Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Hieu Audit Chap 2 > II. Internal Control - Concepts and Standards - Performing Procedures in Response to Assessed Risks > Flashcards

II. Internal Control - Concepts and Standards - Performing Procedures in Response to Assessed Risks Flashcards

1
Q

Responsibilities under AICPA Professional Standards, Primary guidance applicable to the auditor consideration of I/C, is provided by 2 SASs:

A
  1. Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
  2. Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Assessing the Risk of Material Misstatement

Auditor’s Responsibility - The auditor should identify and assess the risks of material misstatement

Internal Control Considerations - A weak control environment (such as management’s lack of competence) may have pervasive financial statement effects and require an overall response by the auditor.

Significant Risks—These are risks that the auditor believes require special audit consideration.

Risks for which Substantive Procedures Alone do not Provide Sufficient Appropriate Audit Evidence— If there are risk for which substantive procedures alone do not provide sufficient appropriate evidence - the auditor would have to test the operating effectiveness of controls if risk obj. cannot be achieved with substantive procedures alone.

Revision of Risk Assessment—Risk assessment is an iterative =(ongoing) process and the assessment of risks may change as additional evidence is obtained.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Overall Responses to the Risks of Material Misstatement at the Financial Statement Level, what would the auditor do as the risk of material misstatement increases?

A

The auditor may assign more experienced staff to the engagement; provide closer supervision; use specialists; use more unpredictable audit procedures; and/or make appropriate changes in the nature, timing, or extent of further audit procedures.

Also note:

Assessment of the risk of material misstatement may influence the auditor’s strategy in using a substantive approach or a combined approach that uses both tests of controls (regarding the operating effectiveness of controls) and substantive procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Responses to the Risks of Material Misstatement at the Relevant Assertion Level—

A

The assessment of the risk of material misstatement may affect the auditor’s decisions regarding the nature, timing, and extent of further audit procedures, including the tests of the operating effectiveness of controls and the substantive procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the three different types of audit procedures?

A
  1. Risk Assessment
  2. Tests of Controls - Determines the operating effectiveness of controls
    1. Should be performed when:
      1. Risk assessment includes an expectation of the operating effectiveness of controls (when relying on certain specific procedures)
      2. Substantive procedure alone would not provide sufficient appropriate evidence (that “wholly substantive” audit approach is not sufficient)
  3. Substantive Procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When Evaluating the Sufficiency and Appropriateness of the Audit Evidence Obtained, what should the auditor do?

A
  • An audit is an iterative process, so the planned audit procedures may need to be modified;
    • for example, identified misstatements from substantive procedures may alter the auditor’s judgment about the effectiveness of controls.
  • Consider all relevant audit evidence—The auditor should consider all relevant audit evidence, whether it appears to corroborate or contradict the relevant assertions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The auditor should document all of what?

A
  1. The overall responses to address the assessed risk of misstatement at the financial statement level;
  2. The nature, timing, and extent of the further audit procedures;
  3. The linkage of those procedures with the assessed risks at the relevant assertion level;
  4. The results of the audit procedures; and
  5. The conclusions reached in the current audit about the operating effectiveness of controls tested in a prior audit.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When the operating effectiveness of a control is not evidenced by written documentation, an auditor should obtain evidence about the control’s effectiveness by

A

Inquiry and other procedures such as observation.

Note: Inquiry and observation may be useful in evaluating the effectiveness of internal controls, including those that are undocumented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor’s best course of action in such situations?

A

When evidence is available only in electronic form, the auditor may find that generalized audit software is the best and most efficient means of extracting evidence from client databases.

Generalized audit software consists of programs that enable an auditor to perform tests on client computer files and databases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The objective of tests of details of transactions performed as tests of controls is to

A

The objective of tests of controls is to ascertain whether internal controls are designed properly or operating effectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the purpose of substantive tests?

A
  • Detect material misstatements in the account balances of the financial statements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The objective of obtaining an understanding of the internal control structure is to

A
  • determine the nature, timing, and extent of substantive tests for financial statement assertions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following auditor concerns most likely could be so serious that the auditor concludes that a financial statement audit cannot be performed?

A

The auditor would conclude that a financial audit could not be performed if he/she determined that a substantial risk of intentional misapplication of accounting principles existed.

Note: The key word is “intentional” as the risk of management override is an inherent limitation of any internal control system. Management can override the system to make material misstatements in the financial statements and the auditors may not be able to detect such entries.

If management is believed to be intentionally misapplying accounting principles, the financial statements are likely to contain material misstatements that may be extremely difficult, if not impossible, to detect. Thus, the auditors would withdraw from the engagement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An auditor may decide to assess control risk at the maximum level for certain assertions because the auditor believes

A

Control policies and procedures are unlikely to pertain to the assertions.

Note: Control risk is assessed in terms of the financial statement assertions. The auditor may assess control risk at maximum because the controls do not pertain to the assertions, or are ineffective, or because testing such controls would not result in a reduction in substantive testing (would be inefficient).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The objective of “tests of details” of transactions performed as tests of controls is to

A

To evaluate whether internal controls operated effectively. A test of details of transactions performed as a test of control will enable the auditor to detect a control failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor would most likely increase the

A

Increases in the assessed level of the risk of material misstatement lead to decreases in the acceptable level of detection risk. Accordingly, the auditor will need to increase the extent of substantive tests such as tests of details.

17
Q

After the preliminary phase of the review of a client’s computer controls, an auditor may decide not to perform tests of controls related to the controls within the computer portion of the client’s internal control. Which of the following would be a valid reason for choosing to omit such tests?

A

The controls duplicate operative controls existing elsewhere in the structure.

There appear to be major weaknesses that would preclude reliance on the stated procedure.

The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests of controls show the controls to be operative.

18
Q

Which of the following types of transactions generally has less risk

A

Routine transactions.

19
Q

An auditor may compensate for a weakness in internal control by increasing the

A

Increasing analytical procedures decreases detection risk in a manner which may counterbalance the condition in internal control.

20
Q

Which of the following courses of action is the most appropriate if an auditor concludes that there is a high risk of material misstatement?

A

High risk of material misstatement requires that the auditor increase the scope of audit procedures through their nature

21
Q

Regardless of the assessed level of control risk, an auditor would perform some

A

Ordinarily the assessed level of control risk cannot be sufficiently low to eliminate the need to perform any substantive tests to restrict detection risk for significant transaction classes.

22
Q

Most likely examine to determine whether internal control is operating as designed?

A

Client records documenting the use of computer programs.

Note:

The inspection of documents and records such as those related to computer programs represents an approach for obtaining an understanding of internal control.

23
Q

As a result of tests of controls, an auditor assesses control risk too high. This incorrect assessment most likely occurred because

A

Control risk based on the auditor’s sample is greater than the true operating effectiveness of the client’s control activity.

Note:

Conclusion that control risk is higher than is actually the case occurs when the auditor is misled by the sample to believe that the system operates less effectively than it actually does (the sample has a higher deviation rate than the population).

24
Q

An auditor uses the assessed level of the risk of material misstatement to

A

Determine the acceptable level of detection risk for financial statement assertions.

Note:

auditor uses the risk of material misstatement to determine the acceptable level of detection risk for financial statement assertions. The auditor then uses the acceptable level of detection risk to determine the nature, timing, and extent of the auditing procedures to be used to detect material misstatements in the financial statement assertions.

25
Q

What most likely would provide an auditor with evidence about whether an entity’s internal control activities are suitably designed to prevent or detect material misstatements?

A

Observing the entity’s personnel applying the activities.

26
Q

The reliance placed on substantive tests in relation to the reliance placed on internal control varies in a relationship that is ordinarily

A

Inverse.

note:

Internal control is relied upon to a lesser extent, substantive tests are relied upon to a greater extent.

27
Q

What should auditor do when control risk is assessed at the maximum level?

A
  • scope of substantive procedures will be at a high level,
  • Few tests of controls will be performed when control risk is assessed at the maximum level.
  • professional standards require documentation of the assessment.
  • control structure need not be documented more extensively.
28
Q

In an audit of a nonissuer (nonpublic) company, the auditors identify significant risks. These risks often

A

Significant risks often involve accounting estimates or complex accounting that involves significant judgments.

29
Q

A heightened assessed risk of material misstatement may result in

A

the assignment of more experienced staff and/or those with specialized skills to high-risk areas;

examples of other responses include:

(1) providing more supervision and emphasizing the need for professional skepticism,
(2) incorporating additional elements of unpredictability into audit procedures and
(3) increasing the overall scope of audit procedures.

30
Q

How frequently must an auditor test operating effectiveness of controls that appear to function as they have in past years and on which the auditor wishes to rely in the current year?

A

The professional standards require auditors to test controls at least every third year.

31
Q

An audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in an audit of financial statements?

A

Document the auditor’s understanding of internal control.

Hieu Audit Chap 2 (28 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions