Chapter 8 -- Responses to Assessed Risks

Question 1

Section 8.1: Assessing Risks of Material Misstatement (RMMs)

What should an auditor do when they do not rely on controls?

Answer 1

• The auditor performs further audit procedures in response to the assessed risks of material misstatement at the assertion level.
• The auditor should document the nature, timing, and extent of further audit procedures.
• Documentation is necessary even if the auditor emphasizes substantive procedures and does not use tests of controls

Question 2

Section 8.1: Assessing Risks of Material Misstatement (RMMs)

What procedures should an auditor consider in test of controls?

Answer 2

• Inquiry
• Observation

Question 3

Section 8.1: Assessing Risks of Material Misstatement (RMMs)

When should an auditor perform tests of controls when the auditor’s assessment of the risks of material misstatement?

Answer 3

• When the auditor has an expectation of the operating effectiveness of internal control; OR
• Substantive procedures alone cannot provide sufficient appropriate audit evidence at the relevant assertion level.

Question 4

Section 8.1: Assessing Risks of Material Misstatement (RMMs)

What is the purpose of Test of Controls in an audit?

Answer 4

Tests of controls address:
* How they were applied at relevant times during the period
* By whom or by what means they were applied
* The consistency of their application during the period.

Before performing tests of controls, the auditor evaluates whether the contorls are suitably designed to prevent, or detect and correct, material misstatements in relevant assertions

Question 5

Section 8.2: Auditor’s Response to Risks

Why does an auditor use the assessed risks of material misstatement

Answer 5

To determine the acceptable level of detection risk for financial statement assertions.

Question 6

Section 8.2: Auditor’s Response to Risks

When should an auditor perform tests of controls to obtain sufficient appropriate audit evidence about the operating effectiveness of relevant controls?

Answer 6

When procedures alone cannot provide sufficient appropriate audit evidence.

Question 7

Section 8.2: Auditor’s Response to Risks

What evidence does an auditor obtain whe performing an inquiry and other audit procedures?

Answer 7

• How the controls were applied at relevant times
• The consistency of application
• By whom and by what means they were applied.
• The auditor also should determine whether the controls depend on indirect controls and whether such controls should be tested.

Question 8

Section 8.2: Auditor’s Response to Risks

What are the primary concerns that an auditor has regarding controls to the financial statement?

Answer 8

• The fairness of external financial reporting and therefore with controls relevant to a financial statement audit.
• The auditor is less likely to test controls over records used solely for internal management purposes than those used to prepare financial statements for external distribution.

Question 9

Section 8.2: Auditor’s Response to Risks

What level of substantive testing would take place if the audit risk was low?

Answer 9

A lower acceptable level of audit risk indicates a need for more persuasive audit evidence.

Question 10

Section 8.2: Auditor’s Response to Risks

What are the overall responses would an auditor make when the risk of material mistatement increases?

Answer 10

• Assigning more experienced personnel and individuals with special skills
• Increasing supervision
• Emphasizing professional skepticism
• Modifying procedures to obtain more persuasive evidence.

Question 11

Section 8.2: Auditor’s Response to Risks

What audit procedures should be combined with other audit procedures when testing the operating effectiveness of controls?

Answer 11

From Least to Most:
* Inquiry (Combined with other audit procedures i.e. observation and inquiry, etc.)
* Observation
* Inspection of relevant documentation
* Reperformance of a control.

Inquiry alone does not provide sufficient, appropriate evidence to support a conclusion about the effectiveness of a control.

Question 12

Section 8.2: Auditor’s Response to Risks

Why should an auditor perform substantive procedures when assessing for risks of material misstatement?

Answer 12

• To restrict detection risk for significant transaction classes
• The auditor should design and perform substantive procedures for all relevant assertions related to each material transaction class, account balance, and disclosure

Question 13

Section 8.2: Auditor’s Response to Risks

What is Dual-Purpose Testing?

Answer 13

Dual-purpose testing involves performing:
* A test of details
* A test of controls on the same transaction. Tests of controls are used to determine whether controls are operating effectively.

Question 14

Section 8.2: Auditor’s Response to Risks

What does an auditor do when a previous control has changed?

Answer 14

The auditor must test the operating effectiveness of such controls in the current audit.

Question 15

Section 8.2: Auditor’s Response to Risks

What is an overall response?

Answer 15

Overall responses apply to the assessed RMMs at the financial statement level.

Examples include:
* An emphasis on professional skepticism in evidence gathering and evaluation
* Increased supervision
* Assignment of staff with greater experience or expertise
* Greater unpredictability in the choice of further audit procedures
* Changing the nature, timing, and extent of audit procedures,

Question 16

Section 8.2: Auditor’s Response to Risks

When can an auditor rely on just test of controls?

Answer 16

• When numerous transactions are subject to controls
• The RMMs are low

Question 17

Section 8.2: Auditor’s Response to Risks

When would an auditor decide to perform tests of control?

Answer 17

• In determining the nature, timing, and extent of substantive procedures.
• The auditor should weigh the cost of performing tests of controls against the expected savings from devoting less audit effort to substantive testing.

Question 18

Section 8.3: Assessing Risk in a Computer Environment

What is a test data approach?

Answer 18

• The auditor prepares a set of dummy transactions specifically designed to test directly the effectiveness of the control activities that management claims to have incorporated into the processing programs.
• These transactions are processed by the client’s computer programs under the auditor’s control.
• The test data consist of one transaction for each valid and invalid condition that interests the auditor.
• The test data need not consist of all possible valid and invalid conditions.

Question 19

Section 8.3: Assessing Risk in a Computer Environment

What is an integrated test facility?

Answer 19

• It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will recognize the specially coded test data.
• Dummy files must be established (the test facility or dummy entity).
• Output is affected by the existence of the ITF transactions.
• Allows fictitious and real transactions to be processed together without the knowledge of client operating personnel

Question 20

Section 8.3: Assessing Risk in a Computer Environment

What is parallel simulation?

Answer 20

• It is a controlled program to reprocess sets of client transactions and compares those results with those of the client.
• An auditor-developed program, not the client’s program, is used to process actual client data and compare the outputs and exceptions report with those of the client’s application program.
• If the client’s programmed controls are operating effectively, the two sets of results should be reconcilable.

Question 21

Section 8.3: Assessing Risk in a Computer Environment

What are the disadvantages of a parallel simulation?

Answer 21

• The primary disadvantages are the initial cost of obtaining the software
• The need for coordination with client personnel to gain access to transactions.

Question 22

Section 8.3: Assessing Risk in a Computer Environment

What are the advantages of parallel simulation?

Answer 22

Auditors have the freedom to process transactions:
* At their convenience
* Using their own equipment
* Taking as long as necessary
* Can greatly increase the sample size at relatively little marginal cost
* Transactions from throughout the period may be reprocessed

Question 23

Section 8.3: Assessing Risk in a Computer Environment

What is an embedded audit module?

Answer 23

• An audit module embedded in the client’s software routinely selects and abstracts certain actual transactions and other information with audit significance.
• They may be tagged and traced through the information system.

Question 24

Section 8.3: Assessing Risk in a Computer Environment

What is a disadvantage of an embedded audit module?

Answer 24

• A disadvantage is that audit hooks must be programmed into the operating system and applications.
• An alternative is recording in an audit log, i.e., in a file accessible only by the auditor.

Question 25

Section 8.3: Assessing Risk in a Computer Environment

What is the major purpose of the auditor’s study and evaluation of the company’s computer processing operations

Answer 25

Aditors should examine information systems and, as appropriate, determine:
* Whether financial records and reports contain accurate, reliable, timely, complete, and useful information
* Controls over recordkeeping and reporting are adequate and effective.