MARKED QUESTIONS II Flashcards

Question

According to US GAAS, when the auditor of the group financial statements is assuming responsibility for the work of component auditors, for a component that is significant due to its individual financial significance to the group, the group engagement team, or a component auditor on its behalf, should perform A. Analytical procedures at the group level B. An audit using component materiality C. An audit of one or more account balances, classes of transactions, or disclosures relating to the likely significant risks of material misstatement of the group financial statements D. Specified audit procedures relating to the likely significant risks of material misstatement of the group financial statements

Answer 1

B. For a component that is significant due to its individual financial significance to the group, the group engagement team, or a component auditor on its behalf, should perform an audit of the financial information of the component, adapted as necessary to meet the needs of the group engagement team, using component materiality. Regarding incorrect answer A., for components that are not significant components, the group engagement team should perform analytical procedures at the group level. Regarding incorrect answers C. and D., these plus answer a. are the options, one or more of which, that should be performed for a component that is significant not due to its individual financial significance but because it is likely to include significant risks of material misstatement of the group financial statements due to its specific nature or circumstances

Answer 2

A. Answer a., the auditor most likely decided that the internal control system was effective and thus, it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests. Regarding incorrect answer b., if evidence is not available, tests of controls are not performed. Regarding incorrect answer c., as the assessed level of control risk increases, the auditor is less likely to test controls. Regarding incorrect answer d., if the auditor is aware of many internal control weaknesses, the assessed level of control risk will be high, and controls will not be tested.

Answer 3

D. The possible effect of misstatements on specific individual users, whose needs may vary widely, is not considered.

Answer 4

B. The auditor should document key elements of the auditor's understanding of internal control regardless of the client’s records. The client’s failure to do so does not constitute a scope limitation; necessitate that the auditor assess control risk at the maximum level; nor restrict the auditor’s responsibility to assess the effectiveness of controls.

Answer 5

D. The risk of material misstatement (RMM) at the assertion level is assessed in order to determine the nature, extent, and timing of further audit procedures necessary to obtain sufficient appropriate audit evidence. This evidence enables the auditor to express an opinion on the financial statements at an acceptably low level of audit risk. Regarding incorrect answer A., the auditor performs risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control. This understanding aids the identification and assessment of the RMM; obtaining an understanding of the entity’s environment is not the result of the assessment of the RMM. Regarding incorrect answer B., judgments about materiality levels provide a basis for the assessment of the RMM as well as the determination of the nature and extent of risk assessment procedures and the nature, extent, and timing of further audit procedures. They are not a result of the assessment of the RMM. Regarding incorrect answer C., risk assessment procedures are also performed (in addition to obtain an understanding of the entity), to identify and assess the RMM; not vice versa.

Answer 6

The correct answer is (B). The materiality of the transaction to the financial statement users does not depend solely on the recorded amount of the transaction but also on other specific relevant factors, such as the nature of the related party relationship. Related party transactions may indicate an increased risk of material misstatement of the financial statements. Hence, amongst all undisclosed $45,000 would most likely be considered material by the auditor.

Answer 7

B. Verifying that approved spending limits are not exceeded would best assess the validity of the auditor’s concern about a policy of management override because it is management’s responsibility to authorize expenditures. Irregularities which might be discovered by matching purchase orders to accounts payable or tracing sales orders to revenue accounts might not involve management. Undetected management override of controls would not be described in minutes of board meetings.

Answer 8

B. The auditor should make the selection from the shipping document file. Attempting to match shipping documents to invoices would reveal goods shipped that were not invoiced. The cash receipts file contains evidence of payments, so it would be highly unlikely to discover payments received from customers who weren’t billed. The customer order file would be a workable but inefficient choice by the auditor because normally goods are not invoiced until they are shipped, so it would involve checking shipping documents as well to confirm the sale. The sales invoice file would not be used because the auditor is looking for sales that were not invoiced.

Answer 9

A. In some cases, the auditor may determine that performing only substantive procedures is appropriate for specific relevant assertions and risks. In those circumstances, the auditor may exclude the effect of controls from the relevant risk assessment. This may be because the auditor's risk assessment procedures have not identified any effective controls relevant to the assertion or because testing the operating effectiveness of controls would be inefficient.

Answer 10

A. When searching for related-party transactions, the auditor should obtain an understanding of each subsidiary’s relationship to the total entity because business structure and operating style are occasionally deliberately designed to obscure related party transactions. Answers b., c., and d. are not reasons for an auditor to obtain an understanding of each subsidiary’s relationship to the total entity.

Answer 11

C. The auditor should prepare a written audit plan (or program). The audit plan should detail the nature, extent, and timing of the audit procedures that are necessary to accomplish the objectives of the audit. All material transactions\* and all account balances are not required to be tested in all circumstances. Minimizing substantive tests prior to the balance sheet date is not required.

Answer 12

A. Lapping involves the theft of one customer's payment and subsequently crediting the customer with payment made by another customer. Future remittances may be deposited but would be credited to the account from which funds were stolen, thus comparison of remittance dates would detect the scheme. Answers (b), (c), and (d) occur after the theft and would not show differences to pursue.

Answer 13

A. Since the employee is destroying the invoices and related vouchers, the most obvious documentation remaining would be the file of all cash disbursements. The auditor would select items from this file and then attempt to trace from specific cash disbursements to the related invoices and approved vouchers. Missing documentation might be indicative of fraud. C is in correct. Selecting items from the file of receiving reports will not identify fraudulent purchases that are shipped directly to the employees' home addresses.

Answer 14

D. The auditor should design and perform further audit procedures whose nature, extent, and timing are responsive to the assessed risk of material misstatement (RMM) at the relevant assertion level. Detection risk is a function of the effectiveness of an auditing procedure and its application by the auditor; therefore, the assessed RMM will determine the acceptable level of detection risk and hence the appropriate audit procedures to be performed. The effectiveness of internal control, inherent risk, and materiality thresholds are all factors that help the auditor assess the RMM.

Answer 15

B. The auditor's responses to address specifically identified risks of fraud may include changing the nature, timing, and extent of auditing procedures in the following ways The nature of auditing procedures performed may be changed to provide more reliable audit evidence. The timing of substantive tests may need to be modified and should be performed at or near the end of the reporting period. The extent of the procedures applied should be increased by increasing the sample size. Hence, the auditor will extend audit procedures as necessary to determine whether fraud has occurred

Answer 16

A. An auditor's procedures performed during either an audit of ICFR or an audit of financial statements are not part of a company's internal control over financial reporting (ICFR). The term internal control over financial reporting is defined as a process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP. Answers B, C, and D describe what its policies and procedures pertain to or provide.

Answer 17

B. When internal control dictates that each check be accompanied by an approved voucher, and supported by a prenumbered purchase order and a prenumbered receiving report, the auditor would select items for testing from the population of all the canceled checks. If the auditor were to consider populations made up of all purchase orders, receiving reports, or approved vouchers, those canceled checks which were issued without such supporting documentation would not be discovered.

Answer 18

The correct answer is (C). A CPA has decided to reduce control risk, so the substantive testing sample size would be lower. The CPA has reduced control risk and can afford a higher detection risk and will be satisfied with a smaller, less time-consuming sample size during substantive testing. With lower control risk, an auditor can afford a higher detection risk and use a smaller sample size.

Answer 19

B. A decrease in the acceptable level of audit risk or in the amount considered material will result in the auditor's modifying the audit plan to obtain greater assurance from substantive testing by (1) selecting a more effective audit procedure, (2) applying procedures nearer to year end, or (3) increasing the extent of particular tests.

Answer 20

More than the deviation rate in the auditor's sample. If the actual deviation rate in the population exceeds the maximum deviation rate based on the sample, control risk will be understated, since the control will be less effective than sample results would indicate.

Answer 21

Variables sampling and PPS sampling are typically used in substantive testing of account balances (Estimating the dollar value of the population)

Answer 22

D. The primary purpose of the audit is to provide users of the financial statements with an opinion. The objective of the auditor is to design and perform audit procedures that enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. The design of the audit program has no effect on inherent risk. Procedures may be performed prior to the balance sheet date only if the effectiveness of interim work is not likely to be impaired. Suggestions to management are secondary considerations in an audit.

Answer 23

D. Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risk of material misstatement (RMM) and detection risk. The RMM is the risk that the financial statements are materially misstated prior to the audit. This consists of two components at the assertion level: (1) inherent risk, which is the susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls; and (2) control risk, which is the risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control. Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements. It is a function of the effectiveness of an audit procedure and of its application by the auditor, i.e., an auditor might select an inappropriate audit procedure, misapply an appropriate audit procedure, or misinterpret the audit results.

Answer 24

B Relationships among income statement accounts tend to be more predictable than balance sheet accounts (AR, AP)because they present transactions over a period of time rather than at one point in time. In addition, relationships involving transactions subject to management discretion (travel and entertainment ) are less predictable.

Answer 25

D. When substantive procedures are performed at an interim date, the auditor should perform further substantive procedures or a combination of substantive procedures and tests of controls covering the remaining period to provide a reasonable basis for extending the audit conclusions to the end of the period. Interim testing increases the risk that misstatements existing at the period end will not be detected. Evaluations of in appropriate assessments of risk would not be a factor in deciding whether interim testing would be appropriate. Sampling risk need not necessarily be projected at the maximum for tests covering the remaining period. Whether or not substantive tests of accounts receivable may be performed at an interim date does not hinge on whether the balance is material to the financial statements.

Answer 26

A. Business risk is broader than the risk of material misstatement of the financial statements, though it includes the latter. Usually, management identifies business risks and develops approaches to address them. (Such a risk assessment process is part of internal control.) The auditor should also consider business risk because an understanding of the business risks facing the entity increases the likelihood of identifying risks of material misstatement. This is because most business risks will eventually have financial consequences and, therefore, an effect on the financial statements. Not all business risks give rise to risks of material misstatement; thus, the auditor does not have a responsibility to identify or assess all business risks. (Whether a business risk may result in a risk of material misstatement is considered in light of the entity’s circumstances.) Editor Note: Business risk is defined by US GAAS as the risk resulting from significant conditions, events, circumstances, actions, or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies or from the setting of inappropriate objectives and strategies.

Answer 27

Is the auditor's best estimate of the deviation rate in the population from which it was selected.

Answer 28

A. Materiality is not an ethics principle. The AICPA Code of Professional Conduct outlines public interest, integrity, and confidentiality as principles. The IFAC Code of Ethics for Professional Accountants outlines public interest, integrity, and confidentiality as principles. Responsibility and confidentiality both encompass “proper use of government information.”

Answer 29

C. The investigation of variances within a formal budgeting system would identify any unusual and unanticipated fluctuations in the repair and maintenance accounts when asset acquisitions are recorded there incorrectly. The segregation of [incompatible] duties is a good control; however, answer A. would not ensure that equipment acquisitions were not misclassified. Answer B. would not prevent the recording of an acquisition to the repair and maintenance accounts, nor would it serve to identify misclassifications. Answer D. would not ensure that equipment purchases were recorded properly because these invoices only represent those acquisitions which are already properly recorded as fixed assets.

Answer 30

For accounts payable, the completeness and accuracy assertions are generally more relevant than the existence and rights and obligations assertions, because the risk of understatement is greater than the risk of overstatement.

Answer 31

Factor Sample size Expect less deviation Less Expect more deviation More

Answer 32

1.Mean-per-Unit Estimation: $250\*2,000=$500,000(point estimate); $10\*2,000=+/-2,000 (at 1 standard deviation)precision

Answer 33

D. The agreement of the documents will verify that the goods were ordered (purchase order), received (receiving report), and the company has been billed (vendor’s invoice). The individual signing the checks, not accounts payable, should stamp, perforate, or otherwise cancel the supporting documentation. The purchasing department, not accounting, is involved with the approval of purchase requisitions and blanking out the quantity ordered on the receiving department copy of the purchase order.

Answer 34

D. Internal verifications of cash balances generally should be made monthly. Recorded cash on hand and petty cash balances should be compared with cash counts and recorded bank balances should be reconciled to balances shown on bank statements. These verifications should be made by personnel who are not otherwise involved in executing or recording cash transactions to maintain a segregation of functions. The cash receipts accountant, the cash disbursements accountant, and the controller should not reconcile the monthly statements as they are involved in the executing or recording of cash transactions.

Answer 35

B. Attribute sampling is used to test controls. Inspecting employee time cards for proper approval by supervisors is a test of controls. Controls often relate to authorization, validity, completeness, accuracy, appropriate classification, accounting in conformity with GAAP, and proper period. Look for these terms in identifying which option is a test of control. Words such as accountant balance, amount, valuation, presentation, and disclosure are more likely to relate to substantive test.

Answer 36

The correct answer is (D). While conducting an inspection, an auditor examines documents and records used in internal control, such as authorization forms and procedure manuals. Thus, examining purchase orders to verify the proper authorization of transactions is an example of inspection. (A) is incorrect because, in a re-performance, the auditor applies the control that the client personnel presumably performed earlier. (B) is incorrect because confirmation is a substantive procedure to verify the existence of transactions and balances. The given instance is of a test of control to verify the proper authorization of transactions. (C) is incorrect because while conducting an observation, the auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.

Answer 37

The correct answer is (D). Material weaknesses are severe enough that they always result in an adverse opinion. In terms of severity, the following are the rankings for control deficiencies and audit opinions. In terms of severity (least to most): Control Deficiency \> Significant deficiency \> Material Weakness In terms of severity (least to most): Unqualified \> Qualified \> Adverse (A) is incorrect because the auditor is not required to search for deficiencies less severe than material weaknesses. (B) is incorrect because there is a possibility that the financial statements are fairly stated even though there are material weaknesses in the internal control. (C) is incorrect because a disclaimer of opinion should only be given in case of a scope limitation and not on identification of material weaknesses.

Answer 38

The correct answer is (A). Materiality for the financial statements as a whole (and, if applicable, the materiality level or levels for particular classes of transactions, account balances, or disclosures) may need to be revised as a result of a change in circumstances that occurred during the audit (for example, a decision to dispose of a major part of the entity's business), new information, or a change in the auditor's understanding of the entity and its operations as a result of performing further audit procedures. For example, if, during the audit, it appears as though actual financial results are likely to be substantially different from the anticipated period-end financial results that were used initially to determine materiality for the financial statements as a whole, the auditor may be required to revise materiality. If the auditor concludes that a lower materiality than that initially determined for the financial statements taken as a whole (and, if applicable, materiality level or levels for particular classes of transactions, account balances, or disclosures) is appropriate, the auditor should determine whether it is necessary to revise performance materiality and whether the nature, timing, and extent of the further audit procedures remain appropriate. This, of course, should be appropriately documented.

Answer 39

$2000 $5,000-4,000-1,000 1,000/5,000=20% $10,000\*20%=2,000

Answer 40

D The auditor should consider both the qualitative and the quantitative aspects of deviations in tests of controls. Qualitative aspects might include whether deviations are indicative of an error or fraud. Such an evaluation is important because fraud is intentional, has implications beyond the direct monetary effect, and requires consideration of the implications for other aspects of the audit. Thus, a deviation initially concealed by a forged document is very serious and deserves broader consideration than a deviation of the same dollar amount due to an error. A is incorrect. The fact that a deviation was the only one discovered would have no importance beyond its impact on the computation of the upper deviation rate; B is incorrect. Discovery of a deviation identical to one discovered during the prior year’s audit is not necessarily cause for additional concern; C is incorrect. Employee misunderstanding of instructions is an inherent limitation of internal control and is not necessarily cause for concern.

Answer 41

A. The auditor should consider whether information obtained from the auditor’s client acceptance or continuance process is relevant to identifying risks of material misstatement. If the engagement partner has performed other engagements for the entity, the engagement partner should consider whether information obtained is relevant to identifying risks of material misstatement. The determination of materiality for a previous audit is not carried forward to the current audit. When the auditor intends to use information obtained from the auditor’s previous experience with the entity and from audit procedures performed in previous audits, the auditor should determine whether changes have occurred since the previous audit that may affect its relevance to the current audit. Confirmation of the inclusion of the procedures in the previous engagement’s documentation is not required. The engagement partner is only required to include key members of the engagement team. The engagement partner should determine which matters are to be communicated to engagement team members not involved in the discussion.

Answer 42

The correct answer is (D). In an integrated audit of a non-issuer, the auditor must test controls over specific risks at business units that are material to the company’s consolidated financial statements. The audit of internal control over financial reporting should be integrated with the audit of the financial statements. The objectives of both the audits are not identical. However, the auditor must plan and perform the work to achieve the objectives of both audit of Financial Statements and Internal Control over Financial Reporting. In determining the locations or business units at which to perform tests of controls, AU-C 940 requires that the auditor should assess the risk of material misstatement to the financial statements associated with the location or business unit and correlate the amount of attention devoted to the location or business unit with the degree of risk. The auditor may eliminate from further consideration locations or business units that, individually or when aggregated with others, do not present a reasonable possibility of material misstatement to the entity's consolidated financial statements.

Answer 43

A. The quality of the internal audit function's documentation reflects on their competence. The other answers are related to their objectivity. Editor’s note: The two key words to remember regarding internal auditors as it pertains to the CPA Exam are: objectivity and competence. Competence relates to the core ability to perform the function, and objectivity relates to how impartial the internal auditors are in relation to the organization they work for.

Answer 44

D. Answer d., when assessing the internal auditors'; objectivity, the external auditor may obtain information about the organizational status of the internal auditors, including the organizational level to which they report. The other answer alternatives do not directly relate to their objectivity.

Answer 45

C. To obtain an understanding of a manufacturer’s internal control concerning inventory balances, an auditor would review the entity’s descriptions of inventory policies and procedures. Analyzing inventory ratios, performing cost variance analytical procedures, and performing inventory test counts are substantive procedures. (Editor note: The key word here is “understanding the entity and therefore of the four answer choices, reviewing policies and procedures would satisfy the objective. The other answer choices are testing procedures that would ascertain the risk assessment i.e. support the auditor’s understanding in this area).

Answer 46

D. While the auditor should be alert for significant deficiencies, the auditor is not required to search for them. Obtaining an understanding of internal controls that are relevant to the audit involves evaluating the design of controls and determining whether they have been implemented. The key elements of this understanding should be documented.

Answer 47

A. When obtaining an understanding of controls that are relevant to the audit, the auditor should evaluate the design of those controls. The auditor should also determine whether they have been implemented by performing procedures in addition to inquiry of the entity's personnel. (Inquiry alone is not sufficient.) The incorrect answers relate to testing the operating effectiveness of controls rather than obtaining an understanding of them.

Answer 48

B. The auditor should obtain an understanding of control activities relevant to the audit, which are those judged necessary to understand in order to assess the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks. An auditor performs tests of controls later in the audit to obtain sufficient appropriate audit evidence about the operating effectiveness of controls as opposed to operating efficiency. Collusion and management override are inherent limitations of internal control.

Answer 49

No; Yes Obtaining an understanding of internal control consists of evaluating the design and implementation of controls. This is not the same as testing the operating effectiveness of controls. The auditor only tests the operating effectiveness of controls when: (1) the auditor’s risk assessment includes an expectation of the operating effectiveness of controls or (2) when it is not possible or practicable to reduce detection risk at the relevant assertion level to an acceptably low level with audit evidence obtained from substantive procedures alone. Editor note: When the auditor is relying on policies and procedures, the auditor must document such reliance by performing a test of controls in this area.

Answer 50

A. Materiality limits ordinarily would apply to written representations related to amounts concerning related-party transactions. Materiality considerations would not apply to those representations that are not directly related to amounts included in the financial statements such as the availability of financial records or the completeness of minutes of directors’ meetings. Other items of this nature are management’s acknowledgement of its responsibility for the fair presentation of financial statements in conformity with the applicable financial reporting framework and communications from regulatory agencies concerning noncompliance with or deficiencies in financial reporting practices. Nor would materiality apply to irregularities involving members of management because of the possible effects of fraud on other aspects of the audit.

Answer 51

D. Due to an increased level of risk that is present in the initial audit of an entity auditor will assign more experienced staff or those with specialized skills i.e. assign external audit personnel with appropriate levels of capabilities and competence. Senior Management, accounting personnel, and internal audit personnel are the client’s internal management and the auditor will not assign them in response to the increased level of risk.

Answer 52

D. Fraud risk factors are events/conditions that indicate fraud. Determination of whether a fraud risk factor is present and whether it is to be considered in assessing fraud risk requires the exercise of professional judgment by the auditor. In planning an audit, an auditor should document in the working papers the auditor's risk assessment of a material misstatement of the financial statements due to fraud. The risk factors if identified must be detailed in the working papers. Answer B is incorrect. The auditor may choose to discuss identified fraud risk factors with the client. However, this is not a required discussion. (Note: If the auditor has identified fraud that occurred or has obtained information that indicates that fraud may exist, then this should be communicated to the appropriate level of MGMT and documentation of this communication should be included in the audit work papers.)

Answer 53

The correct answer is (A) The first step in planning an audit for an auditor is to gain an understanding of the design of the relevant control activities. This helps an auditor get a basic understanding of the entity's internal control structure with which he can identify the potential areas with misstatements that could occur.

Answer 54

C. Judgments about materiality provide a basis for all of the answer alternatives except determining whether to accept an engagement and the related fees.

Answer 55

B is correct. The auditor may be able to reduce the required sample size by separating items subject to sampling into relatively homogenous groups on the basis of some characteristic related to the specific audit objective A is incorrect. While PPS sampling results in a stratified sample, it is a result of the sampling method employed and does not require the auditor to perform stratification since it occurs automatically; C is incorrect. The estimated tolerable misstatement does not affect the decline to stratify; D is incorrect. The standard deviation of the recorded amounts represents the population’s variability. Therefore, the auditor would be most likely to stratify when the standard deviation is high, not low.

Answer 56

D. If the principal auditor is satisfied as to the independence and professional reputation of the other auditor and the audit performed by the other auditor, the auditor may be able to express an opinion on the financial statements taken as a whole without making reference. In this case, the principal auditor should not state in the audit report that part of the audit was performed by another auditor because to do so may cause a reader to misinterpret the degree of responsibility being assumed. (Editor note: Whether or not the principal auditor decides to make reference, the principal auditor should make inquiries concerning the professional reputation and independence of the other auditor. The principal auditor also should adopt appropriate measures to assure the coordination of activities in order to achieve a proper review of matters affecting the consolidating or combining of accounts in the financial statements.) Issuing an unqualified opinion is not a justification for the decision not to make reference. Whether or not the other auditor issued an unqualified opinion does not automatically determine whether the principal auditor should make reference. (Editor note: If the report of the other auditor is other than a standard report, the principal auditor should decide whether the reason for the departure is of such nature and significance in relation to the financial statements on which the principal auditor is reporting that it would require recognition in the principal auditor's report.) In some situations, it may be impracticable for the principal auditor to review the other auditor's work or to use other procedures to be satisfied as to the audit performed by the other auditor. In this case, the principal auditor would need to make reference by clearly indicating, in the introductory, scope, and opinion paragraphs, the division of responsibility between the principal auditor and the other auditor in expressing the opinion on the financial statements. (Editor note: The audit report should also disclose the magnitude of the portion of the financial statements audited by the other auditor. This may be done by stating the dollar amounts or percentages of one or more of the following: total assets, total revenues, or other appropriate criteria, whichever most clearly reveals the portion of the financial statements audited by the other auditor. The other auditor may be named but only with express permission and provided the other audit report is presented together with that of the principal auditor.) Editor note: Regardless of the principal auditor's decision whether to make reference, the other auditor remains responsible for the performance of his or her own work and report. And reference in the report of the principal auditor to the fact that part of the audit was made by another auditor is not to be construed as a qualification of the opinion but rather as an indication of the divided responsibility between the auditors who conducted the audits of various components of the overall financial statements.

Answer 57

B. Due to the inherent limitations of an audit, an audit performed in accordance with US GAAS provides no assurance that all noncompliance with laws and regulations will be detected or that any contingent liabilities that result will be disclosed. Ordinarily, the further removed noncompliance is from the events and transactions reflected in the financial statements, the less (not more) likely the auditor is to become aware of, or recognize, the noncompliance.

Answer 58

B. Incompatible functions are those that place any person in a position to both perpetrate and conceal errors or fraud in the normal course of their duties. A well-designed plan of organization separates the duties of authorization, record keeping, and custody of assets. Answers a. and d. do not separate custody and record keeping. Answer c. does not provide verification of inventory.

Answer 59

collusion, human error, and management override.

Answer 60

Functions of the client and its environment, while detection risk is not. Inherent risk and control risk differ from detection risk in that they exist independent of the audit; that is, the levels of inherent and control risk are functions of the client audit environments. The auditor has little control over these risks. The auditor can control detection risk through the scope (nature, timing and extent) of the audit procedures formed. Thus, detection risk has an inverse relationship with inherent and control risk. Inherent risk is the susceptibility of an assertion to a material misstatement, assuming there are no related controls. Control risk is the risk that a material misstatement that could occur in an assertion will not be prevented, or detected and corrected, on a timely basis by the entity's internal control. Detection risk is the risk that the auditor will not detect a material misstatement that exists in an assertion. Thus, inherent risk and control risk are functions of the client and its environment while detection risk is not. Inherent risk, control risk, and detection risk are all a part of audit risk. Inherent risk and control risk differ from detection risk in that they exist independently of the audit of financial statements, whereas detection risk relates to the auditor's procedures and can be changed at the auditor's discretion. All of the elements of audit risk should be considered in relation to individual account balances, classes of transactions and disclosures; and at the overall financial statement level.

Answer 61

Kiting occurs when a check drawn on one bank is deposited in another bank and no record is made of the disbursement in the balance or the first bank until after year-end. Kiting may be used to cover a cash shortage or to pad a company's cash position. Kiting results in an intentional overstatement of cash in the F/S as the cash is simultaneously reflected in 2 different bank accounts. To detect kiting effectively, a bank transfer schedule should be prepared. For any bank-to-bank transfers that occur near year-end, the disbursement date on the check and in the ledger for the disbursing account should precede the receipt date noted by the bank and in the ledger for the receiving account. To ensure that kiting has not occurred, evidence should exist that all deposits in transit and outstanding checks listed on the bank reconciliation at year-end cleared in the next period. This information can be confirmed by using a bank cut off statement.

Answer 62

A. Although the level of risk of management override of controls (override risk) will vary from entity to entity, the risk is, nevertheless, present in all entities. (Thus, answer A. is correct and answer B. is not.) Even if specific risks of material misstatement (RMM) due to fraud are not identified by the auditor, a possibility exists that management override could occur. Accordingly, the auditor should address this risk apart from any conclusions regarding the existence of more specifically identifiable risks by designing and performing audit procedures as discussed in the editor note below. Regarding incorrect answer C., due to the unpredictable way in which override could occur, it is a RMM due to fraud and thus a significant risk. Regarding incorrect answer D., one of the procedures required by US GAAS as a response to override risk is to select journal entries (and other adjustments) made at the end of a reporting period and to (not as opposed to) consider the need to test both throughout the period.

Answer 63

B. Management’s emphasis on meeting projected profit goals most likely would significantly influence the control environment when a significant portion of management compensation is represented by stock options because it provides an incentive to commit fraud. Answers A., C., and D. would mitigate this risk factor.

Answer 64

A. The correct answer is (A). Human involvement is more in case of manual controls. Manual controls are suitable for large, unusual, or non-recurring transactions so that personal attention can be given to each such transaction. As these transactions are of high value (e.g. purchase of a high-value equipment), proper authorization and justification is required for entering into these transactions, which is best served by manual rather than automated controls. (B), (C) and (D) are incorrect because high volume transactions, situations with routine predictable errors and circumstances requiring high accuracy are best served by automated controls. IT systems could process such transactions faster and more accurately than manual systems.

Answer 65

A. Auditor’s direct personal knowledge & observation; E. External evidence; I. Internal evidence; O. Oral evidence.

Answer 66

D. The external auditor would most likely avoid using the work performed by the internal auditors. The external auditor should not use the work of the internal audit function in obtaining audit evidence if the external auditor determines that the function's organizational status and relevant policies and procedures do not adequately support the objectivity of internal auditors [or the function lacks sufficient competence; or the function does not apply a systematic and disciplined approach, including quality control.] In this case, the external auditor would most likely avoid using their work instead of only limiting reliance on it because they report to the controller and, thus, may be reluctant to report weaknesses in the controller’s activities. When assessing the internal auditor's objectivity, the external auditor should consider whether the organizational status of the internal audit function, including the function's authority and accountability, supports the ability of the function to be free from bias, conflict of interest, or undue influence of others to override professional judgments (for example, whether the internal audit function reports to those charged with governance or an officer with appropriate authority, or if the function reports to management, whether it has direct access to those charged with governance). The question does not state that their reporting to management [the controller] is mitigated by direct access to those charged with governance. Generally, procedures designed to evaluate of the adequacy of their work will provide more information about their competence rather than their objectivity. Although objectivity and competence may be viewed as a continuum (the more their objectivity is supported by the entity and higher their level of competence, the more likely the external auditor may make use of their work and make use of it in more areas) a significant insufficiency in one, as is the case in this question, cannot be overcome by strength in the other. Additionally, neither a high level of competence nor strong support for their objectivity can compensate for the lack of a systematic and disciplined approach.

Answer 67

Place limited reliance on the work performed by the internal auditors.

Answer 68

A. Considering professional standards and whether internal auditors meet them provides an indication regarding their objectivity.The other answer choices relate to the actual audit work and hence would steer more towards the competency side of the internal auditor assessment.

Answer 69

B. Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been implemented.

Answer 70

A is correct. The auditor should obtain bank cutoff statements that include transactions for 10 to 15 days after year-end. The outstanding checks and deposits in transit at year-end on the bank reconciliation should agree with the information in the bank cutoff statement. B is incorrect. The deposits in transit are listed in the year-end bank reconciliation and traced to actual deposits appearing on the bank cutoff statement. The cutoff statement includes actual deposits received, not deposits in transit; C is incorrect. Checks dated after year-end would not be included in the year-end outstanding checklist; D is incorrect. Deposits recorded in the cash receipts journal after year-end do not effect the cash balance at year-end, and therefore the auditor would not perform audit procedures with respect to those deposits.

Answer 71

Negative confirmation=No news is good news

Answer 72

B. The auditor’s determination of materiality is often is based on estimates of the entity’s financial results because the actual financial results may not yet be known. Therefore, prior to the auditor’s evaluation of the effect of uncorrected misstatements, it may be necessary to revise materiality based on the actual financial results. That said, any significant revision is likely to have been made (based on information the auditor became aware of during the audit) before the auditor evaluates the effect of uncorrected misstatements. Regarding incorrect answers A. and C., the reassessment should be based on the actual, not the projected or interim, financial results. Regarding incorrect answer D., the auditor would not adjust the financial statements for the uncorrected misstatements. The auditor’s objective is to reassess materiality based on the actual financial statements without the corrections.

Answer 73

D. Which analytical procedures to be applied as risk assessment procedures, not the results of analytical procedures, should be considered prior to the identification and assessment of the risk of material misstatement (RMM). Prior to the auditor's identification and assessment of the RMM, planning includes the need to also consider, of course, the performance of risk assessment procedures other than analytical procedures.

Answer 74

C. The external auditor is not required to obtain written acknowledgment from the entity that the internal auditors will complete the work assigned to them by the external auditor by the agreed upon dates.

Answer 75

D. Assigning different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets is intended to reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of their duties. Incorrect answers A. and B. list record keeping tasks. Incorrect answer C. lists tasks that involve authorization.

Answer 76

D. The auditor is primarily concerned with fraud that causes a material misstatement in the financial statements. Two types of intentional (fraudulent) misstatements are relevant to the auditor—misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets. Obviously, the auditor is concerned with both answers A. and B., but neither, by itself, is the best answer to the question. Although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has actually occurred.

Answer 77

B. US GAAS does not require the inclusion of a copy of the law or regulation related to the noncompliance. Examples of documentation of findings may include copies of records or documents and minutes of discussions held.

Answer 78

C. The materiality determined when planning the audit does not necessarily establish an amount below which uncorrected misstatements, individually or in the aggregate, will always be evaluated as immaterial. The circumstances related to some misstatements may cause the auditor to evaluate them as material even if they are below materiality. Although it is not practicable to design audit procedures to detect misstatements that could be material solely because of their nature (that is, qualitative considerations), the auditor considers not only the size but also the nature of uncorrected misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial statements. One of the assumptions auditors make about financial statement users is that they have a reasonable knowledge of business and economic activities and accounting and a willingness to study the information in the financial statements with reasonable diligence. Materiality and audit risk are considered throughout the audit.

Answer 79

B. When determining materiality, one factor that may affect the identification of an appropriate benchmark is its relative volatility. When establishing the overall audit strategy, the auditor should determine materiality for the financial statements as a whole. Only if, in the specific circumstances of the entity, one or more particular classes of transactions, account balances, or disclosures exist for which misstatements of lesser amounts than materiality for the financial statements as a whole could reasonably be expected to influence the economic decisions of users, then, taken on the basis of the financial statements, the auditor also should determine the materiality level or levels to be applied to those particular classes of transactions, account balances, or disclosures. One of the assumptions auditors make about financial statement users is that users make reasonable economic decisions on the basis of the information in the financial statements. US GAAS does not assume that is it is more likely that a financial advisor will be consulted. Determining materiality does involve the exercise of professional judgment. A percentage is often applied to a chosen benchmark as a starting point in determining materiality for the financial statements as a whole; however, this methodology is not required.

Answer 80

Analytical procedures related to revenue accounts are required to be performed with the objective of identifying unusual or unexpected relationships that may indicate a material misstatement due to fraudulent financial reporting. (Editor Note: These procedures should be also performed through the end of the reporting period when forming an overall audit conclusion and to evaluate whether the accumulated results of all auditing procedures affect the assessment of the risks of material misstatement (RMM) due to fraud made earlier in the audit or indicate a previously unrecognized RMM due to fraud.) Regarding incorrect answer A., inquiries should be made of both management and those charged with governance. The only circumstance allowed by US GAAS that does not require specific inquiries (regarding oversight of management’s processes for identifying and responding to the risks of fraud and the related controls) to be made of those charged with governance is when they are all involved in managing the entity and thus no oversight exists separate from management. Regarding incorrect answer C., fraud risk factors cannot easily be ranked in order of importance and may not necessarily indicate the existence of fraud; however, they have often been present in circumstances in which fraud has occurred and, therefore, may indicate risks of material misstatement (RMM) due to fraud. Their significance varies widely. Accordingly, the determination of whether a fraud risk factor is present and whether it is to be considered in assessing the RMM due to fraud requires the exercise of professional judgment. That said, the auditor is required to evaluate whether the information obtained from the risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present. Regarding incorrect answer D., both management and those charged with governance; and others within the entity as appropriate should be asked whether they have knowledge of any actual, suspected, or alleged fraud.

Answer 81

A. As part of obtaining an understanding of the entity and its environment, the auditor should obtain a general understanding of the legal and regulatory framework applicable to the entity and the industry or sector in which the entity operates and how the entity is complying with that framework. Incorrect answer B. is not a requirement for “direct effect” (on the determination of financial statement amounts and disclosures) laws and regulations. The audit procedure to inspect correspondence, if any, with relevant licensing or regulatory authorities is required to help identify instances of noncompliance with other laws and regulations that may have a material effect on the financial statements. The auditor is also required to make inquiries of management and, when appropriate, those charged with governance about whether the entity is in compliance with such laws and regulations. Editor Note: Although neither of these specific procedures just described are required for “direct effect” laws and regulations, they may be performed—the auditor should obtain sufficient appropriate audit evidence regarding material amounts and disclosures in the financial statements that are determined by the provisions of those laws and regulations generally recognized to have a direct effect on their determination. Regarding incorrect answer C., when the auditor identifies or suspects noncompliance, the auditor may consider, but is not required, to consult with the entity’s external legal counsel. Under these circumstances, the auditor should discuss the matter with management and, when appropriate, those charged with governance. If they do not provide sufficient information to the auditor that the entity is in fact in compliance with laws and regulations, the auditor may consider it appropriate to consult with the entity’s in-house legal counsel or external legal counsel about the application of the laws and regulations to the circumstances, including the possibility of fraud, and the possible effects on the financial statements. The auditor may request management to arrange for such consultation with the entity’s legal counsel. If it is not considered appropriate to consult with the entity’s legal counsel or if the auditor is not satisfied with the legal counsel’s opinion, the auditor may consider it appropriate to consult the auditor’s own legal counsel. Regarding incorrect answer D., the auditor is not required to presume a level of risk associated with noncompliance. In the absence of identified or suspected noncompliance, the auditor is not required to perform audit procedures regarding the entity’s compliance with laws and regulations, except for those covered in this answer explanation and requesting written representations from management regarding the entity’s compliance with laws and regulations. And, of course, during the audit, the auditor should remain alert to the possibility that other audit procedures applied may bring instances of noncompliance or suspected noncompliance to the auditor’s attention.

Answer 82

Answer a., the auditor should not refer to the work of the specialist in an audit report containing an unmodified opinion. Regarding incorrect answer b., the auditor makes reference to the work of an auditor's external specialist in the audit report because such reference is relevant to an understanding of a modification to the auditor's opinion; not when the work of the specialist relates to the auditor's conclusions regarding a significant risk. Regarding incorrect answer c., the auditor should not agree to terms that stipulate the acknowledgment of the specialist in the audit report. Regarding incorrect answer d., it may be appropriate to refer to the auditor's external specialist in an audit report containing a modified opinion to explain the nature of the modification. In such circumstances, the auditor may need the permission of the auditor's specialist before making such a reference, but it is not a requirement per US GAAS.

Answer 83

D. Planning the nature, extent, and timing of specific further audit procedures depends on the outcome of risk assessment procedures, which is why planning risk assessment procedures occurs early in the audit process. Confirming that a common understanding of the terms of the audit engagement exists between the auditor and the client—a preliminary engagement activity—is an objective of the appropriate acceptance of an engagement; not the objective of planning the audit. The primary objective of the auditor is to plan the audit so that it will be performed in an effective manner. The overall audit strategy provides a basis for the detailed audit plan; not vice versa. Once the overall audit strategy has been established, an audit plan can be developed to address the various matters identified in the overall audit strategy, taking into account the need to achieve the audit objectives through the efficient use of the auditor’s resources. That said, the establishment of the overall audit strategy and the detailed audit plan are not necessarily discrete or sequential processes but are closely interrelated because changes in one may result in consequential changes to the other. (The audit plan is more detailed than the overall audit strategy in that it includes the nature, timing, and extent of audit procedures to be performed by engagement team members.) Planning for audit procedures takes place over the course of the audit as the audit plan for the engagement develops. The auditor may begin the execution of further audit procedures for some classes of transactions, account balances, and disclosures before planning all remaining further audit procedures.

Answer 84

B**.** In designing and performing tests of controls, the auditor should obtain more persuasive audit evidence the greater the reliance the auditor places on the effectiveness of a control. Regarding incorrect answer a., the auditor is required to determine the additional audit evidence to be obtained for the remaining period. Of course, if there have been significant changes, the auditor's response will be different than when no changes have occurred; however, additional evidence would need to be obtained to determine there were no changes. Regarding incorrect answer c., if deviations from controls upon which the auditor intends to rely are detected, the auditor should make specific inquiries to understand these matters and their potential consequences (not just simply switch to performing substantive procedures). The auditor should also determine if the tests on controls already performed will suffice. If not, the auditor should determine if either additional tests of controls or substantive procedures are needed to address the potential risks of misstatement. Regarding incorrect answer d., when evaluating the operating effectiveness of relevant controls, the auditor should evaluate whether misstatements that have been detected by substantive procedures indicate that controls are not operating effectively. However, the absence of misstatements detected by substantive procedures does not provide audit evidence that controls related to the relevant assertion being tested are effective.

Answer 85

D. The auditor should consider the factors that, in the auditor's professional judgment, are significant in directing the engagement team's efforts when establishing the overall audit strategy, rather than during the earlier preliminary stage. The other answer alternatives comprise all of the required preliminary engagement activities. Performing them at the beginning of the current audit engagement assists the auditor in identifying and evaluating events or circumstances that may adversely affect the auditor’s ability to plan and perform the audit engagement. Their performance should enable the auditor to plan an engagement for which the auditor maintains the necessary independence and ability to perform the engagement; has no issues with management integrity; or has no misunderstanding with the entity about the terms of the engagement.

Answer 86

The allowance for sampling risk recognizes that it is likely that what we found in the sample isn't exactly what we would find in the population. Assume a population of 1000 items, a sample of 100 items, and a sample deviation rate of 4% (4 deviations out of 100). If the upper deviation rate (from a table)is 8.5%, this implies a 4.5% allowance for sampling risk. Conversely, should the examiners provide the allowance for sampling risk (say, 3.6%), it would be added to the sample deviation rate (4%) to find an upper deviation rate of 7.6%.

Answer 87

Sample size will decrease as the following increase (inverse relationship): -Tolerable misstatement; -Acceptable level of risk.

Answer 88

2. Risk of incorrect rejection=alpha risk: is the risk that the sample supports the conclusion that the recorded account balance is materially misstated when in fact it is not materially misstated (i.e., sample results mistakenly indicate a material misstatement)

Answer 89

2. Risk of assessing control risk too high=alpha risk=risk of under reliance: is the risk that the assessed level of control risk based on the sample is greater than the true risk based on the actual operating effectiveness of the control (i.e., sample results indicate a greater deviation rate than actually exists in the population)

Answer 90

the accounting firm, covered persons, and his or her immediate family members have a broker-dealer account with an audit client if the account includes any asset other than cash or securities that are covered by the Securities Investor Protection Act.

Answer 91

D. US GAAS regarding service organizations do not apply to services that are limited to processing an entity’s transactions that are specifically authorized by the entity, such as the processing of checking account transactions by a bank or the processing of securities transactions by a broker. Nor do they apply to the audit of transactions arising from an entity that holds a proprietary financial interest in another entity, such as a partnership, corporation, or joint venture, when the partnership, corporation, or joint venture performs no processing on behalf of the entity. In addition to the other answer alternatives, a service organization’s services are part of a user entity’s information system, including related business processes, relevant to financial reporting if these services affect any of the following: (1) the related accounting records, supporting information, and specific accounts in the user entity’s financial statements that are used to initiate, authorize, record, process, and report the user entity’s transactions; this includes the correction of incorrect information and how information is transferred to the general ledger; the records may be in either manual or electronic form; (2) How the user entity’s information system captures events and conditions, other than transactions, that are significant to the financial statements; and (3) controls surrounding journal entries, including nonstandard journal entries used to record nonrecurring, unusual transactions, or adjustments.

Answer 92

B. For sound internal controls, all receipts for goods, including returned goods or materials, should be handled by the receiving clerk. Receiving reports should be prepared for all items received. Employees who have recording responsibilities should not also have custody of the related assets.

Answer 93

A. Detection risk relates to substantive audit procedures and is managed by the auditor's response to the risk of material misstatement (RMM). For a given level of audit risk, detection risk should bear an inverse relationship to the RMM at the relevant assertion level. As the RMM increases, the level of detection risk that can be accepted by the auditor decreases (and the need for the assurance provided by substantive tests increases). Likewise, as the RMM decreases, the level of detection risk that can be accepted by the auditor increases. (However, the auditor should perform substantive procedures for all relevant assertions related to material classes of transactions, account balances, and disclosures regardless of the assessed level of risk.) Regarding incorrect answer B., the risk of misapplying audit procedures is a part of detection risk. Regarding incorrect answer C., the preliminary judgment about materiality levels provides a basis for, i.e., is made prior to, the auditor’s identification and assessment of the RMM. Thus, as detection risk is set by the auditor in response to the RMM, the setting of the preliminary materiality levels is unrelated to detection risk. Moreover, the judgment about what constitutes a material misstatement is not related to the determination of the degree of risk the auditor is willing to accept that a material misstatement will be undetected. Regarding incorrect answer D., the risk of failing to discover material misstatements during an audit is detection risk.

Answer 94

B. The entity's selection and application of accounting policies, including the reasons for changes (the auditor should evaluate whether the entity’s accounting policies are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry) is another aspect of the entity the auditor is required to understand—distinct from the components of the nature of the entity. In addition to the other answer alternatives, the components of the nature of an entity that the auditor is required to understand include the types of investments that the entity is making and plans to make, including investments in entities formed to accomplish specific objectives. Editor Note: The understanding of the nature of an entity enables the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements.

Answer 95

C. It often may be relevant when agreeing on the nature, scope, and objectives of the work of the auditor’s specialist to include discussion of any relevant technical performance standards or other professional or industry requirements that the auditor’s specialist will follow, but it is not required. Editor’s note: If we’re relying on the auditor’s specialist (i.e. our specialist), then we trust that the specialist has the competency to follow her respective standards and guidelines with respect to the area we’re relying on her report for.

Answer 96

A. The auditor should include in the audit documentation the following amounts and the factors considered in their determination (1) materiality for the financial statements as a whole; (2) if applicable, the materiality level or levels for particular classes of transactions, account balances, or disclosures; (3) performance materiality; and (4) any revision of 1–3 as the audit progressed. Documentation of the reason why materiality was not determined for any classes of transactions, account balances, or disclosures is not required. Any revision to a materiality amount should be documented; not just significant revisions. The factors considered in their determination should be documented regardless of the methodology used.

Answer 97

Observe payroll check distribution on a surprise basis.

Answer 98

Vouch data in the payroll register to documented authorized pay rates in the human resources department's files.

Answer 99

A. The auditor primarily uses the the knowledge about the design of relevant internal control policies and procedures [gaining an understanding of internal control] to (1) identify types of potential misstatements and factors that affect the risks of material misstatement; and (2) in designing the nature, extent, and timing of further audit procedures.

Answer 100

C. If the auditor identifies a misstatement, whether material or not, and the auditor has reason to believe that it may be the result of fraud and that management (in particular, senior management) is involved, the auditor should reevaluate the assessment of the risks of material misstatement due to fraud and its resulting effect on the nature, timing, and extent of audit procedures to respond to the assessed risks. For example, an otherwise insignificant fraud may be significant if it involves senior management. In such circumstances, the reliability of evidence previously obtained may be called into question because there may be doubts about the completeness and truthfulness of representations made and the genuineness of accounting records and documentation. There may also be a possibility of collusion involving employees, management, or third parties. In addition to the alternative answers, the concept of materiality is applied by the auditor in evaluating the effect of uncorrected misstatements, if any, on the financial statements.

Answer 101

B. According to the guidelines of the Department of Labor (DOL), the selected auditor performing the annual audit of the company's employee benefit plan must be independent for purposes of examining financial information required to be filed annually with the DOL. The selected auditor may be a customer of the utility company, does not have to be on any approved list of firms, and does not have to be the lowest fee bidder for the work required.

Answer 102

D. The element of the audit planning process most likely to be agreed upon with the client before implementation of the audit strategy is the timing of inventory observation procedures to be performed. Evidence to be gathered to provide a sufficient basis for the auditor's opinion is solely a matter of auditor judgment. The procedures to be undertaken to discover litigation, claims, and assessments are determined by the auditor. Pending legal matters to be included in the inquiry of the client's attorney are more likely to be discussed after implementation of the audit strategy.

Answer 103

Confirm the terms of borrowing arrangements with the lender.

Answer 104

D. The detailed audit plan, not the overall audit strategy, includes a description of the nature, timing, and extent of planned further audit procedures at the relevant assertion level. In addition to the other answer alternatives, in establishing the overall audit strategy, the auditor should consider the factors that, in the auditor's professional judgment, are significant in directing the engagement team’s efforts; consider the results of preliminary engagement activities; and, when applicable, consider whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant.

Answer 105

A. The more judgment involved in planning and performing relevant audit procedures or evaluating the audit evidence obtained is a factor in the external auditor's decision to perform more of the audit work directly, i.e., to use the work of the internal audit function less, rather than in the determination of whether to use the internal audit function at all to obtain evidence.

Answer 106

B. US GAAS, issued by the AICPA are auditing standards; not accounting standards. The financial accounting standards (and the recognized organizations that issue them) used to prepare financial statements in accordance with a general-purpose framework (a financial reporting framework designed to meet the common financial information needs of a wide range of users) are: answer A., FASB Accounting Standards Codification™ (ASC), issued by the Financial Accounting Standards Board (FASB); answer C., International Financial Reporting Standards (IFRS), issued by the International Accounting Standards Board (IASB); answer D., Statements of Federal Financial Accounting Standards (SFFAS), issued by the Federal Accounting Standards Advisory Board (FASAB) for US federal government entities; and Statements of Governmental Accounting Standards (GASB Statements), issued by the Governmental Accounting Standards Board (GASB) for US state and local government entities (not included as an answer alternative in this question).

Answer 107

1.integrity; 2.objectivity; 3.professional competence and due care; 4.confidentiality; 5.professional behavior.

Answer 108

Detect material misstatement in financial statements.

Answer 109

B. Controlling the access to assets is an important objective of proper inventory control. The other answer alternatives are procedures for satisfying inventory control objectives—not actual internal control objectives.

Answer 110

C. Incompatible functions are those that place any person in a position to both perpetrate and conceal errors or fraud in the normal course of their duties. A well-designed organization plan separates authorization, record keeping, and asset custody.

Answer 111

Inherent risk and control risk At the assertion level, the risk of material misstatement (RMM) consists of (1) inherent risk, the susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls, and (2) control risk, the risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control. Editor Note: The RMM is the risk that the financial statements are materially misstated prior to the audit. It exists at both the overall financial statement level and the assertion level. (RMM at the overall financial statement level refers to those risks that relate pervasively to the financial statements as a whole and potentially could affect many assertions.) Regarding the incorrect answers: The RMM is a part of audit risk. Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk. Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.

Answer 112

C The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting one resulting from error. This is because fraud may involve sophisticated and carefully organized schemes designed to conceal it, such as forgery, deliberate failure to record transactions, or intentional misrepresentations being made to the auditor. Regarding incorrect answer A., the risk of the auditor not detecting a material misstatement resulting from management fraud is greater than for employee fraud (even when employees collude) because management is frequently in a position to directly or indirectly manipulate accounting records, present fraudulent financial information, or override control procedures designed to prevent similar frauds by other employees. Regarding incorrect answer B., it is nonsensical. Misappropriation (theft) of assets is a type of fraud. Regarding incorrect answer D., the risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting one resulting from error whether or not the error involves an omission.

Answer 113

B Detection risk is the risk that audit procedure will incorrectly lead to a conclusion that a material misstatement does not exist in an account balance when in fact such a misstatement does exist. Option (A) is incorrect because sampling risk is a risk of drawing the wrong conclusion from the sample because the sample is not representative of the population. Option (C) is incorrect because non-sampling risk is the risk due to auditor's failure and not because of sample Option (D) is incorrect because inherent risk is the risk that material misstatement of an assertion will take place in the absence of any internal controls. Editor’s note: A tip here is that sampling was not performed, but a substantive test was. Therefore, choices A and C could be eliminated, giving you a 50% chance to correctly answer this question. Furthermore, inherent risk relates to an auditor’s judgment prior to the commencement of testing, so that answer could have been eliminated as well.

Answer 114

B. The word shall is used to impose a requirement in the IESBA Code of Ethics for Professional Accountants.

Answer 115

B. If the user auditor plans to use a type 1 or a type 2 report that excludes the services provided by a subservice organization, i.e., was prepared using the carve-out method instead of the inclusive method, and those services are relevant to the audit of the user entity’s financial statements, the same US GAAS requirements imposed on the user auditor that are applicable to the service organization are applicable to the subservice organization. None of the other answers describe situations that require this response by the user auditor. Regarding incorrect answer A., the absence of complementary controls does not; as such controls may not be applicable. Regarding incorrect answer C., the user auditor may use a service auditor’s report to support the user auditor’s understanding of the service organization or, in the case of a type 2 report, as audit evidence that controls at the service organization are operating effectively. When a type 1 or 2 report is used to support the user auditor’s understanding and the description of the service organization’s system is as of a date or for a period that precedes the beginning of the period under audit, the user auditor may perform procedures to update the information in a type 1 or type 2 report to remedy this matter. Regarding incorrect answer D., a service auditor should be independent of the service organization, but the service auditor need not be independent of the user entity.

Answer 116

The correct answer is (A). A significant deficiency is less severe than a material weakness. A significant deficiency is a control deficiency, or a combination of control deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to examine further. A material weakness is also a control deficiency, or combination of control deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis.

Answer 117

B. Tracing from shipping documents to the sales invoice provides evidence that shipments to customers were properly invoiced.

Answer 118

Vouching is directional testing in which the auditor examines support for what has been recorded in the records and statements, going from the F/Ss back to supporting documents (Revenue and assets are not overstated). Evidence of existence.

Answer 119

B. As the assessed level of control risk increases, the acceptable level of detection risk decreases. To decrease detection risk, an auditor changes the nature, extent, or timing of tests of details. To decrease detection risk, an auditor increases the extent of test of details. The level of inherent risk doesn't change, although an auditor may change the assessment of the level of inherent risk. As inherent risk is the susceptibility of an assertion to misstatement, assuming no related internal controls, the assessment of inherent risk level rarely changes due to a change in control risk. Increased testing of controls that the auditor already has determined to be ineffective provides no benefit. Editor’s note: In Layman's terms, because control testing didn’t provide you as the auditor with comfort surrounding an account balance, you must now turn to increase your substantive testing in order to get comfort over an account balance (or conclude on whether there are misstatements).

Answer 120

The correct answer is (C). Under the Auditing Standards, when the auditor of a parent entity is also the auditor of a component, the factors that may influence the decision whether to obtain a separate audit engagement letter from the component include the following: Who engages the component auditor. Whether a separate auditor's report is to be issued on the component. Legal requirements regarding the appointment of the auditor. Degree of ownership by the parent. Degree of independence of the component management from the parent entity. Thus, any turnover of the component's board members would not ordinarily influence the decision to obtain a separate engagement letter from the component.

Answer 121

A. The fact that only the trust company has access to the securities should prevent unauthorized entity personnel with record keeping responsibility from conspiring or colluding to misappropriate the securities. Trust company employees or management potentially could sell or otherwise mismanage the assets. Answers C. and D. put custody and record keeping functions in the hands of one party which could result in unauthorized transactions.

Answer 122

Completeness; Valuation, Allocation, and accuracy; Existence and occurrence; Rights and obligations.

Answer 123

C. When commenting in a comfort letter on information other than audited financial statements, the auditor should describe the criteria specified by the underwriter or other requesting party. The auditor should not make the statements or use the terms (which are of uncertain meaning; they are not universally understood) described in the other answer alternatives.

Answer 124

A. Internal control, no matter how effective, can provide an entity with only reasonable, but not absolute, assurance of achieving an entity's financial reporting objectives. The likelihood of their achievement is affected by limitations inherent to internal control. These include the realities that human judgment in decision making can be faulty and that breakdowns in internal control can occur because of human failures such as simple errors or mistakes. While the other answers are generally true statements, they are not part of the concept of reasonable assurance.

Answer 125

C. The auditor should be aware that the substance of a particular transaction could be significantly different from its form and that financial statements should recognize the substance of particular transactions rather than merely their legal form. Established accounting principles ordinarily do not require transactions with related parties to be accounted for on a basis different from that which would be appropriate if the parties were not related generally, the auditor should view related-party transactions within the framework of existing pronouncements. The identification of related parties relates more to the disclosure concern rather than the auditor's review for their proper accounting.

Answer 126

B. The auditor should evaluate legal or regulatory matters of which the company is aware; however, the response to the auditor’s letter of inquiry to the client’s lawyer would not be available in the planning stage; it should be dated as close as possible to the date of the audit report. Additional matters for evaluation during the planning stage are knowledge of the company’s internal control over financial reporting obtained during other engagements performed by the auditor; matters affecting the industry in which the company operates, such as financial reporting practices, economic conditions, laws and regulations, and technological changes; the auditor’s preliminary judgments about materiality, risk, and, in integrated audits, other factors relating to the determination of material weaknesses; control deficiencies previously communicated to the audit committee or management; the type and extent of available evidence related to the effectiveness of the company’s internal control over financial reporting; preliminary judgments about the effectiveness of internal control over financial reporting; public information about the company relevant to the evaluation of the likelihood of material financial statement misstatements and the effectiveness of the company’s internal control over financial reporting; and knowledge about risks related to the company evaluated as part of the auditor’s client acceptance and retention evaluation.

Answer 127

Answer b., when developing the group audit plan, the group engagement team is required to determine whether the audit report on the group financial statements will make reference to the audit of a component auditor. Editor Note: The group engagement team should also assess the extent to which the group engagement team will use the work of component auditors. Regarding incorrect answer a., when developing the group audit plan the group engagement team is required to assess the extent to which the group engagement team will use the work of component auditors; not determine the timing of the interaction. A determination of the nature, extent, and timing of its involvement in the work of component auditors [interaction] is required when the auditor of the group financial statements is assuming responsibility for the work of a component auditor and the engagement team is deciding the work to be performed by it or on its behalf by the component auditors on the financial information of the components. Regarding incorrect answer c., in group audits involving two or more component auditors, the decision to make reference to the audit of a component auditor is made individually for each component auditor, regardless of the decision whether to refer to any other component auditor. The auditor of the group financial statements may make reference to any, all, or none of the component auditors. Regarding incorrect answer d., the key members of the engagement team are required to discuss the susceptibility of an entity to material misstatement of the financial statements due to fraud or error, specifically emphasizing the risks due to fraud. In a group audit, these discussions also may include the component auditors, but their inclusion is not a requirement. The group engagement partner’s determination of who to include in the discussions, how and when they occur, and their extent is affected by factors, such as prior experience with the group.

Answer 128

A. The auditor should, of course, communicate with those charged with governance matters involving noncompliance with laws and regulations that come to the auditor’s attention during the course of the audit, other than when the matters are clearly inconsequential; however, US GAAS only requires that the communication take place as soon as practicable when the noncompliance is believed to be intentional and material. None of the other answer alternatives reflect the US GAAS requirement regarding timely communication with those charged with governance. Although the circumstance in incorrect answer D. is not a factor in determining if the communication to those charged with governance is required to be timely, if the auditor has identified or suspects noncompliance with laws and regulations, the auditor is required to determine whether the auditor has a responsibility to report the identified or suspected noncompliance to parties outside the entity.

Answer 129

C. Current and prospective financing requirements is an example of a matter the auditor may consider when obtaining an understanding about the entity’s objectives and strategies and those related business risks that may result in risks of material misstatement; rather than a matter related to the entity’s selection and application of accounting policies, including the reasons for any changes (the auditor should evaluate whether the entity’s accounting policies are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry).

Answer 130

D. Taxation is an example of a matter the auditor may consider when obtaining an understanding about external factors; rather than a matter related to the nature of the entity.

Answer 131

C. Whether the entity has a complex structure is an example of a matter the auditor may consider when obtaining an understanding about the nature of the entity; rather than a matter related to relevant industry, regulatory, or other external factors, including the applicable financial reporting framework. Editor’s note: Take a look at the answer choices in a bit more detail and you’ll notice that choice C. is an outlier from the four choices provided; choices A., B. and D. are all external/regulatory/industry factors, while having a complex structure is more client-focused and not necessarily an industry factor.

Answer 132

C. Capital investment activities is an example of a matter the auditor may consider when obtaining an understanding about the ***_nature of the entity_***; rather than a matter related to the entity’s objectives and strategies and those related business risks that may result in risks of material misstatement.

Answer 133

A. The purpose of analytics in the planning stage of the audit is to assist in planning the audit procedures that will be used to obtain audit evidence for specific account balances or classes of transactions. To accomplish this, one of the things the auditor should focus on is the transactions and events that have occurred since the last audit date. The unaudited information from internal quarterly reports would be the best source of information for developing expectations. Expectations, in this context, are the auditor’s predictions of recorded accounts or ratios. The effectiveness of analytical procedures depends on developing expectations that can reasonably be expected to identify unexpected relationships. Account assertions in the planning memorandum would not provide the needed data to develop such expectations. The auditor is interested in transactions and events that have occurred since the last audit date, so comments in the prior year’s management letter would have limited usefulness and, again, would probably not include data needed to derive expectations. Control risk affects the reliability of data and, thus, the precision of the expectation, but it would not be considered a source for developing expectations.

Answer 134

B. An auditor should test an indirect control when the control being testing depends upon another control and the auditor determines it is also necessary to obtain audit evidence about the operating effectiveness of that control. Regarding incorrect answer a., it is not that the control being tested is necessarily ineffective without the support of the indirect control and thus the auditor must test both controls, but rather a case of the indirect control being of direct relevance to the auditor's test of the “main” control. The other answer alternatives are false statements.

Answer 135

Completeness; Valuation, Allocation, and Accuracy; Rights and obligations, and occurrence; Understandability and classification.

Answer 136

Completeness; Cutoff; Valuation, Allocation, and Accuracy; Existence and occurrence; Understandability and classification.

Answer 137

D. When the auditor identifies or suspects noncompliance with laws and regulations, the auditor should obtain an understanding of the nature of the act; the circumstances in which it has occurred; and obtain further information to evaluate the possible effect on the financial statements. Regarding incorrect answer A., at this stage, the consideration of withdrawal would be premature. The auditor may consider whether withdrawal from the engagement is necessary when management or those charged with governance (1) do not take the remedial action that the auditor considers appropriate, even when the noncompliance is not material to the financial statements; or (2) refuse to accept a modified opinion on the financial statements; either when the noncompliance has a material effect on the financial statements and it has not been adequately reflected in the financial statements; or management or those charged with governance have limited the scope of the audit such that the auditor cannot make a determination about noncompliance. Under these circumstances, the auditor may withdraw from the engagement and indicate the reasons in writing to those charged with governance. Incorrect answers B. and C. are false statements. If the auditor suspects noncompliance may exist, the auditor should discuss the matter with management (at a level above those involved with the suspected noncompliance, if possible) and, when appropriate, those charged with governance. If management or, as appropriate, those charged with governance do not provide sufficient information that supports that the entity is in compliance with laws and regulations and the effect of the suspected noncompliance may be material to the financial statements, the auditor should consider the need to obtain legal advice.

Answer 138

A. The user auditor does not make reference to the service auditor’s report as a basis, in part, for the user auditor’s opinion on the user entity’s financial statements. The fact that a user entity uses a service organization does not alter the user auditor’s responsibility to obtain sufficient appropriate audit evidence to afford a reasonable basis to support the user auditor’s opinion. However, when the user auditor expresses a modified opinion because of a modified opinion in a service auditor’s report, the user auditor is not precluded from referring to the service auditor’s report if such reference assists in explaining the reason for the user auditor’s modified opinion. The user auditor’s report should indicate that such reference to the service auditor does not diminish the user auditor’s responsibility for that opinion. In such circumstances, the user auditor need not identify the service auditor by name and may need the consent of the service auditor before making such a reference. Regarding incorrect answer B., the service auditor does not sign the user’s auditor’s report under any circumstances. Regarding incorrect answer C., the user auditor should not refer to the work of a service auditor if the user auditor’s report contains an unmodified opinion. The only reason a reference should be made to the work of a service auditor is explained above in the explanation for the correct answer A.—a reason that does not apply if the user audit report contains an unmodified opinion. Regarding incorrect answer D., the user auditor's report should not indicate shared responsibility with the service auditor under any circumstances.

Answer 139

C Identifying relevant assertions includes determining the source of likely potential misstatements in each significant class of transactions, account balance, and disclosure. Attributes indicating the potential relevance of an assertion include the nature of the assertion; volume of transactions or data related to the assertion; and the nature and complexity of the systems, including the use of information technology (IT), by which the entity processes and controls information supporting the assertion.

Answer 140

Control risk, detection risk and inherent risk.

Answer 141

International Ethics Standards Board of Accountants. The International Ethics Standards Board for Accountants (IESBA) of the International Federation of Accountants (IFAC) issues the Code of Ethics for Professional Accountants.

Answer 142

The correct answer is (D). Obtaining a current value appraisal of the collateral would be the most appropriate audit procedure to test the valuation of the collateral of a delinquent loan receivable. If the auditor is not competent enough to execute this task, he may engage a specialist to do the same. (A) is incorrect because sending a positive confirmation letter to the debtor to confirm the loan balance will not reveal information about the collateral. It will only provide the loan balance. (B) is incorrect because performing a site visit will only prove that the collateral exists, not the value of the collateral. (C) is incorrect because a review of the debtor’s purchase records to the historical value of the collateral will not provide sufficient information about its current value.

Answer 143

C. Reviewing confirmations of loans receivables and payable is useful for determining the existence of related party transactions because guarantees are commonly provided by or for related parties.

Answer 144

D. Sending sales orders to the credit department for approval is a key control for ensuring that sales are properly authorized. Although the billing and cash receipts departments should be separate (to reduce the opportunity for any one person to both perpetrate and conceal fraud or errors in the normal course of their duties), their separation does not impact whether sales are properly authorized. Use of an approved price list is a control to ensure the accuracy of sales transactions rather than proper authorization. The receipt of approved sales orders by the shipping, billing, and accounting departments occurs after the fact.

Answer 145

The correct answer is (A) Fraud is a deliberate act by one or more people, resulting in a misstatement of financial statements. It can be of two types: Fraudulent financial reporting (management fraud) and Misappropriation of assets (defalcation). A substantial decrease in client demand and an increase in business failures in either the sector or the economy as a whole provide management with an incentive (which is a fraud risk factor) to falsify financial statements resulting in fraudulent financial reporting and hence would heighten an auditor's concern about the risk of material misstatements arising from fraudulent financial reporting.

Answer 146

D. The auditor most likely would consider whether material misstatements exist when transactions selected for testing are not supported by proper documentation. Reduced emphasis on meeting earnings projections would be a factor decreasing the likelihood of earnings overstatements and assets (the most frequent misstatement). Having the board of directors make major financing decisions would decrease the incentive for management to use questionable reporting by reducing the amount of management’s responsibility. Significant deficiencies previously communicated to management may not have been corrected because of an unfavorable cost-benefit relationship.

Answer 147

D. The fact that management is interested in maintaining the entity’s earnings trend by using aggressive accounting practices indicates that management may have an incentive to engage in fraudulent financial reporting also. Stock transactions of management or the board of directors are not ordinarily considered fraud risk factors. Aggressive financial forecasts as opposed to conservative financial forecasts would be considered a fraud risk factor. In other words, answer choices A. through C. are traditional practices by management/board of directors, while using aggressive accounting policies to maintain earnings would be a strong indicator of fraudulent financial reporting.

Answer 148

The correct answer is (B). Management adhering to internal control policies is an important part of the control environment. Management reinforces expectations at the various levels of the organization, and it has a pervasive impact on the overall system of Internal Control and is the foundation for all other Internal Control components. Controls being assessed through ongoing activities and evaluations are part of the “Monitoring” component of the internal control framework. Therefore, (A) is incorrect. Duties being clearly defined and separated are related to the segregation of duties, which are part of the “Control Activities” component of the internal control framework. Therefore, (C) is incorrect. Policy Manuals providing a clear understanding of internal controls are part of the “Information and communication systems” component of the internal control framework. Therefore, (D) is incorrect.

Answer 149

The correct answer is (D). Unauthorized changes to systems constitute a potential risk associated with the use of information technology in an entity’s internal control structure. Changes to information systems not approved are a big red sign of future risk exposure. Use of information technology will not reduce the ability to monitor the entity's activities. The facilitation of additional analyses would help protect against risk, not expose it. A reduction in the circumvention of controls will help protect against potential risk as well.

Answer 150

C. The most effective control in offsetting the tendency of sales personnel to maximize sales volume at the expense of high bad debt write-offs would be the segregation of duties of those employees involved in credit-granting and sales functions. If this segregation exists, credit-granting employees should help to screen out those potential customers likely to result in high bad-debt write-offs.

Answer 151

C. The most effective control in offsetting the tendency of sales personnel to maximize sales volume at the expense of high bad debt write-offs would be the segregation of duties of those employees involved in credit-granting and sales functions. If this segregation exists, credit-granting employees should help to screen out those potential customers likely to result in high bad-debt write-offs.

Answer 152

B. A bank safe-deposit box with two company officials in control of the assets provides strong physical control over the securities. Answers A. and C. would not safeguard the physical marketable security. Answer D. does not provide for dual control throughout the year, as is preferred.

Answer 153

The correct answer is (B). A related party is a person or an entity that is related to the reporting entity: A person or a close member of that person's family is related to a reporting entity if that person has control, joint control or significant influence over the entity or is a member of its key management personnel. Transactions that may be indicative of the existence of related parties are transactions that are different than the market value of transactions and include: Borrowing or lending on zero (or unusually low / high) interest rates or with no scheduled terms for when or how the funds will be repaid. Selling real estate at a price that differs significantly from its appraised value. Exchanging property for similar property in a non-monetary transaction Selling real estate at a price different from fair value would raise suspicion about the related party transactions. All other options take place in the ordinary course of business.

Answer 154

D. Control risk is a function of the effectiveness of the design and operation of internal control in achieving a company’s objectives relevant to the preparation of the financial statements. One of the five components of internal control is the control environment. One of the elements of the control environment is a company’s organizational structure. As it provides the framework for accomplishing the company’s objectives, a relevant organizational structure includes considering key areas of authority and responsibility and appropriate (suitable) lines of reporting. The key to selecting the best answer was to determine which was most related to a company’s organizational structure. Management’s attitude and recruiting and hiring practices are not directly related to organizational structure, as is the case with lines of reporting. The physical proximity of the accounting function to upper management could be completely unrelated to organizational structure.

Answer 155

A. When assessing the internal auditors’ objectivity, the external auditor may obtain information about such factors as the organizational status of the director of the internal audit function. The professional certifications of the internal audit staff is a factor to consider when assessing their competence; not their objectivity. Answers C. and D. are factors to consider when developing evaluation procedures for testing the effectiveness of internal auditors’ work which also provides information about their competence rather than their objectivity. Editor’s note: An internal audit function reporting to the Audit Committee would be considered objective, versus an internal audit function designed to assist management.

Answer 156

1. an overly complex organizational structure involving unusual lines of authority; 2. inability to generate positive cash flows from operations, while reporting large increases in earnings; 3. difficulty in determining the organization or individuals that have controlling interest in the entity; 4. high turnover of senior management, legal counsel, or those charged with governance.

Answer 157

A. The nature, extent, and timing of procedures the auditor chooses to perform in the consideration of internal control will vary depending on the size and complexity of the entity, previous experience with the entity, the nature of the specific controls used by the entity including the entity’s use of IT, the nature and extent of changes in systems and operations, and the nature of the entity’s documentation of specific controls.

Answer 158

The correct answer is (C) Recording of fictitious transactions would cause an overstatement of both revenues and receivables and not an understatement of revenues and an overstatement of receivables. Claims received from a customer for goods returned are recorded in other customer accounts, it would not be a misstatement of the revenue or receivables and a fraud is not likely to be perpetrated. This would just be a misstatement of the related revenue or receivables individual component. Failure to prepare shipping documents may cause an overstatement of inventory balances, the same is not likely to result in fraud. The requirement is to identify the type of fraudulent activity which could most likely be perpetrated due to the lack of effective internal controls in the revenue cycle. Strong controls can be implemented in the revenue cycle by proper segregation of duties. The person who receives cash from customers (Custody) should not be authorizing credit (Authorization) to them. If these duties are done by the same person, they may collect cash from the entity's customers and not report it, resulting in the possibility of misappropriation of cash.

Answer 159

C. Segregation of duties prevents an employee from committing fraud and subsequently concealing it. Proper segregation of duties separates the functions of record keeping, custody and authorization. Answers A. and B. are not necessarily fraudulent activities. Fictitious transactions that overstate receivables also tend to overstate revenue, not understate it.

Answer 160

C. One of the most effective means of detecting or preventing fraud is the segregation of duties involving authorization, custody, and record keeping. Authorization of credit memos by personnel who receive cash (custody) is not segregation of these duties. The recording of fictitious transactions and failure to prepare shipping documents resulting in an overstatement of inventory likely would be discovered during reconciliations. Return claims applied to inappropriate accounts likely would be discovered by customers when monthly statements are issued.

Answer 161

D. Accounting for unused purchase orders and receiving reports by the same department does not provide sufficient segregation of duties for the authorization, custody, and reporting functions of an effective internal control system. The lack of segregation of these items could result in an employee defalcation scheme. Answers A. – C. each represent a procedure that is usually performed in the vouchers payable department.

Answer 162

C. The segregation of custody and reporting is an important internal control that is most likely to deter a lapping scheme. Authorization of write-offs by a supervisor is a good control but would not in itself prevent an employee from misappropriating accounts receivable collections because the supervisor is unfamiliar with the accounts, as indicated in the question, and would, therefore, not be aware of customers who are delinquent in their payments. Answers a. and d. are examples of good internal controls but would not by themselves uncover a lapping scheme.

Answer 163

A. By promptly notifying the payroll supervisor of employee terminations, the personnel department would avoid a terminated employee from continuing to be paid. Unclaimed payroll checks should be forwarded to the Treasurer’s office. Salary rates should be controlled in the personnel office. Total hours should be determined and approved prior to getting to the payroll department. Although answers C. and D. are good controls, they would not prevent employee payroll fraud.

Answer 164

A. By promptly notifying the payroll supervisor of employee terminations, the personnel department would avoid a terminated employee from continuing to be paid. Unclaimed payroll checks should be forwarded to the Treasurer’s office. Salary rates should be controlled in the personnel office. Total hours should be determined and approved prior to getting to the payroll department. Although answers C. and D. are good controls, they would not prevent employee payroll fraud.

Answer 165

A. Control risk is the risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity's internal control. The risk that the auditor will not detect a material misstatement refers to detection risk, not control risk. The risk that the auditor's assessment of internal controls will be at less than the maximum level is not a risk—the use of risk assessment procedures and tests of controls may appropriately result in such a conclusion. The susceptibility of material misstatement assuming there are no related internal controls, policies, or procedures refers to inherent risk, not control risk.

Answer 166

The correct answer is (A). Inherent Risk (IR) is Susceptibility of a relevant assertion to a material misstatement. Factors in the entity and its environment influence IR. E.g., If entity’s inventory becomes obsolete rapidly due to technology, IR ↑ for inventory If entity lacks sufficient working capital, IR ↑ for several assertions If entity in a declining industry with many business failures, IR ↑ for several assertions Technological developments that may render inventory obsolete is an example of an inherent risk that an auditor should always consider.

Answer 167

B. Collusion of two or more people to circumvent controls is an inherent limitation of any system of internal control. An internal control system, no matter how well designed and operated, cannot give an entity absolute assurance that its objectives will be met because any system can contain inherent limitations. Other inherent limitations of internal control are faulty human judgment in decision making, human errors that cause breakdowns in internal control, and inappropriate management override of controls. Regarding incorrect answer A., judgmental sampling, is part of the application of an auditing procedure; not an inherent limitation of internal control. Incorrect answers C. and D., segregation of [incompatible] duties and employee peer reviews, respectively, are examples of controls; not inherent limitations.

Answer 168

D. The physical observation and/or inspection of assets are examples of procedures performed in response to the assessed risk of material misstatement at the assertion level, i.e., the assertion of existence. The other answer alternatives are overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level rather than the assertion level (the assertion level is at a more specific level of testing than the financial statement level and hence a more thorough procedure is required)

Answer 169

Answer D., the best way to compensate for the lack of adequate segregation of duties in a small organization is to allow for greater management oversight of incompatible activities because it is the more constant control and a practical solution. Regarding incorrect answer A., disclosing lack of segregation of [incompatible] duties to the external auditors during the annual review would not be effective because it could occur after a problem had occurred. Moreover, establishing and maintaining effective internal control is the responsibility of management, NOT the auditors. Regarding incorrect answer B., replacing personnel every three or four years is not effective because, again, it could occur after the fact, not to mention it is so draconian it could actually motivate some individuals to commit fraud if they became aware of the policy. Regarding incorrect answer C., an issue discovered during a yearly background check of accountants is not as effective because it could also occur after the fact. Also, even if the background check did not reveal any issues, collusion could occur with individuals who had not committed fraud in the past because they were subjected to pressures they had not experienced before.

Answer 170

B. One of the first determinations to be made by an auditor for a group audit is whether to act as the auditor of the group financial statements. Although the other answer alternatives are matters that are determined early in the audit, they are made by an auditor who has decided to act as auditor for the group financial statements. Relevant factors in determining whether to act as the auditor of the group financial statements include, among other things, the following: (1) the individual financial significant of the components for which the auditor of the group financial statements will be assuming responsibility; (2) the extent to which significant risks of material misstatement of the group financial statements are included in the components for which the auditor of the group financial statements will be assuming responsibility; and (3) the extent of the group engagement team’s knowledge of the overall financial statements. Editor’s note: Don’t let the term “group” trick you on questions like these; no matter whether group or component, big or small, the earliest thing you should be doing as an auditor is to consider whether to perform the audit. You already know and understand the due diligence required prior to accepting an engagement, and these same items apply with group/component audits.

Answer 171

The correct answer is (D). A walkthrough is a risk assessment procedure to obtain evidence about the design and implementation of internal control. Here the auditor traces transactions from inception through recording in books to reporting in financial statements. (A) is incorrect because testing and documenting the results of tests of controls happens subsequent to risk assessment procedures like walkthroughs. (B) and (C) are incorrect because an inspection of documents and observation of activities are individual components of the process of a walkthrough, which involves walking through from inception to financial reporting. Other than inspection and observation, a walkthrough also focuses on inquiry of client personnel and reperformance of some of their activities.

Answer 172

The correct answer is (D). A walkthrough is a risk assessment procedure to obtain evidence about the design and implementation of internal control. Here the auditor traces transactions from inception through recording in books to reporting in financial statements. (A) is incorrect because testing and documenting the results of tests of controls happens subsequent to risk assessment procedures like walkthroughs. (B) and (C) are incorrect because an inspection of documents and observation of activities are individual components of the process of a walkthrough, which involves walking through from inception to financial reporting. Other than inspection and observation, a walkthrough also focuses on inquiry of client personnel and reperformance of some of their activities.

Answer 173

C. An independent comparison of finished goods records with counts of goods on hand is designed to detect errors and fraud concerning inventory custody as it provides an independent reconciliation of the two amounts. Answers A. and B. do not consider the inventory itself nor inventory custody. The storekeeper should not be able to approve inventory journal entries because he or she has custody of the assets.

Answer 174

A. While incompatible duties can be segregated and therefore controlled, the possibility of management override and collusion among employees to circumvent controls will still exist. Mistakes in judgment also cannot be controlled.

Answer 175

C. Business structure and operating style occasionally are designed deliberately to obscure relationships. Because *compensating balance (补偿性余额)* arrangements and non monetary transactions obscure the form of transactions,they are suspect. Compensating balance arrangements involve related parties more often than the other answer options. Segregation of duties applies whether the parties to a transaction are related or not. Reasonable and unreasonable accounting estimates both exist with and without related parties present. Entities frequently have recurring transactions with independent entities.

Answer 176

D. Answers A. – C. are all controls applicable to the billing process. Answer D. is a control used after the billing process.

Answer 177

D. The auditor is required to perform analytics in the planning stage of the audit. These procedures assist the auditor in planning the nature, extent, and timing of substantive tests; thus, they should focus on enhancing the auditor's understanding of the client's business and the transactions and events that have occurred since the last audit and identifying areas that may represent specific risks relevant to the audit. Analytics involve comparisons of recorded amounts or ratios developed from recorded amounts to expectations developed by the auditor. Comparison of recorded financial information with anticipated results from budgets and forecasts is appropriate for this planning stage. Representations from management are dated the same date as the auditor's report. Communication regarding the prior year's audit adjustments typically occurs near the end of the audit for that year. Inquiry of the client's attorney tends to occur after the planning stage, as part of the substantive tests.

Answer 178

D. Of the procedures listed, an auditor is most likely to determine the extent of involvement of the client's internal auditors in developing the overall audit strategy of a financial statement audit. A representation letter from the client's management (and, when appropriate, those charged with governance) is obtained at the end of an audit, not the beginning—it should be as of the date of the audit report on the financial statements. Examining documents and considering the reasonableness of estimates are procedures performed during the audit.

Answer 179

B. Analytical procedures, such as comparing the financial statements to anticipated results, are used as risk assessment procedures during the planning phase of an audit to provide the basis for planning further audit procedures. Inquiry of the client’s legal counsel about pending litigation is an audit procedure that would be performed near the end of the engagement. (It is preferable that the legal counsel’s response be as close to the date of the audit report as is practicable to avoid the need to obtain updated information.) Even if the inquiry (as opposed to the date of the response) occurs earlier in the audit, it is unlikely to be made during the planning (risk assessment) phase. A related activity, i.e., obtaining a general understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with that framework, is actually best performed very early in the planning phase (prior to the auditor’s identification and assessment of the risks of material misstatement), but this is different than the substantive audit procedure known as the letter of inquiry. Answer C. is a substantive audit procedure that would be performed during the audit engagement to support management's assertion of completeness. When performing risk assessment procedures to obtain an understanding of controls that are relevant to the audit, the auditor evaluates the design of those controls and determines whether they have been implemented. This is different than answer D. which is an example of testing the operating effectiveness of a control. Testing the operating effectiveness of a control is a substantive procedure (tests of controls) performed during the audit as a response to the auditor’s assessment of the risks of material misstatement. Editor Note: Analytical procedures are also used as substantive procedures during the audit to detect material misstatements at the assertion level and near the end of the audit to assist the auditor when forming an overall conclusion on the financial statements.

Answer 180

A. Assertions about completeness are tested by testing whether or not all cash is recorded. If employees consistently use cash registers and tapes, it is likely that all cash is recorded. Inquiry about employees’ access to undeposited recorded cash, comparing the cash receipts journal to the general ledger, and comparing the cash balance in the general ledger with the bank confirmation request, only test assertions about recorded cash.

Answer 181

A. The entity's risk assessment process is part of its internal control. Gaining an understanding of the entity's internal control is the first of these four procedures to be performed in an audit and is an example of a matter considered in establishing the overall audit strategy. The auditor identifies specific activities designed to prevent fraud when considering relying on internal control. The other two options are substantive procedures performed during the audit.

Answer 182

D. The procedures in place to monitor and properly restrict access to equipment would more likely be observed by the auditor than be part of a questionnaire, as this is very important. Answer A. represents the authorization function of the control structure, which would be included on the internal control questionnaire. Answer B. represents a procedure to test the accounting and recording function of the control structure, which the auditor would include in an internal control questionnaire. Requests for competitive bids reduce the possibility of an individual’s personal gain at the expense of the business in unusual and material transactions.

Answer 183

D. The procedures in place to monitor and properly restrict access to equipment would more likely be observed by the auditor than be part of a questionnaire, as this is very important. Answer A. represents the authorization function of the control structure, which would be included on the internal control questionnaire. Answer B. represents a procedure to test the accounting and recording function of the control structure, which the auditor would include in an internal control questionnaire. Requests for competitive bids reduce the possibility of an individual’s personal gain at the expense of the business in unusual and material transactions.

Answer 184

D. Assertions about completeness deal with whether all transactions and accounts that should be presented in the financial statements are so included. One step in assuring this is the periodic reconciliation of prenumbered purchase orders, receiving reports, and vouchers.

Answer 185

D. Assertions about completeness deal with whether all transactions and accounts that should be presented in the financial statements are so included. One step in assuring this is the periodic reconciliation of prenumbered purchase orders, receiving reports, and vouchers.

Answer 186

B. One of the inherent limitations of internal control is the inappropriate management override of controls. An example of this would be if the CEO can request a check with no purchase order. The other answer alternatives describe weaknesses in internal control, but they are not inherent limitations. Inherent limitations are intrinsic—the incorrect answers are examples of failures in internal control that can be remedied.

Answer 187

A. In general, any situation that requires the application of judgment to make a decision tends to impair independence. Developing client policies is listed as a general activity that impairs auditor independence. Providing or recommending methodologies or internal control procedures does not impair independence; client management still bears the burden of deciding to select and implement those methodologies or procedures. Providing accounting opinions to a legislative body or other group generally does not impair independence.

Answer 188

C. Access to blank checks and signature plates is restricted to the cash disbursements bookkeeper who personally reconciles the monthly bank statement is the situation that most likely could lead to an embezzlement scheme. Bank reconciliations should not be prepared by persons who sign checks or keep the records for receipts or disbursements. This is an example of incompatible functions which place a person in the position to both perpetrate and conceal errors or fraud in the normal course of their duties. The duties of authorization, record keeping, and custody of assets should be separated. Additionally, bank reconciliations should not be done by persons with responsibility for handling cash receipts. The other answer alternatives are examples of appropriate duties/control practices.

Answer 189

A. A large number of bearer bonds on hand most likely represents the highest risk of a misstatement arising from the misappropriation of assets. This is a risk factor categorized as an opportunity. Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation, for example, large amounts of cash on hand or processed; inventory items that are small in size, of high value, or in high demand; easily convertible assets, such as bearer bonds, diamonds, or computer chips; or fixed assets that are small in size, marketable, or lacking observable identification of ownership.

Answer 190

while reporting earnings and earnings growth Answer b., a lack of independent checks (or inadequate segregation of duties) is one of the risk factors related to misstatements arising from the misappropriation of assets. The other answer alternatives are risk factors related to misstatements arising from fraudulent financial reporting rather than the misappropriation of assets. Editor Note: There are two types of fraud relevant to the auditor's consideration—fraudulent financial reporting and misappropriation of assets.

Answer 191

The correct answer is (C). A top-down approach begins at the financial statement level and with the auditor's understanding of the overall risks to ICFR. The auditor then focuses on entity-level controls and works down to significant accounts and disclosures and their relevant assertions. (A) and (B) are incorrect because before reviewing balance sheet or income statement accounts, the auditor should understand overall risks to ICFR at the financial statement level. (D) is incorrect because the auditor should begin by understanding the overall risks to ICFR at the financial statement level and then move down to accounts at the general ledger level.

Answer 192

The correct answer is (A). Noting in a narrative that the documentation for the sales order system showed the printing of a shipment-exception report listing non-invoiced shipments, is an indicator that the auditor has gained a sufficient understanding of the internal controls related to the sales order process. During the “Understanding the entity and its processes” stage of the audit, the auditor usually performs tests of Design on controls. To understand and document system processes and internal controls, the auditor uses procedures such as talking to the client, internal control and internal control evaluation questionnaires, narrative notes and flowcharts. Hence, noting in a narrative clearly implies that the auditor has gained a sufficient understanding of a client's internal controls. (B), (C) and (D) relate to tests of the operating effectiveness of key controls.

Answer 193

B. Analytical procedures performed as risk assessment procedures, i.e., analytical procedures used to plan the audit, often use data aggregated at a high level. The objective is to identify the existence of unusual transactions or events and amounts, ratios, and trends that might indicate matters that have financial statement and audit planning ramifications. Analytical procedures are not used to replace tests of controls. Analytical procedures can be used as substantive tests to obtain audit evidence about particular assertions (which is not part of the planning stage). Substantive analytical procedures often involve the comparison of expectations developed by the auditor (not assertions developed by management) to recorded amounts (or ratios developed from recorded amounts) to achieve an audit objective related to a particular assertion made by management. The determination of materiality is made early in the planning process. A percentage is often applied to a chosen benchmark as a starting point in determining materiality for the financial statements as a whole. However, this type of analysis is not the same as performing analytical procedures in the context of an audit. (Analytical procedures are defined by US GAAS as evaluations of financial information through analysis of plausible relationships among both financial and nonfinancial data. Analytical procedures also encompass such investigation, as is necessary, of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount.)

Answer 194

B. An inherent limitation to internal control is the fact that controls can be circumvented by management override. Other limitations inherent to internal control include human failures such a faulty decision making and simple errors or mistakes. Additionally, controls can be circumvented by the collusion of two or more people. A well-designed internal control system does not ensure the achievement of an entity's control objectives nor can it be designed and operated to detect all errors and fraud; it only provides the entity with reasonable, not absolute, assurance due to these inherent limitations.

Answer 195

The correct answer is (D). Fraud is an intentional act that results in a material misstatement in financial statements. Such intent is often difficult to determine, particularly in matters involving accounting estimates and the application of accounting principles. For example, unreasonable accounting estimates may be unintentional or may be the result of an intentional attempt to misstate the financial statements. Hence,It is often difficult to detect fraudulent intent in matters involving accounting estimates and the application of accounting principles and estimates lead to a high degree of judgment and subjectivity on part of management. (A) is incorrect because the distinguishing factor between fraud and error is not defined by materiality. (B) is incorrect because an auditor detects and assesses the implications of fraud encountered during an audit engagement but does not have legal authority to make any further decisions. CPAs are not attorneys. (C) is incorrect because unintentional misstatements are not included in fraudulent financial reporting.

Answer 196

B. The auditor would most likely use the entity's annualized interim financial statements. Although applying a percentage to a chosen benchmark, such as a category of reported income, as a starting point to determine materiality for the financial statements as a whole is not required, it is a method that is often used. With regard to the chosen benchmark, relevant financial data ordinarily includes prior periods’ financial results and financial positions; the period-to-date financial results and financial position; and budgets or forecasts for the current period. The auditor should take into account any significant changes in the entity's circumstances and relevant changes in the economy or the industry in which the entity operates. The anticipated sample size of the planned substantive tests and the internal control questionnaire are, if anything, dependent on materiality, not vice versa. The representation letter is dated as the date of the audit report and thus its content would not be available during the planning stage of the audit.

Answer 197

D. There is no need for the auditor to evaluate whether each assessed risk due to fraud is a significant risk; thus, answer D. is the correct answer, i.e., the only statement that is not true. The auditor should treat all of them as significant risks (answer C.) and, accordingly, obtain an understanding of the entity’s related controls, including the evaluation of whether such controls have been suitably designed and implemented to mitigate such fraud risks. Answers A., and B. are also true statements. Regarding answer A., the auditor’s risk assessment of material misstatement due to fraud should be ongoing throughout the audit, following the initial assessment. Regarding answer B., when identifying and assessing the risks of material misstatement (RMM) due to fraud, the auditor should, based on a presumption that risks of fraud exist in revenue recognition, evaluate which types of revenue, revenue transactions, or assertions give rise to such risks. (If the auditor has concluded that this presumption is overcome in the circumstances of the engagement, the auditor should include in the audit documentation the reasons for that conclusion.)

Answer 198

Incorrect rejection.

Answer 199

A. The nature of risks at the financial statement level requires an overall response by the auditor. All of the other answer alternatives are true, but they are not responsive to the question.

Answer 200

A. GAAS requires a different auditing approach for each category because the auditor has different responsibilities for each, as follows: For the provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements, the auditor's responsibility is the same as that for misstatements caused by fraud or error—to obtain sufficient appropriate audit evidence regarding material amounts and disclosures in the financial statements that are determined by the provisions of those laws and regulations. For the other category, that does not have such a direct effect; the auditor's responsibility is limited to performing specified audit procedures that may identify noncompliance with those laws and regulations that may have a material effect on the financial statements. The other answer alternatives are false statements. In regard to answer c., whether an act assignable to either GAAS category constitutes noncompliance with laws and regulations is a matter for legal determination, which ordinarily is beyond the auditor's professional competence to determine. Nevertheless, the auditor's training, experience, and understanding of the entity and its industry or sector may provide a basis to recognize that some acts coming to the auditor's attention may constitute noncompliance with laws and regulations.