The auditor should perform tests of controls when the auditor’s assessment of the risks of material misstatement includes an expectation of the operating effectiveness of internal control or when
Substantive procedures alone cannot provide sufficient appropriate audit evidence at the relevant assertion level.
For some RMMs, the auditor may determine that it is not feasible to obtain sufficient appropriate audit evidence only from substantive procedures. These RMMs may relate to routine, significant transactions subject to highly automated processing with no documentation except what is recorded in the IT system. In such circumstances, the controls over the RMMs are relevant to the audit. Thus, the auditor should obtain an understanding of, and test, the controls.
The risks of material misstatement (RMMs) should be assessed in terms of
Financial statement assertions.
The auditor’s objective is to identify and assess the RMMs, whether due to fraud or error, at the financial statement and relevant assertion levels. This objective is achieved through understanding the entity and its environment, including its internal control. The understanding provides a basis for designing and implementing responses to the assessed RMMs (AU-C 315 and AS No. 12).
Once a deviation is discovered by an auditor, what should be done?
(s)he should investigate it further by making inquiries to understand the potential consequences of the deviation.
Regardless of the assessed risks of material misstatement, an auditor should perform some
Substantive procedures to restrict detection risk for significant transaction classes.Regardless of the assessed RMMs (or the effectiveness of the relevant controls), the auditor should design and perform substantive procedures for all relevant assertions related to each material transaction class, account balance, and disclosure.
What are the 4 procedures used in tests of controls?
A nonissuer audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in an audit of financial statements?
Adopt a substantive audit approach.
For some RMMs, the auditor may determine that it is not feasible to obtain sufficient appropriate audit evidence only from substantive procedures. These RMMs may relate to routine, significant transactions subject to highly automated processing with no documentation except what is recorded in the IT system. In such circumstances, the controls over the RMMs are relevant to the audit. Thus, the auditor should:
obtain an understanding of, and test, the controls.
In performing tests of controls, the auditor will normally find that the rate of deviations in the sample:
The rate of deviations in the sample exceeds the rate of error in the accounting records.
When testing controls, the auditor is directly concerned with deviations from specific controls. Failure to comply with a control does not necessarily result in an error in the records. For example, the absence of an authorization signature does not necessarily mean that the transaction was improperly recorded. Accordingly, the rate of deviations from a control normally exceeds the error rate in the records.
When an auditor plans to rely on controls that have changed since they were last tested, which of the following courses of action would be most appropriate?
Test the operating effectiveness of such controls in the current audit.
Controls that have changed must be tested for operating effectiveness before they can be relied on.
Providing more supervision during an audit of a nonissuer in response to assessed risks of material misstatement at the financial statement level is an example of
An overall response.
Overall responses apply to the assessed RMMs at the financial statement level. The following are examples of overall responses:
(1) An emphasis on professional skepticism in evidence gathering and evaluation;
(2) increased supervision;
(3) assignment of staff with greater experience or expertise;
(4) greater unpredictability in the choice of further audit procedures; and
(5) changing the nature, timing, and extent of audit procedures, such as modifying the nature of a procedure to obtain more persuasive evidence (AU-C 330).
As the acceptable level of detection risk for a given audit risk increases, the audit effort devoted to substantive procedures may be reduced. The auditor may change the nature, timing, or extent of substantive procedures, for example, by changing the timing to:
an interim date.
The objective of tests of details of transactions performed as tests of controls is to
Evaluate whether internal controls operated effectively.
What is parallel simulation?
Parallel simulation is the computer-assisted audit technique in which the auditor inserts the auditor’s version of the client’s program to reprocess client data and compare the output with the client’s output.
An auditor most likely should test for the presence of unauthorized computer program changes by running a
Source code comparison program.
The best way to test for unauthorized computer program changes is to examine the program itself. By comparing a program under his or her control with the program used for operations, the auditor can determine whether unauthorized changes have been made.
An auditor who wishes to capture an entity’s data as transactions are processed and continuously test the entity’s computerized information system most likely would use which technique?
Embedded audit module. Continuous monitoring and analysis of transaction processing can be achieved with an embedded audit module. An audit module embedded in the client’s software routinely selects and abstracts certain actual transactions and other information with audit significance. They may be tagged and traced through the information system. A disadvantage is that audit hooks must be programmed into the operating system and applications. An alternative is recording in an audit log, i.e., in a file accessible only by the auditor.
Reasonableness tests are used to test:
Reasonableness tests are used to test quantities received to determine whether they are comparable to an acceptable amount.
Under what computer program and under who’s control is test data processed?
The client’s computer programs under the auditor’s control. These results are then compared to the auditor’s expectations.
What is integrated test facility?
The ITF or minicompany technique is a development of the test data method. It permits dummy transactions to be processed at the same time as live transactions but requires additional programming to ensure that programs will recognize the specially coded test data. The auditor can test the controls by including various types of transactions to be processed.
The major purpose of the auditor’s study and evaluation of the company’s computer processing operations is to
Evaluate the reliability and integrity of financial information.
When using test data, the test data must consist of all possible valid and invalid conditions: True or False?
FALSE: The test data approach includes preparation of dummy transactions by the auditor. These transactions are processed by the client’s computer programs under the auditor’s control. The test data consist of one transaction for each valid and invalid condition that interests the auditor. Consequently, the test data need not consist of all possible valid and invalid conditions.
In parallel simulation, actual client data are reprocessed using an auditor software program. An advantage of using parallel simulation, instead of performing tests of controls without a computer, is that
The size of the sample can be greatly expanded at relatively little additional cost.
What are the advantages and disadvantages of parallel simulation?
The primary disadvantages are the initial cost of obtaining the software and the need for coordination with client personnel to gain access to transactions. However, the auditors have the freedom to process transactions
(1) at their convenience,
(2) using their own equipment, and
(3) taking as long as necessary. Thus, the auditors can greatly increase the sample size at relatively little marginal cost.