CPAExcl 5-Audit Sampling & IT

Question 1

Define “sampling risk.”

Answer 1

The risk that the sample may not be truly representative of the population.

Question 2

Define “Type 2 Error.”

Answer 2

The risk of over-reliance on controls (that is, the risk of assessing control risk too low); or incorrect acceptance of the fairness of an account balance. (The AICPA considers this an error related to effectiveness.)

Question 3

Define “nonsampling risk.”

Answer 3

Any mistake by the auditor other than sampling risk that is not a direct consequence of using a sampling approach.

Question 4

List the two general approaches to audit sampling.

Answer 4

1. Statistical

2. Nonstatistical.

Question 5

List the two types of statistical sampling.

Answer 5

1. Attributes sampling (regarding internal controls)

2. Variables sampling (regarding substantive tests).

Question 6

Define “sampling.”

Answer 6

Application of an audit procedure to less than 100% of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class.

Question 7

Define “Type 1 Error.”

Answer 7

The risk of under-reliance on controls (that is, the risk of assessing control risk too high); or incorrect rejection of the fairness of an account balance. (The AICPA considers this an error related to efficiency.)

Question 8

List the eight steps in attributes sampling plan.

Answer 8

1. Identify Sampling Objective
2. Define what Constitutes an Occurrence
3. Identify Relevant Population
4. Determine Sampling Method
5. Determine Sample Size
6. Select the Sample
7. Evaluate Results
8. Document Sampling Procedures.

Question 9

List the factors that directly relate to sample size.

Answer 9

1. Expected error rate

2. Population size - not explicitly considered in attributes sampling

Question 10

List the factors that are inversely related to sample size.

Answer 10

1. Tolerable error rate
2. Risk of over-reliance - Type II error
3. Risk of under-reliance

Question 11

Define “random sampling.”

Answer 11

Sampling methodology where each item in the population has the same probability of being selected.

Question 12

What is the formula for the observed deviation rate for the sample?

Answer 12

(# errors in the sample)/sample size

Question 13

List the two sampling approaches normally associated with judgmental (nonstatistical) sampling applications.

Answer 13

1. Block

2. Haphazard

Question 14

List the two sampling approaches acceptable for statistical sampling applications.

Answer 14

1. Random

2. Systematic.

Question 15

Define “block sampling.”

Answer 15

Sampling methodology where a group of contiguous items are selected; (e.g., selecting all transaction for the month of June).

Question 16

List the three factors, as indicated by AICPA tables, that determine sample size for an attributes sampling application.

Answer 16

1. Expected error rate (related to the variation in population);
2. Tolerable error rate (related to precision); and
3. Risk of over-reliance (Type II error rate).

Question 17

Define “systematic sampling.”

Answer 17

Sampling methodology whereby every nth item in the population is chosen as part of the sample (usually with a random starting point).

Question 18

Define “haphazard sampling.”

Answer 18

Sampling methodology where items are selected arbitrarily with no conscious biases.

Question 19

List the two parameters of a normal distribution.

Answer 19

1. Mean

2. Variance

Question 20

What is the formula to obtain the sample size for Probability Proportionate to Size (PPS) sampling?

Answer 20

n = reliability factor (from PPS tables) x Book Value / tolerable error

Question 21

What is the basic sample size formula?

Answer 21

Sample Size = (Estimated population standard deviation x coefficient of reliability x population size / allowance for sampling risk) squared

Question 22

What is the purpose of stratification?

Answer 22

To reduce the overall variability within a population.

Question 23

List the items that are inversely related to sample size in variables sampling.

Answer 23

1. Allowance for sampling risk
2. Risk of incorrect acceptance (Type II error).
3. Risk of incorrect rejection (Type I error)

Question 24

List the eight basic steps in variables sampling.

Answer 24

1. Identify sampling objectives
2. Identify relevant population
3. Select specific sampling technique
4. Calculate the sample size
5. Determine selection method
6. Conduct the sample
7. Evaluate sample and project to population
8. Document the sampling procedures.

Question 25

List the various types of classical variables sampling techniques.

Answer 25

1. Difference estimation
2. Ratio estimation
3. Mean-per-unit estimation

Question 26

List the items that are directly related to sample size in variables sampling.

Answer 26

1. Estimated population standard deviation

2. Population size - considered explicitly in variables sampling.

Question 27

What is the primary advantage of PPS sampling?

Answer 27

Efficiency—If there are few differences between audit and book values, PPS sampling may result in smaller sample sizes than other sampling methods.

Question 28

What is the relevant “sampling unit “ in PPS sampling?

Answer 28

An individual dollar associated with the financial statement element involved.

Question 29

Formula for calculating sample size for PPS sampling

Answer 29

n = (“Reliability factor” × Book value) / (Tolerable misstatement (net of expected misstatements))

Question 30

What is the primary disadvantage of PPS sampling?

Answer 30

PPS sampling does not work very well in dealing with understatements or zero (unrecorded) balances.

Question 31

Projected misstatement for accounts having a book value less than the sample interval

Answer 31

The projected misstatement is based on the “tainting percentage “ applied to the sample interval.

Question 32

Projected misstatement for accounts having a book value greater than or equal to the sample interval

Answer 32

The projected misstatement is the “actual “ misstatement identified.

Question 33

Formula for calculating “sampling interval “ for PPS sampling

Answer 33

Sampling interval = tolerable misstatement (net of expected misstatements)/reliability factor; or alternatively

Sample interval = Population book value/sample size

Question 34

List the five categories of general controls for IT.

Answer 34

1. Organization and operation
2. Systems development and documentation
3. Hardware and systems software
4. Access
5. Data and procedures.

Question 35

Define “general controls.”

Answer 35

Controls that have pervasive effects on all the specific computer processing applications.

Question 36

List the types of physical safeguards used to protect the data files.

Answer 36

1. File labels
2. File protection rings
3. File protection plans.

Question 37

List some controls that can be put in place/built in hardware and systems software.

Answer 37

1. Parity check
2. Echo check
3. Diagnostic routines
4. Boundary protection.

Question 38

List the IT duties that should be segregated (in connection with “organization and operation”).

Answer 38

1. Systems analyst
2. Programmer
3. Operator
4. Librarian
5. Security.

Question 39

List some internal control implications associated with an IT environment.

Answer 39

1. Segregation of duties may be undermined (a disadvantage)
2. Audit trail may be lacking (a disadvantage)
3. Computer processing is uniform (an advantage).

Question 40

What is the purpose of missing data checks?

Answer 40

To determine whether there are any omissions from fields in which data should have been present.

Question 41

What is the purpose of limit tests?

Answer 41

To determine whether the data under review are all within some predetermined range.

Question 42

What is the purpose of processing application controls?

Answer 42

To ensure the processing of data is accurate and as authorized.

Question 43

What is the purpose of output application controls?

Answer 43

To ensure the output data (and the distribution of any related reports) is accurate and as authorized.

Question 44

Define “hash totals.”

Answer 44

An arbitrary total that has no meaningful interpretation outside the context in which it was created. It is used only to validate the integrity of that data that is being examined.

Question 45

Define “application controls.”

Answer 45

Information processing controls that apply to the processing of specific computer applications (controls around input, processing, and output).

Question 46

What is the purpose of validity checks?

Answer 46

To determine whether the data under review are recognized as legitimate possibilities.

Question 47

Define “check digit.”

Answer 47

An arithmetic manipulation of a numeric field that captures the information content of that field and then gets “tacked” onto the end of that numeric field.

Question 48

List some examples of logic checks.

Answer 48

1. Limit tests
2. Validity checks
3. Missing data checks
4. Check digits.

Question 49

What is the objective of input application controls?

Answer 49

To ensure that the input of data is accurate and as authorized.

Question 50

List the three types of control totals.

Answer 50

1. Batch totals
2. Hash totals
3. Record count.

Question 51

Define “batch totals.”

Answer 51

The sum of a particular field in a collection of items used as a control total to ensure that all data has been entered into a system.

Question 52

Define “record count.”

Answer 52

A counting mechanism in an IT system that keeps track of the number of records processed to determine that the appropriate number was accounted for.

Question 53

Define “Integrated Test Facility (ITF).”

Answer 53

A fictitious division or department within the client created for the purpose of processing the “dummy” (test) data along with the client’s “live” data.

Question 54

Define “generalized audit software.”

Answer 54

Audit software designed to access and test data files of many audit clients. Such audit software is not unique to a specific audit client.The cost is usually expensive to develop, but that cost can be spread over many audit clients. The cost per client may justify that large initial cost of development.

Question 55

Define “tagging transactions.”

Answer 55

The process of adding an electronic tagging to specific client transactions and tracing them through the client’s system.

Question 56

What is Data Mining Software?

Answer 56

Commercially available software (such as ACL or Idea) used to access a client’s electronic data and perform a broad range of audit tasks (such as performing analytical procedures and sampling for confirmation work, etc.).

Question 57

Define “parallel simulation.”

Answer 57

The processing of the client’s actual data using the auditor’s software and then comparing the auditor’s output to the client’s output for agreement.

Question 58

What is the purpose of test data procedures?

Answer 58

To process known errors to see if the client’s system catches them. The auditor only needs to include those errors that are important to the auditor (that is, the auditor need not include every possible type of error). There may be a danger of contaminating the client’s database with the test data.

Question 59

Define “customized audit software.”

Answer 59

Programs specifically written to access the files of a particular client. The cost might be modest, but the benefits are limited to the specific client for whom the software was written.

Question 60

Define “Service Organization.”

Answer 60

Independent organizations to whom an entity may outsource the processing of its transactional data.

Question 61

Define “Real Time Processing.”

Answer 61

The processing of data whereby the data files are immediately updated.

Question 62

Define “On-line Processing.”

Answer 62

The processing of data whereby the user is in direct communication with the computer’s central processing unit.

Question 63

Define “Electronic Data Interchange (EDI).”

Answer 63

Direct computer-to-computer communication between a buyer and seller designed to achieve greater efficiency and less paperwork (a paper audit trail may not even exist).

Question 64

Define “Value Added Network (VAN).”

Answer 64

A network maintained by an independent company that facilitates Electronic Data Interchange (EDI) transactions between the buying and selling companies.

Question 65

Define “Distributed Systems.”

Answer 65

A network of remote computers connected to the main system, allowing simple processing functions to be delegated to the employees at the remote sites.

Question 66

Define “local area network (LAN).”

Answer 66

A network of hardware and software interconnected throughout a building or campus.

Question 67

Define “database system.”

Answer 67

A set of interconnected files that eliminates the redundancy associated with maintaining separate files for different subsets of the organization.