Module 17

Question 1

Three components of internal control assessed at planning stages

Answer 1

Control environment
Risk assessment procedures
Monitoring of controls

Question 2

Components of internal control systems identified at the planning stage

Answer 2

Information systems

Control activities

Question 3

Auditor must gain understanding of control activities in place relevant to the audit which they deem necessary to understand (2)

Answer 3

• Risk of material misstatement at the assertion level

- Significant risks identified

Question 4

Tabs

Answer 4

Brown

Question 5

Auditors understanding of ITGC should be documented as (4)

Answer 5

1) Understanding of ITGC
2) Procedures to evaluate design and implementation and operating effectiveness of controls
3) Deficiencies
4) Conclusion on relevant audit assertions

Question 6

If the information system is very manual

Answer 6

Higher risk of human error

Question 7

If the IT system is highly complex

Answer 7

May make it more risky

Question 8

Additional risks of IT systems: (4)

Answer 8

• IT system is very manual
• Complex IT system
• New IT system
• Increased risk profile of transactions

Question 9

Audit of IT may require (unless simple ITGCs)

Answer 9

IT Specialists

Question 10

Understanding of IT control activities within a process can be gained through (3)

Answer 10

• Discussion with activity owners
• Reviewing procedural manuals
• Confirming procedures documented in PY audit file

Question 11

Variety of methods to document cycles (3)

Answer 11

• Flowcharts
• Narrative notes
• Checklists

Question 12

Impact of weak control environment/ monitoring (2)

Answer 12

Controls less likely to be designed well or operating consistently

Weaknesses likely to affect number of systems therefore number of areas in FS

Question 13

Impact of weak risk assessment procedures

Answer 13

May indicate inefficiencies in control system (controls not addressing nature of risks)

Increases likelihood of those risks occurring

Question 14

Impact of weak information systems

Answer 14

Potential for override of controls

Question 15

Impact of weak ITGC

Answer 15

Potential for transactions being processed through system incorrectly Eg if no passwords - no segregation of duties

Question 16

Once system has been documented

Answer 16

Walkthrough test should be completed to confirm if understanding is correct

Question 17

Walkthrough test =

Answer 17

When one or more transactions is followed through system from initiation through to reporting and settlement

Question 18

Testing operation of controls is necessary to obtain audit evidence regarding the existence and effectiveness of internal control system at: (3)

Answer 18

• Mitigating risks
• Preventing material misstatements
• Detecting and correcting material misstatements

Question 19

In combination with enquiry, other procedures to test controls are (3)

Answer 19

• Inspect
• Observe
• Reperforn

Question 20

Must test control in operation

Answer 20

Throughout the whole period particularly high risk periods eg holidays

Question 21

Each testing technique has different level of (2)

Answer 21

• Relevance

- Reliability

Question 22

Two areas where CAATs/ analytics can be used

Answer 22

• Test data techniques

- Audit data analytics

Question 23

Test data techniques used to

Answer 23

Verify proper operation of computer processes and controls built into computer programs

Question 24

Test data

Answer 24

Set of fictitious transactions which are inputted into the system to verify the correct operation of the system

Question 25

Test data can be applied to either

Answer 25

Live or dead system

Question 26

Weakness of test data techniques

Answer 26

Test the operation of controls at a single point in time

Question 27

Examples of ADAs (audit data analytics) (6)

Answer 27

• Re-performing
• Matching transactions
• Review for missing items eg sequentially numbered
• Identifying breach or management override of control activities
• Testing interfaces
• Assisting in segregation of duties testing

Question 28

In comparison to test data, ADAs provide

Answer 28

Greater coverage over relevant reporting period as they can assess and analyse much larger volumes of information

Question 29

Routine transactions - risk of misstatement

Answer 29

Lower - more predictable

Question 30

When documenting control test ensure word it to include (3)

Answer 30

• Technique (eg inspect)
• What you are looking at (eg sample)
• What you are looking for (eg signature)

Question 31

Inventory counts ISA

Answer 31

ISA 501

Question 32

Considerations of completeness and existence of inventory (7)

Answer 32

• Reliability of inventory systems
• Timing of physical inventory counts relative to YE
• Location of inventory
• Physical controls eg over theft
• Nature of inventory
• Degree of fluctuations of inventory levels
• Difficulty in assessing quantity

Question 33

Considerations of RoMM in completeness and existence of inventory as a result of fraud (4)

Answer 33

• False sales raised relating to inventory being moved to another location rather than delivered to customers
• Appearance of inventory altered so appears higher value/ quantity
• Estimation techniques inappropriate
• Inventory count records altered

Question 34

Perpetual inventory counts assessment

Answer 34

Reviewing procedures used during the year (including attendance of one or more of perpetual counts)

Question 35

If differences in perpetual counts vs inventory system

Answer 35

Consider asking the client to perform a full year end count

Question 36

Attendance at perpetual count by the auditor will be to perform

Answer 36

Compliance tests only

Question 37

Where controls have been found to be absent, designed ineffectively or are not operating throughout the period

Answer 37

Auditor must conclude there should be no or limited reliance placed on these controls, therefore largely substantive approach

Question 38

How to communicate control findings to TCWG

Answer 38

Management letter should be sent to TCWG detailing the control failure, weakness or absence