Week 8

Question 1

ISA 402 ‘Audit considerations relating to an entity using service organisations’ deals with…?

Answer 1

the auditors responsibility to obtain sufficient appropriate audit evidence when a client outsources functions

Question 2

examples of functions that may be outsourced to third parties?

Answer 2

payroll,
receivables,
the entire finance function

Question 3

when a service organisation is used, what 4 things must an auditor do?

Answer 3

1) gain understanding of the services being provided

2) assess how the service provider implements their internal controls

3) visit the service provider and perform tests of control

4) contact the service provider’s auditor

Question 4

define sampling

Answer 4

the application of audit procedures to less than 100% of a population

Question 5

what must a sample be?

Answer 5

representative of the population

Question 6

which two ways can audit risk be minimised?

Answer 6

• increase sample size
• stratification

Question 7

define stratification

Answer 7

dividing a population into subpopulations

each subpopulation has similar characteristics

e.g., payroll can be divided into production staff, admin staff, management staff

Question 8

statistical sampling methods?

Answer 8

computerised sampling methods

random selection (using randomised function)

systematic selection (randomising, but choosing every 1000th)

monetary selection (selecting only high value items)

Question 9

non statistical sampling methods?

Answer 9

sampling methods by humans

haphazard selection (human picking randomly)

block selection

sequential selection (selecting every 5th item)

Question 10

difference between deviation and misstatement?

Answer 10

deviation refers to issues identified during tests of control

misstatement refers to issues identified during substantive testing

Question 11

if deviations are found, what happens?

Answer 11

more substantive testing will be needed

because the internal controls aren’t reliable, numbers will require more testing

Question 12

if misstatements are found, what happens?

Answer 12

if it exceeds tolerable level threshold, the auditor will extend the sample size

if misstatement is isolated, it’ll be ignored

Question 13

when a misstatement is found, is it extrapolated?

Answer 13

yes

e.g., 2% error in £1m sample (£20,000) = 2% error in £20m population (£400,000)

Question 14

CAAT’s?

Answer 14

computer assisted audit techniques are used to test controls in a computerised environment

dummy data is put into a client’s system to assess if the system properly processes the data

Question 15

advantages and disadvantages of CAAT’s?

Answer 15

advantages = can be cost effective as long as systems aren’t changed

disadvantages = may be inconvenient to use live client systems

Question 16

define data analytics

Answer 16

the science of examining large datasets to draw conclusions

Question 17

management expert?
auditor’s expert?

Answer 17

management expert = expert appointed by management to provide management with evidence which will be relied upon by auditor

auditor’s expert = expert appointed by auditor to help the audit in specialised situations

Question 18

what are the effects of controls on the audit?

Answer 18

the better controls are, the more the auditor can rely on them and the less substantive testing that will be needed

• less procedures need to be conducted at year end
• less location visits are necessary
• more reliance can be placed on analytical review & management judgement
• less expert/3rd party evidence required

Question 19

what are some inherent limitations of internal controls?

Answer 19

• human error
• collusion of staff circumventing controls
• management override
• use of management judgement

Question 20

can auditors ever eliminate the need for substantive procedures?

Answer 20

no

Question 21

what are the components of internal controls?

Answer 21

• control environment
• entity’s risk assessment
• information systems
• control activities
• monitoring

Question 22

what are the two types of IT controls?

Answer 22

general controls = procedures that relate to many applications

application controls = procedures that apply to individual areas within the system