AUD2 Flashcards
A senior auditor conducted a dual-purpose test on a client’s invoice to determine whether the invoice was approved and to ascertain the amount and other terms of the invoice. Which of the following lists two tests that the auditor performed?
A
Substantive procedures and analytical procedures.
B
Substantive analytical procedures and tests of controls.
C
Tests of controls and tests of details.
D
Tests of details and substantive procedures.
The correct answer is (C).
A senior auditor conducted a dual-purpose test on a client’s invoice to determine whether the invoice was approved and to ascertain the amount and other terms of the invoice. He/she concurrently performed tests of controls and tests of details.
Tests of controls - Checks performed to verify whether internal controls are working and are strong.
Tests of details - Substantive procedures that verify different assertions in the financial statements - E.g., Inspection, Existence/Occurrence, etc.
(A) and (D) are incorrect because they do not refer to a test of controls.
(B) is incorrect because verifying dollar amount of the invoice is a test of detail and not an analytical procedure.
An auditor who wishes to capture an entity's data as transactions are processed and continuously test the entity's computerized information system most likely would use which of the following techniques? A Snapshot application B Embedded audit module C Integrated data check D Test data generator
B. Embedded audit modules are coded into a client’s application to collect data for the auditor. Integrated data checks and test data generators involve auditor-controlled fictitious data. Snapshot applications capture screen images
Which of the following is a definition of control risk?
A
The risk that a material misstatement will not be prevented or detected on a timely basis by the client’s internal controls.
B
The risk that the auditor will not detect a material misstatement.
C
The risk that the auditor’s assessment of internal controls will be at less than the maximum level.
D
The susceptibility of material misstatement assuming there are no related internal controls, policies, or procedures.
A. Control risk is the risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.
The risk that the auditor will not detect a material misstatement refers to detection risk, not control risk.
The risk that the auditor’s assessment of internal controls will be at less than the maximum level is not a risk—the use of risk assessment procedures and tests of controls may appropriately result in such a conclusion.
The susceptibility of material misstatement assuming there are no related internal controls, policies, or procedures refers to inherent risk, not control risk.
In obtaining an understanding of a manufacturing entity’s internal control concerning inventory balances, an auditor most likely would
A
Analyze the liquidity and turnover ratios of the inventory
B
Perform analytical procedures designed to identify cost variances
C
Review the entity’s descriptions of inventory policies and procedures
D
Perform test counts of inventory during the entity’s physical count
C. To obtain an understanding of a manufacturer’s internal control concerning inventory balances, an auditor would review the entity’s descriptions of inventory policies and procedures. Analyzing inventory ratios, performing cost variance analytical procedures, and performing inventory test counts are substantive procedures. (Editor note: The key word here is “understanding the entity and therefore of the four answer choices, reviewing policies and procedures would satisfy the objective. The other answer choices are testing procedures that would ascertain the risk assessment i.e. support the auditor’s understanding in this area).
When determining whether related-party transactions have been properly accounted for in the financial statements, the auditor should be most concerned that
A
The transactions represent the appropriate legal form
B
The method of accounting for the transactions reflects that related parties are involved
C
The financial statements recognize the substance of the transactions
D
All related parties have been identified
C. The auditor should be aware that the substance of a particular transaction could be significantly different from its form and that financial statements should recognize the substance of particular transactions rather than merely their legal form. Established accounting principles ordinarily do not require transactions with related parties to be accounted for on a basis different from that which would be appropriate if the parties were not related generally, the auditor should view related-party transactions within the framework of existing pronouncements. The identification of related parties relates more to the disclosure concern rather than the auditor’s review for their proper accounting.
During an audit, an auditor discovers a fraudulent expense reimbursement for a low-level manager. The auditor determines that this transaction is inconsequential and several similar transactions would not be material to the financial statements in the aggregate. Which of the following statements best describes the auditor’s required response to the discovery?
A
The auditor should fully investigate other transactions related to this manager to determine if fraud exists.
B
The auditor should bring the transaction to the attention of an appropriate level of management.
C
The auditor should report this finding to those charged with governance.
D
The auditor’s responsibility is satisfied by documenting that the single transaction is inconsequential.
The correct answer is (B).
Although the fraudulent expense reimbursement for a low-level manager is inconsequential and would go under the radar, the auditor should none-the-less bring the transaction to the attention of an appropriate level of management. When it comes to a proven fraud, no matter how small, the auditor should bring the fraud to the attention of the appropriate level of management. If the fraud goes unreported to the management, then it might lead to even more substantial frauds and management won’t be able to take appropriate action and prevent future frauds.
(A) is incorrect because after the discovery of fraud by the auditor, the auditor, should no doubt investigate other transactions related to this manager to determine if more fraud exists. But even before this, the auditor should communicate the fraud to the appropriate level of the management.
(C) is incorrect because the auditor has to communicate with those charged with governance fraud involving senior management and fraud (whether caused by senior management or other employees) that causes a material misstatement of the financial statements. Here, the low-level manager being involved in fraud, the auditor is not required to communicate to those charged with governance. He should only communicate to an appropriate level of management.
(D) is incorrect The concept of materiality should not apply to fraud. When it comes to a proven fraud, no matter how small, the auditor should bring the fraud to the attention of the appropriate level of management.
When an auditor tests the internal controls of a computerized accounting system, which of the following is true of the test data approach?
A
Test data are coded to a dummy subsidiary so they can be extracted from the system under actual operating conditions.
B
Test data programs need not be tailor-made by the auditor for each client’s computer applications.
C
Test data programs usually consist of all possible valid and invalid conditions regarding compliance with internal controls.
D
Test data are processed with the client’s computer and the results are compared with the auditor’s predetermined results.
D. In the test data approach to testing a computerized accounting system, test data are processed by the client’s computer programs under the auditor’s control. No dummy subsidiary is involved. Test data must be customized to each audit. The auditor need not include test data for all possible valid and invalid conditions.
In obtaining an understanding of an entity’s internal control, the auditor should obtain an understanding of control activities relevant to the audit, which are those judged necessary to understand in order to
A
Assess whether operational efficiency has been achieved in accordance with management plans
B
Assess the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks
C
Determine that management cannot override the controls
D
Determine that controls have not been circumvented by collusion
B.The auditor should obtain an understanding of control activities relevant to the audit, which are those judged necessary to understand in order to assess the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks.