1.21.19 Flashcards
When an auditor increases the assessed risks of material misstatement because certain control activities were determined to be ineffective, the auditor most likely would increase the
Extent of test of details.
For a given audit risk, the acceptable detection risk is inversely related to the assessed risks of material misstatement. As the RMMs increase, the acceptable detection risk decreases, and the auditor requires more persuasive audit evidence. The auditor may (1) change the types of audit procedures and their combination, e.g., confirming the terms of a contract as well as inspecting it; (2) change the timing of substantive procedures, such as from an interim date to year end; or (3) change the extent of testing, such as by using a larger sample (AU-C 330 and AS 2301).
One objective of internal control is to record property, plant, and equipment (PPE) additions correctly as to account, amount, and period. Which of the following environmental considerations indicates that the risks of material misstatement of these additions are high?
Most constructions is performed in-house.
The risks of material misstatement for in-house construction are high. For example, the entity must allocate overhead, allocate labor costs between regular and construction labor, and estimate the interest cost to be capitalized. An outside construction company would send an invoice, and determining the amount to record would be relatively easy.
The objective of tests of details of transactions performed as tests of controls is to
Evaluate whether internal controls operated effectively.
The auditor may use tests of details of transactions concurrently as tests of controls (i.e., as dual-purpose tests). As substantive procedures, their objective is to support relevant assertions or detect material misstatements in the financial statements. As tests of controls, their objective is to evaluate whether a control operated effectively.
Which of the following events occurring in the year under audit would most likely indicate that internal controls utilized in previous years may be inadequate in the year under audit?
The chief financial officer waived approvals on all checks to one vendor to expedite payment.
The CFO’s ability to override internal control is a control deficiency. The nature of this action suggests that the CFO may have had this ability in prior years.
When an auditor tests a computerized accounting system, which of the following is true of the test data approach?
Test data are processed by the client’s computer programs under the auditor’s control.
In using the test data approach, the auditor prepares a set of dummy transactions specifically tailored to test the control procedures that management claims to have incorporated into the processing program. The auditor then processes these transactions using management’s program and compares the expected results with the actual output of the program.
Which of the following matters is an auditor required to communicate to those charged with governance?
Adjustments that were suggested by the auditor and recorded by management that have a significant effect on the entity’s financial reporting process.
Certain matters should be communicated to those charged with governance (e.g., the audit committee) if all such individuals are not involved in management. These matters include material, corrected misstatements that were brought to the attention of management as a result of audit procedures (AU-C 260).
Propex Corporation uses a voucher register and does not record invoices in a subsidiary ledger. Propex will probably benefit most from the additional cost of maintaining an accounts payable subsidiary ledger if
Partial payments to vendors are continuously made in the ordinary course of business.
If a firm makes partial payments to vendors, tracking the amounts still due on vouchers may be difficult. An accounts payable subsidiary ledger provides a continuous record of amounts due to vendors.
The objectives of internal control for a production cycle are to provide assurance that transactions are properly executed and recorded, and that
Custody of work-in-process and of finished goods is properly maintained.
A principal objective of internal control is to safeguard assets. In the production cycle, control activities should be implemented to ensure that inventory is protected from misuse and theft. Accordingly, inventories should be in the custody of a storekeeper, and transfers should be properly documented and recorded to establish accountability.
In order to obtain an initial understanding of internal control sufficient to assess the risk of material misstatement of the financial statements, an auditor would most likely perform which of the following procedures?
Risk-assessment procedures to evaluate the design of relevant controls.
In all audits, the auditor should obtain an understanding of the components of internal control to identify and assess the RMMs and to design further audit procedures. An understanding is obtained by performing risk assessment procedures to evaluate the design of controls relevant to the audit and determine whether they have been implemented. Risk assessment procedures performed to obtain evidence about the design and implementation of relevant controls include (1) inquiries, (2) observation of the application of specific controls, (3) inspection of documents and reports, and (4) tracing transactions. Inquiries alone are not sufficient.
In a review of an EDI application using a third-party service provider, the auditor should
I. Ensure encryption keys meet ISO standards
II. Determine whether an independent review of the service provider’s operation has been conducted
III. Verify that only public-switched data networks are used by the service provider
IV. Verify that the service provider’s contracts include necessary clauses, such as the right to audit
II & IV
An auditor should review trading partner agreements and contracts with third-party service providers. These documents should contain necessary clauses and appropriately limit liabilities. Moreover, legal counsel should have reviewed the agreements or contracts. An auditor should also determine whether the third-party service provider’s operations and controls have been independently reviewed (e.g., by public accountants).
Which of the following is true regarding significant deficiencies and material weaknesses in control for a nonissuer?
Auditors should communicate them to management and those charged with governance.
The auditor should report certain control deficiencies in internal control observed during an audit. The communication is expected to be to management and those charged with governance. The auditor should report in writing significant deficiencies and material weaknesses in the design or operation of internal controls. The communication also should include an explanation of the potential effects of each significant deficiency and material weakness and sufficient information about the context of the communication.
In auditing related party transactions, an auditor ordinarily places primary emphasis on
The adequacy of the disclosure of the related party transactions.
Accounting principles ordinarily do not require transactions with related parties to be accounted for differently from those with unrelated parties. Primary emphasis should be on the adequacy of disclosure.
An auditor would most likely be concerned with controls that provide reasonable assurance about the
Entity’s ability to initiate, authorize, record, process, and report financial data.
The information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures, whether automated or manual, and records established to initiate, authorize, record, process, and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity (AU-C 315).
Which of the following actions by a CPA most likely violates the profession’s ethical standards?
Retaining client-provided records after the client has demanded their return.
Retention of client-provided records after demand is made for them by the client is an act discreditable to the profession and a violation of the Code. Even if the state in which a member practices grants a lien on certain records, this ethical standard is applicable.
So that the essential control features of a client’s computer system can be identified and evaluated, the auditor of a nonissuer must, at a minimum, have
A sufficient understanding of the entire computer system.
The audit should be performed by a person having adequate technical training and proficiency as an auditor. That auditor is required to obtain a sufficient understanding of internal control to plan the audit and determine the nature, timing, and extent of tests to be performed. Hence, the auditor should have the training and proficiency that are necessary to understand controls relevant to the computer system.
