Internal Control

Question 1

In an attestation engagement to examine internal control of a non-issuer, what elements are included in the auditor’s report?

Answer 1

An auditor’s report based on an attestation engagement to examine internal control of a non-issuer will include:

1) TITLE using the word INDEPENDENT;
2) statement of management’s responsibility for MAINTAINING and EVALUATING the EFFECTIVENESS of internal control;
3) IDENTIFICATION of management’s assertion on internal control;
4) statement of the AUDITOR’S RESPONSIBILITY to report on either INTERNAL CONTROL or MANAGEMENT’S ASSERTION regarding internal control;
5) statement that the examination was CONDUCTED in ACCORDANCE with AICPA ATTESTATION STANDARDS, which REQUIRE the auditor to PLAN and PERFORM the examination to obtain REASONABLE ASSURANCE as to the effectiveness of internal control;
6) STATEMENT describing the examination along with the auditor’s belief that the EXAMINATION SUPPORTS the OPINION expressed;
7) DEFINITION of INTERNAL CONTROL;
8) an indication of the RISKS associated with internal control’s INHERENT LIMITATIONS;
9) auditor’s OPINION;
10) auditor’s SIGNATURE; and the REPORT DATE

Question 2

If the control procedures leave no audit trail of documentary evidence, the auditor most likely will test the procedures by?

Answer 2

INQUIRY and OBSERVATION are procedures that can be performed REGARDLESS of whether or not there is an AUDIT TRAIL of documentary EVIDENCE and would be used by an auditor when performing TESTS of CONTROLS under those circumstances.

Question 3

A performance indicator involves?

Answer 3

A performance indicator involves COMPARING results to EXPECTATIONS. The quantities in the accounting records are the amounts the company EXPECTS to have on hand, which is COMPARED to the PHYSICAL COUNT, making the procedure a PERFORMANCE INDICATOR.

Question 4

Which activities performed by a department supervisor most likely would help in the prevention or detection of a payroll fraud?

Answer 4

Approving a summary of hours each employee worked during the pay period will be helpful in PREVENTING OVER-PAYMENTS and payments to NONEXISTENT employees. Distributing checks directly to department employees would not prevent a fraudulent over-payment. Setting the pay rate for department employees does not prevent someone in payroll from paying at a different rate. The same would be true of hiring employees and authorizing them to be added to payroll, would not prevent over-payments.

Question 5

What must be included in the written communication of significant deficiencies and material weaknesses in internal control identified in an audit of financial statements of a non-issuer company?

Answer 5

Written communication of significant deficiencies and material weaknesses in internal control is designed for those RESPONSIBLE FOR GOVERNANCE and, sometimes, MANAGEMENT. It is NOT designed for THIRDS PARTIES and the report will indicate such a LIMITED USE of the statement. An auditor’s report on internal control MAY indicate a LACK of material weaknesses since, due to their magnitude, it is considered the AUDITOR’S RESPONSIBILITY to be able to identify MATERIAL WEAKNESSES, similarly to a material misstatement to the financial statements. The auditor’s report would NOT, indicate a lack of SIGNIFICANT DEFICIENCIES as it is more likely that they may exist and go undetected.

Question 6

An auditor most likely would assess Control Risk (Risk of Material Misstatement) at a high level if the payroll department supervisor is responsible for?

Answer 6

The payroll department supervisor SHOULD NOT BE AUTHORIZING payroll rate changes for all employees. The payroll department supervisor WILL EXAMINE authorization forms for new employees to make certain they are NOT paying nonexistent or UNAUTHORIZED employees and will COMPARE payroll registers to original batch transmittal data to VERIFY that the amount paid is correct. The payroll department supervisor will also have responsibility for hiring subordinate employees for that department. It is the responsibility of personnel, or human resources, however, to institute payroll rate changes that are ordinarily instituted by the employee’s department.

Question 7

In an attestation engagement to examine internal control of a non-issuer, the measure of materiality

Answer 7

In an attestation engagement to examine an entity’s internal control that is INTEGRATED with an audit of its financial statements, the auditor will use the same measure of materiality as used in the planning and performance of the audit of the financial statements.

Question 8

If an auditor is obtaining an understanding of an issuer’s information and communication component of internal control, which of the following factors should the auditor assess?

Answer 8

The objectives of the INFORMATION and COMMUNICATION component of internal control includes the IDENTIFICATION, RETENTION, and TRANSFER of RELIABLE information in a timely manner, which would include the classes of transactions reported in the financial statements.

Question 9

An auditor is determining if internal control relative to the revenue cycle of a wholesaling entity is operating effectively in minimizing the failure to prepare sales invoices. The auditor most likely would select a sample of transactions from the population represented by the

Answer 9

By beginning with shipping documents, the auditor can TRACE forward to make certain that there is an invoice for each shipment. Beginning with the cash receipts file would require the auditor to work backward allowing the auditor to determine that amounts received were for goods shipped but would not provide evidence that all shipments were invoiced. If goods were shipped that were not ordered, perhaps inappropriately, there would be no customer order and, as a result, beginning with customer orders would not be useful in determining if such a shipment was invoiced. Beginning from the invoice file allows the auditor to work forward to determine if all amounts were collected, or backward to determine if all amounts invoiced were shipped, but it would not provide evidence as to whether all shipments were invoiced.

Question 10

Which of the following would indicate a weakness in the company’s internal control?

Answer 10

Mailing signed checks gives the employee CUSTODY of assets. When that same employee is responsible for POSTING (RECORDING) vendor invoices into the accounts payable ledger, the INCOMPATIBLE duties of CUSTODY of ASSETS and RECORDING of transactions allows the individual to modify a signed check and hide the fact by recording it in the altered amount. Reviewing vendor invoices for signature approval and opening the incoming mail are NOT incompatible duties. The same person entering vendor invoices into the accounting system and reconciling the accounts payable ledger with the general ledger does not allow that individual to perpetrate and conceal fraud. It is not unusual for a treasurer to use a stamp for signing checks. It would be considered a weakness if the stamp was not securely maintained.

Question 11

Inquiries about credit granting policies and sampling of sales transactions and examines evidence of credit approval. This test of controls most likely supports management’s financial statement assertion(s) of?

Answer 11

Evidence of credit approval will assist the auditor in evaluating the client’s estimate of UNCOLLECTIBLE ACCOUNTS related to the VALUATION or ALLOCATION. Credit approval, however, does not indicate that the goods or services were actually provided and that the entity has rights to the receivable.

Question 12

Which of the following types of evidence would an auditor most likely examine to determine whether internal control policies and procedures are operating as designed?

Answer 12

Client records documenting the use of EDP programs can assist the auditor in determining if the programs are being used appropriately and with the proper authority, thus supporting conclusions about internal control. Comparing industry margins, confirming receivables, and comparing anticipated results to actual results are SUBSTANTIVE TESTS to support the information in the financial statements, and are not tests of controls.

Question 13

The auditor’s opinion of an issuer’s internal control applies as of which date?

Answer 13

A report on the internal control of an issuer is INTEGRATED with an audit of the financial statements and, as a result, the auditor evaluates internal control for the period covered by the financial statements up through the DATE of the FINANCIAL STATEMENTS.

Question 14

Certain internal control matters that come to an auditor’s attention should be communicated to an entity’s audit committee because they represent?

Answer 14

Internal control matters that are required to be communicated to the client’s governance include MATERIAL WEAKNESSES and SIGNIFICANT DEFICIENCIES, which are DEFICIENCIES in the DESIGN or OPERATION of the internal control structure. This includes those deficiencies that are SUFFICIENTLY SIGNIFICANT that they could result in a MATERIAL MISSTATEMENT to the financial statements, referred to as a MATERIAL WEAKNESS.

Question 15

Which matters would an auditor most likely consider to be a significant deficiency or material weakness to be communicated to the audit committee?

Answer 15

A lack of OBJECTIVITY by those RESPONSIBLE for accounting decisions may result in the selection of accounting policies and practices that are designed to meet some reporting objective other than FAIR PRESENTATION. This might result in a material misstatement of the financial statements and would constitute a significant deficiency or a material weakness.

Question 16

Which concerning accounts receivable would an auditor most likely perform to obtain evidential matter in support of an assessed level of control risk below the maximum level?

Answer 16

OBSERVING an entity’s employee preparing a schedule of past due accounts receivable will provide the auditor with evidence as to whether control procedures related to past due accounts are in place and operating as intended. As a result, this test may cause the auditor to reduce the level of control risk. Sending confirmations, inspecting an analysis of accounts receivable for unusual balances, and comparing uncollectible accounts expense to actual uncollectible accounts are all TESTS OF DETAILS that may provide evidence about the carrying amount of accounts receivable but not about control risk.

Question 17

When communicating internal control structure related matters noted in an audit, an auditor’s report should indicate that?

Answer 17

When communicating on internal controls in conjunction with an audit, the auditor will issue a REPORT stating that the purpose of an audit is to REPORT on the financial statements and NOT to provide ASSURANCE on the internal control structure. The statement that errors and irregularities may occur and go undetected is part of the report on internal controls SEPARATE from an audit, not part of the report on internal controls in conjunction with an audit.

Question 18

An auditor wishes to obtain evidence that all sales that were recorded during the period actually occurred. Which procedures would be most effective for that purpose?

Answer 18

To obtain evidence as to the OCCURRENCE ASSERTION, an auditor would TRACE a sample from the accounting records to source documents (VOUCHING) to determine if each entry recorded is supported by evidence that a sale occurred. This would be accomplished by tracing entries from the sales journal to source documents.

Question 19

Which of the following departments most likely would approve changes in pay rates and deductions from employee salaries?

Answer 19

The PERSONNEL, or HUMAN RESOURCES, department will generally APPROVE PAY RATE CHANGES that are recommended by operating personnel, and deductions from employees’ salaries. The treasurer has CUSTODY of the cash, which should be segregated from authorization of transactions, the controller and payroll are responsible for the RECORD-KEEPING function, which should also be segregated from authorization of transactions.

Question 20

In assessing Risk of Material Misstatement (Control Risk), an auditor ordinarily selects from a variety of techniques, including?

Answer 20

An auditor will generally make inquiries in assessing RMM, RECALCULATION is a SUBSTANTIVE TEST, NOT a risk assessment procedure nor a test of controls. REPERFORMANCE , such as of a control procedure, and OBSERVATION are both RISK ASSESSMENT procedures used in assessing RMM. Comparison and confirmation are both SUBSTANTIVE PROCEDURES and, while INSPECTION may be either a risk assessment procedure or a substantive test, VERIFICATION is generally more closely associated with SUBSTANTIVE testing.

Question 21

Entity Level Controls

Answer 21

Under PCAOB standards, ENTITY LEVEL CONTROLS include controls related to the control environment; 1) controls over management override;

2) the company’s risk assessment process;
3) centralized processing and controls;
4) controls to monitor results of operations;
5) controls to monitor other controls;
6) controls over the financial reporting process;
7) policies addressing significant business control
8) risk management practices.

Question 22

Which audit procedures would an auditor most likely perform to test controls relating to management’s assertion concerning the completeness of sales transactions?

Answer 22

Inspecting reports of prenumbered shipping documents. The auditor could verify that all shipments have been completely recorded as sales. Any numbers not accounted for may be indications of unrecorded transactions.

Question 23

A Debit Memo

Answer 23

A debit memo is the document used to indicate that goods have been returned to vendors. A credit memo is used to document goods being returned to the client, rather than the client returning goods to a vendor.

Question 24

An engagement to express an opinion on a description of internal controls placed in operation of a Service Organization?

Answer 24

An engagement to express an opinion on a description of internal controls placed in operation is an engagement to REPORT on controls at a SERVICE ORGANIZATION, performed in accordance with attestation standards. The report will include a reference to a description of the SERVICE AUDITOR’S TESTS OF CONTROLS and the RESULTS. It is up to F/S AUDITOR, not THE AUDITOR expressing an opinion on a description of the controls , to determine if F/S AUDITOR will assess control risk based on THE AUDITOR expressing an opinion on a description of the controls, report. In an engagement to express an opinion on a description of the controls placed in operation, the accountant DOES have the responsibility to determine if the controls are suitably designed. The accountant would ONLY provide an OPINION on the operating EFFECTIVENESS of the controls IF preparing a REPORT on BOTH controls placed in OPERATION and their EFFECTIVENESS.

Question 25

How do the scope, procedures, and purpose of an examination of internal control compare to those for obtaining an understanding of internal control and assessing Risk of Material Misstatement as part of an audit?

Answer 25

The SCOPE of an examination of internal control is DIFFERENT, in fact MORE EXTENSIVE, than that for the assessment of RMM since it requires MORE EXTENSIVE TESTS of CONTROLS. The PROCEDURES are the SAME in BOTH although, as indicated, there will generally be MORE PROCEDURES, specifically tests of controls, in the EXAMINATION of INTERNAL CONTROL. The PURPOSE is DIFFERENT in that the purpose of the examination is to EXPRESS an OPINION while the purpose of the understanding is to determine the NATURE, TIMING, and EXTENT of substantive procedures to be performed in the audit.

Question 26

Which would be a potential control deficiency because of a lack of segregation of duties?

Answer 26

Ordering equipment, which involves AUTHORIZATION and RECEIVING and INSPECTION involve custody, making the functions incompatible.

Question 27

An auditor’s communication of internal control structure related matters noted in an audit usually should be addressed to the?

Answer 27

The communication of INTERNAL CONTROL STRUCTURE RELATED MATTERS is normally addressed to the BOARD OF DIRECTORS or the AUDIT COMMITTEE.

Question 28

An auditor’s assessment of an issuer’s internal control is/are that?

Answer 28

A MATERIAL WEAKNESS in internal control indicates a REASONABLE POSSIBILITY that a material misstatement to the financial statements will not be PREVENTED or DETECTED and CORRECTED on a timely basis, in which case, internally control would NOT be CONSIDERED EFFECTIVE. A SIGNIFICANT DEFICIENCY, however, does NOT necessarily indicate a comparable level of VULNERABILITY and does NOT automatically result in internal controls being considered ineffective. An auditor performs an EXAMINATION to obtain REASONABLE ASSURANCE that the financial statements are not materially misstated, NOT TO IDENTIFY significant deficiencies in internal control.

Question 29

To determine whether internal control relative to the revenue cycle of a wholesaling entity is operating effectively in minimizing the failure to prepare sales invoices, an auditor most likely would select a sample of transactions from the population represented by the?

Answer 29

By beginning with SHIPPING DOCUMENTS, the auditor can TRACE forward to make certain that there is an invoice for each shipment. There would be NO sales order for goods shipped by the shipping department without a sales order and, as a result, beginning with the sales order file would not include all goods shipped. Likewise, if goods were shipped that were NOT ordered, there would be NO customer order and, as a result, beginning with customer orders would not be useful in determining if such a shipment was invoiced. Beginning from the invoice file allows the auditor to work forward to determine if all amounts were collected, or backward to determine if all amounts invoiced were shipped, but it would NOT provide evidence as to whether all shipments were invoiced.

Question 30

Which statements is correct concerning internal control matters identified in an audit that are required to be communicated to the client’s governance?

Answer 30

Although an auditor MAY ORALLY COMMUNICATE with the client during an audit engagement regarding identified internal control deficiencies, the auditor is still REQUIRED to provide a WRITTEN communication to the appropriate level of GOVERNANCE, indicating all significant deficiencies and material weaknesses identified during the engagement, typically done shortly after the conclusion of the engagement. The auditor may report that NO MATERIAL WEAKNESSES were noted during the engagement.

Question 31

Material weaknesses are?

Answer 31

Material weaknesses are so SIGNIFICANT that an audit performed in accordance with GAAS SHOULD IDENTIFY them. As a result, when no material weaknesses have been identified, the auditor may report that NO MATERIAL WEAKNESSES were noted during the engagement. The same is NOT TRUE of significant deficiencies, which are also REQUIRED to be communicated, since it is MORE LIKELY that a significant deficiency may be overlooked in the engagement.

Question 32

Which is an inherent limitation in internal control?

Answer 32

An inherent limitation on internal control is that its EFFECTIVENESS is often DEPENDENT on the consistent application by PEOPLE and HUMAN ERROR, lapses in attention, and faulty judgment will occur regardless of the quality of the system of internal control. INCOMPATIBLE duties, a lack of SEGREGATION of duties, and the LACK of an AUDIT COMMITTEE are all CONTROL DEFICIENCIES but are not inherent limitations of internal control cause they CAN BE CORRECTED.

Question 33

According to the COSO Integrated Framework, REVIEWS of OPERATING PERFORMANCE are an example of which of the five (5) elements of internal control?

Answer 33

Reviews of operating performance would be an example of a control activity involving a PERFORMANCE INDICATORS. Operating performance can be compared to expectations and, if actual performance is NOT reasonably CLOSE to expectations, it may be an indication of a PROBLEM. Risk assessment is the process under which a potential PROBLEM is identified so that control activities can be developed. Monitoring is a process under which the entity determines if controls are being executed as designed.

Question 34

For an issuer (public) company audit of internal control, walkthroughs provide the auditor with primary evidence to?

Answer 34

Walkthroughs are used by the auditor in obtaining an UNDERSTANDING of internal control. They EVALUATE the EFFECTIVENESS of the DESIGN of controls and CONFIRM whether controls have been IMPLEMENTATION. They may involve INQUIRY, OBSERVATION, document INSPECTION, RECALCULATION, and REPERFORMANCE and are used to IDENTIFY deficiencies in design and in operation.

Question 35

Proper authorization of write-offs of uncollectible accounts should be approved in which of the following departments?

Answer 35

The treasurer is ultimately responsible for CASH, so the treasurer should have the responsibility to AUTHORIZE a write-off of receivables. The employees in accounts receivable and accounts payable are responsible for RECORDING and should NOT have AUTHORIZATION duties. The employees in the credit department grant credit so they should NOT have power to AUTHORIZE a write-off.

Question 36

The objectives of internal controls?

Answer 36

The objectives of internal control are ACCURATE and RELIABLE FINANCIAL REPORTING, COMPLIANCE with applicable LAWS and REGULATIONS, and EFFECTIVE and EFFICIENT operations. CONTROL ACTIVITIES are designed to PREVENT ERRORS and FRAUD or to DETECT and CORRECT them on a timely basis in order to ACHIEVE the objective of RELIABLE financial reporting.

Question 37

Which of the following most likely would be an internal control procedure designed to detect errors and irregularities concerning the custody of inventory?

Answer 37

Conducting periodic inventory counts and noting discrepancies enables the entity to promptly determine if inventory was misappropriated. Reconciling WIP with job cost sheets, segregating the functions of general accounting from cost accounting, and approval of inventory journal entries are CONTROLS related to the proper RECORDING of inventory, not its custody.

Question 38

As a result of tests of controls, an auditor assesses control risk too high. This incorrect assessment most likely occurred because?

Answer 38

An auditor assesses control risk too HIGH when a sample is NOT REPRESENTATIVE and the proportion of exceptions in the sample is GREATER than in the population. As a result, control risk based on the auditor’s sample will be HIGHER, NOT LOWER than the TRUE operating EFFECTIVENESS of the control activity. If the auditor believes a control activity relates to an assertion WHEN IT DOES NOT, the auditor will assess control risk too LOW, NOT too HIGH. If the auditor believes that the control activity will REDUCE the extent of SUBSTANTIVE TESTING, it indicates that the auditor believes the control CAN BE RELIED UPON, indicative of a LOW assessment of control risk, NOT HIGH.

Question 39

As a part of understanding the internal control structure of a nonissuer during a GAAS audit, an auditor is not required to?

Answer 39

When obtaining an UNDERSTANDING of internal control in the course of an audit of a NONISSUER, the auditor is NOT REQUIRED to determine the EFFECTIVENESS of the controls. The auditor will, obtain knowledge about operating effectiveness through the performance of TEST of CONTROLS if the auditor intends to assess control risk BELOW the MAXIMUM. When obtaining an UNDERSTANDING of internal controls, the auditor considers FACTORS that affect the risk of misstatement, determines if the controls were PLACE IN OPERATION, seeks to UNDERSTAND the DESIGN of the internal controls, and identifies the potential types of misstatements that may occur.

Question 40

Strong internal controls is an ACE in the hole.

Answer 40

MNEMONIC - ACE
Strong internal controls is an ACE in the hole
A - Accurate and Reliable financial reporting (fair presentation)
C - Compliance with laws and regulations (compliance audit)
E - Effectiveness and efficiency of operations(operational audits)

Question 41

Control Activities (PIPS)

Answer 41

Control Activities (PIPS)
P Performance reviews – actual versus budget, P/Y, financial to non-financial
I Information processing – (IT) general vs. application controls
P Physical counts – access to assets
S Segregation of duties includes assigning different people responsibilities (ARCC-S)

Control activities are the POLICIES and PROCEDURES that management uses to provide reasonable assurance that the entity’s objectives will be achieved.

Question 42

Understanding the Internal Control structure

Answer 42

Understanding the internal control structure
Step 1 Obtain understanding of design of I/C (perform risk) assessment procedures – (CRIME)
Step 2 Document understanding of I/C
Step 3 Assess RMM (RMM = IR x CR)
Step 4 Perform tests of controls
Step 5 Reassess RMM and evaluate results.
Step 6 Document conclusions and determine effect on planned substantive procedures.

Question 43

Risk Assessment Procedures

Answer 43

Risk Assessment Procedures
A Analytical Procedures (using high-level data)
I Inquiries (of mgmt., employees and internal auditors)
I Inspections (of documents and records)
O Observations (the application of a specific control)

Knowledge obtained used to:
– identify types of potential misstatements (errors or fraud)
– consider factors that affect RMM
– design test of controls and substantive procedures

Question 44

Inherent limitations of internal controls (COCO)

Answer 44

Inherent limitations of internal controls (COCO)
C Collusion – (conspire together)
O Override by management – (misbehavior by management)
C Competence/Human error – (misjudgment)
O Obsolescence – (changing companies size)

Question 45

Internal control structure related to spending

Answer 45

Internal control structure related to spending cycle (Questionnaire to document control activities) and I/C activities as well:
P Physical Control(verify all goods receipt)
R Recording (verify receiving reports prepared for all goods received)
A Authority(select individual canceled checks and vouched them purchase orders, receiving reports, vendor invoices, payment vouchers)
I Independent checks
S Segregation of duties (ARCC)
E Evaluate performance

Question 46

Segregation of Duties and the personnel and payroll cycle

Answer 46

Segregation of Duties and the personnel and payroll cycle

– the function of authorizing the hiring of personnel, payroll processing (recording) and distributing payroll checks (custody) should be segregated
– the function of authorizing payroll rate changes and payroll processing (recording) should be segregated
– payroll checks should be prepared by the payroll department and signed by the treasurer, segregating recording and custody.

Question 47

In an integrated audit of a nonissuer, if an auditor concludes that a material weakness exists as of the date specified in management’s assertion, the auditor should take which of the following actions?

Answer 47

A material weakness indicates at least a REASONABLE POSSIBILITY that controls will neither prevent a material misstatement nor detect and correct it on a timely basis. As a result, the EXISTENCE of a MATERIAL WEAKNESS indicates that internal control is NOT EFFECTIVE and the auditor will issue an ADVERSE OPINION in the report on the effectiveness of internal control in an integrated audit of a nonissuer.

Question 48

By confirming accounts receivable directly with customers, the auditor is obtaining?

Answer 48

By confirming accounts receivable directly with customers, the auditor is obtaining evidence supporting the assertions of EXISTENCE and VALUATION.

Question 49

Describes the relationship between the attribute given for a financial statement account and the likely reliance on substantive analytical procedures for that account within an audit:

Answer 49

There is a direct relationship between the adequacy of internal control and the ability of the auditor to rely on substantive analytical procedures. When an entity does not have effective internal controls, the auditor will rely more heavily on tests of details. There is an INVERSE relationship between the risk of material misstatement (RMM) and the ability of the auditor to RELY on substantive analytical procedures. A high RMM implies that internal controls CANNOT be relied upon to prevent or detect and timely correct a material misstatement to the financial statements, which would cause the auditor to rely more HEAVILY on tests of controls. There is a DIRECT relationship between the predictability of relationships among data and the ability of the auditor to rely on substantive analytical procedures. When relationships are predictable, the auditor can establish meaningful expectations that will cause substantive analytical procedures to be MORE EFFECTIVE in the detection of misstatements.

Question 50

What is Kiting?

Answer 50

Kiting occurs when a deposit resulting from a transfer between two cash accounts within the same entity is recorded in an earlier period than the disbursement from the other account, resulting in an OVERSTATEMENT of cash. By preparing a BANK TRANSFER schedule, the auditor can make certain that all transfers deposited are recorded in the same period as the disbursements.

Question 51

What is Lapping?

Answer 51

Lapping occurs when an employee misappropriates cash received and uses subsequent amounts received from other customers to reduce the balances of the misappropriated accounts. As a result, reductions to accounts involved in the lapping scheme will be reduced later than the payment is actually made by the customer. By sending CONFIRMATIONS to customers on a surprise basis, customers may notify the auditor of balances that do not reflect payments that were made. Also compare the details of the cash receipts journal entries with the details of the corresponding daily deposit slips.