8.3

Question 1

When an auditor tests the internal controls of a computerized system, which of the following is true of the test data approach?

Answer 1

Test data are processed with the client’s computer and the results are compared to the auditor’s predetermined results.

The test data are processed by the client’s computer programs under the control of the auditor. These results are then compared to the auditor’s expectations.

Question 2

The test data are processed by the client’s computer programs under the control of the auditor. These results are then compared to the auditor’s expectations.

Answer 2

The auditor’s objectives with respect to the assessment of the risks of material misstatement are the same as in a manual system.

The auditor is required to perform risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control, to identify and assess the RMMs and to design further audit procedures. Whether the control system is manual or computerized does not affect this objective.

Question 3

Which of the following types of risks most likely would increase if accounts receivable are confirmed 3 months before year end?

Answer 3

Detention.

Audit risk consists of (1) the risks of material misstatement (inherent risk combined with control risk) and (2) detection risk. The RMMs are the entity’s risks, and detection risk is the auditor’s risk. Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a material misstatement. It is a function of the effectiveness of an audit procedure and its application by the auditor. Detection risk is the only component of audit risk that can be changed at the auditor’s discretion. An auditor who performs procedures at an interim date should cover the remaining period. The longer the remaining period, the greater the detection risk resulting from performing procedures at an interim date.

Question 4

An auditor obtains a digital file that contains the dollar amounts of all client inventory items by style number. The auditor is aware that the client holds certain inventory styles on consignment for others. The auditor can best ascertain that the client’s inventory is not overstated by using a computer program that

Answer 4

Tests for and accumulates all amounts for items with style numbers indicating consigned merchandise.

Given that items on the inventory file are marked appropriately with style numbers, the auditor can best determine whether consigned merchandise is included by using a program that identifies and accumulates those items with style numbers corresponding to consigned merchandise.

Question 5

How would an auditor of a nonissuer most appropriately respond to a heightened assessed risk of material misstatement?

Answer 5

By assigning more experienced staff or those with specialized skills to high-risk areas.

Overall responses apply to the assessed RMMs at the financial statement level. The following are examples of overall responses: (1) an emphasis on professional skepticism in evidence gathering and evaluation; (2) increased supervision; (3) assignment of staff with greater experience or expertise; (4) greater unpredictability in the choice of further audit procedures; and (5) changing the nature, timing, and extent of audit procedures, such as modifying the nature of a procedure to obtain more persuasive evidence. At the relevant assertion level, the response is to change the nature, timing, or extent of further audit procedures.

Question 6

An auditor may compensate for a high assessed risk of material misstatement by

Answer 6

Increasing the extent of substantive analytical procedures.

When designing further audit procedures, the auditor obtains more persuasive evidence the higher the risk assessment. Thus, the auditor may increase the quantity of evidence or obtain more relevant or reliable evidence. Furthermore, the extent of audit procedures generally increases as the RMMs increase. For example, the auditor may increase sample sizes or perform more detailed substantive analytical procedures (AU-C 330).

Question 7

After gaining an understanding of a client’s computer processing internal control, a financial statement auditor may decide not to test the effectiveness of the computer processing control procedures. Which of the following is not a valid reason for choosing to omit tests of controls?

Answer 7

The assessment of the risks of material misstatement permits the auditor to rely on the controls.

Although controls appear to be effective based on the understanding of internal control, the auditor should perform tests of controls when the assessment of the RMMs at the relevant assertion level includes an expectation of their operating effectiveness. This expectation reflects the auditor’s intention to rely on the controls in determining the nature, timing, and extent of substantive procedures.

Question 8

When an auditor plans to rely on controls that have changed since they were last tested, which of the following courses of action would be most appropriate?

Answer 8

Test the operating effectiveness of such controls in the current audit.

Controls that have changed must be tested for operating effectiveness before they can be relied on.

Question 9

Which of the following statements is not true of the test data approach to testing an accounting system?

Answer 9

The test data must consist of all possible valid and invalid conditions.

The test data approach includes preparation of dummy transactions by the auditor. These transactions are processed by the client’s computer programs under the auditor’s control. The test data consist of one transaction for each valid and invalid condition that interests the auditor. Consequently, the test data need not consist of all possible valid and invalid conditions.

Question 10

An auditor who is testing computer controls in a payroll system will most likely use test data that contain conditions such as

Answer 10

Time tickets with invalid job numbers.

The auditor most likely tests computer controls for detection of time tickets with invalid job numbers. The validity of codes can be determined by the computer system. Testing of approvals, authorizations, and signatures usually require manual procedures.

Question 11

As the acceptable level of detection risk increases for a given audit risk, an auditor may change the

Answer 11

Timing of substantive procedures from year end to an interim date.

For a given audit risk, the acceptable detection risk (the auditor’s risk) is inversely related to the assessed RMMs (the entity’s risks) at the assertion level. Detection risk is the risk that audit procedures will not detect a material misstatement. It relates to the nature, timing, and extent of procedures performed to reduce audit risk to an acceptably low level. Thus, it depends on the effectiveness of audit procedures and their application by the auditor (AU-C 330). For example, as the acceptable level of detection risk for a given audit risk increases, the audit effort devoted to substantive procedures may be reduced. The auditor may change the nature, timing, or extent of substantive procedures, for example, by changing the timing to an interim date.

Question 12

Tests of controls in an advanced computer system

Answer 12

Can be performed using actual transactions or simulated transactions.

Tests of controls, that is, determining whether the prescribed controls are operating effectively at the assertion level, can be performed using either actual or simulated transactions. For example, the integrated test facility (ITF) method uses both actual and simulated transactions.

Question 13

Which of the following is a computer-assisted audit technique that permits an auditor to insert the auditor’s version of a client’s program to process data and compare the output with the client’s output?

Answer 13

Parallel simulation.

Parallel simulation is the computer-assisted audit technique in which the auditor inserts the auditor’s version of the client’s program to reprocess client data and compare the output with the client’s output.

Question 14

Which of the following is a step in an auditor’s decision to rely on internal controls?

Answer 14

Identify specific controls that are likely to prevent, or detect and correct, material misstatements and perform tests of controls.

An auditor should obtain an understanding of controls relevant to the audit. Thus, the auditor should evaluate their design and determine whether they have been implemented. The evaluation of design considers whether the controls can effectively prevent, or detect and correct, material misstatements (AU-C 315 and AS 2110). The auditor then tests relevant controls to obtain sufficient appropriate evidence about their operating effectiveness if (1) the auditor intends to rely on them in determining the nature, timing, and extent of substantive procedures, or (2) substantive procedures alone cannot provide sufficient appropriate evidence at the relevant assertion level (AU-C 330 and AS 2301).

Question 15

Which of the following statements is false about the test data approach when testing a computerized accounting system?

Answer 15

Several transactions of each type must be tested.

The test data approach includes preparation of dummy transactions by the auditor. These transactions are processed by the client’s computer programs under the auditor’s control. The test data consist of one transaction for each valid and invalid condition that interests the auditor. The computer processes all similar transactions in the same way. Accordingly, only one transaction needs to be tested to determine whether a control is working effectively.

Question 16

If an auditor wishes to decrease the acceptable level of audit risk, which of the following changes in the substantive procedures performed will not effectively provide greater assurance?

Answer 16

A change in the timing of substantive procedures from year-end to interim dates.

A lower acceptable level of audit risk increases the assurance to be provided by substantive procedures. To obtain greater assurance, the auditor may change the nature, timing, or extent of substantive procedures. For example, as the risks of material misstatement increase, the auditor is more likely to perform substantial procedures at period-end rather than interim dates. This change reduces the risk of not detecting material misstatements that may exist at period-end (AU-C 330).

Question 17

A client maintains perpetual inventory records in both quantities and dollars. If the assessment of the risks of material misstatement is high, an auditor will probably

Answer 17

Request the client to schedule the physical inventory count at the end of the year.

If the assessment of the RMMs is high, the acceptable detection risk for a given level of audit risk decreases. The auditor should change the nature, timing, or extent of substantive procedures to increase the reliability and relevance of the evidence they provide. Thus, extending work done at an interim date to year end might be inappropriate. Observation of inventory at year end provides more reliable and relevant evidence.

Question 18

Regardless of the assessed risks of material misstatement, an auditor should perform some

Answer 18

Substantive procedures to restrict detection risk for significant transaction classes.

Regardless of the assessed RMMs (or the effectiveness of the relevant controls), the auditor should design and perform substantive procedures for all relevant assertions related to each material transaction class, account balance, and disclosure.

Question 19

To obtain evidence about the effectiveness of controls, an auditor ordinarily selects tests from a variety of methods, including

Answer 19

Reperformance.

The auditor should perform other procedures in combination with inquiry to obtain evidence about the operating effectiveness of controls. Thus, inquiry by itself is not sufficient. Accordingly, inquiry combined with inspection, recalculation, or reperformance may be preferable to inquiry and observation. An observation is relevant only at a moment in time (AU-C 330). Reperformance is the independent performance of procedures or controls that are part of the entity’s internal controls (AU-C 500).

Question 20

Controls within the computer processing activity may leave no visible evidence indicating that they were implemented and were effective. In such instances, the auditor most likely would test these controls by

Answer 20

Reviewing transactions submitted for processing and comparing them with related output.

The auditor should use tests of controls to obtain assurance that necessary controls are operating effectively at the assertion level. When automated controls leave no visible evidence (no visible audit trail), tests include reviewing transactions submitted for processing and comparing the expected results with the related output to determine that unacceptable conditions were reported and properly resolved. The auditor may need to audit through the computer to accomplish this purpose.

Question 21

For which of the following computer-assisted auditing techniques does the auditor use a controlled program?

Answer 21

Parallel simulation.

Parallel simulation is a test of the controls in a client’s application program. An auditor-developed program is used to process actual client data, and the output and exceptions report is compared with those of the client’s application program. If the client’s programmed controls are operating effectively, the two sets of results should be reconcilable.