1.26.19

Question 1

Which of the following procedures would an auditor most likely perform in the planning stage of an audit?

Answer 1

Make a preliminary judgment about materiality.

Materiality should be established for planning purposes. The concept of materiality recognizes that some but not all matters are important for fair presentation of the financial statements. The auditor is responsible for planning and performing the audit to obtain reasonable assurance that material misstatements are detected.

Question 2

An auditor’s written communication of internal control related matters identified in an audit would be addressed to “those charged with governance,” which would include the

Answer 2

board of directors.

In many organizations, governance is provided by the board of directors (and its related audit committee). However, the communication may be made to individuals at an equivalent level of authority and responsibility if the organization does not have a board.

Question 3

Which of the following would not be considered an analytical procedure?

Answer 3

Projecting an error rate by comparing the results of a statistical sample with the actual population characteristics.

Analytical procedures are evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data using models that range from simple to complex. Projecting an error rate based on a statistical sample is a sampling procedure, not an analytical procedure.

Question 4

Regardless of the assessed risks of material misstatement, an auditor should perform some

Answer 4

Substantive procedures to restrict detection risk for significant transaction classes.

Regardless of the assessed RMMs (or the effectiveness of the relevant controls), the auditor should design and perform substantive procedures for all relevant assertions related to each material transaction class, account balance, and disclosure.

Question 5

When compared with a nineteenth-century auditor, today’s auditor places less relative emphasis upon

Answer 5

Examination of documentary support.

The auditor ordinarily should perform certain auditing procedures, such as external confirmation of receivables (AU-C 505), observation of inventory (AU-C 501), and analytical procedures (AU-C 520), instead of relying completely on documentary evidence.

Question 6

When communicating significant deficiencies in internal control noted in a financial statement audit of a nonissuer, the communication should indicate that

Answer 6

The purpose of the audit was to report on the financial statements, not to provide assurance on internal control.

According to an illustrative written communication in AU-C 265, the auditors state, “we considered the Company’s internal control over financial reporting (internal control) as a basis for designing audit procedures that are appropriate in the circumstances for the purpose of expressing our opinion on the financial statements, but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control. Accordingly, we do not express an opinion on the effectiveness of the Company’s internal control.”

Question 7

During the confirmation of accounts receivable, an auditor receives a confirmation via the client’s fax machine. Which of the following actions should an auditor take?

Answer 7

Accept the confirmation but verify the source and content through a telephone call to the respondent.

When responses other than mailed written communications (e.g., responses received electronically, such as by fax or email) are received, additional evidence may be required to support their validity. The auditor may wish to verify the sources by calling the purported senders or by having the sender mail the original confirmation directly to the auditor. But an electronic confirmation system may be sufficiently secure and well controlled to mitigate the risks of interception or alteration. For example, encryption, electronic signatures, or procedures to verify website authenticity may be used.

Question 8

When planning an engagement to audit the effectiveness of the entity’s internal control in an integrated audit of a nonissuer, a practitioner would least likely consider which of the following factors?

Answer 8

The evaluation of the operating effectiveness of the controls.

The audit of a nonissuer’s internal control over financial reporting should be integrated with the financial statement audit. Evaluating certain matters may assist the auditor’s planning of the audit, but the evaluation of the operating effectiveness of the controls is not one of those matters. This evaluation is not made until the auditor forms an opinion by considering the evidence obtained from all sources, including (1) tests of controls, (2) misstatements detected during the audit, and (3) identified deficiencies.

Question 9

Which of the following could indicate source document fraud?

Answer 9

The same invoice number appears on different invoice numbers.

Each invoice should have a unique invoice number. The duplication of an invoice number can signify source document fraud.

Question 10

Analytical procedures used in planning an audit should focus on

Answer 10

Enhancing the auditor’s understanding of the client’s business.

Analytical procedures may be applied as risk assessment procedures (analytical procedures used in planning an audit). They are performed to obtain an understanding of the entity and its environment, including its internal control. The understanding addresses (1) relevant external factors (including the financial reporting framework); (2) the nature of the entity (operations, governance, investments, structure, and financing to understand transaction classes, balances, and disclosures); (3) accounting policies; (4) objectives, strategies, and business risks; and (5) measurement and review of financial performance.

Question 11

A client maintains a large data center where access is limited to authorized employees. How may an auditor best determine the effectiveness of this control activity?

Answer 11

Observe whether the data centers are monitored.

Physically observing that the data center is being monitored provides direct evidence that the control is in place and is being utilized effectively. The auditor will be able to see, first hand, if the control is preventing unauthorized access.

Question 12

To obtain evidence that user identification and password controls are functioning as designed, an auditor should

Answer 12

Examine a sample of password holders and access authority to determine whether they have access authority incompatible with their other responsibilities.

Employees with access authority to process transactions that change records should not also have asset custody or program modification responsibilities. The auditor should determine that password authority is consistent with other assigned responsibilities. In addition, the auditor can directly test whether password controls are working by attempting entry into the system by using invalid identifications and passwords.

Question 13

Some data processing controls relate to all computer processing activities (general controls) and some relate to specific tasks (application controls). General controls include

Answer 13

Controls for documenting and approving programs and changes to programs.

General controls are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. General controls commonly include controls over data center and network operations; systems software acquisition and maintenance; access security; and application system acquisition, development, and maintenance. Accordingly, they include (1) controls over operations to ensure efficient and effective operations of the computer activity; (2) the procedures for acquiring, developing, testing, documenting, and approving systems or programs and changes thereto; (3) controls over access to equipment and data files; and (4) other data and procedural controls affecting overall computer operations.

Question 14

Which of the following best represents a key control for ensuring sales are properly authorized when assessing risks of material misstatement for sales?

Answer 14

Sales orders are sent to the credit department for approval.

The credit department should investigate potential customers and approve sales orders.

Question 15

An auditor most likely modifies the opinion if the entity’s financial statements include a note on related party transactions

Answer 15

Stating without substantiation that a particular related party transaction occurred on terms equivalent to those that would have prevailed in an arm’s-length transaction.

The auditor should obtain sufficient appropriate evidence about a management assertion that related party transactions were conducted on terms equivalent to those that prevail in arm’s-length transactions. Management is responsible for substantiating the assertion. The auditor evaluates management’s support for the assertion.

Question 16

Which of the following statements is most accurate regarding sufficient and appropriate documentation?

Answer 16

Sufficient and appropriate documentation should include evidence that it has been reviewed.

On or before the date of the auditor’s report, the engagement partner should review the audit documentation and have discussions with the engagement team. The purpose is to be satisfied that sufficient and appropriate evidence supports the conclusions and the report (AU-C 220). The requirement to document (1) who reviewed the audit work and (2) the extent of the review does not require each working paper to bear evidence of review. But it does mean documenting (1) what work was reviewed, (2) who reviewed the work, and (3) when it was reviewed (AU-C 230).

Question 17

To test the effectiveness of controls, an auditor ordinarily selects from a variety of techniques, including

Answer 17

Reperformance and observation.

Inquiry alone is not sufficient to test the operating effectiveness of controls. Other audit procedures performed in combination with inquiry may include inspection, recalculation, and reperformance of a control that pertains to an assertion.

Question 18

Which of the following strategies most likely could improve the response rate of the confirmation of accounts receivable?

Answer 18

Including a list of items or invoices that constitute the account balance.

One factor in the design of external confirmation requests is the layout and presentation. Thus, for an account receivable, displaying the details of the balance most likely helps the customer to reconcile the amount and may increase the response rate.

Question 19

An auditor who uses the work of an auditor’s external specialist may refer to the specialist in the auditor’s report if the

Answer 19

Reference is needed for an understanding of a modification of the opinion.

The auditor may refer to an auditor’s external specialist only if the opinion is modified. A modified opinion is a qualified opinion, adverse opinion, or a disclaimer of opinion. The reference is made because it is relevant to understanding the modification. An auditor’s report with such a reference should state that it does not reduce the auditor’s responsibility (AU-C 620).

Question 20

Which of the following circumstances would be inappropriate for the auditor to communicate to those charged with governance?

Answer 20

No significant deficiencies in internal control exist that would affect the financial statements.

An auditor may issue a written communication stating that no material weaknesses were identified if the auditor complies with the applicable requirements for such communications. But a written communication stating that no significant deficiencies were identified is prohibited. It might be misunderstood or misused (AU-C 265).