's opinion, w/o the need for additional evidence
the auditor's tests of controls revealed that required approvals of cash disbursements were absent for a large number of sample transactions examined. which of the following is least likely to be the appropriate auditor response? a) the auditor will communicate the deficiency to those charged w/ governance b) the auditor will increase the planned detection risk c) the auditor will not select more sample items to audit d) the auditor will perform more extensive substantive tests surrounding cash disbursements
b) the auditor will increase the planned detection risk
which of the following circumstances would most likely pose the greatest risk in accepting a new audit engagement? a) staff will need to be rescheduled to cover this client b) there will be a client-imposed scope limitation c) the firm will have to hire a specialist in one audit area d) the client's financial reporting system has been in place for 10 years
b) there will be a client-imposed scope limitation
analytical procedures are most likely to indicate a. weaknesses in internal controls b. the possibility of a financial statement misstatement c. impairments of auditor independence d. an incorrect calculation of materiality
b. the possibility of a financial statement misstatement
which of the following statements about materiality is the most correct? a. management and the auditor decide the appropriate preliminary judgment about materiality b. the preliminary judgment about materiality is decided early in the audit and is usually determined using some financial statement number as a base c. an AICPA requirement is to make the preliminary judgment about materiality at the beginning of the audit, document the amount, and not change it d. the preliminary judgment about materiality is determined using formulas provided in the auditing standards
b. the preliminary judgment about materiality is decided early in the audit and is usually determined using some financial statement number as a base
what assertions are tests of details of balances designed to satisfy?
balance-related assertions
which of the following situations isn't an example of inherent limitation of internal control? a) a programming error in the design of an automated control allows an employee to give himself an unauthorized pay increase b) management's failure to enforce control policies surrounding access to inventory allows employees to steal assets c) a lack of physical controls over the safeguarding of assets allows an employee to steal company assets d) a fraud scheme whereby an employee orders personal goods & his supervisor, who is in on the scheme, signs the checks to pay for those goods
c) a lack of physical controls over the safeguarding of assets allows an employee to steal company assets
which of the following is an example of an operation deficiency in internal control? a) the company doesn't have a code of conduct for employees to consider b) the cashier has online ability to post write-offs to accounts receivable accounts c) clerks who conduct monthly reconciliation of intercompany accounts don't understand the nature of misstatements that could occur in those accounts d) management doesn't have a process to identify & assess risks on a recurring basis
c) clerks who conduct monthly reconciliation of intercompany accounts don't understand the nature of misstatements that could occur in those accounts
a successor auditor's inquires of the predecessor auditor should include questions regarding a) the number of engagement personnel the predecessor assigned to the engagement b) the assessment of the objectivity of the client's internal audit function c) communications to management & those charged w/ governance regarding significant deficiencies in internal control d) the response rate for confirmations of accounts receivable
c) communications to management & those charged w/ governance regarding significant deficiencies in internal control
before processing, the system validates the sequence of items to identify any breaks in sequence of input documents. this automated control is primarily designed to ensure the: a) accuracy of input b) authorization of data entry c) completeness of input d) restriction of duplicate entries
c) completeness of input
in the financial statement audit of a nonpublic company, the auditor decides to perform tests of the controls related to the occurrence of sales transactions. which of the following best explains why the auditor decided to test these controls? a) in a nonissuer financial statement audit, the auditor is required to test the operating effectiveness of internal controls b) the auditor wants to obtain an understanding of the design of the internal controls c) control risk is assessed at below the maximum d) the auditor wants to obtain an understanding of the implementation of the internal controls
c) control risk is assessed at below the maximum
inherent risk & control risk differ from planned detection risk in that they: a) arise from the misapplication of auditing procedures b) may be assessed in either quantitative or nonquantitative terms c) exist independently of the financial statement audit d) can be changed at the auditor's discretion
c) exist independently of the financial statement audit
as general IT controls weaken, the auditor is most likely to: a) reduce testing of automated application controls done by the computer b) increase testing of general IT controls to conclude whether they are operating effectively c) expand testing of automated application controls used to reduce control risk to cover greater portions of the fiscal year under audit d) ignore obtaining knowledge about the design of general IT controls & whether they have been implemented
c) expand testing of automated application controls used to reduce control risk to cover greater portions of the fiscal year under audit
some account balances, such as those for pensions & leases, are the result of complex calculations. the susceptibility to material misstatements in these types of accounts is defined as: a) audit risk b) detection risk c) inherent risk d) sampling risk
c) inherent risk
which of the following procedures would a CPA least likely perform during the planning stage of the audit? a) determine the timing of testing b) take a tour of the client's facilities c) perform inquiries of outside legal counsel regarding pending litigation d) determine the effect of info technology on the audit
c) perform inquiries of outside legal counsel regarding pending litigation
an auditor will use the test data approach to obtain certain assurances with respect to the: a) input data b) machine capacity c) procedures contained within the program d) degree of data entry accuracy
c) procedures contained within the program
to support the auditor's initial assessment of control risk below maximum, the auditor performs procedures to determine that internal controls are operating effectively. which of the following audit procedures is the auditor performing? a) tests of details of balances b) substantive tests of transactions c) tests of controls d) tests of trends & ratios
c) tests of controls
in which of the following circumstances would an auditor of an issuer be least likely to reevaluate established materiality levels? a) the materiality level was established based on preliminary financial statement amounts that differ significantly from actual amounts b) the client disposed of a major portion of the client's business c) the client released third-quarter results before the SEC-prescribed deadline d) significant new contractual arrangements draw attention to a particular aspect of a client's business that is separately disclosed in the financial statements
c) the client released third-quarter results before the SEC-prescribed deadline
which of the following is an example of an application control? a) the client uses access security software to limit access to each of the accounting application b) employees are assigned a user ID & password that must be changed every quarter c) the sales system automatically computes the total sale amount & posts the total to the sales journal master file d) systems programmers are restricted from doing applications programming functions
c) the sales system automatically computes the total sale amount & posts the total to the sales journal master file
tests of controls are most likely to be omitted when: a) an account balance reflects many transactions b) control risk is assessed at less than the maximum c) the understanding of internal control indicates that evaluating the effectiveness of control policies & procedures is likely to be inefficient d) the auditor wishes to increase the acceptable level of detection risk
c) the understanding of internal control indicates that evaluating the effectiveness of control policies & procedures is likely to be inefficient
which of the following is an advantage of a computer-based system for transaction processing over a manual system? a computer-based system: a) doesn't requires as stringent a set of internal controls b) will produce a more accurate set of financial statements c) will be more efficient in generating financial statements d) eliminates the need to reconcile control accounts & subsidiary ledgers
c) will be more efficient in generating financial statements
For each internal control, identify the type(s) of specific control activity (or activities) for which it applies: -the accounts receivable master file is reconciled to the general ledger on a monthly basis
independent checks
below are some statements about the concept of materiality. which of these statements is correct? a. materiality depends only on the dollar amount of an item relative to other items in the financial statements b. materiality depends on the nature of an item rather than the dollar amount c. materiality is a matter of professional judgment d. all of the above statements are correct
c. materiality is a matter of professional judgment
how is control risk assessed for nonpublic companies?
can be assessed at high (H) --> no controls testing, instead do only substantive testing
what is the extent of understanding of controls needed by auditor?
can be limited to deciding whether client can be audited, understanding the control environment, and determining the adequacy of the client's accounting system
for each internal control, state the transaction-related assertion(s) the control is meant to fulfill: -at the end of each month, an accounting clerk accounts for all prenumbered receiving reports (documents evidencing the receipt of goods) issued during the months & traces each one to the related vendor's invoice & acquisitions journal entry. the clerk's tests don't include testing the quantity or description of the merchandise received
completeness
For the following description of internal controls, indicate which of the following 5 COSO internal control components is best represented by each description. 1) control environment, 2) risk assessment, 3) monitoring, 4) info & communication, 5) control activities -before a cash disbursement can be processed, all payee info must be verified by matching the payee to the company's approved vendor listing
control activities
For the following description of internal controls, indicate which of the following 5 COSO internal control components is best represented by each description. 1) control environment, 2) risk assessment, 3) monitoring, 4) info & communication, 5) control activities -on a monthly basis, department heads compare a budget to actual performance report & investigate unusual differences
control activities
For the following description of internal controls, indicate which of the following 5 COSO internal control components is best represented by each description. 1) control environment, 2) risk assessment, 3) monitoring, 4) info & communication, 5) control activities -the company has developed a detailed series of accounting policy & procedures manuals to help provide detailed instructions to employees about how controls are to be performed
control activities
For the following description of internal controls, indicate which of the following 5 COSO internal control components is best represented by each description. 1) control environment, 2) risk assessment, 3) monitoring, 4) info & communication, 5) control activities -the company has an organizational chart that establishes the formal lines of reporting & authorization protocols
control environment
For the following description of internal controls, indicate which of the following 5 COSO internal control components is best represented by each description. 1) control environment, 2) risk assessment, 3) monitoring, 4) info & communication, 5) control activities -the company must receive university transcripts documenting all college degrees earned before an individual can begin his or her first day of employment with the company
control environment
a conceptually logical approach to the auditor's evaluation of internal control consists of the following four steps: I. determine the internal controls that should prevent or detect errors & fraud II. identify control deficiencies to determine their effect on the nature, timing, or extent of auditing procedures to be applied & suggestions to be made to the client III. determining whether the necessary internal control procedures are prescribed and are being followed satisfactorily IV. considering the types of errors & fraud that can occur what should be the order in which these 4 steps are performed? a) I, II, III, & IV b) I, III, IV, & II c) III, IV, I, & II d) IV, I, III, & II
d) IV, I, III, & II
which of the following doesn't increase the need for sufficient appropriate audit evidence? a) a lower acceptable level of detection risk b) an increase in the assessed control risk c) a lower acceptable audit risk d) a decrease in the assessed inherent risk
d) a decrease in the assessed inherent risk
analytical procedures used in planning an audit should focus on identifying: a) material weaknesses in internal control b) the predictability of financial data from individual transactions c) the various assertions that are embodied in the financial statements d) areas that may represent specific risks relevant to the audit
d) areas that may represent specific risks relevant to the audit
as the acceptable level of detection risk decreases, the auditor may do one or more of the following except change the: a) nature of audit procedures to more effective procedures b) timing of audit procedures, by perhaps performing them at year-end rather than an interim date c) extent of audit procedures, by perhaps using larger sample sizes d) assurances provided by audit procedures to a lower level
d) assurances provided by audit procedures to a lower level
which of the following will most likely indicate the existence of related parties? a) writing down obsolete inventory prior to year end b) failing to correct deficiencies in the client's internal control c) an unexplained increase in gross margin d) borrowing money at a rate significantly below the market rate
d) borrowing money at a rate significantly below the market rate
on the basis of audit evidence gathered & evaluated, an auditor decides to increase assessed control risk from that originally planned. to achieve an audit risk level that is substantially the same as the planned audit risk level (AAR), the auditor will: a) increase inherent risk b) increase materiality levels c) decrease substantive testing d) decrease planned detection risk
d) decrease planned detection risk
an auditor uses assessed control risk to: a) evaluate the effectiveness of the entity's internal controls b) identify transactions & account balances where inherent risk is at the maximum c) indicate whether materiality thresholds for planning & evaluation purposes are sufficiently high d) determine the acceptable level of detection risk for financial statement assertions
d) determine the acceptable level of detection risk for financial statement assertions
a successor would most likely make specific inquiries of the predecessor auditor regarding: a) specialized accounting principles of the client's industry b) the competency of the client's internal audit staff c) the uncertainty inherent in applying sampling procedures d) disagreements w/ management as to auditing procedures
d) disagreements w/ management as to auditing procedures
which one of the following statements is correct concerning the concept of materiality? a) materiality is determined by reference to guidelines established by the AICPA b) materiality depends only on the dollar amount of an item relative to other items in the financial statements c) materiality depends on the nature of an item rather than the dollar amount d) materiality is a matter of professional judgment
d) materiality is a matter of professional judgment
which of the following correctly describes an internal control component? a) control activities set the tone of the organization b) info & communication systems have to do w/ management's analysis of risk c) risk assessment relates to assessing the quality of internal control structure over time d) monitoring relates to ongoing assessment by management to determine whether controls are operating as intended
d) monitoring relates to ongoing assessment by management to determine whether controls are operating as intended
an auditor of a large public company identifies a material weakness in internal control. the auditor: a) will be unable to issue an unqualified opinion on the financial statements b) must issue a qualified or disclaimer of opinion on internal control over financial reporting c) may still be able to issue an unqualified opinion on internal control over financial reporting d) must issue an adverse opinion on internal control over financial reporting
d) must issue an adverse opinion on internal control over financial reporting
prior to, or in conjuntion w/, the information-gathering procedures for an audit, audit team members should discuss the potential for material misstatement due to fraud. which of the following best characterizes the mindset that the audit team should maintain during this discussion? a) presumptive b) judgmental c) criticizing d) questioning
d) questioning
during the planning stage of an audit, the auditor initially assessed both inherent risk & control risk at a high level. further testing of the client's internal controls led the auditor to reduce the assessment of control risk. which of the following will most likely occur as a result? a) the auditor may reduce the assessment of inherent risk to match the control risk, since they were assessed at the same level during the initial planning b) the auditor may decrease the allowed level of detected risk c) the auditor may rely solely on analytical procedures, w/ no substantive procedures performed d) the auditor may reduce the amount of substantive procedures performed
d) the auditor may reduce the amount of substantive procedures performed
when approached to perform an audit for the first time, the CPA should make inquiries of the predecessor auditor. this is a necessary procedure because the predecessor may be able to provide the successor w/ info that will assist the successor in determining whether a) the predecessor's work should be used b) the company follows the policy of rotating its auditors c) in the predecessor's opinion, internal control of the company has been satisfactory d) the engagement should be accepted
d) the engagement should be accepted
a written understanding between the auditor and the entity concerning the scope of the auditor's services is usually set forth in a(n) a. internal control letter b. letter of audit inquiry c. management letter d. engagement letter
d. engagement letter
before accepting an audit engagement, a successor auditor should make specific inquires of the predecessor auditor regarding the predecessor's a. opinion of any internal control problems that developed since the predecessor's audit report was issued b. evaluation of all matters of continuing accounting significance c. awareness of the consistency in the application of GAAP between periods d. understanding as to the reasons for the change of auditors
d. understanding as to the reasons for the change of auditors
how do auditors accumulate planned evidence?
from substantive (not controls) testing
For each internal control, identify the type(s) of specific control activity (or activities) for which it applies: -sales invoices are independently verified before being sent to customers
independent checks
For the following description of internal controls, indicate which of the following 5 COSO internal control components is best represented by each description. 1) control environment, 2) risk assessment, 3) monitoring, 4) info & communication, 5) control activities -the company's computer systems track individual transactions & automatically accumulate transactions to create a trial balance
info & communication
For the following description of internal controls, indicate which of the following 5 COSO internal control components is best represented by each description. 1) control environment, 2) risk assessment, 3) monitoring, 4) info & communication, 5) control activities -the system automatically reconciles the detailed accounting receivable subsidiary ledger to the accounting receivable general ledger account on a daily basis
info & communication
for substantive analytical procedures what is important
it's important that the data used is sufficiently reliable
what are the testing and reporting requirements for nonpublic companies on internal controls?
management and auditor aren't required to test or externally report on internal controls, but the auditor is required to communicate any identified significant deficiencies or material weaknesses internally -->mgmt, BOD, audit committee
what is the challenge in designing the audit program?
many decisions made are based on anticipated testing results
For the following description of internal controls, indicate which of the following 5 COSO internal control components is best represented by each description. 1) control environment, 2) risk assessment, 3) monitoring, 4) info & communication, 5) control activities -each quarter, department managers are required to perform a self-assessment of the department's compliance w/ company policies. reports summarizing the results are to be submitted to the senior executive overseeing that department
monitoring
as the level of planned detection risk (PDR) decreases, the auditor needs to plan to accumulate ______ evidence to achieve the lower PDR
more
compared to those in other phases, substantive analytical procedures are:
more focused and extensive
for each internal control, state the transaction-related assertion(s) the control is meant to fulfill: -after the controller signs the checks, her secretary writes the check number & the date the check was issued on each of the supporting documents to prevent their reuse
occurrence
what are the extent of internal controls for nonpublic companies?
private companies have the ability to examine cost-benefit tradeoffs when implementing controls
for each situation, state the appropriate audit report: -the auditor was unable to obtain any evidence about the operating effectiveness of internal controls over financial reporting
qualified or disclaimer
For the following description of internal controls, indicate which of the following 5 COSO internal control components is best represented by each description. 1) control environment, 2) risk assessment, 3) monitoring, 4) info & communication, 5) control activities -senior management obtains data about external events that might affect the entity and evaluates the impact of that info on its existing accounting processes
risk assessment
For the following description of internal controls, indicate which of the following 5 COSO internal control components is best represented by each description. 1) control environment, 2) risk assessment, 3) monitoring, 4) info & communication, 5) control activities -the compensation committee reviews compensation plans for senior executives to determine if those plans create unintended pressures that might lead to distorted financial statements
risk assessment
auditors design tests of details of balances during planning (phase I), why is this a particularly difficult task?
see figure 7 in the text
For each internal control, identify the type(s) of specific control activity (or activities) for which it applies: -payments by check are received in the mail by the receptionist, who lists the checks & restrictively endorses them
segregation of duties
For each internal control, identify the type(s) of specific control activity (or activities) for which it applies: -the computer system verifies that all payroll payments have a valid employee identification number assigned by the HR department at the time of hiring
segregation of duties
high CR leads to no controls testing and more _______ testing
substantive
what does a low initial CR assessment suggest?
the auditor expects effective controls
what does the auditor use the gathered fraud risk info for?
to identify risk of material misstatement from fraud
when we look at controls what type of assertions are we typically looking into?
transaction-related assertions
for each situation, state the appropriate audit report: -as a result of performing tests of controls, the auditor identified a significant deficiency in internal controls over financial reporting; however, the auditor doesn't believe that it represents a material weakness in internal control
unqualified
for each situation, state the appropriate audit report: -during interim testing, the auditor identified & communicated to management a significant control deficiency. Management immediately corrected the deficiency & the auditor was able to sufficiently test the newly-instituted internal control before the end of the fiscal period
unqualified (would still be unqualified if management didn't fix it because no material weakness)