4

Question 1

SOC report

Answer 1

SOC1-FR-User entities and auditors
Type 1-Design
management’s description of SO’s ICFR along with SO audit’s opinion to meet control objectives
Type 2-Design and operating effectiveness
SO’s ICFE operating effectiveness

SOC2-Security, Availability, Processing integrity, Confidentiality-Management, Regulators
Type 1-Design
Type 2-Design and operating effectiveness

SOC3-Privacy-Anyone

Question 2

Sample size and tolerable rate of deviation

Answer 2

inverse relationship
More error that are acceptable, the less work auditor will perform.

Question 3

When control is assessed at the maximum level?

Answer 3

Document the assessment
Maximum level of CE→more test is inefficient.

Question 4

IF RMM is high

Answer 4

Increase professional skepticism
Increase planned audit procedures

Question 5

Can internal auditor perform test of control or substantive tests?

Answer 5

Both

Question 6

Impact of risk on audit testing

Answer 6

RMM ↑ Acceptable level of detection risk↓ Substantive test ↑

RMM ↓ Acceptable level of detection risk↑ Substantive test ↓

Question 7

Assessing internal audit

Answer 7

-Competence
Internal auditor education
Department policies&practices
Documentation&report quality
-Objectivity
Organization status/reporting level
Policies maintaining organizational objectivity
-Competence and objectivity
Institute of Internal Auditors guidelines

Question 8

Disclosing the work of specialist

Answer 8

Unmodified opinion-coreference is made to the specialist

Modified opinion-Add explanatory language indicating that the use of a specialist

Question 9

Inherent limitations of IC

Answer 9

Collusion
Override bymanagement
Poor human judgement

Question 10

Variable sampling vs attribute sampling

Answer 10

Variable-estimating quantity or dollar account of population
-test of detail
-dollar amount (quantitative)

Attribute-estimating the rate of occurrence of quality of characteristics in population
-test of controls
- rate of occurrence (qualitative)

Question 11

Substantive test

Answer 11

Audit procedure used to detect a material misstatement. Regardless of assessed risk of material misstatement, auditors should perform substantive procedures for all material financial assertions, test of controls alone are not enough.

Question 12

Test interest expense

Answer 12

-Comparing expected interest expense with recorded amounts
-Vouching amounts to loan documents
-Sending confirmation to creditors

Question 13

Reporting when a component auditor is used

Answer 13

Assuming responsibility
-Reviews component auditor’s work
-Does not refer to component auditor in report

Dividing responsibility
-States in report that component was audited by a component auditor
-Indicates magnitude of component in report

Question 14

Examples of management assertion tests
(COCA-CURVE)

Answer 14

Completeness-

Question 15

Qualified Opinion section state?

Answer 15

“Except for” the omission of information

Question 16

If control risk too low, affect audit’s ?

If control risk too high, affect audit’s?

Answer 16

Effectiveness

Efficiency

Question 17

Violation of GAAP-Which type of opinions?

Answer 17

Qualified opinion

Question 18

Reporting Critical Audit Matters (CAM)

Answer 18

-Identify the CAM
-Describe the main factors that led the auditor to determine the matter was a CAM
-Describe how the CAM was addressed in the audit
-Reference the relevant F/S assertions or disclosures

Question 19

Which section does management responsible state for issuer’s report on ICFR?

Answer 19

Basis for opinion

Question 20

Predecessor auditor’s responsibilities when reissuing prior year report

Answer 20

-Read current year’s F/S
-Compare prior period F/S with current period F/S
-Obtain updated management representation letter on prior period
-Obtain representation letter from successor on matters affecting prior F/S