8.4 Flashcards
What is the most likely course of action that an auditor would take after determining that performing substantive procedures on inventory will take less time than performing tests of controls?
Perform only substantive procedures on inventory.
According to AU-C 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained, the auditor may in some cases perform only substantive procedures and exclude the effect of controls from the relevant risk assessment. For example, (1) testing the operating effectiveness of controls may be inefficient, or (2) risk assessment procedures may not have identified effective controls relevant to the assertions. In these cases, the auditor does not intend to rely on controls.
Which of the following audit procedures, if used, should be combined with other audit procedures when testing the operating effectiveness of controls?
Inquiry.
The following tests are presented in the order of the sufficiency and appropriateness of the evidence they ordinarily produce (least to most): (1) inquiry, (2) observation, (3) inspection of relevant documentation, and (4) reperformance of a control. Inquiry alone does not provide sufficient, appropriate evidence to support a conclusion about the effectiveness of a control.
The portion of the audit plan for a financial statement audit that describes further audit procedures usually cannot be developed until the
Understanding of the entity’s internal control has been completed.
The audit plan develops over the course of the audit. Thus, planning for risk assessment procedures occurs early in the audit. However, the nature, timing, and extent of further audit procedures cannot be determined until the auditor has performed risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the statement and assertion levels.
When an auditor increases the assessment of the risks of material misstatement because certain controls were determined to be ineffective, the auditor will most likely increase the
Extent of test of details.
An auditor should obtain an understanding of internal control to assess the RMMs. The greater (lower) the assessment of the RMMs, the lower (greater) the acceptable detection risk for a given level of audit risk. In turn, the acceptable audit risk affects substantive testing. For example, as the acceptable audit risk decreases, the auditor changes the nature, timing, or extent of substantive procedures to increase the reliability and relevance of the evidence they provide.
Which of the following procedures is not used in tests of controls over purchases?
Confirm inventory held in public warehouses.
The confirmation of inventory held in public warehouses is a substantive procedure performed on an account balance in the purchasing cycle.
Tests of controls are concerned primarily with each of the following questions except
Were the controls approved by the board of directors?
The purpose of tests of controls is to evaluate their effectiveness in preventing, or detecting and correcting, material misstatements at the assertion level. Thus, the auditor performs inquiry and other audit procedures to obtain evidence about such matters as the following: (1) how the controls were applied at relevant times, (2) the consistency of application, and (3) by whom and by what means they were applied. The auditor also should determine whether the controls depend on indirect controls and whether such controls should be tested. For example, when an auditor tests user review of exception reports, the controls over information in the reports are indirect controls (AU-C 330 and AS 2301).
The risks of material misstatement (RMMs) should be assessed in terms of
Financial statement assertions.
The auditor’s objective is to identify and assess the RMMs, whether due to fraud or error, at the financial statement and relevant assertion levels. This objective is achieved through understanding the entity and its environment, including its internal control. The understanding provides a basis for designing and implementing responses to the assessed RMMs (AU-C 315 and AS 2110).
The auditor should perform tests of controls when the auditor’s risk assessment includes an expectation
Of the operating effectiveness of internal control.
The purpose of tests of controls is to evaluate the effectiveness of controls in preventing, or detecting and correcting, material misstatements. When the auditor intends to rely on the controls, tests of their effectiveness should be performed.
Which of the following courses of action is the most appropriate if an auditor concludes that there is a high risk of material misstatement?
Select more effective substantive procedures.
The nature, timing, and extent of the auditor’s further audit procedures should respond to the assessed RMMs at the relevant assertion level. The greater the assessed RMMs, the more persuasive audit evidence should be. To obtain more persuasive audit evidence, the auditor may increase its quantity or obtain evidence that is more relevant or reliable. Accordingly, for high RMMs, the evidence should be more appropriate (relevant and reliable), and the auditor should select more effective substantive procedures.
Which of the following tests of controls most likely will help assure an auditor that goods shipped are properly billed?
Examine shipping documents for matching sales invoices.
The proper starting point to determine whether all goods shipped were properly billed is the shipping documents. Tracing the shipping documents to the matching sales invoices provides assurance that controls worked effectively to ensure that all goods shipped were billed.
An auditor may decide to perform only substantive procedures for certain assertions because the auditor believes
Controls are not relevant to the assertions.
The auditor’s risk assessment procedures may not have identified any suitably designed and implemented controls that are relevant to the assertions. Another possibility is that testing of controls may be inefficient. But the auditor needs to be satisfied that performing only substantive procedures will be effective in reducing audit risk to an acceptable level.
Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertions and risks?
Testing the operating effectiveness of the relevant controls would not be efficient.
The assessment of risks is a basis for choosing the audit approach. The risk assessment procedures may not identify effective controls for the relevant assertion, or testing controls may be inefficient. In these cases, the auditor may wish to use a substantive audit approach.
When an accounting application is processed by computer, an auditor cannot verify the reliable operation of automated controls by
Manually reperforming, as of a moment in time, the processing of input data and comparing the simulated results with the actual results.
Manually reperforming, as of a moment in time, the processing of input data and comparing the simulated results with the actual results is auditing around the computer. The computer is treated as a black box, and only the inputs and outputs are evaluated. Because the actual controls may not be understood or tested, the technique is ordinarily inappropriate if the effectiveness of automated controls is important to the understanding of internal control and the assessment of control risk. Moreover, the auditor is concerned with the reliable operation of the controls throughout the audit period, not at a single moment in time.
To obtain evidence that user identification and password controls are functioning as designed, an auditor should
Examine a sample of password holders and access authority to determine whether they have access authority incompatible with their other responsibilities.
Employees with access authority to process transactions that change records should not also have asset custody or program modification responsibilities. The auditor should determine that password authority is consistent with other assigned responsibilities. In addition, the auditor can directly test whether password controls are working by attempting entry into the system by using invalid identifications and passwords.
An auditor examines a sample of copies of December and January sales invoices for the initials of the person who verified the quantitative data. The purpose is to determine the operating effectiveness of the verification. This audit procedure is an example of a
Tests of controls.
Tests of controls are used to determine whether controls are operating effectively. Checking for initials provides evidence that a person has verified the quantitative data as prescribed. Finding items that were corrected verifies that the control was effective. Finding uncorrected errors indicates the control was not in operation or not effective.
