AUDIT - MINE

Question 1

In what situations do SSARS apply?

Answer 1

situations in which an accountant submits unaudited financial statements of a nonissuer to a client (i.e., a compilation or review)

Question 2

Can compilations be performed when the financial statements of the client can reasonably be expected to be used by a third party? If yes, are there any additional requirements?

Answer 2

Yes. A compilation report is required.

Question 3

Is independence required for a compilation?

Answer 3

No

Question 4

What does an auditor do when he uses “test data” to test the client’s computer system?

Answer 4

A set of dummy transactions is developed by the auditor and processed by the client’s computer programs.

Question 5

What is an advantage of generalized computer audit packages?

Answer 5

They can be used for audits of clients that use different computer equipment and file formats.

Question 6

What is “code review?”

Answer 6

This technique involves actual analysis of the program’s processing routines.

Question 7

What is an advantage of code review?

Answer 7

detailed understanding of the program

Question 8

What is a disadvantage of code review?

Answer 8

It is time consuming and requires a high level of computer expertise.

Question 9

When are parallel simulation and controlled reprocessing likely to be more effective?

Answer 9

in an environment that does not involve continuous auditing

Question 10

What are “embedded audit modules?”

Answer 10

programmed routines incorporated directly into an application program that will help auditors perform audit functions such as calculations

Question 11

What type of test allows for continuous monitoring?

Answer 11

embedded audit modules

Question 12

Is the rate of misstatements generally lower or higher than the deviation rate? Why?

Answer 12

Lower. A deviation from a control procedure does not necessarily result in a misstatement.

Question 13

Risk assessments are based on expectations arising from… (5 things)

Answer 13

(1) prior period information, (2) budgets/forecasts vs. actual, (3) relationships among elements of financial information, (4) industry information, and (5) non financial information

Question 14

What type of asset is NOT likely to be tested via confirmation?

Answer 14

PP&E

Question 15

Relationships between _______(IS_or_BS)_____ accounts tend to be more predictable.

Answer 15

Income Statement accounts

Question 16

Why are letters of audit inquiry sent to the client’s lawyer(s)?

Answer 16

as a means of obtaining corroboration of the information furnished by management concerning litigation, claims, and assessments

Question 17

What do the two types of service auditor reports do?

Answer 17

(1) The first type of auditor service report says whether the service organization controls have been implemented. (2) The second type, which cannot be released until after the first type, is issued when the effectiveness of controls has been tested.

Question 18

What is the point of the second type of service auditor report?

Answer 18

The opinion on the effectiveness of the controls provides the user auditor a basis for reducing the assessment of control risk.

Question 19

If financial statements do not have appropriate names (e.g., a cash basis taxpayer has a “balance sheet” and “income statement”), what action should the auditor take?

Answer 19

Modify the report to disclose the reservations about the titles.

Question 20

For non-public company standard audit reports, consistency of accounting principles is ___plicit while reasonableness of accounting estimates is ___plicit. (IMplicit or EXplicit)

Answer 20

implicit, explicit

Question 21

International Auditing Standard require an opinion on financial statements. (True/False)

Answer 21

True

Question 22

International Auditing Standards require an opinion on internal control. (True/False)

Answer 22

False

Question 23

In order to establish the correctness of accounts payable cutoff, an auditor would be most likely to coordinate cutoff test with ___________. (What test?)

Answer 23

physical inventory observation

Question 24

Who maintains records of debenture transactions?

Answer 24

the trustee

Question 25

In a compilation, an auditor who is not independent _____ accept the engagement. (may or may not)

Answer 25

may

Question 26

In a compilation, if the auditor is not independent, he _____ disclose the lack of independence and ____ disclose why he lacks independence. (must/may)

Answer 26

must, may

Question 27

Is modification of the report necessary when changing a review to a compilation or visa versa?

Answer 27

no

Question 28

What is an advantage of value-added network for EDI transactions?

Answer 28

You can review transactions submitted for processing and compare to the related output.

Question 29

What does the “join” command mean?

Answer 29

combination of tables or parts of tables

Question 30

What is data definition language used to do? (2 things)

Answer 30

(1) define a database, including creating, altering, and deleting tables and (2) establishing various constraints

Question 31

What is the major reason the difference and ratio estimation methods would be expected to produce audit efficiency?

Answer 31

The variability of the populations of differences or ratios is less than that of the populations of book values or audit values.

Question 32

When the population deviation rate increases, the sample size ______ while the planned assessed level of control risk ______. (increases/decreases/stays the same)

Answer 32

increases, stays the same

Question 33

What is “precision?”

Answer 33

The auditor evaluates the sampling results by calculating the possible error in either direction.

Question 34

What are the 4 categories of computer assisted audit techniques (CAAT) for tests of controls?

Answer 34

(1) program analysis, (2) program testing, (3) continuous testing, and (4) review of operating systems and other systems software

Question 35

What are the five program analysis techniques?

Answer 35

(1) code review, (2) comparison programs, (3) flowcharting software, (4) program tracing and mapping, and (5) snapshot

Question 36

Are program analysis techniques used often? Why or why not?

Answer 36

They are not used often, because they are relatively time consuming and require a high level of computer expertise.

Question 37

What is the purpose of comparison programs?

Answer 37

to allow the auditor to compare computerized files

Question 38

How is flowcharting software used?

Answer 38

to produce a flowchart of the program’s logic and may be used both in a mainframe and microcomputer environment

Question 39

What is program tracing and mapping?

Answer 39

a technique in which each instruction executed is listed along with control information affecting the instruction. It identifies sections of code that can be “entered” and thus are executable.

Question 40

What is the purpose of program tracing and mapping?

Answer 40

It allows the auditor to recognize logic sequences or dormant sections of code which may be a potential source of abuse.

Question 41

What does the snapshot technique do?

Answer 41

It “takes a picture” of the status of program execution, intermediate results, or transaction data at specified processing points in the program processing. This technique helps analyze the processing logic of specific programs.

Question 42

What is program testing?

Answer 42

It involves the use of auditor controlled actual or simulated data. It provides direct evidence about the operation of programs and programmed controls.

Question 43

What are the four techniques for program testing?

Answer 43

(1) test data (2) integrated test facility (ITF), (3) parallel simulation, and (4) controlled reprocessing

Question 44

What is the test data technique?

Answer 44

A set of dummy transactions is developed by the auditor and processed by the client’s computer programs to determine whether the controls which the auditor intends to test (not necessarily all controls) to restrict control risk are operating effectively.

Question 45

What are four possible problems with the test data approach?

Answer 45

(1) making certain the test data i not included in th client’s accounting records, (2) determining that the program tested is actually used by the client to processing data, (3) adequately developing test data for every possible control and (4) developing adequate data to test key controls may be extremely time consuming

Question 46

What is the integrates test facility (ITF) technique?

Answer 46

This method introduces dummy transactions into a system in the midst of live transactions and is usually built into the system during the initial design.

Question 47

What is the parallel simulation technique?

Answer 47

Parallel simulation processes actual client data through an auditor’s generalized audit software program and frequently though not necessarily, the auditor’s computer. Then, the auditor compares the outputs.

Question 48

What are four limitations of the parallel simulation technique?

Answer 48

(1) the time it takes to build an exact duplicate of the client’s system, (2) incompatibility between auditor and client software, (3) tracing differences between the two sets of outputs to differences in the programs may be difficult, and (4) the time involved n processing large quantities of data

Question 49

What is the controlled reprocessing technique?

Answer 49

a variation of parallel simulation that processes actual client data through a copy of the client’s application program. Then, the auditor compares the outputs.

Question 50

What are three limitations of the controlled reprocessing technique?

Answer 50

(1) determining that the copy of the program is identical to that currently being used by the client, (2) keeping current with changes to the program, and (3) the time involved in processing large quantities of data

Question 51

What is the purpose of utilizing continuous (or concurrent) testing techniques?

Answer 51

Advanced computer systems, particularly those utilizing EDI, sometimes do not retain permanent audit trails, thus requiring capture of audit data as transactions are processed.

Question 52

What are the four techniques for continuous (or concurrent) testing?

Answer 52

(1) embedded audit modules and audit hooks, (2) systems control audit review files (SCARF), (3) extended records, and (4) transaction tagging

Question 53

What are embedded audit modules and audit hooks?

Answer 53

Embedded audit modules are programmed routines incorporated into an application program that are deigned to perform an audit function such as calculation or a logging activity. An audit hook is an exit point in an application program that allows an auditor to subsequently add an audit module (or particular instructions) by activating the hook to transfer control to an audit module.

Question 54

What is the disadvantage of embedded audit modules?

Answer 54

It is often impractical due to the necessity of the auditor being involved in systems design of the application being monitored.

Question 55

What is the Systems Control Audit Review Files (SCARF) technique?

Answer 55

A SCARF is a log, usually created by an embedded audit module, used to collect information for subsequent review and analysis. The auditor determines the appropriate criteria for review, and the SCARF selects that type of transaction, dollar limit, or other characteristic.

Question 56

What is the extended records technique?

Answer 56

It attaches additional audit data which would not otherwise be saved to regular historic records and thereby helps to provide a more complete audit trail. The extended record information may subsequently be analyzed.

Question 57

What is the transaction tagging technique?

Answer 57

Tagging is a technique in which an identifier providing a transaction with a special designation is added to the transaction record. The tag is often used to allow logging of transactions or snapshot activities.

Question 58

What are the three techniques for review of operating systems and other systems software?

Answer 58

(1) job accounting data/operating system logs, (2) library management software, and (3) access control and security software

Question 59

What is the jobs accounting data/operating system logs technique?

Answer 59

Either the operating system or additional software packages that track particular functions generate logs that include reports of the resources used by the computer system. The auditor can use these to review the work processed, to determine whether unauthorized applications were processed, and to determine that authorized applications were processed properly.

Question 60

What is the library management software technique?

Answer 60

Software logs changes in programs, program modules, job control language, and other processing activities.

Question 61

What is the access control and security software technique?

Answer 61

Software supplements the physical and control measures relating the computer and is particularly helpful in online environments or in systems with data communications because of difficulties of physically securing computers. It restricts access to computers to authorized personnel through techniques such as allowing certain users with “read-only” access or through the use of encryption. An auditor may perform tests of effectiveness of the use of sch software.

Question 62

If the control appears effective, test of controls will be performed when ___(1)___ OR when ___(2)___.

Answer 62

(1) when the auditor’s risk assessment includes an expectation of operating effectiveness of controls because the likelihood of material misstatement is lower if the control operates effectively. (2) when substantive procedures alone do not provide sufficient audit evidence

Question 63

The AICPA has established three types of examination services that result in three types of CPA reports on service organizations. What is the SOC 1 report?

Answer 63

restricted use reports on controls at a service organization relevant to a user entity’s control over financial reporting

Question 64

The AICPA has established three types of examination services that result in three types of CPA reports on service organizations. What is the SOC 2 report?

Answer 64

restricted use reports on controls at a service organization related to security, availability, processing integrity, confidentiality, and/or privacy

Question 65

The AICPA has established three types of examination services that result in three types of CPA reports on service organizations. What is the SOC 3 report?

Answer 65

general use SysTrust reports related to security, availability, processing integrity, and/or confidentiality.

Question 66

What is the difference between a SOC 2 report and a SOC 3 report?

Answer 66

A SOC 2 report is limited use. A SOC 3 report is general use.

Question 67

The basic objectives of acceptance and continuance of client relationships is to provide reasonable assurance that the firm will undertake to continue relationships and engagements only where the firm: (3 things)

Answer 67

(1) has considered client integrity, (2) is competent to perform the engagement, and (3) can comply with legal and ethical requirements.

Question 68

At which two points must an auditor consider materiality?

Answer 68

(1) planning the audit and designing audit procedures and (2) evaluating audit results

Question 69

Can materiality be non-quantitative?

Answer 69

Yes

Question 70

Are measures of materiality for evaluation the same or different than measures of materiality for planning?

Answer 70

different

Question 71

When a material weakness results in an adverse opinion, and the company makes an effort to correct the weakness, what can the company do?

Answer 71

The company may voluntarily engage the auditors to report on whether the material weakness continues to exist.

Question 72

PCAOB Standard 4 defines the approach by which the auditors report on whether a material weakness continues to exist. What is this approach? (4 Steps)

Answer 72

(1) Management gathers evidence, including documentation that the material weakness no longer exists. (2) Management prepares a report indicating that the weakness no longer exists. (3) Auditors plan and perform an engagement emphasizing controls over the material weakness. (4) The auditor issues a report indicating that the material weakness “no longer exists” or “exists” as of the date of management’s assertion.

Question 73

Whose standards require an audit of internal control? (PCAOB and/or IAASB)

Answer 73

PCAOB only

Question 74

Whose standards allow reference to another auditor? (PCAOB and/or IAASB)

Answer 74

PCAOB only

Question 75

Whose standards are more detailed? (PCAOB or IAASB)

Answer 75

PCAOB

Question 76

What is the going concern period for the PCAOB? IAASB?

Answer 76

PCAOB - up to twelve months; IAASB - at least twelve months

Question 77

Whose standards are based on a risk assessment approach? (PCAOB and/or IAASB)

Answer 77

IAASB, only

Question 78

Define “database.”

Answer 78

a collection of interrelated files, ordinarily most of which are stored online

Question 79

Define “database system.”

Answer 79

computer hardware and software that enables the database(s) to be implemented

Question 80

Define “database management system.”

Answer 80

Software that provides a facility for communications between various application programs (e.g. payroll preparation program) and the database (e.g. a payroll master file containing the earnings records of the employees)

Question 81

Define “data independence.”

Answer 81

basic to database systems in this concept which separates the data from the related application programs

Question 82

Define “structured query language (SQL).”

Answer 82

the most common language used for creating and querying relational databases. has three types of commands

Question 83

Define “data definition language.”

Answer 83

one of the three types of SQL commands. It is used to define a database, including creating, querying, and deleting tables and establishing various constraints.

Question 84

Define “data manipulation language.”

Answer 84

one of the three types of SQL commands. It is used to maintain and query a database, including updating, inserting in, modifying, and querying (asking for data).

Question 85

Define “data control language.”

Answer 85

one of the three types of SQL commands. It is used to control a database, including which users have various privileges (e.g., who is able to read from and write to various portions of the database)

Question 86

What is the “hierarchical” database structure?

Answer 86

The data elements at level 1 “own” the elements at the next lower level (think of an organization chart in which one manager supervises several assistance who in turn each supervise several lower level employees.)

Question 87

What is the “networked” database structure?

Answer 87

Each data element can have several owners and can own several other elements (think of a matrix-type structure in which various relationships can be supported)

Question 88

What is the “relational” database structure?

Answer 88

A database with the logical structure of a group of related spreadsheets. Each row represents a record, which is an accumulation of all fields related to the same identifier or key; each column represents a field common to all of the records. Relational databases have in many situations largely replaced earlier developed hierarchical and networked databases.

Question 89

What is the “object-oriented” database structure?

Answer 89

Information (attributes and methods) are included in structures called object classes. This is the newest database management system technology.

Question 90

What is the “object-relational” database structure?

Answer 90

includes both relational and object-oriented features

Question 91

What is the “distributed” database structure?

Answer 91

A single database that is spread physically across computers in multiple locations that are connected by a data communications link. (The structure of the database is most frequently relational, object-oriented, or object-relational.)

Question 92

What functions are performed by generalized audit software (GAS)? (9 things)

Answer 92

(1) record extraction (copies records that meet certain criteria),
(2) sort (e.g., in ascending or descending order),
(3) summarization (e.g. by customer account number, inventory turnover statistics, or duplicate sales orders),
(4) field statistics (e.g. net value, total of all debit or credit values, number of records, etc.),
(5) file comparison (e.g., compare payroll details with personnel records or compare current and prior period inventory files)
(6) Gap detection/duplicate detection (i.e., find missing or duplicate records)
(7) Sampling
(8) Calculation
(9) Exportation (select and application that has been performed using GAS and export to another file format.)

Question 93

Who includes section titles in audit reports? (PCAOB and/or IAASB)

Answer 93

IAASB only

Question 94

The DOL conduct most of its financial performance audits in accordance with what standards?

Answer 94

Government Auditing Standards

Question 95

What is the GAO’s mission?

Answer 95

to support Congress in meeting its constitutional responsibilities and to help improve the performance and ensure the accountability of the federal government.

Question 96

What 5 things does the GAO do?

Answer 96

(1) audit agency operations to determine whether federal funds are being spent efficiently and effectively, (2) investigating allegations of illegal and improper activities, (3) reporting on how well government programs meet their objectives, (4) performing policy analysis and outlining various options for Congress, and (5) issuing legal decisions and opinions

Question 97

The GAO develops additional requirements for audits of organizations that receive federal assistance as part of the Government Auditing Standards. What are these sometimes called?

Answer 97

Yellow Book

Question 98

The GAO also has independence requirements. They are similar to the AICPA restrictions, but some requirements are more restrictive than those of the AICPA. What is an example of the more restrictive requirements?

Answer 98

The CPA firm cannot allow personnel working on nonattest engagements to also work on the audit.

Question 99

What standards did the PCAOB NOT adopt and why?

Answer 99

It did not adopt the Accounting and Review Service Standards, because they deal with nonpublic entities while the PCAOB deals with public entities.

Question 100

What do “further audit procedures” include?

Answer 100

tests of controls and substantive procedures

Question 101

What is a risk factor relating to misappropriation of assets?

Answer 101

large amounts of cash on hand