You are on page 1of 10

Auditing and Attestation 3

Class Questions

1
1. CPA-04620 (Newly Released Q)
A successor auditor should request the new client to authorize the predecessor auditor to allow a review
of the predecessor's:
Engagement letter Working papers
a. Yes Yes
b. Yes No
c. No Yes
d. No No

CPA-04620
Choice "c" is correct. It is not appropriate for the successor auditor to request a review of the
predecessor auditor's engagement letter. This is a business matter between the client and the
predecessor auditor that has no impact on the successor's audit. Conversely, review of the predecessor
auditor's working papers (audit documentation) is appropriate and customary to facilitate the successor's
audit.
Choices "a", "b", and "d" are incorrect, based on the above explanation.

2. CPA-04621 (Newly Released Q)
A document in an auditor's working papers includes the following statement:
"Our audit is subject to the inherent risk that material errors and fraud, including defalcations, if they
exist, will not be detected. However, we will inform you of fraud that comes to our attention, unless it
is inconsequential."
The above passage is most likely from a(an):
a. Comfort letter.
b. Engagement letter.
c. Letter of audit inquiry.
d. Representation letter.

CPA-04621
Choice "b" is correct. An engagement letter includes discussion of both the auditor's responsibilities and
the limitations of the engagement. The fact that audit risk exists and that an audit may not detect material
errors and fraud is typically included in this letter.
Choice "a" is incorrect. A comfort letter provides negative assurance on certain unaudited financial
information for the period from the last audit to the date of the registration of securities. It would not
include discussion of the limitations of an audit or of the auditor's responsibilities during the audit.
Choice "c" is incorrect. A letter of audit inquiry is sent to the client's attorney, requesting direct
corroboration of information provided to the auditor by management. It would not include discussion of
the limitations of an audit or of the auditor's responsibilities during the audit.
Choice "d" is incorrect. The management representation letter is provided by management at the end of
the engagement, to confirm representations given to the auditor. It would not include discussion of the
limitations of an audit or of the auditor's responsibilities during the audit.


Auditing and Attestation 3
Class Questions

2
3. CPA-02675
During the initial planning phase of an audit, a CPA most likely would:
a. Identify specific internal control activities that are likely to prevent fraud.
b. Evaluate the reasonableness of the client's accounting estimates.
c. Discuss the timing of the audit procedures with the client's management.
d. Inquire of the client's attorney as to whether any unrecorded claims are probable of assertion.

CPA-02675
Choice "c" is correct. Procedures that an auditor may consider in planning the audit include discussing
the type, scope, and timing of the audit with the client's management.
Choice "a" is incorrect. Identifying specific internal control activities that are likely to prevent fraud is an
audit procedure, but not an initial planning activity.
Choice "b" is incorrect. Evaluating the reasonableness of the client's accounting estimates is not a
planning activity. It is part of the evidence gathered later in the audit process.
Choice "d" is incorrect. Inquiring of the client's attorney is not a planning activity. It is part of the evidence
gathered later in the audit process.

4. CPA-02679
Of the following nonfinancial information, what would an auditor most likely consider in performing
analytical procedures during the planning phase of an audit?
a. Turnover of personnel in the accounting department.
b. Objectivity of audit committee members.
c. Square footage of selling space.
d. Management's plans to repurchase stock.

CPA-02679
Choice "c" is correct. When performing analytical procedures, the auditor considers relevant nonfinancial
information, which generally is related to financial data in some way. For example, a relationship might
exist between the square footage of selling space and the level of sales.
Choice "a" is incorrect. The auditor would consider the turnover of accounting personnel when assessing
control risk and the risk of fraud, not when performing analytical procedures during planning.
Choice "b" is incorrect. The auditor would consider the integrity of members of the audit committee when
deciding whether to accept the engagement and when assessing control risk and the risk of fraud, not
when performing analytical procedures during planning.
Choice "d" is incorrect. The auditor would consider management's plans to repurchase stock when
assessing control risk and when considering appropriate disclosure, not when performing analytical
procedures during planning.

Auditing and Attestation 3
Class Questions

3
5. CPA-02754
Inherent risk and control risk differ from detection risk in that they:
a. Arise from the misapplication of auditing procedures.
b. May be assessed in either quantitative or nonquantitative terms.
c. Exist independently of the financial statement audit.
d. Can be changed at the auditor's discretion.

CPA-02754
Choice "c" is correct. Inherent risk and control risk differ from detection risk in that they exist
independently of the audit of financial statements, whereas detection risk is related to the auditor's
procedures and can be changed at the auditor's sole discretion.
Choice "a" is incorrect. Inherent risk and control risk exist independently of the audit and do not arise
from misapplication of auditing procedures.
Choice "b" is incorrect. All three components of audit risk may be assessed in quantitative terms, such as
percentages, or in nonquantitative terms that range, for example, from a minimum to a maximum.
Choice "d" is incorrect. The auditor cannot change inherent risk or control risk since they exist
independently of the financial statement audit. Only detection risk can be changed at the auditor's
discretion.

6. CPA-02759
On the basis of audit evidence gathered and evaluated, an auditor decides to increase the assessed level
of control risk from that originally planned. To achieve an overall audit risk level that is substantially the
same as the planned audit risk level, the auditor would:
a. Decrease substantive testing.
b. Decrease detection risk.
c. Increase inherent risk.
d. Increase materiality levels.

CPA-02759
Choice "b" is correct. Detection risk is inversely related to control risk and inherent risk. Therefore, an
increase in control risk would cause a decrease in allowable detection risk.
Choice "a" is incorrect. The auditor uses the assessed level of control risk (together with the assessed
level of inherent risk) to determine the acceptable level of detection risk, which is then used to determine
the nature, timing, and extent of substantive tests. An increase in control risk would cause a decrease in
allowable detection risk. This is accomplished by increasing substantive testing.
Choice "c" is incorrect. The auditor uses the assessed level of control risk (together with the assessed
level of inherent risk) to determine the acceptable level of detection risk, which is then used to determine
the nature, timing, and extent of substantive tests. Inherent risk exists independently of the audit and
cannot be changed by the auditor.
Choice "d" is incorrect. Materiality is a matter of professional judgment and is influenced by the auditor's
perception of the needs of a reasonable person who will rely on the financial statements. Materiality
levels would not be affected by a change in the assessed level of control risk.


Auditing and Attestation 3
Class Questions

4
7. CPA-02682
For which of the following judgments may an independent auditor share responsibility with an entity's
internal auditor who is assessed to be both competent and objective?
Assessment of Assessment of
inherent risk control risk
a. Yes Yes
b. Yes No
c. No Yes
d. No No

CPA-02682
Choice "d" is correct. The independent auditor is solely responsible for reporting on the financial
statements. Thus, while he or she may use the work of the entity's internal auditor (both work already
performed and work performed as part of the audit), independent auditors may not share any
responsibility involving judgments, including the assessment of inherent and control risk. This is true
because the internal auditor, even one assessed to be both competent and objective, is not independent.
Choices "a", "b", and "c" are incorrect, based on the above explanation.

8. CPA-02903
Which of the following statements best describes an auditor's responsibility to detect errors and fraud?
a. An auditor should design an audit to provide reasonable assurance of detecting errors and fraud that
are material to the financial statements.
b. An auditor is responsible to detect material errors, but has no responsibility to detect fraud that is
concealed through employee collusion or management override of internal control.
c. An auditor has no responsibility to detect errors and fraud unless analytical procedures or tests of
transactions identify conditions causing a reasonably prudent auditor to suspect that the financial
statements were materially misstated.
d. An auditor has no responsibility to detect errors and fraud because an auditor is not an insurer and an
audit does not constitute a guarantee.

CPA-02903
Choice "a" is correct. The auditor should design the audit to provide reasonable assurance of detecting
errors and fraud.
Choice "b" is incorrect. The auditor is not "responsible for" detecting all material errors, but is responsible
for designing an audit to provide reasonable assurance of detecting material misstatements. Due to the
concealment aspects of fraudulent activity, however, even a properly planned and performed audit may
not detect a material misstatement resulting from fraud. While auditors provide only reasonable (and not
absolute) assurance of detecting fraud (due to such concealment factors), the presence of risk factors
may still alert the auditor to the possibility that fraud exists.
Choice "c" is incorrect. The auditor should specifically assess the risk of material misstatement of the
financial statements due to fraud and consider that assessment in designing the audit, even if analytical
procedures or tests of transactions do not identify specific conditions indicative of potential misstatement.
Choice "d" is incorrect. The auditor does have some responsibility for detecting errors and fraud. The
auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether
the financial statements are free of material misstatement, whether caused by error or fraud.


Auditing and Attestation 3
Class Questions

5
9. CPA-04619 (Newly Released Q)
Which of the following circumstances most likely would cause an auditor to suspect that there are material
misstatements in an entity's financial statements?
a. The entity's management places no emphasis on meeting publicized earnings projections.
b. Significant differences between the physical inventory count and the accounting records are not
investigated.
c. Monthly bank reconciliations ordinarily include several large outstanding checks.
d. Cash transactions are electronically processed and recorded, leaving no paper audit trail.

CPA-04619
Choice "b" is correct. Inadequate recordkeeping with respect to assets, such as failing to reconcile the
physical inventory count and the accounting records, provides an opportunity for fraud or error to occur.
Choice "a" is incorrect. An auditor might suspect misstatement when management commits to
aggressive or unrealistic earning projections, not when management does not emphasize meeting such
projections.
Choice "c" is incorrect. The inclusion of several large, outstanding checks in the monthly bank
reconciliation may be a normal occurrence and is not necessarily indicative of material misstatement.
Choice "d" is incorrect. Electronic processing and recording of transactions without a paper audit trail
may be acceptable as long as a satisfactory electronic audit trail exists.


10. CPA-02872
An auditor who discovers that a client's employees paid small bribes to municipal officials most likely
would withdraw from the engagement if:
a. The payments violated the client's policies regarding the prevention of illegal acts.
b. The client receives financial assistance from a federal government agency.
c. Documentation that is necessary to prove that the bribes were paid does not exist.
d. Management fails to take the appropriate remedial action.

CPA-02872
Choice "d" is correct. An auditor should consider withdrawing from an engagement when the client does
not take appropriate remedial action, even if the illegal act is immaterial. This would occur because the
implications of management's failure to act appropriately may affect the auditor's ability to rely on
management's representations.
Choice "a" is incorrect. Violation of client policies would not result in the auditor's withdrawal, as long as
management takes the appropriate remedial action.
Choice "b" is incorrect. The assistance received from the federal government does not affect the auditor's
decision to withdraw.
Choice "c" is incorrect. Lack of documentation proving the illegal act occurred might make the auditor
less inclined to withdraw.


Auditing and Attestation 3
Class Questions

6
11. CPA-02374
In obtaining an understanding of an entity's internal controls that are relevant to audit planning, an auditor
is required to obtain knowledge about the:
a. Design of relevant internal controls pertaining to financial reporting in each of the five internal control
components.
b. Effectiveness of the internal controls that have been placed in operation.
c. Consistency with which the internal controls are currently being applied.
d. Controls related to each principal transaction class and account balance.

CPA-02374
Choice "a" is correct. In every audit, the auditor should obtain a sufficient understanding of the design of
relevant internal controls pertaining to financial reporting in each of the five internal control components.
Choice "b" is incorrect. The auditor is not required, as a part of obtaining an understanding of internal
control, to determine the operating effectiveness of internal controls.
Choice "c" is incorrect. The auditor is not required, as a part of obtaining an understanding of internal
control, to determine the consistency with which a control is applied.
Choice "d" is incorrect. Audit planning does not require an understanding of the controls related to each
account balance, transaction class, and disclosure component in the financial statements. For certain
items, a primarily substantive approach may be used instead.

12. CPA-02482
Which of the following are considered control environment factors?
Human resource
Detection policies and
risk practices
a. Yes Yes
b. Yes No
c. No Yes
d. No No

CPA-02482
Choice "c" is correct. The control environment represents the collective effect of various factors on
establishing, enhancing, or mitigating the effectiveness of specific policies and procedures. Such factors
include management's philosophy and operating style, the entity's organizational structure, the functioning
of the audit committee, methods of assigning authority and responsibility, and human resource policies
and practices.
Choices "a", "b", and "d" are incorrect, based on the above explanation.

Auditing and Attestation 3
Class Questions

7
13. CPA-02506
An auditor should obtain sufficient knowledge of an entity's information system relevant to financial
reporting to understand the:
a. Safeguards used to limit access to computer facilities.
b. Process used to prepare significant accounting estimates.
c. Procedures used to assure proper authorization of transactions.
d. Policies used to detect the concealment of fraud.

CPA-02506
Choice "b" is correct. The auditor should obtain sufficient knowledge of the client's information system
relevant to financial reporting to understand the types of transactions processed, and how the
transactions are initiated, recorded and summarized. Included in the information system relevant to
financial reporting is the preparation of significant accounting estimates.
Choice "a" is incorrect. This is a control activity that is used to provide reasonable assurance that the
entity's objectives are being met.
Choice "c" is incorrect. This is a control activity that is used to provide reasonable assurance that the
entity's objectives are being met.
Choice "d" is incorrect. This is a control activity that is used to provide reasonable assurance that the
entity's objectives are being met.


14. CPA-02473
Proper segregation of duties reduces the opportunities to allow persons to be in positions to both:
a. J ournalize entries and prepare financial statements.
b. Record cash receipts and cash disbursements.
c. Establish internal controls and authorize transactions.
d. Perpetrate and conceal errors and fraud.

CPA-02473
Choice "d" is correct. Segregation of duties reduces the opportunity to allow any person to be in a
position to both perpetrate and conceal errors and fraud in the normal course of duties.
Choice "a" is incorrect. J ournalizing entries and preparing financial statements are both recording
functions and are not incompatible for adequate segregation of duties.
Choice "b" is incorrect. Recording cash disbursements and cash receipts are both recording functions
and are not incompatible for adequate segregation of duties.
Choice "c" is incorrect. Establishing internal controls and authorizing transactions are both authorization
functions and are not incompatible for adequate segregation of duties.

Auditing and Attestation 3
Class Questions

8
15. CPA-02348
In planning an audit, the auditor's knowledge about the design of relevant internal controls should be used
to:
a. Identify the types of potential misstatements that could occur.
b. Assess the operational efficiency of internal control.
c. Determine whether controls have been circumvented by collusion.
d. Document the assessed level of control risk.

CPA-02348
Choice "a" is correct. Knowledge about the design of relevant internal controls and whether they have
been placed in operation should be used to identify types of misstatements that could occur.
Choice "b" is incorrect. The operating efficiency of a control is not significant to the auditor; the auditor is
concerned with operating effectiveness. Also, the auditor is not required to assess operating
effectiveness during the planning stage of the audit.
Choice "c" is incorrect. Determining whether a control has been circumvented by collusion is not a
normal part of the audit planning process.
Choice "d" is incorrect. Assessment of control risk (and documentation of that assessment) must be
based on tests of controls, and not solely on knowledge about the design of controls.


16. CPA-02390
After assessing control risk at below the maximum level, an auditor desires to seek a further reduction in
the assessed level of control risk. At this time, the auditor would consider whether:
a. It would be efficient to obtain an understanding of the entity's information system relevant to financial
reporting.
b. The entity's internal controls have been placed in operation.
c. The entity's internal controls pertain to any financial statement assertions.
d. Additional evidential matter sufficient to support a further reduction is likely to be available.

CPA-02390
Choice "d" is correct. After obtaining an understanding of the client's internal control and assessing
control risk, the auditor may desire to seek a further reduction in the assessed level of control risk for
certain assertions. In such cases, the auditor considers whether additional evidential matter sufficient to
support a further reduction is likely to be available and whether it would be efficient to perform tests of
controls to obtain this additional evidential matter.
Choice "a" is incorrect. In order to have initially assessed control risk at below the maximum level, the
auditor would already have had to obtain an understanding of the entity's information system relevant to
financial reporting. Obtaining an understanding of each of the five components of internal control is
required; efficiency is not a consideration.
Choice "b" is incorrect. As a part of obtaining an understanding of internal control, the auditor would have
already determined whether internal controls have been placed in operation.
Choice "c" is incorrect. As a part of obtaining an understanding of internal control, the auditor would
already have determined if the entity's internal controls pertain to any financial statement assertions.


Auditing and Attestation 3
Class Questions

9
17. CPA-02498
An auditor's flowchart of a client's information system relevant to financial reporting is a diagrammatic
representation that depicts the auditor's:
a. Assessment of control risk.
b. Identification of weaknesses in the system.
c. Assessment of the control environment's effectiveness.
d. Understanding of the system.

CPA-02498
Choice "d" is correct. The auditor's flowchart is a diagrammatic representation of the auditor's
understanding of the client's information system relevant to financial reporting.
Choice "a" is incorrect. Documentation of the client's information system relevant to financial reporting
does not depict the tests of controls that are necessary to assess control risk.
Choice "b" is incorrect. While the flowchart may enable the auditor to identify some weaknesses
(especially lack of segregation of duties) in the design of the client's internal control, it would not be as
helpful in assessing the operating effectiveness of controls. Such assessment is necessary to identify
weaknesses in the system.
Choice "c" is incorrect. A flowchart enables the auditor to assess the design of controls, but tests of
controls are needed to assess effectiveness.


18. CPA-02386
Assessing control risk at below the maximum level most likely would involve:
a. Performing more extensive substantive tests with larger sample sizes than originally planned.
b. Reducing inherent risk for most of the assertions relevant to significant account balances.
c. Changing the timing of substantive tests by omitting interim-date testing and performing the tests at
year end.
d. Identifying specific internal controls relevant to specific assertions.

CPA-02386
Choice "d" is correct. Assessing control risk at below the maximum level involves identifying specific
internal controls relevant to specific assertions that are likely to prevent or detect material misstatements
in those assertions.
Choice "a" is incorrect. Assessing control risk at below maximum would lead to less extensive
substantive tests with smaller sample sizes relative to an assessment of control risk at the maximum.
Choice "b" is incorrect. Inherent risk is evaluated independently of any consideration of internal controls.
Therefore, changes in control risk do not affect the assessment of inherent risk.
Choice "c" is incorrect. Assessing control risk at less than maximum would not cause substantive tests to
be performed at year end (rather than at an interim date). Substantive tests performed at year end would
be more consistent with a control risk assessment at maximum, which would require more competent
substantive testing to be performed.
Auditing and Attestation 3
Class Questions

10
19. CPA-02322
When assessing control risk at below the maximum level, an auditor is required to document the auditor's
understanding of the
I. Entity's control activities that help ensure management directives are carried out.
II. Entity's control environment factors that help the auditor plan the engagement.
a. I only.
b. II only.
c. Both I and II.
d. Neither I nor II.

CPA-02322
Choice "c" is correct. The auditor is required to perform procedures to obtain an understanding of the five
components of the entity's internal control. The five components include the entity's control activities (that
help ensure management directives are carried out) and the entity's control environment factors (that help
the auditor plan the engagement). The auditor's understanding of the five components should then be
documented. Note that the auditor is required to obtain and document this understanding regardless of
whether control risk is assessed below the maximum level or at the maximum level.
Choices "a", "b", and "d" are incorrect. The understanding of both the entity's control activities and the
entity's control environment should be documented.


20. CPA-02372
Which of the following types of evidence would an auditor most likely examine to determine whether
internal controls are operating as designed?
a. Gross margin information regarding the client's industry.
b. Confirmations of receivables verifying account balances.
c. Client records documenting the use of EDP programs.
d. Anticipated results documented in budgets or forecasts.

CPA-02372
Choice "c" is correct. Client records documenting the use of EDP programs would be a relevant item for
an auditor to examine while determining if internal control is operating as designed.
Choice "a" is incorrect. Industry gross margin information is evidence an auditor would examine while
performing analytical procedures. Analytical procedures may be used as substantive tests, since they
deal with dollar amounts rather than controls.
Choice "b" is incorrect. Confirmation of receivables is evidence an auditor would examine while
performing substantive tests, since they deal with dollar amounts rather than controls.
Choice "d" is incorrect. Budgets and forecasts are evidence an auditor would examine while performing
analytical procedures (comparison of expected results to actual). Analytical procedures may be used as
substantive tests, since they deal with dollar amounts rather than controls.