Assessing Control Risk Under AICPA Standards Flashcards
Which of the following analytical procedures most likely would be used during the risk assessment stage of an audit?
Comparing current year to prior year sales volumes.
Reading the financial statements and notes and considering the adequacy of evidence.
Comparing the current year ratio of aggregate salaries paid to the number of employees to the prior year’s ratio.
Reading the letter from the client’s attorney and considering the threat of litigation.
Comparing current year to prior year sales volumes.
This answer is correct because comparing current year to prior-year sales volumes is an analytical procedure and because analytical procedures in risk assessment often use such aggregated data.
As a result of analytical procedures, the independent auditor determines that the gross profit percentage has declined from 30% in the preceding year to 20% in the current year. The auditor should:
Include an additional paragraph in the audit report due to the inability of the client company to continue as a going concern.
Evaluate management’s performance in causing this decline.
Require footnote disclosure.
Consider the possibility of a misstatement in the financial statements.
Consider the possibility of a misstatement in the financial statements.
Analytical procedures used in risk assessment for an audit should focus on identifying:
Material weaknesses in internal control.
The predictability of financial data from individual transactions.
The various assertions that are embodied in the financial statements.
Areas that may represent specific risks relevant to the audit.
Areas that may represent specific risks relevant to the audit.
This answer is correct because the objectives of analytical procedures during risk assessment are to identify aspects of the entity of which the auditor was unaware and assist in assessing the risks of material misstatement (to help determine the nature, timing, and extent of audit tests).
Which of the following statements is correct concerning analytical procedures used during risk assessment in an audit engagement?
They often replace the test of controls that are performed to assess control risk.
They usually use financial and nonfinancial data aggregated at a high level.
They usually involve the comparison of assertions developed by management to ratios calculated by an auditor.
They are often used to develop an auditor’s preliminary judgment about materiality.
They usually use financial and nonfinancial data aggregated at a high level.
This answer is correct because planning analytical procedures use information aggregated at a high level—often, both financial and nonfinancial information.
Which of the following factors would least likely affect the extent of the auditor’s consideration of the client’s internal control?
The amount of time budgeted to complete the engagement.
The size and complexity of the client.
The nature of specific relevant controls.
The auditor’s prior experience with client operations.
The amount of time budgeted to complete the engagement.
This answer is correct because it is least likely since an auditor should not decrease (or increase) the consideration of internal control simply due to the overall time budget.
An auditor assesses control risk because it:
Is relevant to the auditor’s understanding of the control environment.
Provides assurance that the auditor’s materiality levels are appropriate.
Indicates to the auditor where inherent risk may be the greatest.
Affects the level of detection risk that the auditor may accept.
Affects the level of detection risk that the auditor may accept.
The requirement is to determine why an auditor assesses control risk. Answer (d) is correct because the assessed levels of control risk and inherent risk are used to determine the acceptable level of detection risk for financial statement assertions.
An auditor reviews a client’s accounting policies and procedures when considering which of the following planning matters?
Method of sampling to be used.
Preliminary judgments about materiality levels.
Nature of reports to be rendered.
Understanding of the client’s operations and business.
Understanding of the client’s operations and business.
This answer is correct because such information provides overall guidance to help an auditor understand the client’s operations and business.
Which of the following most likely would cause an auditor to consider whether a client’s financial statements contain material misstatements?
Management did not disclose to the auditor that it consulted with other accountants about significant accounting matters.
The chief financial officer will not sign the management representation letter until the last day of the auditor’s fieldwork.
Audit trails of computer-generated transactions exist only for a short time.
The results of an analytical procedure disclose unexpected differences.
The results of an analytical procedure disclose unexpected differences.
This answer is correct because when an analytical procedure discloses an unexpected difference it should be followed up on since a material misstatement may exist.
Which of the following is not a component of internal control?
Control environment.
Control activities.
Inherent risk.
Monitoring.
Inherent risk.
This answer is correct. The control environment, control activities, monitoring, risk assessment, and information/communications are the components of internal control, but not inherent risk.
The overall attitude and awareness of an entity’s board of directors concerning the importance of internal control usually is reflected in its:
Computer-based controls.
System of segregation of duties.
Control environment.
Safeguards over access to assets.
Control environment.
The requirement is to identify where the overall attitude and awareness of an entity’s board of directors concern-ing the importance of internal control is normally reflected. Answer (c) is correct because the control environment reflects the overall attitude, awareness, and actions of the board of directors, management, owners, and others concerning the importance of control and its emphasis in the entity.
Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization?
Disclosing lack of segregation of duties to the external auditors during the annual review.
Replacing personnel every three or four years.
Requiring accountants to pass a yearly background check.
Allowing for greater management oversight of incompatible activities.
Allowing for greater management oversight of incompatible activities.
This is correct because management’s oversight of the activities may either prevent or detect improper activities.
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that:
Specific internal control activities are not operating as designed.
The collective effect of the control environment may not achieve the control objectives.
Tests of controls may fail to identify activities relevant to assertions.
Material misstatements may exist in the financial statements.
Material misstatements may exist in the financial statements.
This answer is correct because auditors are ultimately concerned with the existence of material misstatements in the financial statements.
To help plan the nature, timing, and extent of substantive auditing procedures, preliminary analytical procedures should focus on:
Enhancing the auditor’s understanding of the client’s business and events that have occurred since the last audit date.
Developing plausible relationships that corroborate anticipated results with a measurable amount of precision.
Applying ratio analysis to externally generated data such as published industry statistics or price indices.
Comparing recorded financial information to the results of other tests of transactions and balances.
Enhancing the auditor’s understanding of the client’s business and events that have occurred since the last audit date.
This answer is correct because analytical procedures used for risk assessment (planning) the audit should focus on enhancing the auditor’s understanding of the client’s business and events that have occurred since the last audit date, and on identifying areas that may represent specific risks relevant to the audit.
The use of fidelity bonds protects a company from embezzlement losses and also:
Minimizes the possibility of employing persons with dubious records in positions of trust.
Reduces the company’s need to obtain expensive business interruption insurance.
Allows the company to substitute the fidelity bonds for various parts of internal control.
Protects employees who made unintentional errors from possible monetary damages resulting from such errors.
Minimizes the possibility of employing persons with dubious records in positions of trust.
This answer is correct because bonding companies will typically investigate the backgrounds of new employees.
Which of the following procedures is least likely to be performed as a part of obtaining an understanding during an audit engagement of a new audit client previously audited by another CPA?
Communication with the predecessor auditor.
Performing analytical procedures.
Obtaining confirmation of cash balances.
Considering internal control.
Obtaining confirmation of cash balances.
This answer is correct because confirmation of cash balances is a substantive audit procedure which will be performed during the audit.
Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been:
Authorized.
Implemented.
Tested.
Monitored.
Implemented.
This is correct because the professional standards require that an auditor evaluate the design of controls and determine whether they have been implemented (placed in operation).
While obtaining an understanding of a client’s risk assessment policies, an auditor ordinarily considers how management:
Identifies risks.
Eliminates significant risks.
Assesses the likelihood of occurrence of subsequent events.
Relates risk assessment to compliance with marketing objectives.
Identifies risks.
This answer is correct because an auditor should obtain sufficient knowledge of the entity’s risk assessment process to understand how management considers risks relevant to financial reporting objectives and decide about actions to address those risks; that knowledge might include understanding of how management identifies risks, estimates their significance, and assesses the likelihood of their occurrence, and relates them to financial reporting.
Which of the following statements is correct concerning an auditor’s assessment of control risk?
Assessing control risk may be performed concurrently during an audit with obtaining an understanding of the entity’s internal control.
Evidence about the operation of internal control in prior audits may not be considered during the current year’s assessment of control risk.
The basis for an auditor’s conclusions about the assessed level of control risk need not be documented unless control risk is assessed at the maximum level.
The lower the assessed level of control risk, the less assurance the evidence must provide that the control procedures are operating effectively.
Assessing control risk may be performed concurrently during an audit with obtaining an understanding of the entity’s internal control.
The requirement is to identify the correct statement concerning an auditor’s assessment of control risk. Answer (a) is correct because AU-C 315 indicates that assessing control risk may be performed concurrently during an audit with obtaining an understanding of internal control. Answer (b) is incorrect because evidence about the operation of internal control obtained in prior audits may be considered during the current year’s assessment of control risk. Answer (c) is incorrect because the basis for an auditor’s conclusions about the assessed level of control risk needs to be documented when control risk is assessed at levels other than the maximum level. Answer (d) is incorrect because a lower level of control risk requires more assurance that the control procedures are operating effectively.
A primary purpose of performing analytical procedures as risk assessment procedures is to identify the existence of
Unusual transactions and events.
Illegal acts that went undetected because of internal control weaknesses.
Related-party transactions.
Recorded transactions that were not properly authorized.
Unusual transactions and events.
The requirement is to identify a primary purpose of performing analytical procedures during an audit’s risk assessment. Answer (a) is correct because analytical procedures used during risk assessment may enhance the auditor’s understanding of the client’s business and significant transactions and events that have occurred since the prior audit and also may help to identify the existence of unusual transactions or events and amounts, ratios, and trends that might indicate matters that have audit implications. Answers (b), (c), and (d) are all incorrect because while analytical procedures may lead to the discovery of illegal acts, related-party transactions, and unauthorized transactions, this is not the primary objective.