1.9.18 Flashcards
The AICPA Code of Professional Conduct contains both general ethical principles that are aspirational in character and also a
Set of specific, mandatory rules describing minimum levels of conduct a member must maintain.
The AICPA Code contains Principles and Rules. The principles are goal-oriented. The rules provide more specific guidance. The principles call for an unswerving commitment to honorable behavior but are not mandatory. The AICPA bylaws require members to adhere to the Rules. Those who fail to comply with the rules may face disciplinary action.
Smith Corporation has numerous customers. A customer file is kept on disk storage. Each customer record contains the name, address, credit limit, and account balance. The auditor wishes to test this file to determine whether credit limits are being exceeded. The best procedure for the auditor to follow is to
Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit.
The auditor should consider developing a program to compare the balances with the credit limits and to print out the exceptions. The auditor can then focus on those customers whose credit limits may have been exceeded.
An independent auditor must have which of the following?
The ability to exercise sound professional judgment.
Professional judgment is essential for planning and performing an audit. It is exercised based on competencies necessary for reasonable judgments. These competencies are developed through relevant training, knowledge, and experience (AU-C 200).
Which of the following parties should an auditor notify first when discovering an immaterial fraud is committed by an accounting clerk?
An appropriate level of management.
Communications about fraud are required given evidence that fraud may exist. Inconsequential fraud should be communicated to the appropriate management. Other fraud should be reported directly to those charged with governance.
An online sales order processing system most likely would have an advantage over a batch sales order processing system by
Enabling shipment of customer orders to be initiated as soon as the orders are received.
An online processing system can handle transactions as they are entered because of its direct connection to a computer network. Thus, shipment of customer orders may be initiated instantaneously as they are received. Batch processing is the accumulation and grouping of transactions for processing on a delayed basis.
Which of the following characteristics distinguishes computer processing from manual processing?
Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing.
Computer processing uniformly subjects like transactions to the same processing instructions. A computer program defines the processing steps to accomplish a task. Once the program is written and tested appropriately, it will perform the task repetitively and without error. However, if the program contains an error, all transactions will be processed incorrectly.
Inherent risk and control risk differ from detection risk in that inherent risk and control risk are
Functions of the client and its environment, but detection risk is not.
Detection risk is the auditor’s risk. It is a function of the effectiveness of an audit procedure and of its application by an auditor and can be changed at his or her discretion. Inherent risk and control risk differ from detection risk in that they exist independently of the audit. They are the components of the risk that material misstatements exist and therefore are the entity’s risks.
Which of the following is an example of how specific internal controls in a database environment may differ from controls in a nondatabase environment?
Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access.
A database is a series of related files combined to eliminate unnecessary redundancy of data elements. The data dictionary states not only the meaning of a data element but also its ownership (who is responsible for its maintenance), size, format, and usage. Moreover, it states what persons, programs, reports, and functions use the data element. Thus, the issue of ownership (maintenance or updating) of, and control over access to, data elements common to many applications arises only in a database environment.
For the audit of a nonissuer, the primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with
Knowledge necessary to plan the audit.
The auditor performs risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement, whether due to fraud or error. The auditor designs and performs further audit procedures in response to the assessed RMMs at the relevant assertion level.
An auditor who finds that the client has committed an illegal act would be most likely to withdraw from the engagement when the
Illegal act affects the auditor’s ability to rely on management representations.
The auditor should consider the implications of an illegal act in relation to the other representations of management. If the disposition of the illegal act is questionable (whether or not the act is material), the auditor may have to withdraw, owing to a lack of confidence in client management. If management cannot be trusted in this matter, serious doubts arise about their other representations. The auditor must also consider the possible effects of continuing the association with the client.
Proper authorization procedures in the revenue cycle usually provide for the approval of bad debt write-offs by an employee in which of the following departments?
CFO
The credit manager, who reports to the CFO, usually is responsible for authorizing write-offs of bad debts based on evidence such as aging reports and collection agency reports. The CFO, or another official not involved with sales transactions and recordkeeping, will also approve the write-off.
Considering only the provisions of the AICPA Code of Professional Conduct, which of the following services may a CPA perform for a commission or contingent fee?
Representation of a nonattest client in an IRS examination.
A contingent fee is permitted for representing a client in an IRS examination of the client’s federal (or state) income tax return. A contingent fee also is permitted for representing a client who is (1) seeking a private letter ruling from the IRS or (2) lobbying with regard to the drafting of a statute or regulation.
Fact Pattern: Management discovers that a supervisor at one of its restaurant locations removes excess cash and resets sales totals throughout the day on the point-of-sale (POS) system. At closing, the supervisor deposits cash equal to the recorded sales on the POS system and keeps the rest.
The supervisor forwards the close-of-day POS reports from the POS system along with a copy of the bank deposit slip to the company’s revenue accounting department. The revenue accounting department records the sales and the cash for the location in the general ledger and verifies the deposit slip to the bank statement. Any differences between sales and deposits are recorded in an over/short account and, if necessary, followed up with the location supervisor. The customer food order checks are serially numbered, and it is the supervisor’s responsibility to see that they are accounted for at the end of each day. Customer checks and the transaction journal tapes from the POS system are kept by the supervisor for 1 week at the location and then destroyed.
Which of the following controls allowed the fraud to occur?
The accounting for customer food checks by the supervisor.
An inappropriate segregation of duties existed because the supervisor was responsible for accounting for customer food checks and depositing receipts and had the ability to reset POS totals throughout the day.
Which of the following is a definition of control risk?
The risk that a material misstatement will not be prevented or detected on a timely basis by the client’s internal controls.
The risk of material misstatement of relevant assertions consists of the following: (1) inherent risk is the susceptibility of a relevant assertion to material misstatement in the absence of related controls, and (2) control risk is the risk that internal control will not timely prevent, or detect and correct, basis a material misstatement that could occur in a relevant assertion.
Prior to the audit, an auditor usually discusses the overall audit strategy with the client’s management. Which of the following matters do the auditor and management agree upon at this time?
The coordination of the assistance of the client’s personnel in data preparation.
The auditor should, among other things, consider (1) the work of the internal auditors and the extent of use of that work and (2) the availability of client personnel and data (AU-C 300). Moreover, the premise of the audit includes management’s responsibility to provide unrestricted access to persons having necessary audit evidence (AU-C 200). Planning activities also include determining the nature and amount of audit resources to allocate to specific audit areas (AU-C 300). Thus, the coordination of the assistance of the client’s personnel in data preparation is considered an overall audit strategy.
