Homework answers / question archive / more unpredictability in the selection and performance of audit procedures? 1

more unpredictability in the selection and performance of audit procedures? 1

Accounting

Share With

---

more unpredictability in the selection and performance of audit procedures?

1.       Client has a strong internal control environment.

2.       Client was not audited in the previous year.

3.       There is heightened risk of fraud.

4.       Unpredictability provides the audit team with more variety

 

Designing substantive procedures responds to:

1.       the risk of material misstatement at the entity level.

2.       the risk of material misstatement at the assertion level.

3.       the risk of all types of misstatements at the assertion level.

4.       the risk of all types of misstatements at the entity level.

 

1.       Demonstrate how audit risk, management assertions, and substantive procedures are linked.

2.       Describe methods of risk response at the financial statement level.

3.       Explain and analyze factors that impact the nature of substantive procedures at the assertion level, including the use of audit data analytics.

4.       Explain and analyze factors that impact the timing of substantive procedures at the assertion level.

 

Prepare an outline of comments you plan to make to indicate similarities and differences in how each of the following items is handled under a primarily substantive approach versus.

1.       reliance on controls approach. Understand entity-level controls.

2.       Understand the flow of transactions.

3.       Identify what can go wrong (WCGW) for financial statement assertions.

4.       Identify relevant controls to test

 

1.       Explain the concept of benchmarking and its benefits to the auditor.

2.       Identify the factors that influence sample size in a test of controls. Provide an example related to each factor in terms of how it would potentially increase the level of control testing.

3.       Explain the relationship between the results of tests of controls and substantive testing.

4.       Explain the process of documenting the auditor’s conclusions. What must be documented?

 

Explain the three types of ITGCs. Why are they “general” controls? Explain why they are important controls? What are the five procedures used for tests of controls? Explain them and comment on the reliability of the evidence obtained from each? Does an auditor have to test every control? Explain your answer? What factors do auditors consider when deciding how much control testing to do?

 

Identify the eight steps performed in assessing control risk and place them in the proper order? Explain the purpose of (a) preventive controls and (b) detective controls. Why would it be important for an entity to have both types of controls? Explain why reconciliations, such as bank reconciliations, are classified as detective controls? Explain the difference between automated and manual controls.

 

 

 

Working papers:

1.       document the auditor’s conclusion about control risk and the basis for that conclusion.

2.       are necessary for the first-year auditor to keep track of the daily work but are not important to the overall audit.

3.       document the results of the tests but not the purpose of the control selected for testing.

4.       document the purpose of the control selected for testing and the conclusion made by the auditor but not the results of the test

 

If an auditor performs tests of controls and determines that the control is not effective, what should the auditor’s next step in testing controls be?

1.       Document the results of tests of controls and proceed with a primarily substantive approach.

2.       Determine if a compensating control exists.

3.       Perform tests of controls on compensating controls.

4.       Document the results of tests of controls and proceed with the planned audit strategy

 

If an auditor decides to assess control risk as low based on IT application control procedures, which of the following would not be part of the auditor’s strategy for testing controls?

1.       Testing the effectiveness of IT general control procedures.

2.       Testing the effectiveness of management review controls used to monitor the results of operations.

3.       Testing the effectiveness of manual follow-up procedures.

4.       Testing the effectiveness of the application with test data.

 

Benchmarking is a process that involves:

1.       comparing the effectiveness of one control with another control.

2.       an audit strategy that allows an auditor to rely on IT application controls if manual follow-up procedures are strong.

3.       an audit strategy that allows the auditor to use evidence from testing an IT application control in a prior period, if the application has not been changed.

4.       an audit strategy that allows the auditor to test only identified key controls rather than all controls used by the client.

 

Which of the following would require the auditor to increase the level of control testing for a particular control?

1.       The control is performed monthly instead of daily.

2.       There are several controls relating to a particular audit objective.

3.       The WCGW addressed by the control is not very important.

4.       A high degree of reliance is to be placed on the control to limit the amount of substantive testing required

 

An auditor is going to test the client’s controls over bank reconciliations. The auditor will perform which of the following audit procedures for this test of controls?

1.       Software-based audit techniques using test data.

2.       Inquiry of the person performing the bank reconciliation.

3.       Reperformance of the bank reconciliation procedure.

4.       Inquiry of the person performing the bank reconciliation and reperformance of the bank reconciliation procedure

 

Which of the following represents an example of an IT application control?

1.       The assistant controller performs a monthly bank reconciliation and follow-up of unexpected outstanding items.

2.       The accounts receivable manager reviews credit balances in accounts receivable quarterly to determine their causes.

3.       The software application compares all sales invoices with underlying shipping information on the bills of lading and packing slips with sales invoices. If differences are revealed, a report is generated for review and follow-up by the billing supervisor.

4.       All changes to software applications must be reviewed and approved by the department affected by the application.

 

ITGCs are important because they:

1.       prevent unauthorized personnel from having access to data and applications.

2.       impact the effectiveness of manual controls.

3.       prevent the reliability of electronic audit evidence.

4.       allow client staff to change programs without needing to receive authorization for the change

 

The software application compares all sales invoices with underlying shipping information on the bills of lading and packing slips with sales invoices. If differences are revealed, report is generated for review and follow-up by the billing supervisor. This is an example of a(n):

1.       detective control.

2.       preventive control.

3.       IT general control.

4.       IT-dependent manual control.

 

The auditor decides which controls to test by considering:

1.       the points at which fraud or error can occur.

2.       the nature of controls implemented by management.

3.       the significance of each control in achieving its control objective.

4.       All of these answer choices are correct.

 

1.       Describe the steps in assessing control risk.

2.       Explain the different types of controls that an auditor might encounter.

3.       Explain the types of evidence that can be used to support a test of controls.

4.       Determine how to select and design tests of controls.

 

1.       Identify the assertion being audited.

2.       How would an auditor set an expectation regarding percentage-of-completion for each project?

3.       What would be an acceptable deviation from the auditor’s expectation? Explain the role of business acumen in evaluating an acceptable deviation from the auditor’s expectation.

4.       What would be an unacceptable deviation from the auditor’s expectation? Explain the role of business acumen in evaluating an unacceptable deviation from the auditor’s expectation.

 

Explain why strong IT general controls and strong IT application controls are important when an auditor plans to use ADA as a substantive test of details? What should an auditor do if the conclusion from performing ADA as a substantive test does not agree with a previous conclusion regarding internal controls? Explain how applying ADA as a substantive test differs from ADA as a risk assessment procedure.

 

1.       Provide two examples of items that “Do Not Fit the Auditor’s Expectation” per the risk analysis decision tree. One example should be an acceptable variation and the other an unacceptable variation.

2.       Explain how visualizations can be used as part of ADA and why they are important.

3.       Describe two risks associated with using visualizations as part of ADA.

4.       Identify two analytical techniques that could be used as part of risk assessment ADA and how they could be useful.

 

How does each of the following influence the reliability of the data: (1) data obtained from external versus internal sources, (2) data obtained directly versus indirectly, (3) data from original documents versus electronic scans, and (4) and data from written information sources versus records of verbal conversations? Explain how the risk analysis decision tree can be used in conjunction with the five-step process for ADA. Provide an example.

 

1.       Identify and briefly describe the five steps of performing ADA and place them in the proper order.

2.       Describe three key issues to consider when planning ADA. R7.3

3.       Are the quality of internal controls relevant when evaluating the reliability of data to be used in ADA? Explain why or why not, and provide an example

 

An auditor is using ADA as a substantive test to validate accounts receivable because consumers are poor at responding to confirmations. In this case, the auditor validates the receivable by:

1.       vouching the receivable back to sales orders.

2.       tracing shipping documents to bills of lading.

3.       finding electronic evidence that the receivable is supported by subsequent cash receipt in the same amount.

4.       finding electronic evidence of strong internal controls.

 

When performing ADA as a substantive test, the auditor:

1.       uses ADA to match electronic information that otherwise would have been audited manually.

2.       uses ADA to identify high-risk transactions and balances and then audits those high-risk items with traditional audit tests.

3.       relies solely on the client’s system of internal controls.

4.       uses ADA to identify breakdowns in the client’s system of internal control.

 

A “false positive” is:

1.       another term for a notable item.

2.       indicative of a higher risk of material misstatement.

3.       incorrectly identified as a notable item and requires no further response to identify new or higher risks.

4.       a notable item that requires further investigation.

 

When performing ADA as a risk assessment procedure, a notable item:

1.       is indicative of a risk of material misstatement not previously identified by the auditor.

2.       is indicative of a higher risk of material misstatement than anticipated by the auditor.

3.       provides information useful in designing procedures to address the risk of material misstatement .

4.       All of these answer choices describe notable items.

 

 

A key aspect of testing the completeness of a data set is:

1.       determining that every customer has a transaction.

2.       the data has information from customers in data files from two different divisions.

3.       checking the numerical continuity of the data.

4.       the data contains misstatements.

 

 

Which of the following is an example of data that needs to be cleaned before it can be analyzed?

1.       The data has dates in two different formats (MM/DD/YY and DD/MM/YY).

2.       The data has information from customers in data files from two different divisions.

3.       The data comes from a system with poor internal controls.

4.       The data contains misstatements.

 

 

A key aspect of preparing the data for ADA is:

1.       determining the source of the data.

2.       determining if the data is complete.

3.       evaluating the reliability of internally generated evidence.

4.       determining the validity of data obtained from an external source.

 

 

What step follows planning the ADA?

1.       Evaluating results and concluding whether the purpose of the ADA has been achieved.

2.       Considering the relevance and reliability of data used.

3.       Accessing and preparing the data for ADA.

4.       Performing the ADA

 

1.       What is clustering? How is clustering used as a risk assessment tool?

2.       What is the goal of using ADA to find matches in two large populations?

3.       Explain how the auditor would use regression analysis to identify notable items.

4.       What should be accomplished with good visualizations?

 

 

1.       Explain the five-step process associated with planning, performing, and evaluating results from audit data analytics.

2.       Apply steps associated with accessing and preparing data for audit data analytics.

3.       Explain how audit data analytics is used as a risk assessment procedure. LO 4 Apply audit data analytics as a risk assessment procedure and evaluate the results.

 

 

 

 

 

1.       Explain eight steps that an auditor follows when understanding internal controls at the transaction level and developing an audit strategy.

2.       Identify four risks associated with IT systems in accounting. For each of the four risks, identify whether they are mitigated by IT general controls or IT application controls. Identify a specific control that mitigates the risk (for each of the four IT risks identified) and explain how it mitigates the risk identified.

3.       Four approaches to internal control documentation are discussed in this chapter. List the advantages and disadvantages of each. How would documentation assist the auditor to identify strengths and weaknesses of an entity’s system of internal controls?

 

 

1.       For a retail entity, give some examples of risks that should be considered in the risk assessment process. Which of these risks would be relevant to a retailer’s financial reporting? Explain. R6.6

2.       Explain the importance of segregation of incompatible duties. What duties should be segregated within the sales process? Why?

3.       Why would an auditor be interested in a client’s monitoring processes?

 

If an auditor does not intend to rely on internal controls in the audit, does the auditor need to obtain an understanding of internal control? Explain? What are the three internal control objectives? Illustrate each with an example? Discuss the idea that the control environment is the most important part of a system of internal control? Explain why an auditor would be interested in the functioning of the human resources department within an organization

 

A management letter:

1.       lists only the material weaknesses discovered during the audit.

2.       is written by management to the auditor at the start of the audit.

3.       contains recommendations for improving significant deficiencies and material weaknesses in internal control discovered during the course of the audit.

4.       is only required for public company audits.

 

When an auditor identifies internal control deficiencies, what levels of internal control deficiencies must be reported to those charged with governance of the entity?

1.       Material weaknesses only.

2.       Significant deficiencies only.

3.       Deficiencies and significant deficiencies in internal control.

4.       Significant deficiencies and material weaknesses in internal control