8.6 Flashcards

1
Q

An auditor may decide to perform only substantive procedures for certain assertions because the auditor believes

A

Controls are not relevant to the assertions.

The auditor’s risk assessment procedures may not have identified any suitably designed and implemented controls that are relevant to the assertions. Another possibility is that testing of controls may be inefficient. But the auditor needs to be satisfied that performing only substantive procedures will be effective in reducing audit risk to an acceptable level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following audit procedures, if used, should be combined with other audit procedures when testing the operating effectiveness of controls?

A

Inquiry.

The following tests are presented in the order of the sufficiency and appropriateness of the evidence they ordinarily produce (least to most): (1) inquiry, (2) observation, (3) inspection of relevant documentation, and (4) reperformance of a control. Inquiry alone does not provide sufficient, appropriate evidence to support a conclusion about the effectiveness of a control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following types of evidence should an auditor most likely examine to determine whether internal controls are operating as designed?

A

Client records documenting the use of computer programs.

In testing controls over the computer processing function, the auditor should obtain evidence of proper authorization of access to computer programs and files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The major purpose of the auditor’s study and evaluation of the company’s computer processing operations is to

A

Evaluate the reliability and integrity of financial information.

Information systems provide data for decision making, control, and compliance with external requirements. Thus, auditors should examine information systems and, as appropriate, determine (1) whether financial records and reports contain accurate, reliable, timely, complete, and useful information and (2) controls over recordkeeping and reporting are adequate and effective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is true related to the auditor’s consideration of controls?

A

Misstatements detected by the auditor’s substantive procedures should be considered when testing the effectiveness of related controls.

Misstatements detected by the auditor’s substantive procedures should be considered when testing the effectiveness of related controls. The auditor may need to assess the RMMs at a higher level if fraud or error is detected that should have been detected by the entity’s controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In performing tests of controls, the auditor will normally find that

A

The rate of deviations in the sample exceeds the rate of error in the accounting records.

When testing controls, the auditor is directly concerned with deviations from specific controls. Failure to comply with a control does not necessarily result in an error in the records. For example, the absence of an authorization signature does not necessarily mean that the transaction was improperly recorded. Accordingly, the rate of deviations from a control normally exceeds the error rate in the records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following statements concerning the parallel simulation approach when testing a computerized accounting system is false?

A

Transactions are reprocessed only by the client’s computer programs.

Parallel simulation is a test of the controls in a client’s application program. An auditor-developed program, not the client’s program, is used to process actual client data and compare the outputs and exceptions report with those of the client’s application program. If the client’s programmed controls are operating effectively, the two sets of results should be reconcilable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An auditor of a nonissuer should design tests of details to ensure that sufficient audit evidence supports which of the following?

A

The planned level of assurance at the relevant assertion level.

Tests of details of transaction classes, account balances, and disclosures are substantive procedures. Some substantive procedures should be performed for all relevant assertions related to each material transaction class, balance, and disclosure. With respect to obtaining audit evidence, the auditor’s objective is to obtain sufficient appropriate evidence to be able to draw reasonable conclusions as a basis for an opinion on whether statements are materially misstated. To design and perform further audit procedures (substantive procedures and tests of controls), the auditor assesses the risks of material misstatement at the financial statement and relevant assertion levels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

After gaining an understanding of a client’s computer processing internal control, a financial statement auditor may decide not to test the effectiveness of the computer processing control procedures. Which of the following is not a valid reason for choosing to omit tests of controls?

A

The assessment of the risks of material misstatement permits the auditor to rely on the controls.

Although controls appear to be effective based on the understanding of internal control, the auditor should perform tests of controls when the assessment of the RMMs at the relevant assertion level includes an expectation of their operating effectiveness. This expectation reflects the auditor’s intention to rely on the controls in determining the nature, timing, and extent of substantive procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without the knowledge of client operating personnel?

A

Integrated test facility (ITF).

The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will recognize the specially coded test data. The test transactions may be submitted without the computer operators’ knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

After obtaining an understanding of internal control and assessing the risks of material misstatement in a financial statement audit, an auditor decided to perform tests of controls. The auditor most likely decided that

A

It would be efficient to perform tests of controls that would result in a reduction in substantive procedures.

The auditor may rely on the operating effectiveness of controls in determining the nature, timing, and extent of substantive procedures. Thus, the auditor should weigh the cost of performing tests of controls against the expected savings from devoting less audit effort to substantive testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is least likely to indicate the need to increase the assurance provided by substantive testing?

A

A decrease in the assessed inherent risk.

Substantive procedures are performed to detect material misstatements in management’s assertions. The nature, timing, and extent of substantive procedures are determined by the acceptable level of audit risk. For a given audit risk, the acceptable detection risk is inversely related to the assessed risks of material misstatement. The assessed RMMs are combined assessments of control risk and inherent risk. Thus, a decrease in the assessed inherent risk (1) decreases the assessed RMMs for a given assessed control risk, (2) increases the acceptable detection risk, and (3) does not indicate a need for more persuasive audit evidence (AU-C-200).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

After obtaining an understanding of internal control in a financial statement audit, an auditor has concluded that it is well designed and is operating effectively. Under these circumstances, the auditor would most likely

A

Not increase the extent of substantive procedures.

The auditor should obtain reasonable assurance about whether the financial statements are free from material misstatement to permit expression of an opinion on whether they are fairly presented. To obtain reasonable assurance, the auditor collects sufficient appropriate evidence to reduce audit risk to an acceptable level. For the given audit risk and the assessed inherent risk, a lower assessed control risk results in lower assessed risks of material misstatement and a higher acceptable detection risk. Detection risk relates to the nature, timing, and extent of audit procedures. For a higher acceptable detection risk, the less persuasive the audit evidence the auditor requires and the less need to increase the extent of substantive procedures (AU-C 200).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following computer-assisted auditing techniques processes client input data on a controlled program under the auditor’s control to test controls in the computer system?

A

Parallel simulation.

Parallel simulation is a test of the controls in a client’s application program. An auditor-developed program, not the client’s program, is used to process actual client data and compare the outputs and exceptions report with those of the client’s application program. If the client’s programmed controls are operating effectively, the two sets of results should be reconcilable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of controls. One of the techniques involved in this approach makes use of

A

An integrated test facility.

The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will recognize the specially coded test data. Also, dummy files must be established (the test facility or dummy entity). Nevertheless, output (for example, control totals) is affected by the existence of the ITF transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An auditor who wishes to capture an entity’s data as transactions are processed and continuously test the entity’s computerized information system most likely would use which of the following techniques?

A

Embedded audit module.

Continuous monitoring and analysis of transaction processing can be achieved with an embedded audit module. An audit module embedded in the client’s software routinely selects and abstracts certain actual transactions and other information with audit significance. They may be tagged and traced through the information system. A disadvantage is that audit hooks must be programmed into the operating system and applications. An alternative is recording in an audit log, i.e., in a file accessible only by the auditor.

17
Q

To obtain evidence that user identification and password controls are functioning as designed, an auditor should

A

Examine a sample of password holders and access authority to determine whether they have access authority incompatible with their other responsibilities.

Employees with access authority to process transactions that change records should not also have asset custody or program modification responsibilities. The auditor should determine that password authority is consistent with other assigned responsibilities. In addition, the auditor can directly test whether password controls are working by attempting entry into the system by using invalid identifications and passwords.

18
Q

The objective of tests of details of transactions performed as tests of controls is to

A

Evaluate whether internal controls operated effectively.

The auditor may use tests of details of transactions concurrently as tests of controls (i.e., as dual-purpose tests). As substantive procedures, their objective is to support relevant assertions or detect material misstatements in the financial statements. As tests of controls, their objective is to evaluate whether a control operated effectively.

19
Q

Which of the following statements about the assessment of the risks of material misstatement in a client’s computer environment is true?

A

The auditor’s objectives with respect to the assessment of the risks of material misstatement are the same as in a manual system.

The auditor is required to perform risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control, to identify and assess the RMMs and to design further audit procedures. Whether the control system is manual or computerized does not affect this objective.