8.6 Flashcards
An auditor may decide to perform only substantive procedures for certain assertions because the auditor believes
Controls are not relevant to the assertions.
The auditor’s risk assessment procedures may not have identified any suitably designed and implemented controls that are relevant to the assertions. Another possibility is that testing of controls may be inefficient. But the auditor needs to be satisfied that performing only substantive procedures will be effective in reducing audit risk to an acceptable level.
Which of the following audit procedures, if used, should be combined with other audit procedures when testing the operating effectiveness of controls?
Inquiry.
The following tests are presented in the order of the sufficiency and appropriateness of the evidence they ordinarily produce (least to most): (1) inquiry, (2) observation, (3) inspection of relevant documentation, and (4) reperformance of a control. Inquiry alone does not provide sufficient, appropriate evidence to support a conclusion about the effectiveness of a control.
Which of the following types of evidence should an auditor most likely examine to determine whether internal controls are operating as designed?
Client records documenting the use of computer programs.
In testing controls over the computer processing function, the auditor should obtain evidence of proper authorization of access to computer programs and files.
The major purpose of the auditor’s study and evaluation of the company’s computer processing operations is to
Evaluate the reliability and integrity of financial information.
Information systems provide data for decision making, control, and compliance with external requirements. Thus, auditors should examine information systems and, as appropriate, determine (1) whether financial records and reports contain accurate, reliable, timely, complete, and useful information and (2) controls over recordkeeping and reporting are adequate and effective.
Which of the following is true related to the auditor’s consideration of controls?
Misstatements detected by the auditor’s substantive procedures should be considered when testing the effectiveness of related controls.
Misstatements detected by the auditor’s substantive procedures should be considered when testing the effectiveness of related controls. The auditor may need to assess the RMMs at a higher level if fraud or error is detected that should have been detected by the entity’s controls.
In performing tests of controls, the auditor will normally find that
The rate of deviations in the sample exceeds the rate of error in the accounting records.
When testing controls, the auditor is directly concerned with deviations from specific controls. Failure to comply with a control does not necessarily result in an error in the records. For example, the absence of an authorization signature does not necessarily mean that the transaction was improperly recorded. Accordingly, the rate of deviations from a control normally exceeds the error rate in the records.
Which of the following statements concerning the parallel simulation approach when testing a computerized accounting system is false?
Transactions are reprocessed only by the client’s computer programs.
Parallel simulation is a test of the controls in a client’s application program. An auditor-developed program, not the client’s program, is used to process actual client data and compare the outputs and exceptions report with those of the client’s application program. If the client’s programmed controls are operating effectively, the two sets of results should be reconcilable.
An auditor of a nonissuer should design tests of details to ensure that sufficient audit evidence supports which of the following?
The planned level of assurance at the relevant assertion level.
Tests of details of transaction classes, account balances, and disclosures are substantive procedures. Some substantive procedures should be performed for all relevant assertions related to each material transaction class, balance, and disclosure. With respect to obtaining audit evidence, the auditor’s objective is to obtain sufficient appropriate evidence to be able to draw reasonable conclusions as a basis for an opinion on whether statements are materially misstated. To design and perform further audit procedures (substantive procedures and tests of controls), the auditor assesses the risks of material misstatement at the financial statement and relevant assertion levels.
After gaining an understanding of a client’s computer processing internal control, a financial statement auditor may decide not to test the effectiveness of the computer processing control procedures. Which of the following is not a valid reason for choosing to omit tests of controls?
The assessment of the risks of material misstatement permits the auditor to rely on the controls.
Although controls appear to be effective based on the understanding of internal control, the auditor should perform tests of controls when the assessment of the RMMs at the relevant assertion level includes an expectation of their operating effectiveness. This expectation reflects the auditor’s intention to rely on the controls in determining the nature, timing, and extent of substantive procedures.
Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without the knowledge of client operating personnel?
Integrated test facility (ITF).
The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will recognize the specially coded test data. The test transactions may be submitted without the computer operators’ knowledge.
After obtaining an understanding of internal control and assessing the risks of material misstatement in a financial statement audit, an auditor decided to perform tests of controls. The auditor most likely decided that
It would be efficient to perform tests of controls that would result in a reduction in substantive procedures.
The auditor may rely on the operating effectiveness of controls in determining the nature, timing, and extent of substantive procedures. Thus, the auditor should weigh the cost of performing tests of controls against the expected savings from devoting less audit effort to substantive testing.
Which of the following is least likely to indicate the need to increase the assurance provided by substantive testing?
A decrease in the assessed inherent risk.
Substantive procedures are performed to detect material misstatements in management’s assertions. The nature, timing, and extent of substantive procedures are determined by the acceptable level of audit risk. For a given audit risk, the acceptable detection risk is inversely related to the assessed risks of material misstatement. The assessed RMMs are combined assessments of control risk and inherent risk. Thus, a decrease in the assessed inherent risk (1) decreases the assessed RMMs for a given assessed control risk, (2) increases the acceptable detection risk, and (3) does not indicate a need for more persuasive audit evidence (AU-C-200).
After obtaining an understanding of internal control in a financial statement audit, an auditor has concluded that it is well designed and is operating effectively. Under these circumstances, the auditor would most likely
Not increase the extent of substantive procedures.
The auditor should obtain reasonable assurance about whether the financial statements are free from material misstatement to permit expression of an opinion on whether they are fairly presented. To obtain reasonable assurance, the auditor collects sufficient appropriate evidence to reduce audit risk to an acceptable level. For the given audit risk and the assessed inherent risk, a lower assessed control risk results in lower assessed risks of material misstatement and a higher acceptable detection risk. Detection risk relates to the nature, timing, and extent of audit procedures. For a higher acceptable detection risk, the less persuasive the audit evidence the auditor requires and the less need to increase the extent of substantive procedures (AU-C 200).
Which of the following computer-assisted auditing techniques processes client input data on a controlled program under the auditor’s control to test controls in the computer system?
Parallel simulation.
Parallel simulation is a test of the controls in a client’s application program. An auditor-developed program, not the client’s program, is used to process actual client data and compare the outputs and exceptions report with those of the client’s application program. If the client’s programmed controls are operating effectively, the two sets of results should be reconcilable.
Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of controls. One of the techniques involved in this approach makes use of
An integrated test facility.
The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will recognize the specially coded test data. Also, dummy files must be established (the test facility or dummy entity). Nevertheless, output (for example, control totals) is affected by the existence of the ITF transactions.