MARKED QUESTIONS II Flashcards
2.Ratio estimate: $25000 (audit)/$27500(book) *550,000=500,000 (point estimate)
- Difference Estimation: ($27,500-$25,000)/100*$2,000=$50,000 (adjustment required)
A deficiency in internal control exists when misstatements of the financial statements may occur and not be prevented, detected, or corrected on a timely basis by
A. Outside consultants who issue a special-purpose report on internal control
B. Management or employees in the normal course of performing their assigned functions
C. Management when reviewing interim financial statements and reconciling account balances
D. An independent auditor during the testing of controls phase of the consideration of internal control
B.
A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis.
A dual-purpose test
A. Involves combining a risk assessment procedure and a test of controls
B. Is performed when more persuasive audit evidence is needed
C. Is designed to test both the efficiency and the reliability of a control
D. Is designed and evaluated by considering each purpose of the test separately
D.
A dual-purpose test is designed and evaluated by considering each purpose of the test separately. For example, the auditor may design and evaluate the results of a test to examine an invoice to determine whether it has been approved and to provide substantive audit evidence of a transaction.
Regarding incorrect answer a., a dual-purpose test involves performing a test of details (not a risk assessment procedure) and a test of controls on the same transaction concurrently.
Regarding incorrect answer b., the evidence obtained is not more persuasive. Although it can be a more efficient audit technique if properly planned, the purpose of each test is considered separately.
Incorrect answer c. is a false statement.
A dual-purpose test
A. Involves combining a risk assessment procedure and a test of controls
B. Is performed when more persuasive audit evidence is needed
C. Is designed to test both the efficiency and the reliability of a control
D. Is designed and evaluated by considering each purpose of the test separately
D.
A dual-purpose test is designed and evaluated by considering each purpose of the test separately. For example, the auditor may design and evaluate the results of a test to examine an invoice to determine whether it has been approved and to provide substantive audit evidence of a transaction.
Regarding incorrect answer a., a dual-purpose test involves performing a test of details (not a risk assessment procedure) and a test of controls on the same transaction concurrently.
Regarding incorrect answer b., the evidence obtained is not more persuasive. Although it can be a more efficient audit technique if properly planned, the purpose of each test is considered separately.
Incorrect answer c. is a false statement.
A group engagement team of a nonissuer should ask a component auditor to communicate whether it complied with
A. Ethical requirements relevant to the group audit.
B. State licensure requirements applicable to all group locations.
C. Generally accepted accounting principles relevant to the group audit.
D. Contract billing requirements related to the group audit.
The correct answer is (A).
Regardless of whether reference will be made in the auditor’s report on the group financial statements to the audit of a component auditor, the group engagement team should obtain an understanding of whether a component auditor understands and will comply with the ethical requirements that are relevant to the group audit and, in particular, is independent. Hence, the group engagement team should request a component auditor to communicate matters such as:
Whether the component auditor has complied with ethical requirements relevant to the group audit, including independence and professional competence (权限)
Identification of the financial information of the component on which the component auditor is reporting
The component auditor’s overall findings, conclusions, or opinion
A management’s specialist is best described as
A. An individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the entity to assist the entity in preparing the financial statements
B. An individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the auditor to assist the entity in preparing the financial statements
C. A specialist engaged by management to assist the auditor in obtaining sufficient appropriate audit evidence
D. An individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field or whose data is used by the entity to assist the entity in preparing the financial statements
The correct answer is (A).
GAAS defines a management’s specialist as an individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the entity to assist the entity in preparing the financial statements.
The work of the individual or organization is used by the entity, not the auditor, to assist the entity in preparing the financial statements.
A specialist engaged by the auditor, not management, to assist the auditor in obtaining sufficient appropriate audit evidence is an auditor’s specialist, not a management’s specialist.
When the entity does the work using data provided by an individual or organization, it is not considered to be the use of a management’s specialist by the entity.
Note the differences between A, B, and D. The three options are different:
- A: Work in the field is used by the entity
- B: Work in the field is used by the auditor
- D: Work in the field or whose data is used by the entity
A member of the International Federation of Accountants (IFAC) may practice in a jurisdiction or belong to another professional organization that has less stringent requirements than the IESBA Code of Ethics for Professional Accountants (Code). Which set of requirements should the member follow under these circumstances? A. A member of IFAC shall not apply less stringent standards from those stated in the code under any circumstances. B. A member of IFAC shall not apply less stringent standards from those stated in the code unless prohibited from complying by law or regulation. C. A member of IFAC is allowed to comply with the less stringent requirements if these are imposed by an organization recognized by IFAC. D. A member of IFAC shall request a ruling from IESBA regarding a conflict between its standards and those of another organization.
B. A member of IFAC shall not apply less stringent standards from those stated in the code unless prohibited from complying by law or regulation. In this situation, the member shall comply with all other parts of the Code. Editor’s note: When in doubt, always follow the more “stricter” standards.
A senior auditor conducted a dual-purpose test on a client’s invoice to determine whether the invoice was approved and to ascertain the amount and other terms of the invoice. Which of the following lists two tests that the auditor performed?
A. Substantive procedures and analytical procedures.
B. Substantive analytical procedures and tests of controls.
C. Tests of controls and tests of details.
D. Tests of details and substantive procedures.
The correct answer is (C).
A senior auditor conducted a dual-purpose test on a client’s invoice to determine whether the invoice was approved and to ascertain the amount and other terms of the invoice. He/she concurrently performed tests of controls and tests of details.
Tests of controls - Checks performed to verify whether internal controls are working and are strong.
Tests of details - Substantive procedures that verify different assertions in the financial statements - E.g., Inspection, Existence/Occurrence, etc.
(A) and (D) are incorrect because they do not refer to a test of controls.
(B) is incorrect because verifying dollar amount of the invoice is a test of detail and not an analytical procedure.
A service organization provides processing services for a client’s sales orders. Which of the following information is relevant when gathering data for the report on the service organization’s internal controls?
A. The client’s sales manager reviews accounts receivable balances.
B. The client’s data entry clerk used the sales manager’s password to make unauthorized changes to customer prices.
C. Credit limits are established and updated by the client’s credit department.
D. The service organization’s system calculates accounts receivable balances.
D.
The correct answer is (D).
A service organization provides processing services for a client’s sales orders. Information most relevant when gathering data for the report on internal controls is the accounts receivable balances as the service organization provides processing services for a client’s sales orders.
Information related to the client’s sales manager review of accounts receivable, information related to the client’s data clerk making unauthorized changes to customer prices, or information related to the client’s credit department and their development of credit limits would not provide information about the service organization’s internal controls.
A significant risk A. Should be communicated to those charged with governance B. Requires special audit consideration C. Should be identified by considering the related controls that mitigate its potential effects D. Is related to fraud
B A significant risk is an identified and assessed risk of material misstatement that, in the auditor’s professional judgment, requires special audit consideration. The auditor is required to communicate with those charged with governance an overview of the planned scope and timing of the audit and this may include how the auditor proposes to address the significant risks, but it is not required. In exercising judgment as to whether a risk is significant, the auditor should exclude the effects of identified controls related to the risk. One of the factors the auditor considers in identifying significant risks is whether the risk is a risk of fraud, but not all significant risks are fraud risks.
A weakness in internal control over recording retirements of equipment may cause an auditor to
A. Trace additions to the “other assets” account to search for equipment that is still on hand but no longer being used.
B. Select certain items of equipment from the accounting records and locate them in the plant.
C. Review the subsidiary ledger to ascertain whether depreciation was taken on each item of equipment during the year.
D. Inspect certain items of equipment in the plant and trace those items to the accounting records.
B.
The auditor may test controls over the recording of retirements by tracing certain items of equipment from the accounting records and locating them in the plant to make sure that they have not been retired. Additions to the “other assets” account should have nothing to do with the failure to record retirements of equipment. Tracing from the plant assets to the books would not locate assets which appear on the books even though they have been retired because none of the equipment traced would be retired equipment. If retired equipment that was not fully depreciated was not removed from the records, the related depreciation calculation would not reveal its retirement; further, fully depreciated equipment may or may not still be in use.
According to the profession’s standards, which of the following is not required of a CPA performing a consulting engagement? A. Complying with Statements on Standards for Consulting Services B. Obtaining an understanding of the nature, scope, and limitations of the engagement C. Supervising staff who are assigned to the engagement D. Maintaining independence from the client
D. ET 201 requires a CPA performing a consulting engagement to comply with Standards on Consulting Services and to supervise staff assigned to the engagement. ET 202 requires that the CPA obtain an understanding of the nature, scope, and limitations of the engagement. ET 202 also states that performing a consulting service does not, of itself, impair independence.
According to US GAAS, all of the following are conditions that should be met to allow reference to the audit of a component auditor in the audit report on the group financial statements except
A. The component auditor has performed an audit of the financial statements of the component in accordance with the relevant requirements.
B. The component auditor has issued an audit report that is not restricted as to use.
C. If the component’s financial statements are prepared using a different financial reporting framework from that used for the group financial statements, the measurement, recognition, presentation, and disclosure criteria that are applicable to all material items are similar.
D. If the component’s financial statements are prepared using a different financial reporting framework from that used for the group financial statements, the conversion adjustments needed are not material.
The correct answer is (D).
If the Group Engagement Auditor decides not to assume responsibility for the Component Auditor’s work, the reference to the Component Auditor divides responsibility for the engagement among the Group Engagement Auditor and Component Auditor(s). The Group Engagement Auditor needs to ensure that:
The Component Auditor has audited the component per GAAS (or PCAOB Auditing Standards as applicable) i.e. in accordance with relevant requirements.
The Component Auditor’s report is not restricted as to use
If the financial statements are prepared using a different financial reporting framework from that used for the group financial statements, the group engagement team has ensured the measurement, recognition, presentation, and disclosure criteria that are applicable to all material items are similar and obtained sufficient appropriate audit evidence for purposes of evaluating the appropriateness of the adjustments to convert the component’s financial statements to the financial reporting framework.
Even if the conversion adjustments needed to prepare are material as long as the auditor has applied audit procedures and obtained sufficient appropriate audit evidence, reference to the component auditor can be made.
According to US GAAS, all of the following matters should be communicated by the group engagement team to those charged with governance of the group except
A. An overview of the nature of the group engagement team’s planned involvement in the work to be performed by the component auditors on the financial information of significant components
B. Any limitations on the group audit
C. Instances in which the group engagement team’s evaluation of the work of a component auditor gave rise to a concern about the quality of that auditor’s work
D. All internal control deficiencies that are relevant to the group
The correct answer is (D).
The group engagement team should communicate to group management and those charged with governance of the group material weaknesses and significant deficiencies in internal control that are relevant to the group; not all internal control deficiencies. In addition to the other answer alternatives, the group engagement team should also communicate the following matters to those charged with governance of the group:
(1) an overview of the type of work to be performed on the financial information of the components, including the basis for the decision to make reference to the audit of a component auditor in the audit report on the group financial statements and
(2) fraud or suspected fraud involving group management, component management, employees who have significant roles in group-wide controls, or others in which a material misstatement of the group financial statements has or may have resulted from fraud.
According to US GAAS, all of the following statements about interpretive publications are true, except
A. Interpretive publications are not auditing standards; they are recommendations on the application of US GAAS in specific circumstances.
B. An auditor is not required to consider applicable interpretive publications in planning and performing an audit.
C. Interpretive publications are issued under the authority of the Auditing Standards Board (ASB).
D. Auditing interpretations of US GAAS are included in the codification of US GAAS, following the related AU section.
B.
An auditor is required to consider [should consider] applicable interpretive publications in planning and performing an audit. The other answer alternatives are all true statements.
Editor Note: Regarding answer A., interpretive publications are not auditing standards. They are recommendations on the application of US GAAS in specific circumstances, including engagements for entities in specialized industries.
Regarding answer C., an interpretive publication is issued under the authority of the ASB after all ASB members have been provided an opportunity to consider and comment on whether it is consistent with US GAAS.
Regarding answer D., although interpretive publications are not auditing standards, auditing interpretations of US GAAS, a type of interpretive publication, are included in the codification of US GAAS. Auditing interpretations of US GAAS immediately follow the related AU section and have been assigned the same section number preceded by the number 9. (Not all AU sections have auditing interpretations of US GAAS.) Interpretive publications include: auditing interpretations of US GAAS (included in the codification of US GAAS following the related AU section); exhibits to US GAAS (included in the codification of US GAAS following the application and explanatory materials portion of AU sections); and auditing guidance in AICPA Audit and Accounting Guides and AICPA Auditing Statements of Position.
According to US GAAS, audit procedures performed on the consolidation process should include all of the following except
A. Evaluating whether all components have been included in the group financial statements
B. Evaluating the appropriateness, completeness, and accuracy of consolidation adjustments and reclassifications
C. Perform procedures to identify material instances of non-compliance
D. Evaluating whether any fraud risk factors or indicators of possible management bias exist
C.
The correct answer is (C).
The group engagement team should perform the following audit procedures on the consolidation process:
- Evaluating whether all components have been included in the group financial statements.
- Evaluate the appropriateness, completeness, and accuracy of consolidation adjustments and reclassifications and should evaluate whether any fraud risk factors or indicators of possible management bias exist.
- If the financial information of a component has not been prepared in accordance with the same accounting policies applied to the group financial statements, the group engagement team should evaluate whether the financial information of that component has been appropriately adjusted for purposes of the preparation and fair presentation of the group financial statements.
- If the group financial statements include the financial statements of a component with a financial reporting period-end that differs from that of the group, the group engagement team should evaluate whether appropriate adjustments have been made to those financial statements in accordance with the applicable financial reporting framework.
The auditor is not specifically required to perform procedures to identify instances of Non-Compliance in GAAS audits.
According to US GAAS, if the group engagement partner decides to assume (承担) responsibility for the work of a component auditor, the group engagement partner
A. Should make reference to the audit of the component auditor in the audit report on the group financial statements
B. Should be involved in the work of the component auditor, insofar as that work relates to the expression of an opinion on the group financial statements
C. Need not assess the component auditor’s independence or professional competence
D. Should make reference to the audit of the component auditor as well as name the component auditor in the audit report on the group financial statements
B.
If the group engagement partner decides to assume responsibility for the work of a component auditor, the group engagement partner is required to be involved in the work of the component auditor, insofar as that work relates to the expression of an opinion on the group financial statements.
Editor’s note: Remember, if as the group auditor, if you’re planning on assuming responsibility for a component auditor’s work, you want to take credit for it, and the best way to do so is to get involved with the component auditor’s work so make sure that a good job is being done!
Regarding incorrect answers A. and D., under these circumstances, no reference will be made to the component auditor in the group audit report. Further regarding incorrect answer D., if the group engagement auditor does not assume responsibility and thus, makes reference to the component auditor, the component auditor may also be named, but this is not a requirement. (Naming should only be done with the component auditor’s express permission and the component auditor’s report should be presented together with that of the audit report on the group financial statements.)
Regarding incorrect answer C., regardless of whether reference to a component auditor will be made in the audit report, the group engagement team should obtain an understanding of the component auditor which includes determining whether the component auditor understands and will comply with the ethical requirements that are relevant to the group audit and, in particular, is independent. An assessment of the component auditor’s professional competence should also be performed.
There are other required elements of this understanding: (1) the extent, if any, to which the group engagement team will be able to be involved in the work of the component auditor; (2) whether the group engagement team will be able to obtain information affecting the consolidation process from a component auditor; and (3) whether a component auditor operates in a regulatory environment that actively oversees auditors.
According to US GAAS, in general, misstatements in the financial statements, including omissions, are considered to be material when, individually or in the aggregate,
A. If uncorrected, would preclude an unmodified opinion on the financial statements.
B. If uncorrected, would require an adverse opinion on the financial statements.
C. They could reasonably be expected to influence the economic decisions of users that are taken based on the financial statements.
D. They are inconsistent with the criteria of the applicable financial reporting framework.
C.
In general, misstatements, including omissions, are considered to be material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users that are taken based on the financial statements. The concept of materiality is applied by the auditor when both planning and performing the audit; and in evaluating the effect of identified misstatements on the audit and uncorrected misstatements, if any, on the financial statements. Judgments about materiality are made in light of surrounding circumstances and involve both qualitative and quantitative considerations. These judgments are affected by the auditor’s perception of the financial information needs of users of the financial statements and by the size and/or nature of a misstatement.
Regarding incorrect answer D., it does not reflect the comprehensive nature of the considerations involved described in the preceding explanation of the correct answer.
Regarding incorrect answers A. and B., they are not true because US GAAS does not preclude nor require a type of opinion based solely on materiality—all modified opinions are due to matters that are judged by the auditor to be material.
According to US GAAS, regarding materiality considerations in group audits
A. The group engagement team should set materiality for the group financial statements as a whole equal to that of the component with the lowest level when establishing the overall group audit strategy.
B. Component materiality should be determined taking into account only those components referenced in the audit report on the group financial statements.
C. A threshold (标准) for misstatements is determined in addition to component materiality.
D. The group engagement team should review the component materiality determined by each component.
C.
A threshold for misstatements is determined in addition to component materiality. This is a threshold above which misstatements cannot be regarded as clearly trivial to the group financial statements. (Misstatements identified in the financial information of the component that are above this threshold for misstatements of the group are communicated to the group engagement team.) The group engagement team should determine materiality, including performance materiality, for the group financial statements as a whole when establishing the overall group audit strategy. Regarding incorrect answer A., there is no such requirement to set materiality equal to the component with the lowest level. Regarding incorrect answer B., component materiality should be determined taking into account all components, regardless of whether reference is made in the audit report on the group financial statements to the audit of a component auditor. Regarding incorrect answer D., component materiality is the materiality for a component that is determined by the group engagement team for the purposes of the group audit.
Editor’s note: Again, don’t let the term “group” or “component” throw you off on these types of questions; as the auditor you’re still performing the same planning procedures, which include materiality and the related threshold for clearly trivial items. One of the major differences with the group and component audits is considering the group and the component(s) as standalone entities for purposes of materiality.
According to US GAAS, the applicable financial reporting framework adopted by an entity may encompass financial accounting standards promulgated by a standards-setting organization; legislative or regulatory requirements; and/or other sources. These sources may also provide direction on the application of the applicable financial reporting framework. When conflicts in the guidance among these sources exist
A. The source with the highest authority prevails.
B. The auditor exercises professional judgment to determine the most appropriate guidance to advocate.
C. The source that is the most prevalent in the entity’s industry should be followed.
D. Decisions about an entity’s applicable financial reporting framework are the responsibility of management and, when appropriate, those charged with governance.
A.
When conflicts in the guidance among the sources of an entity’s applicable financial reporting framework exist, the source with the highest authority prevails.
Regarding incorrect answer B., it is a true statement, but it is not the best answer. Note that professional judgment is not to be used as the justification for decisions that are not otherwise supported by the facts and circumstances of the engagement or by sufficient appropriate audit evidence.
Regarding incorrect answer C., prevalent general and industry practices may be considered, but they would only prevail in a conflict if they were the source with the highest authority available on a particular issue.
Regarding incorrect answer D., it is a true statement, but it is not the best answer, i.e., it is not responsive to the question. As for the statement, management and, when appropriate, those charged with governance, have responsibility for the preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework. And the auditor evaluates management’s judgments in applying the entity’s applicable financial reporting framework.
According to US GAAS, to express an opinion, the auditor obtains reasonable assurance about whether the financial statements are free from material misstatement. Obtaining reasonable assurance directly relates to all of the following except
A. Planning the work and properly supervising any assistants
B. Recognizing that circumstances may exist that cause the financial statements to be materially misstated
C. Determining and applying appropriate materiality level(s) throughout the audit
D. Identifying and assessing risks of material misstatement (RMM)
B.
Answer B., recognizing that circumstances may exist that cause the financial statements to be materially misstated, is not one of the actions the auditor takes. According to US GAAS, to obtain reasonable assurance, it is the reason that an auditor should plan and perform an audit with professional skepticism. The other answer alternatives are three of the four actions the auditor takes, according to US GAAS, to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. The remaining action the auditor takes to obtain reasonable assurance is obtaining sufficient appropriate audit evidence [about whether material misstatements exist, through designing and implementing appropriate responses to the assessed risks].
According to US GAAS, when performing an audit on the financial information of a component, the group engagement team or the component auditor should perform procedures designed to identify relevant subsequent events at that component that occur between the date of the financial information of the component and
A. The date when sufficient appropriate evidence on which to base the auditor’s opinion on the component financial information has been obtained
B. The date of the audit report on the group financial statements
C. The date of the release of the audit report on the group financial statements
D. As near as practicable to the date of the release of the audit report on the group financial statements
B.
When the group engagement team or component auditors perform audits on the financial information of components, the group engagement team or the component auditors should perform procedures designed to identify events at those components that occur between the dates of the financial information of the components and the date of the audit report on the group financial statements. In addition, that may require adjustment to, or disclosure in, the group financial statements.
According to US GAAS, when the auditor of the group financial statements is assuming responsibility for the work of component auditors, for components that are not significant components, the group engagement team should perform
A. Analytical procedures at the group level
B. An audit using component materiality
C. An audit of one or more account balances, classes of transactions, or disclosures relating to the likely significant risks of material misstatement of the group financial statements
D. Specified audit procedures relating to the likely significant risks of material misstatement of the group financial statements
A.
When the auditor of the group financial statements is assuming responsibility for the work of component auditors, for components that are not significant components, the group engagement team should perform analytical procedures at the group level. The group engagement team, or a component auditor on its behalf, should perform one or more of the other answer alternatives for a component that is significant not due to its individual financial significance but because it is likely to include significant risks of material misstatement of the group financial statements due to its specific nature or circumstances.
Editor’s note: Consider the language in the question; the group auditor is assuming responsibility for the work of component auditors. For components that the component auditors have not audited, why should the group auditor perform audit work in addition to what they’ve agreed with the entity on (i.e. perform audits in addition to the group)? Considering this logic will help you answer this question from a logic perspective.
According to US GAAS, when the auditor of the group financial statements is assuming responsibility for the work of component auditors, for a component that is significant due to its individual financial significance to the group, the group engagement team, or a component auditor on its behalf, should perform
A. Analytical procedures at the group level
B. An audit using component materiality
C. An audit of one or more account balances, classes of transactions, or disclosures relating to the likely significant risks of material misstatement of the group financial statements
D. Specified audit procedures relating to the likely significant risks of material misstatement of the group financial statements
B.
For a component that is significant due to its individual financial significance to the group, the group engagement team, or a component auditor on its behalf, should perform an audit of the financial information of the component, adapted as necessary to meet the needs of the group engagement team, using component materiality.
Regarding incorrect answer A., for components that are not significant components, the group engagement team should perform analytical procedures at the group level.
Regarding incorrect answers C. and D., these plus answer a. are the options, one or more of which, that should be performed for a component that is significant not due to its individual financial significance but because it is likely to include significant risks of material misstatement of the group financial statements due to its specific nature or circumstances
After obtaining an understanding of the entity and its environment and assessing the risk of material misstatement, an auditor decided to perform tests of controls. The auditor most likely decided that
A. It would be efficient to perform tests of controls that would result in a reduction in planned substantive tests.
B. Additional evidence to support a further reduction in control risk is not available.
C. An increase in the assessed level of control risk is justified for certain financial statement assertions.
D. There were many internal control weaknesses that could allow errors to enter the accounting system.
A.
Answer a., the auditor most likely decided that the internal control system was effective and thus, it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests. Regarding incorrect answer b., if evidence is not available, tests of controls are not performed. Regarding incorrect answer c., as the assessed level of control risk increases, the auditor is less likely to test controls. Regarding incorrect answer d., if the auditor is aware of many internal control weaknesses, the assessed level of control risk will be high, and controls will not be tested.
Although financial reporting frameworks may discuss materiality in different terms, they generally explain all of the following except
A. Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users made on the basis of the financial statements.
B. Judgments about materiality are made in light of surrounding circumstances and are affected by the size or nature of a misstatement, or a combination of both.
C. Judgments about matters that are material to users of the financial statements are based on a consideration of the common financial information needs of users as a group.
D. The possible effect of misstatements on specific individual users is also considered.
D.
The possible effect of misstatements on specific individual users, whose needs may vary widely, is not considered.
An audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in an audit of financial statements?
A. Issue a qualified opinion on the basis of a scope limitation
B. Document the auditor’s understanding of internal controls.
C. Assess control risk at the maximum level
D. Restrict the auditor’s responsibility to assess the effectiveness of controls in the audit engagement letter
B.
The auditor should document key elements of the auditor’s understanding of internal control regardless of the client’s records. The client’s failure to do so does not constitute a scope limitation; necessitate that the auditor assess control risk at the maximum level; nor restrict the auditor’s responsibility to assess the effectiveness of controls.
An auditor assesses the risk of material misstatement at the assertion level to A. Obtain an understanding of the entity’s environment B. Determine the auditor’s materiality levels C. Determine further risk assessment procedures D. Determine further audit procedures
D. The risk of material misstatement (RMM) at the assertion level is assessed in order to determine the nature, extent, and timing of further audit procedures necessary to obtain sufficient appropriate audit evidence. This evidence enables the auditor to express an opinion on the financial statements at an acceptably low level of audit risk. Regarding incorrect answer A., the auditor performs risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control. This understanding aids the identification and assessment of the RMM; obtaining an understanding of the entity’s environment is not the result of the assessment of the RMM. Regarding incorrect answer B., judgments about materiality levels provide a basis for the assessment of the RMM as well as the determination of the nature and extent of risk assessment procedures and the nature, extent, and timing of further audit procedures. They are not a result of the assessment of the RMM. Regarding incorrect answer C., risk assessment procedures are also performed (in addition to obtain an understanding of the entity), to identify and assess the RMM; not vice versa.
An auditor has set the materiality level for the financial statements as a whole at $125,000. Which of the following misstatements would the auditor most likely consider material?
A. The client did not record $47,000 in trade accounts payable at year-end.
B. The client did not disclose $45,000 of related party transactions in the footnotes.
C. The client misclassified $42,000 of supplies expense as a miscellaneous expense.
D. The client’s estimate of the allowance for doubtful accounts is $40,000 more than the auditor’s estimate.
The correct answer is (B).
The materiality of the transaction to the financial statement users does not depend solely on the recorded amount of the transaction but also on other specific relevant factors, such as the nature of the related party relationship. Related party transactions may indicate an increased risk of material misstatement of the financial statements. Hence, amongst all undisclosed $45,000 would most likely be considered material by the auditor.
An auditor is concerned about a policy of management override as an inherent limitation of internal control. Which of the following tests would best assess the validity of the auditor’s concern?
A. Matching purchase orders to accounts payable
B. Verifying that approved spending limits are not exceeded
C. Tracing sales orders to the revenue account
D. Reviewing minutes of board meetings
B.
Verifying that approved spending limits are not exceeded would best assess the validity of the auditor’s concern about a policy of management override because it is management’s responsibility to authorize expenditures. Irregularities which might be discovered by matching purchase orders to accounts payable or tracing sales orders to revenue accounts might not involve management. Undetected management override of controls would not be described in minutes of board meetings.
An auditor is determining if internal control relative to the revenue cycle of a wholesaling entity is operating effectively in minimizing the failure to prepare sales invoices. The auditor most likely would select a sample of transactions from the population represented by the
A. Cash receipts file
B. Shipping document file
C. Customer order file
D. Sales invoice file
B.
The auditor should make the selection from the shipping document file. Attempting to match shipping documents to invoices would reveal goods shipped that were not invoiced. The cash receipts file contains evidence of payments, so it would be highly unlikely to discover payments received from customers who weren’t billed. The customer order file would be a workable but inefficient choice by the auditor because normally goods are not invoiced until they are shipped, so it would involve checking shipping documents as well to confirm the sale. The sales invoice file would not be used because the auditor is looking for sales that were not invoiced.
An auditor may decide to perform only substantive procedures for specific assertions because the auditor believes
A. Control policies and procedures are unlikely to pertain to the assertions.
B. The entity’s control environment, monitoring, and control activities are interrelated.
C. Sufficient audit evidence to support the assertions is likely to be available.
D. More emphasis on tests of controls than substantive tests is warranted.
A.
In some cases, the auditor may determine that performing only substantive procedures is appropriate for specific relevant assertions and risks. In those circumstances, the auditor may exclude the effect of controls from the relevant risk assessment. This may be because the auditor’s risk assessment procedures have not identified any effective controls relevant to the assertion or because testing the operating effectiveness of controls would be inefficient.
An auditor searching for related-party transactions should obtain an understanding of each subsidiary’s relationship to the total entity because
A. The business structure may be deliberately designed to obscure related-party transactions.
B. Intercompany transactions may have been consummated on terms equivalent to arm’s-length transactions.
C. This may reveal whether particular transactions would have taken place if the parties had not been related.
D. This may permit the audit of intercompany account balances to be performed as of concurrent dates.
A.
When searching for related-party transactions, the auditor should obtain an understanding of each subsidiary’s relationship to the total entity because business structure and operating style are occasionally deliberately designed to obscure related party transactions. Answers b., c., and d. are not reasons for an auditor to obtain an understanding of each subsidiary’s relationship to the total entity.
An auditor should design the written audit plan (or program) so that
A. All material transactions will be selected for substantive testing.
B. Substantive tests prior to the balance sheet date will be minimized.
C. The audit procedures selected will achieve specific audit objectives.
D. Each account balance will be tested under either tests of controls or tests of details.
C.
The auditor should prepare a written audit plan (or program). The audit plan should detail the nature, extent, and timing of the audit procedures that are necessary to accomplish the objectives of the audit. All material transactions* and all account balances are not required to be tested in all circumstances. Minimizing substantive tests prior to the balance sheet date is not required.
An auditor suspects that a client’s cashier is misappropriating cash receipts for personal use by lapping customer checks received in the mail. In attempting to uncover this embezzlement scheme, the auditor most likely would compare the A. Dates checks are deposited per bank statements with the dates remittance credits are recorded B. Daily cash summaries with the sums of the cash receipts journal entries C. Individual bank deposit slips with the details of the monthly bank statements D. Dates uncollectible accounts are authorized to be written off with the dates the write-offs are actually recorded
A. Lapping involves the theft of one customer’s payment and subsequently crediting the customer with payment made by another customer. Future remittances may be deposited but would be credited to the account from which funds were stolen, thus comparison of remittance dates would detect the scheme. Answers (b), (c), and (d) occur after the theft and would not show differences to pursue.
An auditor suspects that certain client employees are ordering merchandise for themselves over the internet without recording the purchase or receipt of the merchandise. When vendors’ invoices arrive, one of the employees approves the invoices for payment. After the invoices are paid, the employee destroys the invoices and the related vouchers. In gathering evidence regarding the fraud, the auditor most likely would select items for testing from the file of all: A. Cash disbursements; B. Approved vouchers; C. Receiving reports; D. Vendors’ invoices
A. Since the employee is destroying the invoices and related vouchers, the most obvious documentation remaining would be the file of all cash disbursements. The auditor would select items from this file and then attempt to trace from specific cash disbursements to the related invoices and approved vouchers. Missing documentation might be indicative of fraud. C is in correct. Selecting items from the file of receiving reports will not identify fraudulent purchases that are shipped directly to the employees’ home addresses.
An auditor uses the assessed risk of material misstatement to A. Evaluate the effectiveness of the entity’s internal control policies and procedures. B. Identify transactions and account balances where inherent risk is at the maximum. C. Indicate whether materiality thresholds for planning and evaluation purposes are sufficiently high. D. Determine the acceptable level of detection risk for financial statement assertions.
D. The auditor should design and perform further audit procedures whose nature, extent, and timing are responsive to the assessed risk of material misstatement (RMM) at the relevant assertion level. Detection risk is a function of the effectiveness of an auditing procedure and its application by the auditor; therefore, the assessed RMM will determine the acceptable level of detection risk and hence the appropriate audit procedures to be performed. The effectiveness of internal control, inherent risk, and materiality thresholds are all factors that help the auditor assess the RMM.
An auditor who identifies a potential fraud that is significant within the context of the audit under generally accepted government auditing standards would most appropriately respond first in which of the following manners? A. Recommend a separate engagement to determine whether fraud has occurred. B. Extend audit procedures as necessary to determine whether fraud has occurred. C. Refer investigation of the potential fraud to the party with oversight responsibility. D. Communicate the potential fraud directly to management.
B. The auditor’s responses to address specifically identified risks of fraud may include changing the nature, timing, and extent of auditing procedures in the following ways The nature of auditing procedures performed may be changed to provide more reliable audit evidence. The timing of substantive tests may need to be modified and should be performed at or near the end of the reporting period. The extent of the procedures applied should be increased by increasing the sample size. Hence, the auditor will extend audit procedures as necessary to determine whether fraud has occurred
The Public Company Accounting Oversight Board (PCAOB) uses the term internal control over financial reporting to describe a process that does not include which of the following?
A. Procedures performed by the auditor
B. Procedures that pertain to the maintenance of reasonably detailed records that accurately and fairly reflect the transactions and dispositions of the company’s assets
C. Procedures that provide reasonable assurance that transactions are recorded as necessary to permit preparation of the financial statements in accordance with GAAP and that receipts and expenditures are made only in accordance with company management and director authorization
D. Procedures that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of company assets that could have a material effect on the financial statements
A.
An auditor’s procedures performed during either an audit of ICFR or an audit of financial statements are not part of a company’s internal control over financial reporting (ICFR). The term internal control over financial reporting is defined as a process designed by, or under the supervision of, the company’s principal executive and principal financial officers, or persons performing similar functions, and effected by the company’s board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP.
Answers B, C, and D describe what its policies and procedures pertain to or provide.
An entity’s internal control requires for every check request that there be an approved voucher, supported by a prenumbered purchase order and a prenumbered receiving report. To determine whether checks are being issued for unauthorized expenditures, an auditor most likely would select items for testing from the population of all
A. Purchase orders
B. Canceled checks
C. Receiving reports
D. Approved vouchers
B.
When internal control dictates that each check be accompanied by an approved voucher, and supported by a prenumbered purchase order and a prenumbered receiving report, the auditor would select items for testing from the population of all the canceled checks. If the auditor were to consider populations made up of all purchase orders, receiving reports, or approved vouchers, those canceled checks which were issued without such supporting documentation would not be discovered.
As a result of control testing, a CPA has decided to reduce control risk. What is the impact on the substantive testing sample size if all other factors remain constant?
A. The sample size would be irrelevant.
B. The sample size would be higher.
C. The sample size would be lower.
D. The sample size would be unaffected.
The correct answer is (C).
A CPA has decided to reduce control risk, so the substantive testing sample size would be lower.
The CPA has reduced control risk and can afford a higher detection risk and will be satisfied with a smaller, less time-consuming sample size during substantive testing. With lower control risk, an auditor can afford a higher detection risk and use a smaller sample size.
As the acceptable level of detection risk decreases, an auditor may A. Reduce substantive testing by relying on the assessments of inherent risk and control risk. B. Postpone the planned timing of substantive tests from interim dates to the year-end. C. Eliminate the assessed level of inherent risk from consideration as a planning factor. D. Lower the assessed level of control risk from high to low.
B. A decrease in the acceptable level of audit risk or in the amount considered material will result in the auditor’s modifying the audit plan to obtain greater assurance from substantive testing by (1) selecting a more effective audit procedure, (2) applying procedures nearer to year end, or (3) increasing the extent of particular tests.
As the result of tests of controls, an auditor assessed control risk too low and decreased substantive testing. This assessment occurred because the true deviation rate in the population was:
More than the deviation rate in the auditor’s sample. If the actual deviation rate in the population exceeds the maximum deviation rate based on the sample, control risk will be understated, since the control will be less effective than sample results would indicate.
Attribute sampling is primarily used for testing internal controls (testing for specific characteristics [seeking IC errors]). Often the attribute sampling application can be identified by finding the option that deals with yes-or-no questions (e.g., is the invoice properly approved?)
Variables sampling and PPS sampling are typically used in substantive testing of account balances (Estimating the dollar value of the population)
Audit programs should be designed so that
A. Most of the required procedures can be performed as interim work.
B. Inherent risk is assessed at a sufficiently low level.
C. The auditor can make constructive suggestions to management.
D. The audit evidence gathered supports the auditor’s conclusions.
D.
The primary purpose of the audit is to provide users of the financial statements with an opinion. The objective of the auditor is to design and perform audit procedures that enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. The design of the audit program has no effect on inherent risk. Procedures may be performed prior to the balance sheet date only if the effectiveness of interim work is not likely to be impaired. Suggestions to management are secondary considerations in an audit.
Audit risk is a function of A. The risk of material misstatement and inherent risk B. Control risk and detection risk C. Inherent risk and control risk D. The risk of material misstatement and detection risk
D. Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risk of material misstatement (RMM) and detection risk. The RMM is the risk that the financial statements are materially misstated prior to the audit. This consists of two components at the assertion level: (1) inherent risk, which is the susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls; and (2) control risk, which is the risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control. Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements. It is a function of the effectiveness of an audit procedure and of its application by the auditor, i.e., an auditor might select an inappropriate audit procedure, misapply an appropriate audit procedure, or misinterpret the audit results.
Auditors try to identify predictable relationships when using analytical procedures. Relationships involving transactions from which of the following accounts most likely would yield the highest level of evidence? A. Accounts receivable; B. Interest expense; C. Accounts payable; D. Tavel and entertainment expense.
B Relationships among income statement accounts tend to be more predictable than balance sheet accounts (AR, AP)because they present transactions over a period of time rather than at one point in time. In addition, relationships involving transactions subject to management discretion (travel and entertainment ) are less predictable.
Before applying principal substantive tests to an entity’s accounts receivable at an interim date, an auditor should
A. Consider the likelihood of assessing the risk of incorrect rejection too low
B. Project sampling risk at the maximum for tests covering the remaining period
C. Ascertain that accounts receivable are immaterial to the financial statements
D. Assess the difficulty in controlling the incremental audit risk
D.
When substantive procedures are performed at an interim date, the auditor should perform further substantive procedures or a combination of substantive procedures and tests of controls covering the remaining period to provide a reasonable basis for extending the audit conclusions to the end of the period. Interim testing increases the risk that misstatements existing at the period end will not be detected. Evaluations of in appropriate assessments of risk would not be a factor in deciding whether interim testing would be appropriate. Sampling risk need not necessarily be projected at the maximum for tests covering the remaining period. Whether or not substantive tests of accounts receivable may be performed at an interim date does not hinge on whether the balance is material to the financial statements.
Business risk
A. Is broader than the risk of material misstatement of the financial statements
B. Does not include the risk of material misstatement of the financial statements
C. Is management’s concern, not the auditor’s
D. Gives rise to risks of material misstatement in all cases
A.
Business risk is broader than the risk of material misstatement of the financial statements, though it includes the latter. Usually, management identifies business risks and develops approaches to address them. (Such a risk assessment process is part of internal control.) The auditor should also consider business risk because an understanding of the business risks facing the entity increases the likelihood of identifying risks of material misstatement. This is because most business risks will eventually have financial consequences and, therefore, an effect on the financial statements. Not all business risks give rise to risks of material misstatement; thus, the auditor does not have a responsibility to identify or assess all business risks. (Whether a business risk may result in a risk of material misstatement is considered in light of the entity’s circumstances.)
Editor Note: Business risk is defined by US GAAS as the risk resulting from significant conditions, events, circumstances, actions, or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies or from the setting of inappropriate objectives and strategies.
Deviation rate in the sample
Is the auditor’s best estimate of the deviation rate in the population from which it was selected.
Each of the following is an ethical principle that should guide the work of auditors in the conduct of audits under government auditing standards, except A. Materiality B. Integrity C. The public interest D. Proper use of government information
A. Materiality is not an ethics principle. The AICPA Code of Professional Conduct outlines public interest, integrity, and confidentiality as principles. The IFAC Code of Ethics for Professional Accountants outlines public interest, integrity, and confidentiality as principles. Responsibility and confidentiality both encompass “proper use of government information.”
Equipment acquisitions that are misclassified as maintenance expense most likely would be detected by an internal control procedure that provides for
A. Segregation of duties of employees in the accounts payable department
B. Authorization by the board of directors of significant equipment acquisitions
C. Investigation of variances within a formal budgeting system
D. Independent verification of invoices for disbursements recorded as equipment acquisitions
C.
The investigation of variances within a formal budgeting system would identify any unusual and unanticipated fluctuations in the repair and maintenance accounts when asset acquisitions are recorded there incorrectly. The segregation of [incompatible] duties is a good control; however,
answer A. would not ensure that equipment acquisitions were not misclassified.
Answer B. would not prevent the recording of an acquisition to the repair and maintenance accounts, nor would it serve to identify misclassifications.
Answer D. would not ensure that equipment purchases were recorded properly because these invoices only represent those acquisitions which are already properly recorded as fixed assets.
Existence is generally a more relevant assertion than completeness when auditing the revenue cycle. The risk that accounts receivable and sales will be overstated (existence) is high, while the risk that accounts receivable and sales will be understated (completeness) is low.
For accounts payable, the completeness and accuracy assertions are generally more relevant than the existence and rights and obligations assertions, because the risk of understatement is greater than the risk of overstatement.
Factor Sample size Want less deviation More Accept more deviation Less
Factor Sample size Expect less deviation Less Expect more deviation More
Facts: Total book value $550,000 Audited book value $27,500 Audited item true value $25,000 Population 2000 items Item tested 100 items Audited items average value $250 Standard error of mean $10
1.Mean-per-Unit Estimation: $250*2,000=$500,000(point estimate); $10*2,000=+/-2,000 (at 1 standard deviation)precision
For effective internal control, the Accounts Payable Department generally should
A. Stamp, perforate, or otherwise cancel supporting documentation after payment is mailed
B. Ascertain that each requisition is approved as to price, quantity, and quality by an authorized employee
C. Obliterate the quantity ordered on the Receiving Department copy of the purchase order
D. Establish the agreement of the vendor’s invoice with the receiving report and purchase order
D.
The agreement of the documents will verify that the goods were ordered (purchase order), received (receiving report), and the company has been billed (vendor’s invoice). The individual signing the checks, not accounts payable, should stamp, perforate, or otherwise cancel the supporting documentation. The purchasing department, not accounting, is involved with the approval of purchase requisitions and blanking out the quantity ordered on the receiving department copy of the purchase order.
For the most effective internal control, monthly bank statements should be received directly from the banks and reviewed by the
A. Cash disbursements accountant
B. Cash receipts accountant
C. Controller
D. Internal auditor
D.
Internal verifications of cash balances generally should be made monthly. Recorded cash on hand and petty cash balances should be compared with cash counts and recorded bank balances should be reconciled to balances shown on bank statements. These verifications should be made by personnel who are not otherwise involved in executing or recording cash transactions to maintain a segregation of functions. The cash receipts accountant, the cash disbursements accountant, and the controller should not reconcile the monthly statements as they are involved in the executing or recording of cash transactions.
For which of the following audit tests would an auditor most likely use attribute sampling? A. Selecting AR for confirmation of account balances; B. Inspecting employee time cards for proper approval by supervisors; C. Making an independent estimate of the amount of a LIFO inventory; D. Examining invoices in support of the valuation of fixed asset additions.
B. Attribute sampling is used to test controls. Inspecting employee time cards for proper approval by supervisors is a test of controls. Controls often relate to authorization, validity, completeness, accuracy, appropriate classification, accounting in conformity with GAAP, and proper period. Look for these terms in identifying which option is a test of control. Words such as accountant balance, amount, valuation, presentation, and disclosure are more likely to relate to substantive test.
If an auditor of an issuer examines purchase orders obtained from the issuer to verify the proper authorization of transactions, then the auditor is conducting
A. A re-performance.
B. A confirmation.
C. An observation.
D. An inspection.
The correct answer is (D).
While conducting an inspection, an auditor examines documents and records used in internal control, such as authorization forms and procedure manuals. Thus, examining purchase orders to verify the proper authorization of transactions is an example of inspection.
(A) is incorrect because, in a re-performance, the auditor applies the control that the client personnel presumably performed earlier.
(B) is incorrect because confirmation is a substantive procedure to verify the existence of transactions and balances. The given instance is of a test of control to verify the proper authorization of transactions.
(C) is incorrect because while conducting an observation, the auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
If an auditor performing an integrated audit identifies one or more material weaknesses in a non-issuer’s internal control, the auditor should
A. Expand the procedures of internal control to identify deficiencies less severe than material weaknesses.
B. Conclude that the financial statements are materially misstated because of the material weakness in internal control.
C. Disclaim an opinion on internal control.
D. Express an adverse opinion on the entity’s internal control.
The correct answer is (D).
Material weaknesses are severe enough that they always result in an adverse opinion. In terms of severity, the following are the rankings for control deficiencies and audit opinions.
In terms of severity (least to most): Control Deficiency > Significant deficiency > Material Weakness
In terms of severity (least to most): Unqualified > Qualified > Adverse
(A) is incorrect because the auditor is not required to search for deficiencies less severe than material weaknesses.
(B) is incorrect because there is a possibility that the financial statements are fairly stated even though there are material weaknesses in the internal control.
(C) is incorrect because a disclaimer of opinion should only be given in case of a scope limitation and not on identification of material weaknesses.
If during the audit, the auditor concludes that the materiality for the financial statements as a whole (and, if applicable, materiality level or levels for particular classes of transactions, account balances, or disclosures) is inappropriate and thus revises materiality levels, the auditor is required to
A. Determine whether it is also necessary to revise performance materiality and whether the nature, timing, and extent of the further audit procedures remain appropriate, but only when the materiality for the financial statements taken as a whole is lowered
B. Determine whether it is also necessary to revise performance materiality, but only when the materiality for the financial statements taken as a whole is lowered
C. Determine whether it is also necessary to revise performance materiality and whether the nature, timing, and extent of the further audit procedures remain appropriate if the materiality for the financial statements taken as a whole is revised in either direction
D. Determine whether it is also necessary to revise performance materiality if the materiality for the financial statements taken as a whole is revised in either direction
The correct answer is (A).
Materiality for the financial statements as a whole (and, if applicable, the materiality level or levels for particular classes of transactions, account balances, or disclosures) may need to be revised as a result of a change in circumstances that occurred during the audit (for example, a decision to dispose of a major part of the entity’s business), new information, or a change in the auditor’s understanding of the entity and its operations as a result of performing further audit procedures.
For example, if, during the audit, it appears as though actual financial results are likely to be substantially different from the anticipated period-end financial results that were used initially to determine materiality for the financial statements as a whole, the auditor may be required to revise materiality.
If the auditor concludes that a lower materiality than that initially determined for the financial statements taken as a whole (and, if applicable, materiality level or levels for particular classes of transactions, account balances, or disclosures) is appropriate, the auditor should determine whether it is necessary to revise performance materiality and whether the nature, timing, and extent of the further audit procedures remain appropriate. This, of course, should be appropriately documented.
In a probability-proportional-to-size sample with a sampling interval of $10,000, an auditor discovered that a selected AR with a recorded amount of $5000 had an audited amount of $4000. If this were the only misstatement discovered by the auditor, the projected misstatement of this sample would be
$2000 $5,000-4,000-1,000 1,000/5,000=20% $10,000*20%=2,000
In addition to evaluating the frequency of deviations in tests of controls, an auditor should also consider certain qualitative aspects of the deviations. The auditor most likely would give broader consideration to the implications of a deviation if it was: A. The only deviation discovered in the sample; B. Identical to a deviation discovered during the prior year’s audit; C. Caused by an employee’s misunderstanding of instructions; D. Initially concealed by a forged document.
D The auditor should consider both the qualitative and the quantitative aspects of deviations in tests of controls. Qualitative aspects might include whether deviations are indicative of an error or fraud. Such an evaluation is important because fraud is intentional, has implications beyond the direct monetary effect, and requires consideration of the implications for other aspects of the audit. Thus, a deviation initially concealed by a forged document is very serious and deserves broader consideration than a deviation of the same dollar amount due to an error. A is incorrect. The fact that a deviation was the only one discovered would have no importance beyond its impact on the computation of the upper deviation rate; B is incorrect. Discovery of a deviation identical to one discovered during the prior year’s audit is not necessarily cause for additional concern; C is incorrect. Employee misunderstanding of instructions is an inherent limitation of internal control and is not necessarily cause for concern.
In addition to risk assessment procedures, when the auditor is obtaining an understanding of the entity and its environment, which of the following is a related activity the auditor should perform?
A. The auditor should consider whether information obtained from the auditor’s client acceptance or continuance process is relevant to identifying risks of material misstatement.
B. If the engagement partner has performed other engagements for the entity, the engagement partner should consider whether there is a need to redetermine materiality for the current audit.
C. When the auditor intends to use information from procedures performed in previous audits, the auditor should confirm that the previous audit’s workpapers include such procedures.
D. The engagement partner should hold a discussion with all members of the engagement team about the susceptibility of the entity’s financial statements to material misstatement and the application of the applicable financial reporting framework to the entity’s facts and circumstances.
A.
The auditor should consider whether information obtained from the auditor’s client acceptance or continuance process is relevant to identifying risks of material misstatement.
If the engagement partner has performed other engagements for the entity, the engagement partner should consider whether information obtained is relevant to identifying risks of material misstatement. The determination of materiality for a previous audit is not carried forward to the current audit.
When the auditor intends to use information obtained from the auditor’s previous experience with the entity and from audit procedures performed in previous audits, the auditor should determine whether changes have occurred since the previous audit that may affect its relevance to the current audit. Confirmation of the inclusion of the procedures in the previous engagement’s documentation is not required.
The engagement partner is only required to include key members of the engagement team. The engagement partner should determine which matters are to be communicated to engagement team members not involved in the discussion.
In an integrated audit of a non-issuer, which of the following is the responsibility of an auditor with regard to testing controls at a company with multiple business units?
A. Testing controls over only certain specific risks at all business units of the company.
B. Testing controls over all risks at all business units of the company.
C. Testing controls over all risks at business units that are material to the company’s consolidated financial statements.
D. Testing controls over specific risks at business units that are material to the company’s consolidated financial statements.
The correct answer is (D).
In an integrated audit of a non-issuer, the auditor must test controls over specific risks at business units that are material to the company’s consolidated financial statements.
The audit of internal control over financial reporting should be integrated with the audit of the financial statements. The objectives of both the audits are not identical. However, the auditor must plan and perform the work to achieve the objectives of both audit of Financial Statements and Internal Control over Financial Reporting. In determining the locations or business units at which to perform tests of controls, AU-C 940 requires that the auditor should assess the risk of material misstatement to the financial statements associated with the location or business unit and correlate the amount of attention devoted to the location or business unit with the degree of risk.
The auditor may eliminate from further consideration locations or business units that, individually or when aggregated with others, do not present a reasonable possibility of material misstatement to the entity’s consolidated financial statements.
In assessing the competence of the internal audit function, an external auditor most likely would obtain information about the
A. Quality of the internal auditors’ working paper documentation
B. Organization’s commitment to integrity and ethical values
C. Influence of management on the scope of the internal auditors’ duties
D. Organizational level to which the internal audit function reports
A.
The quality of the internal audit function’s documentation reflects on their competence. The other answers are related to their objectivity.
Editor’s note: The two key words to remember regarding internal auditors as it pertains to the CPA Exam are: objectivity and competence. Competence relates to the core ability to perform the function, and objectivity relates to how impartial the internal auditors are in relation to the organization they work for.
In assessing the objectivity of internal auditors, an external auditor may
A. Evaluate the quality control program in effect for the internal auditors.
B. Examine documentary evidence of the work performed by the internal auditors.
C. Test a sample of the transactions and balances that the internal auditors examined.
D. Determine the organizational level to which the internal auditors report.
D.
Answer d., when assessing the internal auditors’; objectivity, the external auditor may obtain information about the organizational status of the internal auditors, including the organizational level to which they report.
The other answer alternatives do not directly relate to their objectivity.
In obtaining an understanding of a manufacturing entity’s internal control concerning inventory balances, an auditor most likely would
A. Analyze the liquidity and turnover ratios of the inventory
B. Perform analytical procedures designed to identify cost variances
C. Review the entity’s descriptions of inventory policies and procedures
D. Perform test counts of inventory during the entity’s physical count
C.
To obtain an understanding of a manufacturer’s internal control concerning inventory balances, an auditor would review the entity’s descriptions of inventory policies and procedures. Analyzing inventory ratios, performing cost variance analytical procedures, and performing inventory test counts are substantive procedures. (Editor note: The key word here is “understanding the entity and therefore of the four answer choices, reviewing policies and procedures would satisfy the objective. The other answer choices are testing procedures that would ascertain the risk assessment i.e. support the auditor’s understanding in this area).
In obtaining an understanding of an entity’s internal control in a financial statement audit, an auditor is not required to
A. Determine whether the control procedures have been implemented
B. Evaluate the design of the internal control policies
C. Document the understanding of the entity’s internal control
D. Search for significant deficiencies in the operation of the entity’s internal control
D.
While the auditor should be alert for significant deficiencies, the auditor is not required to search for them. Obtaining an understanding of internal controls that are relevant to the audit involves evaluating the design of controls and determining whether they have been implemented. The key elements of this understanding should be documented.
In obtaining an understanding of an entity’s internal controls that are relevant to the audit an auditor is required to obtain knowledge about the
A. Design of the controls
B. Effectiveness of the controls that have been placed in operation
C. Consistency with which the controls are currently being applied
D. By whom and what means the controls were applied
A.
When obtaining an understanding of controls that are relevant to the audit, the auditor should evaluate the design of those controls. The auditor should also determine whether they have been implemented by performing procedures in addition to inquiry of the entity’s personnel. (Inquiry alone is not sufficient.)
The incorrect answers relate to testing the operating effectiveness of controls rather than obtaining an understanding of them.
In obtaining an understanding of an entity’s internal control, the auditor should obtain an understanding of control activities relevant to the audit, which are those judged necessary to understand in order to
A. Assess whether operational efficiency has been achieved in accordance with management plans
B. Assess the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks
C. Determine that management cannot override the controls
D. Determine that controls have not been circumvented by collusion
B.
The auditor should obtain an understanding of control activities relevant to the audit, which are those judged necessary to understand in order to assess the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks.
An auditor performs tests of controls later in the audit to obtain sufficient appropriate audit evidence about the operating effectiveness of controls as opposed to operating efficiency.
Collusion and management override are inherent limitations of internal control.
Operating effectiveness of policies and proceduresDesign of policies and procedures
In obtaining an understanding of an entity’s internal control, an auditor is required to obtain knowledge about the
No; Yes
Obtaining an understanding of internal control consists of evaluating the design and implementation of controls. This is not the same as testing the operating effectiveness of controls. The auditor only tests the operating effectiveness of controls when: (1) the auditor’s risk assessment includes an expectation of the operating effectiveness of controls or (2) when it is not possible or practicable to reduce detection risk at the relevant assertion level to an acceptably low level with audit evidence obtained from substantive procedures alone.
Editor note: When the auditor is relying on policies and procedures, the auditor must document such reliance by performing a test of controls in this area.
In obtaining written representations from management, materiality limits ordinarily would apply to representations related to
A. Amounts concerning related-party transactions
B. Irregularities involving members of management
C. The availability of financial records
D. The completeness of minutes of directors’ meetings
A.
Materiality limits ordinarily would apply to written representations related to amounts concerning related-party transactions. Materiality considerations would not apply to those representations that are not directly related to amounts included in the financial statements such as the availability of financial records or the completeness of minutes of directors’ meetings. Other items of this nature are management’s acknowledgement of its responsibility for the fair presentation of financial statements in conformity with the applicable financial reporting framework and communications from regulatory agencies concerning noncompliance with or deficiencies in financial reporting practices. Nor would materiality apply to irregularities involving members of management because of the possible effects of fraud on other aspects of the audit.
In order to respond to the increased risks that could be present in the initial audit of an entity, an external auditor should consider the assignment of A. Internal audit personnel with appropriate levels of capabilities and competence. B. Accounting personnel with appropriate levels of capabilities and competence. C. Senior management with appropriate levels of capabilities and competence. D. External audit personnel with appropriate levels of capabilities and competence.
D. Due to an increased level of risk that is present in the initial audit of an entity auditor will assign more experienced staff or those with specialized skills i.e. assign external audit personnel with appropriate levels of capabilities and competence. Senior Management, accounting personnel, and internal audit personnel are the client’s internal management and the auditor will not assign them in response to the increased level of risk.
In planning an audit, an auditor should document in the working papers the auditor’s risk assessment of a material misstatement of the financial statements due to fraud. Which of the following should be included in workpaper documentation if risk factors are identified as being present? A. A copy of the report of the risk factor to the company’s legal counsel. B. Discussion of the risk factor with the client. C. Investigation of the risk factor. D. Those risk factors identified.
D. Fraud risk factors are events/conditions that indicate fraud. Determination of whether a fraud risk factor is present and whether it is to be considered in assessing fraud risk requires the exercise of professional judgment by the auditor. In planning an audit, an auditor should document in the working papers the auditor’s risk assessment of a material misstatement of the financial statements due to fraud. The risk factors if identified must be detailed in the working papers. Answer B is incorrect. The auditor may choose to discuss identified fraud risk factors with the client. However, this is not a required discussion. (Note: If the auditor has identified fraud that occurred or has obtained information that indicates that fraud may exist, then this should be communicated to the appropriate level of MGMT and documentation of this communication should be included in the audit work papers.)
In planning an audit, the auditor’s knowledge about the design of relevant internal control activities should be used to
A. Identify the types of potential misstatements that could occur.
B. Assess the operational efficiency of internal control.
C. Determine whether controls have been circumvented by collusion.
D. Document the assessed level of control risk.
The correct answer is (A)
The first step in planning an audit for an auditor is to gain an understanding of the design of the relevant control activities. This helps an auditor get a basic understanding of the entity’s internal control structure with which he can identify the potential areas with misstatements that could occur.
In planning the audit, the auditor makes judgments about the size of misstatements that will be considered material. It is least likely that these judgments provide a basis for
A. Determining the nature and extent of risk assessment procedures
B. Identifying and assessing the risk of material misstatement
C. Determining whether to accept an engagement and the related fees
D. Determining the nature, timing, and extent of further audit procedures
C.
Judgments about materiality provide a basis for all of the answer alternatives except determining whether to accept an engagement and the related fees.
In statistical sampling methods used in substantive testing, an auditor most likely would stratify a population into meaningful groups if: A. Probability-proportional-to-size (PPS) sampling is used; B. The population has highly variable recorded amounts; C. The auditor’s estimated tolerable misstatement is extremely small; D. The standard deviation of recorded amounts is relatively small.
B is correct. The auditor may be able to reduce the required sample size by separating items subject to sampling into relatively homogenous groups on the basis of some characteristic related to the specific audit objective A is incorrect. While PPS sampling results in a stratified sample, it is a result of the sampling method employed and does not require the auditor to perform stratification since it occurs automatically; C is incorrect. The estimated tolerable misstatement does not affect the decline to stratify; D is incorrect. The standard deviation of the recorded amounts represents the population’s variability. Therefore, the auditor would be most likely to stratify when the standard deviation is high, not low.
In the audit report on a public company’s financial statements, the principal auditor decides not to make reference to another auditor who audited a client’s subsidiary. The principal auditor could justify this decision if, among other requirements, the principal auditor
A. Issues an unqualified opinion on the consolidated financial statements
B. Learns that the other auditor issued an unqualified opinion on the subsidiary’s financial statements
C. Is unable to review the audit programs and working papers of the other auditor
D. Performs procedures to be satisfied as to the audit done by the other auditor
D.
If the principal auditor is satisfied as to the independence and professional reputation of the other auditor and the audit performed by the other auditor, the auditor may be able to express an opinion on the financial statements taken as a whole without making reference. In this case, the principal auditor should not state in the audit report that part of the audit was performed by another auditor because to do so may cause a reader to misinterpret the degree of responsibility being assumed. (Editor note: Whether or not the principal auditor decides to make reference, the principal auditor should make inquiries concerning the professional reputation and independence of the other auditor. The principal auditor also should adopt appropriate measures to assure the coordination of activities in order to achieve a proper review of matters affecting the consolidating or combining of accounts in the financial statements.)
Issuing an unqualified opinion is not a justification for the decision not to make reference.
Whether or not the other auditor issued an unqualified opinion does not automatically determine whether the principal auditor should make reference. (Editor note: If the report of the other auditor is other than a standard report, the principal auditor should decide whether the reason for the departure is of such nature and significance in relation to the financial statements on which the principal auditor is reporting that it would require recognition in the principal auditor’s report.)
In some situations, it may be impracticable for the principal auditor to review the other auditor’s work or to use other procedures to be satisfied as to the audit performed by the other auditor. In this case, the principal auditor would need to make reference by clearly indicating, in the introductory, scope, and opinion paragraphs, the division of responsibility between the principal auditor and the other auditor in expressing the opinion on the financial statements. (Editor note: The audit report should also disclose the magnitude of the portion of the financial statements audited by the other auditor. This may be done by stating the dollar amounts or percentages of one or more of the following: total assets, total revenues, or other appropriate criteria, whichever most clearly reveals the portion of the financial statements audited by the other auditor. The other auditor may be named but only with express permission and provided the other audit report is presented together with that of the principal auditor.)
Editor note: Regardless of the principal auditor’s decision whether to make reference, the other auditor remains responsible for the performance of his or her own work and report. And reference in the report of the principal auditor to the fact that part of the audit was made by another auditor is not to be construed as a qualification of the opinion but rather as an indication of the divided responsibility between the auditors who conducted the audits of various components of the overall financial statements.
In the context of the entity’s applicable legal and regulatory framework,
A. Due to the inherent limitations of an audit, an audit performed in accordance with US GAAS provides only limited assurance that all noncompliance with laws and regulations will be detected or that any contingent liabilities that result will be disclosed
B. Due to the inherent limitations of an audit, an audit performed in accordance with US GAAS provides no assurance that all noncompliance with laws and regulations will be detected or that any contin¬gent liabilities that result will be disclosed
C. Due to the inherent limitations of an audit an audit performed in accordance with US GAAS provides only reasonable assurance that all noncompliance with laws and regulations will be detected or that any contingent liabilities that result will be disclosed
D. Ordinarily, the further removed noncompliance is from the events and transactions reflected in the financial statements, the more likely the auditor is to become aware of, or recognize, the noncompliance.
B.
Due to the inherent limitations of an audit, an audit performed in accordance with US GAAS provides no assurance that all noncompliance with laws and regulations will be detected or that any contingent liabilities that result will be disclosed. Ordinarily, the further removed noncompliance is from the events and transactions reflected in the financial statements, the less (not more) likely the auditor is to become aware of, or recognize, the noncompliance.
Independent internal verification of inventory occurs when employees who
A. Issue raw materials, obtain material requisitions for each issue and prepare daily totals of materials issued
B. Compare records of goods on hand with physical quantities, do not maintain the records or have custody of the inventory
C. Are independent of issuing production orders, update records from completed job cost sheets and production cost reports on a timely basis
D. Obtain receipts for the transfer of completed work to finished goods, prepare a completed production report
B.
Incompatible functions are those that place any person in a position to both perpetrate and conceal errors or fraud in the normal course of their duties. A well-designed plan of organization separates the duties of authorization, record keeping, and custody of assets. Answers a. and d. do not separate custody and record keeping. Answer c. does not provide verification of inventory.
Inherent limitations of internal control includes
collusion, human error, and management override.
Inherent risk and control risk differ from detection risk in that inherent risk and control risk are
Functions of the client and its environment, while detection risk is not. Inherent risk and control risk differ from detection risk in that they exist independent of the audit; that is, the levels of inherent and control risk are functions of the client audit environments. The auditor has little control over these risks. The auditor can control detection risk through the scope (nature, timing and extent) of the audit procedures formed. Thus, detection risk has an inverse relationship with inherent and control risk. Inherent risk is the susceptibility of an assertion to a material misstatement, assuming there are no related controls. Control risk is the risk that a material misstatement that could occur in an assertion will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control. Detection risk is the risk that the auditor will not detect a material misstatement that exists in an assertion. Thus, inherent risk and control risk are functions of the client and its environment while detection risk is not. Inherent risk, control risk, and detection risk are all a part of audit risk. Inherent risk and control risk differ from detection risk in that they exist independently of the audit of financial statements, whereas detection risk relates to the auditor’s procedures and can be changed at the auditor’s discretion. All of the elements of audit risk should be considered in relation to individual account balances, classes of transactions and disclosures; and at the overall financial statement level.
Lapping occurs when an employee withholds funds received by a customer for personal use and fails to apply these receipts of cash or checks to the customer’s receivable balance. One of the best methods to guard against lapping is use of a “lock box” system. In this system, customers send their payments directly to the bank, which prevents company employees from having access to payments received. A statement is then sent by the bank to the company so the cash can be applied in the general ledger to the outstanding receivable balance.
Kiting occurs when a check drawn on one bank is deposited in another bank and no record is made of the disbursement in the balance or the first bank until after year-end. Kiting may be used to cover a cash shortage or to pad a company’s cash position. Kiting results in an intentional overstatement of cash in the F/S as the cash is simultaneously reflected in 2 different bank accounts. To detect kiting effectively, a bank transfer schedule should be prepared. For any bank-to-bank transfers that occur near year-end, the disbursement date on the check and in the ledger for the disbursing account should precede the receipt date noted by the bank and in the ledger for the receiving account. To ensure that kiting has not occurred, evidence should exist that all deposits in transit and outstanding checks listed on the bank reconciliation at year-end cleared in the next period. This information can be confirmed by using a bank cut off statement.
Management is in a unique position to perpetrate fraud because of management’s ability to manipulate accounting records and prepare fraudulent financial statements by overriding controls that otherwise appear to be operating effectively. Management override A. Is presumed to be present in all entities B. Should be considered by the auditor to determine if it is present C. Is considered a fraud risk due to its predictability D. Risk responses should include a review of journal entries near year-end as opposed to throughout the reporting period
A. Although the level of risk of management override of controls (override risk) will vary from entity to entity, the risk is, nevertheless, present in all entities. (Thus, answer A. is correct and answer B. is not.) Even if specific risks of material misstatement (RMM) due to fraud are not identified by the auditor, a possibility exists that management override could occur. Accordingly, the auditor should address this risk apart from any conclusions regarding the existence of more specifically identifiable risks by designing and performing audit procedures as discussed in the editor note below. Regarding incorrect answer C., due to the unpredictable way in which override could occur, it is a RMM due to fraud and thus a significant risk. Regarding incorrect answer D., one of the procedures required by US GAAS as a response to override risk is to select journal entries (and other adjustments) made at the end of a reporting period and to (not as opposed to) consider the need to test both throughout the period.
Management’s emphasis on meeting projected profit goals most likely would significantly influence an entity’s control environment when
A. Internal auditors have direct access to the entity’s board of directors.
B. A significant portion of management compensation is represented by stock options.
C. External policies established by parties outside the entity affect accounting policies.
D. The audit committee is active in overseeing the entity’s financial reporting policies.
B.
Management’s emphasis on meeting projected profit goals most likely would significantly influence the control environment when a significant portion of management compensation is represented by stock options because it provides an incentive to commit fraud.
Answers A., C., and D. would mitigate this risk factor.
Manual controls would most likely be more suitable than automated controls for which of the following?
A. Large, unusual, or non-recurring transactions.
B. High-volume transactions that require additional calculations.
C. Situations with routine errors that can be predicted and corrected.
D. Circumstances that require a high degree of accuracy.
A.
The correct answer is (A).
Human involvement is more in case of manual controls. Manual controls are suitable for large, unusual, or non-recurring transactions so that personal attention can be given to each such transaction. As these transactions are of high value (e.g. purchase of a high-value equipment), proper authorization and justification is required for entering into these transactions, which is best served by manual rather than automated controls.
(B), (C) and (D) are incorrect because high volume transactions, situations with routine predictable errors and circumstances requiring high accuracy are best served by automated controls. IT systems could process such transactions faster and more accurately than manual systems.
Memorize the following hierarchy of audit evidence (from most reliable to least reliable)
A. Auditor’s direct personal knowledge & observation; E. External evidence; I. Internal evidence; O. Oral evidence.
