8.1

Question 1

Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of controls. One of the techniques involved in this approach makes use of

Answer 1

An integrated test facility.

The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will recognize the specially coded test data. Also, dummy files must be established (the test facility or dummy entity). Nevertheless, output (for example, control totals) is affected by the existence of the ITF transactions.

Question 2

Which of the following actions should the auditor take in response to discovering a deviation from the prescribed control?

Answer 2

Make inquiries to understand the potential consequence of the deviation.

Once a deviation is discovered by an auditor, (s)he should investigate it further by making inquiries to understand the potential consequences of the deviation.

Question 3

Audit evidence concerning undocumented monitoring controls ordinarily is best obtained by

Answer 3

Observing the employees as they apply controls.

For some controls, documentation may not be available or relevant. For example, documentation of operation may not exist for (1) some factors in the control environment, such as assignment of authority and responsibility, or (2) some controls, such as computer controls. In such cases, evidence about effectiveness of operation may be obtained through inquiry combined with other procedures, e.g., observation or computer-assisted audit techniques.

Question 4

The major purpose of the auditor’s study and evaluation of the company’s computer processing operations is to

Answer 4

Evaluate the reliability and integrity of financial information.

Information systems provide data for decision making, control, and compliance with external requirements. Thus, auditors should examine information systems and, as appropriate, determine (1) whether financial records and reports contain accurate, reliable, timely, complete, and useful information and (2) controls over recordkeeping and reporting are adequate and effective.

Question 5

Which of the following statements about the auditor’s response to assessed risks of material misstatement in a financial statement audit is true?

Answer 5

Risk assessment procedures performed to obtain an understanding of an entity’s internal control also may serve as tests of controls.

Performing risk assessment procedures to obtain an understanding of the entity and its environment involves, among other things, evaluating the design of controls and determining whether they have been implemented. Tests of controls evaluate their operating effectiveness in preventing, or detecting and correcting, material misstatements at the assertion level. Although risk assessment procedures and tests of controls differ, they may use the same types of procedures. Thus, the auditor may decide that it is efficient to test operating effectiveness and evaluate design and implementation at the same time. Furthermore, some risk assessment procedures may provide evidence about operating effectiveness. For example, the auditor may (1) inquire about the use of budgets, (2) observe comparison of budgets and actual results, and (3) inspect reports on the investigation of variances (AU-C 330 and AS 2301).

Question 6

Which of the following statements is false about the integrated test facility (ITF) method for testing a computerized accounting system?

Answer 6

ITF reprocesses only actual, not fictitious, transactions.

The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will recognize the specially coded test data. The auditor can test the controls by including various types of transactions to be processed.

Question 7

To test the effectiveness of controls, an auditor ordinarily selects from a variety of techniques, including

Answer 7

Reperformance and observation.

Inquiry alone is not sufficient to test the operating effectiveness of controls. Other audit procedures performed in combination with inquiry may include inspection, recalculation, and reperformance of a control that pertains to an assertion.

Question 8

If an auditor is obtaining an understanding of an issuer’s information and communication component of internal control, which of the following factors should the auditor assess?

Answer 8

The classes of transactions in the issuer’s operations that are significant to the issuer’s financial statements.

According to AS 2110, the auditor should obtain a sufficient understanding of each component of internal control over financial reporting to (1) identify the types of misstatements, (2) assess the factors that affect the risks of material misstatement, and (3) design further audit procedures. Thus, the auditor should obtain an understanding of the information system, including the related business processes, relevant to financial reporting. This understanding includes the classes of transactions in the issuer’s operations that are significant to the issuer’s financial statements.

Question 9

An auditor wishes to evaluate the design and perform tests of controls over a client’s cash disbursements procedures. If the controls leave no audit trail of documentary evidence, the auditor most likely will test the procedures by

Answer 9

Observation and inquiry.

When the auditor obtains an understanding of controls relevant to the audit, (s)he performs risk assessment procedures to obtain evidence about their design and implementation. These procedures may include (1) inquiries, (2) observations of the application of the controls, (3) inspection of documents and reports, and (4) tracing transactions through the financial reporting system. Although risk assessment procedures and tests of controls differ, they may use the same types of procedures. Thus, the auditor may decide that it is efficient to test operating effectiveness and evaluate design and implementation at the same time. Furthermore, some risk assessment procedures may provide evidence about operating effectiveness. For example, the auditor may (1) inquire about the use of budgets, (2) observe comparison of budgets and actual results, and (3) inspect reports on the investigation of variances (AU-C 330 and AS 2301). In the absence of documentary evidence, the auditor performs observation and inquiry procedures and traces transactions through the system.

Question 10

In performing tests of controls, the auditor will normally find that

Answer 10

The rate of deviations in the sample exceeds the rate of error in the accounting records.

When testing controls, the auditor is directly concerned with deviations from specific controls. Failure to comply with a control does not necessarily result in an error in the records. For example, the absence of an authorization signature does not necessarily mean that the transaction was improperly recorded. Accordingly, the rate of deviations from a control normally exceeds the error rate in the records.

Question 11

An auditor who is testing computer controls in a payroll system will most likely use test data that contain conditions such as

Answer 11

Time tickets with invalid job numbers.

The auditor most likely tests computer controls for detection of time tickets with invalid job numbers. The validity of codes can be determined by the computer system. Testing of approvals, authorizations, and signatures usually require manual procedures.

Question 12

Which of the following procedures is considered a test of controls?

Answer 12

An auditor interviews and observes appropriate personnel to determine segregation of duties.

When the auditor observes the operation of a control, (s)he can evaluate its effectiveness at a moment in time. Observing that different personnel perform appropriate duties provides evidence of proper segregation.

Question 13

Which of the following levels would most likely address the risk of material misstatement by the auditor’s consideration of an entity’s control environment?

Answer 13

Financial statements.

The (1) assessment of the risks of material misstatement (RMM) at the financial statement level and (2) the auditor’s overall responses depend on the understanding of the control environment. An effective control environment improves the reliability of internally generated audit evidence. However, the nature, timing, and extent of further audit procedures respond to the assessed RMMs at the assertion level.
NOTE: We understand that this question may seem to be awkwardly written. There is a chance that you will encounter poorly written questions on your exam. You must answer each question to the best of your ability, even if it means making an educated guess, and then move on to the next question.

Question 14

The objective of tests of details of transactions performed as tests of controls is to

Answer 14

Evaluate whether internal controls operated effectively.

The auditor may use tests of details of transactions concurrently as tests of controls (i.e., as dual-purpose tests). As substantive procedures, their objective is to support relevant assertions or detect material misstatements in the financial statements. As tests of controls, their objective is to evaluate whether a control operated effectively.

Question 15

While performing interim audit procedures on accounts receivable, numerous unexpected errors are found resulting in a change of risk assessment. Which of the following audit responses would be most appropriate?

Answer 15

Use more experienced audit team members to perform year-end testing.

The higher the risk assessment, the more persuasive the audit evidence should be. Audit evidence should be sufficient and appropriate. Sufficiency relates to quantity and appropriateness to relevance and reliability. To obtain more persuasive evidence, the auditor may increase its quantity or obtain evidence that is more relevant or reliable. The higher the risk assessment, the more likely that performing substantive procedures at or near to period-end is more effective (results in more reliable evidence) than performing them at an interim date. Moreover, assigning more experienced audit team members may result in obtaining more reliable evidence because of their greater competence. Using more experienced audit team members is an example of an overall response to the risk assessment.

Question 16

Determining that controls are operating effectively most likely involves

Answer 16

Identifying specific controls relevant to specific assertions.

The auditor obtains an understanding of internal controls to evaluate their design and determine whether they have been implemented (AU-C 315). Tests of controls are performed only on controls that are suitably designed to prevent, or detect and correct, a material misstatement in a relevant assertion (AU-C 330).

Question 17

The auditor should perform tests of controls when the auditor’s assessment of the risks of material misstatement includes an expectation of the operating effectiveness of internal control or when

Answer 17

Substantive procedures alone cannot provide sufficient appropriate audit evidence at the relevant assertion level.

For some RMMs, the auditor may determine that it is not feasible to obtain sufficient appropriate audit evidence only from substantive procedures. These RMMs may relate to routine, significant transactions subject to highly automated processing with no documentation except what is recorded in the IT system. In such circumstances, the controls over the RMMs are relevant to the audit. Thus, the auditor should obtain an understanding of, and test, the controls.

Question 18

Which of the following computer-assisted auditing techniques processes client input data on a controlled program under the auditor’s control to test controls in the computer system?

Answer 18

Parallel simulation.

Parallel simulation is a test of the controls in a client’s application program. An auditor-developed program, not the client’s program, is used to process actual client data and compare the outputs and exceptions report with those of the client’s application program. If the client’s programmed controls are operating effectively, the two sets of results should be reconcilable.

Question 19

Which of the following types of evidence would an auditor most likely consider to determine whether internal controls are operating effectively?

Answer 19

A questionnaire completed by an employee in the receiving department concerning her duties and responsibilities.

Tests of controls are directed toward operating effectiveness. They include inquiries of entity personnel (e.g., a questionnaire completed by an employee in the receiving department); inspection of documents, reports, and electronic files indicating performance of the controls; observation of the application of the controls; and reperformance of the controls by the auditor.

Question 20

An auditor is least likely to test controls that provide for

Answer 20

Classification of revenue and expense transactions by product line.

The auditor is primarily concerned with the fairness of external financial reporting and therefore with controls relevant to a financial statement audit. (S)he is less likely to test controls over records used solely for internal management purposes than those used to prepare financial statements for external distribution. Assertions about the presentation of transactions by product line are not typically made. Thus, the auditor is unlikely to expend significant audit effort in testing such classifications.

Question 21

Which of the following procedures is not used in tests of controls over purchases?

Answer 21

Confirm inventory held in public warehouses.

The confirmation of inventory held in public warehouses is a substantive procedure performed on an account balance in the purchasing cycle.

Question 22

When an auditor tests a computerized accounting system, which of the following is true of the test data approach?

Answer 22

Test data are processed by the client’s computer programs under the auditor’s control.

In using the test data approach, the auditor prepares a set of dummy transactions specifically tailored to test the control procedures that management claims to have incorporated into the processing program. The auditor then processes these transactions using management’s program and compares the expected results with the actual output of the program.

Question 23

For certain controls, such as assignment of authority and responsibility, documentary evidence may not exist. An auditor would most likely test the controls by

Answer 23

Observation and inquiry.

When documentary evidence does not exist, evidence about the effectiveness of the operation of controls may be obtained through such methods as observation, inquiry, or computer-assisted techniques. Inquiry alone, however, will not ordinarily provide sufficient appropriate evidence to support the conclusion that the control is operating effectively.

Question 24

An auditor who decides not to rely on controls should

Answer 24

Document the further audit procedures performed.

The auditor performs further audit procedures in response to the assessed risks of material misstatement at the assertion level. The auditor should document the nature, timing, and extent of further audit procedures. Documentation is necessary even if the auditor emphasizes substantive procedures and does not use tests of controls. For example, (1) risk assessment procedures may not have identified any effective controls relevant to the assertion, or (2) testing controls might be inefficient (AU-C 330).

Question 25

If interim substantive procedures for an account identified no exceptions, which of the following would the auditor not perform on that account at year end?

Answer 25

Tests of details for the entire year under audit.

Substantive procedures may be performed at an interim date. The auditor then should cover the remaining period by performing substantive procedures combined with tests of controls to provide a reasonable basis for extending conclusions. (But the auditor may determine that performing only substantive procedures suffices.) If unexpected misstatements are detected at the interim date, the auditor may conclude that the planned substantive procedures for the remaining period need to be modified. Modification may include extending or repeating at period end the procedures performed at the interim date. Accordingly, if no misstatements (exceptions) for an account are identified at the interim date, the auditor does not perform substantive procedures (tests of details) on the account at period end for the entire year under audit. Thus, the auditor does not repeat procedures performed at the interim date.

Question 26

To obtain evidence about the operating effectiveness of controls, an auditor selects tests from a variety of methods, including

Answer 26

Inquiries.

The auditor should perform other procedures in combination with inquiry to obtain evidence about the operating effectiveness of controls. Thus, inquiry by itself is not sufficient. Accordingly, inquiry combined with inspection, recalculation, or reperformance may be preferable to inquiry and observation. An observation is relevant only at a moment in time (AU-C 330). Inquiries may be formal or informal (oral). They seek information from knowledgeable people that may be financial or nonfinancial and internal or external to the entity (AU-C 500).

Question 27

An auditor of a nonissuer should design tests of details to ensure that sufficient audit evidence supports which of the following?

Answer 27

The planned level of assurance at the relevant assertion level.

Tests of details of transaction classes, account balances, and disclosures are substantive procedures. Some substantive procedures should be performed for all relevant assertions related to each material transaction class, balance, and disclosure. With respect to obtaining audit evidence, the auditor’s objective is to obtain sufficient appropriate evidence to be able to draw reasonable conclusions as a basis for an opinion on whether statements are materially misstated. To design and perform further audit procedures (substantive procedures and tests of controls), the auditor assesses the risks of material misstatement at the financial statement and relevant assertion levels.

Question 28

JP Industries conducts its business using IT, and the only documentation of transactions is produced through the IT system. The auditor has concluded that it is not possible to obtain sufficient appropriate audit evidence by performing only substantive procedures for a number of financial statement assertions. The auditor’s alternative strategy is to

Answer 28

Perform test of controls.

The entity conducts its business using IT, and the only documentation of transactions is produced through the IT system. Because the auditor cannot obtain sufficient appropriate audit evidence by performing substantive procedures alone, the auditor should perform tests of controls. These procedures are designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level (AU-C 330 and AS 2301).