CPA Section 2 AUD Flashcards by Adam Herron

When performing risk assessment procedures, the auditor should document all of the following concerning risks identified, the related controls evaluated, and the responses to the risks assessed including:

key elements of the understanding obtained regarding each of the aspects of the entity and its environment identified.

How well did you know this?

Not at all

Perfectly

What is an accountant’s responsibility for using the work of other accountants in a review of group financial statements performed in accordance with the Statements on Standards for Accounting and Review Services (SSARSs)?

Read the review or audit reports of component accountants, considering any impact of report modifications on the group review report.

How well did you know this?

Not at all

Perfectly

In assessing the objectivity of internal auditors, an independent auditor should:

determine the organizational level to which the internal auditors report.

How well did you know this?

Not at all

Perfectly

Processing data through the use of simulated files provides an auditor with information about the operating effectiveness of control policies and procedures. One of the techniques involved in this approach makes use of:

an integrated test facility.

How well did you know this?

Not at all

Perfectly

_____ creates a fictitious entity in an actual entity’s database in order to test transactions right along with live input. It is a control over PROCESSESING

An integrated test facility

How well did you know this?

Not at all

Perfectly

An auditor most likely would test for the presence of unauthorized EDP program changes by running a:

source code comparison program.

How well did you know this?

Not at all

Perfectly

____program compares the coding of the program from its last run with the original program

A source code comparison

How well did you know this?

Not at all

Perfectly

The auditor should consider certain factors in assessing the efficiency and effectiveness of analytical procedures as compared to tests of details. In determining whether and to what extent analytical procedures should be used, which of the following should the auditor consider?
Interrelationships of financial information, The nature of the assertion tested, OR, Nonfinancial information that may affect financial information

Nature of assertion only

Fuck interrelationships

How well did you know this?

Not at all

Perfectly

The primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with:

knowledge necessary for audit planning.

How well did you know this?

Not at all

Perfectly

The extent and nature of the risk to internal control associated with IT are dependent on the nature and characteristics related to the entity’s:

Info system

How well did you know this?

Not at all

Perfectly

The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation

of the risk that material misstatements may exist in the financial statements.

How well did you know this?

Not at all

Perfectly

Test data is processed by the .

client’s computer programs under the auditor’s control

How well did you know this?

Not at all

Perfectly

The test data need consist of only those valid and invalid conditions that interest the auditor.
Only one transaction of each type need be tested
The test data must consist of all possible valid and invalid conditions.

T/F

TRUE
TRUE
FALSE - It cant consist of all possible conditions b/c who can do that bro

How well did you know this?

Not at all

Perfectly

Test data is data specifically designed and developed to test

the accuracy and completeness of a computer program.

How well did you know this?

Not at all

Perfectly

Obtaining an understanding of internal control involves

evaluating the design of a control and determining whether it has been implemented.

How well did you know this?

Not at all

Perfectly

Obtaining and understanding internal controls involves Understanding controls that exist in the audited company’s industry

False - fuck the existing controls

How well did you know this?

Not at all

Perfectly

Since the production cycle handles raw products and materials, it is important to maintain proper

custody of the assets, as assets can easily be misappropriated during this cycle.

How well did you know this?

Not at all

Perfectly

An auditor used test data to verify the existence of controls in a certain computer program. Even though the program performed well on the test, the auditor may still have a concern that:

the program tested is the same one used in regular production runs.

How well did you know this?

Not at all

Perfectly

The test data method is a technique used with

audit software

How well did you know this?

Not at all

Perfectly

Regarding test data, If the entire system is changed and the record formats are obsolete, then and only then will the

test data not be relevant in subsequent audit periods.

How well did you know this?

Not at all

Perfectly

the ___should approve all sales

credit department

How well did you know this?

Not at all

Perfectly

When trying to detect whether data was altered in a computer system, the auditor needs to

test the computer system by using test data

How well did you know this?

Not at all

Perfectly

For a new client, reading a _____would help the auditor obtain an understanding of the industry in which the client operates,

specialized trade journal

How well did you know this?

Not at all

Perfectly

Input controls, processing controls, and output controls are all examples of _____, which ARE NOT ____

application controls

general controls

How well did you know this?

Not at all

Perfectly

Program change control is an example of what kind of control

general controls in an IT environment

Examples of general controls are

1. program change controls, 2. controls that restrict access to programs or data, 3. controls over the implementation of new releases of packaged software applications 4. controls over system software that restrict access to or monitor the use of system utilities that could change financial data

Risk assessment procedures include:

inquiries of management and others within the entity, analytical procedures, and observation and inspection.

auditing related party transactions, an auditor ordinarily places primary emphasis on:

the adequacy of the disclosure of the related party transactions.

Embedded audit modules:

enable continuous monitoring of transaction processing.

Analyzing the efficiency of programming is a characteristic of ___

mapping.

. The higher the risk of material misstatement, the ____the detection risk must be

lower

RMM x DR = what?

Audit Risk

Audit Risk = ( __ x __) x __

IR x CR x DR

Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission?

Check digit

What input control is a nonsense total

hash total

when planning an examination, an auditor should (materiality)

make preliminary judgments about materiality levels for audit purposes.

Whether or not a real-time program contains adequate controls is most effectively determined by the use of:

integrated test facility

Which of the following audit risk components may be assessed in nonquantitative terms?

Control risk, detection risk, and inherent risk

Considering whether the client's accounting estimates are reasonable in the circumstances is done in what phase

performance

Determining the extent of involvement of the client's internal auditors is done in what phase

planning

What type of audit opinion should be issued if the financial statements contain an unsubstantiated disclosure which asserts that a material and pervasive related party transaction was equivalent to an arm’s-length transaction?

adverse

Measurements and review of the entity's financial performance is what type of I/C component

control activity

In auditing an entity's computerized payroll transactions, an auditor would be least likely to use test data to test controls concerning: control and distribution of unclaimed checks. ... why?

When using test data, the auditor is looking for controls that are built into the system, not controls that operate outside of the compute

Which of the following controls is a processing control designed to ensure the reliability and accuracy of data processing?

Limit Test - validity check

A limit test or limit check is used to ____data during input or processing to validate data.

edit

Validity controls are designed to

ensure that all recorded transactions are those that should have been recorded

Employers bond employees who handle cash receipts because fidelity bonds reduce the possibility of employing dishonest individuals and:

deter(discourage) dishonesty by making employees aware that insurance companies may investigate and prosecute dishonest acts.

not all related party transactions are outside the ordinary course of business, and audit responses should be commensurate with the assessed risk of material misstatement.

True

A CPA firm has decided to rely on the audit work performed by another audit firm. Which of the following procedures should the CPA firm perform when taking responsibility for the other firm's audit work?

Review the other firm's audit workpapers and reperform a subset of audit testing to validate the firm's conclusions

However, if the principal auditor is unable to satisfy himself or herself about the quality of the other auditor's work,

a reference to the quality of the other auditor's work is made and a clear separation of responsibilities is described in the audit opinion.

An embedded audit module is able to identify and report

specific transactions.

If an entity's management does not take remedial action in response to an auditor's report of noncompliance under applicable law or regulations by employees, the auditor's ability to rely on management representations may be affected. In this case, the auditor should

first speak with those charged with governance and then seek legal advice.

Begin by understanding the overall risks to internal control over financial reporting at the financial statement level. is what kind of approach

top-down

If in an audit engagement, the acceptable levels of both audit risk and materiality are lower, the auditor will plan more work on individual accounts in order to

find smaller errors.

The consideration of the financial statement accounts likely to contain a misstatement is the consideration of what risk

inherent risk

The auditor cannot verify the reliable operation of programmed controls by

manually re-performing input data and comparing the simulated results with the actual results of processed data.

In parallel simulation, actual client data is reprocessed using an auditor software program. An advantage of using parallel simulation, instead of performing tests of controls without a computer, is that:

the size of the sample can be greatly expanded at relatively little additional cost.

Which of the following would an auditor ordinarily consider the greatest risk regarding an entity’s use of electronic data interchange (EDI)?

improper distribution

In the definition, internal control in a business entity is said to be effected by the public's perception of the risk associated with the entity.

false boy we dont curr

3 examples of embedded modules

1. Mapping is a technique for determining whether a computer program contains any unexecuted code that should be examined. 2. Retrieval and analysis programs such as generalized audit software offer the features and flexibility suitable for verifying the correctness of information on a computer file. 3. The snapshot method is a technique utilized to capture and print all data pertinent to the analysis of a specific moment in the processing cycle.

Determining that proper amounts of depreciation are expensed provides assurance about management's assertions of ___ and ___

: presen & disclosure

Application controls relate to the use of information technology (IT) to

initiate, authorize, record, process, and report transactions or other financial data

EDIT CHECKS are

programmed routines designed to check input data and processing results for completeness, accuracy and reasonableness.

Management override of controls can occur in unpredictable ways. Due to this fact, the auditor should perform procedures, in addition to the procedures already performed to address identified risks of material misstatements due to fraud, that include which of the following? Evaluating the business rationale for significant unusual transactions

Yes Yes Yes

Governance board CAN be responsible for making estimates

false - only management

An auditor should gain an understanding of the planning requirement to understand the entity and its environment of business risks, even if they are not likely to result in material misstatement to the financial statements

false -- they have to be material misstatements to understand the busienss riskss

Which of the following should an auditor do when control risk is assessed at the maximum level? Test more controls

false -- you cant rely on controls. you document the assessment

Which of the following best describes the reason an auditor performs a walkthrough of transactions from inception through financial statement presentation? To ensure that the single transaction type involved in a walkthrough is properly recorded in the general ledger To determine if a necessary control is missing or ineffective To determine the different types of significant transactions handled by the process

No Yes Yes

the nature of the walkthrough is meant to help the auditor to understand the

process (item III) and determine the effectiveness of controls (item II).

An auditor who uses the work of a specialist may refer to the specialist in the auditor's report if the:

auditor modifies the report because of the difference between the client's and the specialist's valuations of an asset.

The auditor should not refer to the work or findings of a specialist in an audit report with an

unmodified opinio

Consider the results of audit procedures performed with respect to the current year's financial statements is meant to do what

update the understanding of the auditor of an audit client during a review

Control risk should be assessed in terms of:

financial statement assertions

The cost of two reviewers and signers for checks in payment of inventory purchases under $10,000 is probably significantly greater than the internal control benefit b/c the average check is $12,000

false -- the average check has to be under $10,000

The average check written by ABC Company for inventory purchases is over $5,000; therefore, the management of ABC Company has decided to require two signatures on their checks for inventory purchases only if the check is in excess of $10,000. This is an example of a reasonable limitation on internal control based on:

cost-benefit considerations in implementing controls.

Human resource policies and practices is an example of what

control environment

Assignment of authority and responsibility is an example of what

Assignment of authority and responsibility

Communication and enforcement of integrity and ethical values Commitment to competence are xamples of what

control environment

What type of audit opinion should the auditor issue if it is determined that noncompliance with laws and regulations has a material effect on the financial statements, but is not pervasive to the financial statements, and the circumstance is not properly presented and disclosed?

qualified --if it was pervasive and not disclosed / it would be adverse

MD&A stands for what

management discussion and analysis

n an engagement to examine management's discussion and analysis (MD&A), which of the following best defines control risk?

The risk that material misstatements in the MD&A presentation will not be prevented in a timely manner

a concurrent audit technique where a special set of dummy master files is established and test transactions are entered to test the programs using the dummy files during regular processing runs. is an example of what

integrated test facility

If new information becomes available that could require a reevaluation of the quantitative level of materiality applied during an audit of an issuer, then the auditor should:

raise or lower accordingly

An auditor most likely would make inquiries of production and sales personnel concerning possible obsolete or slow-moving inventory to support management's financial statement assertion of:

valuation and allocation

The auditor would consider the purchase of stock by management or the sale of stock by members of the board to be risk factors for fraud

false no you wouldnt

____will frequently be the most effective way to achieve the objectives of understanding the likely sources of potential misstatements.

Performing walkthroughs

nderstand the flow of transactions related to relevant assertions, including how transactions are initiated, authorized, processed, and recorded Verify that the auditor has identified points with the company’s processes at which a misstatement could arise that would be material Identify controls that management has implemented to address these potential misstatements Identify controls that management has implemented over the prevention or timely detection of unauthorized acquisition, use, or disposition of assets that could result in a material misstatement of the financial statements

this is how identifying potential misstatements are found

An auditor uses the knowledge provided by the understanding of internal control and the final assessed level of control risk primarily to determine the nature, timing, and extent of the:

substantive tests

The assessment of risk of material misstatement can be: expressed in quantitative terms, such as percentages. expressed in qualitative terms, such as “high,” “medium,” or “low.” assessed at the financial statement level. assessed at the relevant assertion level.

All of the above baby

To determine whether a particular assertion is relevant to a significant account balance or disclosure, the auditor should evaluate:

the nature of the assertion, the volume of transactions or data related to the assertion, and the nature and complexity of the systems, including the use of information technology, by which the entity processes and controls information supporting the assertion.

By definition, the test data approach is the use of

simulating transactions to test processing & controls of client computer program while the client's accounting sys is under the auditor's contorl

he auditor is required to design and perform further audit procedures that are responsive to the

assessed risks of material misstatement at the relevant assertion level.

the characteristics of the relevant class of transactions, account balance, or disclosure involved, the nature of the specific controls used by the entity and whether they are manual or automated, and

considerations when designing further audit procedures

Encryption performed by physically secure hardware devices is more secure than encryption performed by

software.

are internal controls that are intended to reduce the risk of an existing or potential control weakness when duties cannot be appropriately segregated.

Compensating controls

An accounting estimate is an ____of a financial statement element, item, or account made by management.

approximation

Application controls are classified as follows:

Input controls Processing controls Output controls

Due to the significant judgment involved in the interpretation of the accounting principles surrounding revenue recognition and the accounting estimates often involved,

the risk of material misstatement may be greater for improper revenue recognition.

Risk of a material misstatement of recognized revenue is likely to be high due to more transactions center around the revenue accounts than any other accounts in the chart of accounts.

False - it is the interpretation of acct principles

Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed is what type of response

overrall

Emphasizing to the audit team the need to maintain professional skepticism in gathering and evaluating audit evidence is what type of response

overrall

An auditor should design the audit to provide reasonable assurance of

detecting errors and fraud that are material to the financial statements.