1.20.19 Flashcards
Which of the following is an important consideration when deciding the nature of tests to use in a financial statement audit?
The procedures to be applied on a particular engagement are a matter of the auditor’s professional judgment.
According to GAAS, the auditor should exercise professional judgment and maintain professional skepticism during the planning and performance of the audit. Professional judgment applies training, knowledge, and experience to making informed decisions about the actions that are appropriate in an audit. Such decisions are required to be made about (1) materiality; (2) audit risk; (3) the nature, timing, and extent of audit procedures; (4) the evaluation of whether evidence is sufficient and appropriate; (5) the evaluation of management’s judgments in applying the applicable reporting framework; and (6) the conclusions to be drawn from the evidence (AU-C 200).
An auditor who is testing computer controls in a payroll system will most likely use test data that contain conditions such as
Time tickets with invalid job numbers.
The auditor most likely tests computer controls for detection of time tickets with invalid job numbers. The validity of codes can be determined by the computer system. Testing of approvals, authorizations, and signatures usually require manual procedures.
Which of the following procedures should an auditor most likely include in the planning of an audit of financial statements?
Determining the need for specialized skills.
If specialized skills are needed, the auditor determines whether a professional with such skills is on the audit staff or an external specialist must be hired. For this purpose, the auditor should be able to (1) communicate the objectives of the work of the other professional, (2) evaluate whether the procedures performed meet the audit objectives, and (3) evaluate the results of those procedures (AU-C 300).
Which of the following internal controls most likely would reduce the risk of diversion of customer receipts by an entity’s employees?
A bank lockbox system.
A lockbox system ensures that cash receipts are not stolen by mail clerks or other employees. Customer payments are mailed to a post office box and collected directly by the bank.
Which of the following departments most likely would approve changes in pay rates and deductions from employee salaries?
HR
The human resources department provides the authorization for payroll-related transactions, e.g., hiring, termination, and changes in pay rates and deductions.
Which of the following is a basic tool used by the auditor to control the audit work and review the progress of the audit?
Audit plan.
An audit plan is developed and documented based on the overall audit strategy. It is more detailed than the audit strategy because it includes the nature, timing, and extent of work to be performed. The plan includes (1) risk assessment procedures, (2) further audit procedures at the assertion level, and (3) other procedures to comply with GAAS. Audit planning has many benefits, such as helping to organize and manage the audit so it is performed effectively and efficiently (AU-C 300).
How would an auditor of a nonissuer most appropriately respond to a heightened assessed risk of material misstatement?
By assigning more experienced staff or those with specialized skills to high-risk areas.
Overall responses apply to the assessed RMMs at the financial statement level. The following are examples of overall responses: (1) an emphasis on professional skepticism in evidence gathering and evaluation; (2) increased supervision; (3) assignment of staff with greater experience or expertise; (4) greater unpredictability in the choice of further audit procedures; and (5) changing the nature, timing, and extent of audit procedures, such as modifying the nature of a procedure to obtain more persuasive evidence. At the relevant assertion level, the response is to change the nature, timing, or extent of further audit procedures.
The design or operation of a control may not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. According to AU-C 265, this circumstance is a
Control deficiency.
A control deficiency may arise either in the design or operation of a control. It is the lowest level of deficiency identified in the standards. A design deficiency results when (1) a necessary control is missing or (2) a control operating as designed does not meet the control objective. An operating deficiency results when (1) a properly designed control does not function as designed, or (2) the person performing the control does not have the authority or competence to perform it effectively.
Which of the following is a misstatement arising from fraud or an error as defined by the auditing standards?
Selecting an accounting policy that the auditor considers inappropriate.
Misstatements may result from fraud or error. Examples are (1) an inaccuracy in obtaining or processing data on which the financial statements are based, (2) an omission of an amount or disclosure, (3) a disclosure not presented in accordance with the applicable reporting framework, (4) an incorrect accounting estimate arising from overlooking or clearly misinterpreting facts, and (5) management judgments about accounting estimates that the auditor considers unreasonable, and (6) management’s selection or application of accounting policies that the auditor considers inappropriate (AU-C 450).
Which of the following statements is correct regarding an independent auditor’s reliance on a client’s internal audit staff?
An independent auditor should assess the organizational status of the director of internal audit.
Given an expectation of using the work of the internal auditors, the external auditor’s objectives include determining (1) whether to use their work and in what ways and (2), if using their work, whether it is adequate for audit purposes. To determine whether internal audit work can be used to obtain audit evidence, the external auditor should evaluate (1) the competence of the internal audit function, (2) the extent to which its organizational status and policies and procedures support its objectivity, and (3) its application of a systematic and disciplined approach (including quality control). Factors affecting objectivity include whether the internal audit function’s organizational status supports its ability to be free from bias, conflict of interest, or undue influence. For example, the external auditor should determine whether the internal audit function reports to (1) those charged with governance, (2) an officer with appropriate authority, or (3) management but with direct access to those charged with governance.
Which of the following questions would an auditor least likely include on an internal control questionnaire concerning the initiation and execution of equipment transactions?
Are procedures in place to monitor and properly restrict access to equipment?
Although access to equipment should be restricted to authorized personnel only, the issue is the initiation and execution of equipment transactions, not custody of the assets.
Which of the following internal control activities is not usually performed in the vouchers payable department?
Accounting for unused prenumbered purchase orders and receiving reports.
Employees in the vouchers payable department should have no responsibilities related to purchasing or receiving goods. The purchasing department accounts for unused prenumbered purchase orders. The receiving department accounts for unused prenumbered receiving reports.
An auditor is required to establish an understanding with a client regarding the services to be performed for each engagement. For an auditor of a nonissuer, this understanding generally includes
The auditor’s responsibility for ensuring that management and those charged with governance are aware of any significant deficiencies or material weaknesses in control that come to the auditor’s attention.
An auditor should accept an engagement only when the basis for audit performance is agreed through (1) establishing whether the preconditions for an audit exist and (2) confirming that the auditor and management (and, possibly, those charged with governance) have a common understanding of the terms of engagement. The agreement typically is documented in an engagement letter (AU-C 210). An engagement letter for a nonissuer should indicate that a financial statement audit is not designed to provide assurance on internal control. However, the auditor is responsible for ensuring that management and those charged with governance are aware of any significant deficiencies or material weaknesses in control that come to his or her attention.
An auditor is auditing a mutual fund company that uses a transfer agent to handle accounting for shareholders. Which of the following actions by the auditor would be most efficient for obtaining information about the transfer agent’s internal controls?
Review reports on the suitability of design and operating effectiveness of controls produced by the agent’s own auditor.
The mutual fund auditor can use the service auditor’s report to gain an understanding of the controls and to assess the risk of material misstatement at the transfer agent.
Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without the knowledge of client operating personnel?
Integrated test facility (ITF).
The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will recognize the specially coded test data. The test transactions may be submitted without the computer operators’ knowledge.