Performing Procedures in Response to Assessed Risks Flashcards
An audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in an audit of financial statements?
Issue a qualified opinion on the basis of a scope limitation.
Document the auditor’s understanding of internal control.
Assess control risk at the maximum level.
Restrict the auditor’s responsibility to assess the effectiveness of controls in the audit engagement letter.
Document the auditor’s understanding of internal control.
This answer is correct because the requirement remains the same—the auditor should obtain and document an understanding of internal control.
The reliance placed on substantive tests in relation to the reliance placed on internal control varies in a relationship that is ordinarily
Parallel.
Inverse.
Direct.
Equal.
Inverse.
This answer is correct because as internal control is relied upon to a lesser extent, substantive tests are relied upon to a greater extent.
Which of the following should an auditor do when control risk is assessed at the maximum level?
Perform fewer substantive tests of details.
Perform more tests of controls.
Document the assessment.
Document the control structure more extensively.
Document the assessment.
This answer is correct because the professional standards require documentation of the assessment.
How would an auditor of a nonissuer most appropriately respond to a heightened assessed risk of material misstatement?
By obtaining a management representation letter.
By performing analytical procedures, but not substantive procedures, at period end.
By assigning more experienced staff or those with specialized skills to high-risk areas.
By performing tests of controls at interim-and period-end dates.
By assigning more experienced staff or those with specialized skills to high-risk areas.
This answer is correct because a heightened assessed risk of material misstatement may result in the assignment of more experienced staff and/or those with specialized skills to high-risk areas; examples of other responses include (1) providing more supervision and emphasizing the need for professional skepticism, (2) incorporating additional elements of unpredictability into audit procedures and (3) increasing the overall scope of audit procedures.
As a result of tests of controls, an auditor assesses control risk too high. This incorrect assessment most likely occurred because
Control risk based on the auditor’s sample is less than the true operating effectiveness of the client’s control activity.
The auditor believes that the control activity relates to the client’s assertions when, in fact, it does not.
The auditor believes that the control activity will reduce the extent of substantive testing when, in fact, it will not.
Control risk based on the auditor’s sample is greater than the true operating effectiveness of the client’s control activity.
Control risk based on the auditor’s sample is greater than the true operating effectiveness of the client’s control activity.
This answer is correct because a conclusion that control risk is higher than is actually the case occurs when the auditor is misled by the sample to believe that the system operates less effectively than it actually does (the sample has a higher deviation rate than the population).
An auditor uses the assessed level of the risk of material misstatement to
Evaluate the effectiveness of the entity’s control activities.
Identify transactions and account balances where inherent risk is at the maximum.
Indicate whether materiality thresholds for planning and evaluating purposes are sufficiently high.
Determine the acceptable level of detection risk for financial statement assertions.
Determine the acceptable level of detection risk for financial statement assertions.
This answer is correct because an auditor uses the risk of material misstatement to determine the acceptable level of detection risk for financial statement assertions. The auditor then uses the acceptable level of detection risk to determine the nature, timing, and extent of the auditing procedures to be used to detect material misstatements in the financial statement assertions.
Regardless of the assessed level of control risk, an auditor would perform some
Tests of controls to determine the effectiveness of internal control policies.
Analytical procedures to verify the design of internal control.
Substantive tests to restrict detection risk for significant transaction classes.
Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.
Substantive tests to restrict detection risk for significant transaction classes.
The requirement is to determine the correct statement concerning the assessed level of control risk. Answer (c) is correct because ordinarily the assessed level of control risk cannot be sufficiently low to eliminate the need to perform any substantive tests to restrict detection risk for significant transaction classes. Answer (a) is incorrect because tests of controls are unnecessary when control risk is assessed at the maximum level. Answer (b) is incorrect because analytical procedures are not designed to verify the design of internal control. Answer (d) is incorrect because dual-purpose tests (i.e., those that serve as both substantive tests and tests of controls) are not required to be performed, and because the term “preliminary control risk” is unclear.
Which of the following courses of action is the most appropriate if an auditor concludes that there is a high risk of material misstatement?
Use smaller, rather than larger, sample sizes.
Perform substantive tests as of an interim date.
Select more effective substantive tests.
Increase tests of controls.
Select more effective substantive tests.
This is correct because a high risk of material misstatement requires that the auditor increase the scope of audit procedures through their nature (e.g., obtain more reliable evidence), timing (year-end testing) and/or extent (e.g., take larger sample sizes).
Which of the following types of transactions generally has less risk?
Estimation transactions.
Related-party transactions.
Routine transactions.
Nonroutine transactions.
Routine transactions.
This answer is correct because routine transactions are usual in nature and typically have low risk.
When the operating effectiveness of a control is not evidenced by written documentation, an auditor should obtain evidence about the control’s effectiveness by
Mailing confirmations.
Inquiry and other procedures such as observation.
Analytical procedures.
Recalculating the balance in related accounts.
Inquiry and other procedures such as observation.
Inquiry and observation may be useful in evaluating the effectiveness of internal controls, including those that are undocumented.
When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor’s best course of action in such situations?
Assess the control risk as high.
Use audit software to perform analytical procedures.
Use generalized audit software to extract evidence from client databases.
Perform limited tests of controls over electronic data.
Use generalized audit software to extract evidence from client databases.
When evidence is available only in electronic form, the auditor may find that generalized audit software is the best and most efficient means of extracting evidence from client databases. Generalized audit software consists of programs that enable an auditor to perform tests on client computer files and databases.
The objective of tests of details of transactions performed as tests of controls is to
Detect material misstatements in the account balances of the financial statements.
Evaluate whether an internal control structure policy or procedure operated effectively.
Determine the nature, timing, and extent of substantive tests for financial statement assertions.
Reduce control risk, inherent risk, and detection risk to an acceptably low level.
Evaluate whether an internal control structure policy or procedure operated effectively.
The objective of tests of controls is to ascertain whether internal controls are designed properly or operating effectively. Tests directed toward design effectiveness are concerned with whether the control is suitably designed to prevent or detect material misstatements in specific financial statement assertions. Tests directed toward operating effectiveness are concerned with how the internal control was applied, the consistency with which it was applied, and by whom it was applied.
Which of the following auditor concerns most likely could be so serious that the auditor concludes that a financial statement audit cannot be performed?
Management fails to modify prescribed internal controls for changes in information technology.
Internal control activities requiring segregation of duties are rarely monitored by management.
Management is dominated by one person who is also the majority stockholder.
There is a substantial risk of intentional misapplication of accounting principles.
There is a substantial risk of intentional misapplication of accounting principles.
The auditor would conclude that a financial audit could not be performed if he/she determined that a substantial risk of intentional misapplication of accounting principles existed.
The key word is “intentional” as the risk of management override is an inherent limitation of any internal control system. Management can override the system to make material misstatements in the financial statements and the auditors may not be able to detect such entries.
If management is believed to be intentionally misapplying accounting principles, the financial statements are likely to contain material misstatements that may be extremely difficult, if not impossible, to detect. Thus, the auditors would withdraw from the engagement.
When an auditor assesses control risk below the maximum level, the auditor is required to document the auditor’s
Basis for concluding that control risk is below the maximum level
Understanding of the entity’s internal control structure elements
No No
Yes Yes
Yes No
No Yes
Yes Yes
The auditor must always document his/her understanding of the entity’s internal control components as well as the basis for assessing control risk below maximum.
An auditor may decide to assess control risk at the maximum level for certain assertions because the auditor believes
Control policies and procedures are unlikely to pertain to the assertions.
The entity’s control environment, accounting system, and control procedures are interrelated.
Sufficient evidential matter to support the assertions is likely to be available.
More emphasis on tests of controls than substantive tests is warranted.
Control policies and procedures are unlikely to pertain to the assertions.
Control risk is assessed in terms of the financial statement assertions. The auditor may assess control risk at maximum because the controls do not pertain to the assertions, or are ineffective, or because testing such controls would not result in a reduction in substantive testing (would be inefficient).
