Week 7 Solutions. Chapters10,11.

Chapter 10:
Review questions:10.2, 10.7, 10.11, 10.15
Discussion questions and problems:10.19, 10.20, 10.24
Chapter 11:
Review questions:11.1, 11.6, 11.8
Discussion questions and problems:11.24, 11.27, 11.32

10-2 When entities rely heavily on IT systems to process financial information, there are new risks specific to IT environments
that must be considered. Key risks include the following:

 Reliance on the functioning capabilities of hardware and software: The risk of system crashes due to hardware or
software failures must be evaluated when entities rely on IT to produce financial statement information.
 Visibility of audit trail: The use of IT often converts the traditional paper trail to an electronic audit trail, eliminating
source documents and paper-based journals and records.
 Reduced human involvement: The replacement of traditional manual processes with computer-performed processes
reduces opportunities for employees to recognise misstatements resulting from transactions that might have
appeared unusual to experienced employees.
 Systematic versus random errors: Due to the uniformity of processing performed by IT-based systems, errors in
computer software can result in incorrect processing for all transactions processed. This increases the risk of many
significant misstatements.
 Unauthorised access: The centralised storage of key records and files in electronic form increases the potential for
unauthorised online access from remote locations.
 Loss of data: The centralised storage of data in electronic form increases the risk of data loss in the event the data
file is altered or destroyed.
 Reduced segregation of duties. The installation of IT-based accounting systems centralises many of the traditionally
segregated manual tasks into one IT function.
 Lack of traditional authorisation: IT-based systems can be programmed to initiate certain types of transactions
automatically without obtaining traditional manual approvals.
  Need for IT experience: As companies rely to a greater extent on IT-based systems, the need for personnel trained in
IT systems increases in order to install, maintain and use systems.
10-7 The typical duties often segregated within an IT function include systems development, computer operations and data control.
Systems development involves the acquisition or programming of application software. Systems development personnel work with
test copies of programs and data files to develop new or improved application software programs. Computer operations personnel are
responsible for executing live production jobs in accordance with a job schedule and for monitoring consoles for messages about
computer efficiency and malfunctions. Data control personnel are responsible for data input and output control. They often
independently verify the quality of input and the reasonableness of output. By separating these functions, no one IT employee can
make changes to application software or underlying master files and then operate computer equipment to use those changed programs
or data files to process transactions.

10-11 The test data approach involves processing the auditor’s test data using the client’s computer system and the client’s
application software program to determine whether the computer-performed controls correctly process the test data. Because
the auditor designs the test data, the auditor is able to identify which test items should be accepted or rejected by the
computer. When using this approach the auditor should assess the following:

 How effectively does the test data represent all relevant conditions that the auditor wants to test?
 How certain is the auditor that the application programs being tested by the auditor’s test data are the same
programs as those used by the client throughout the year to process actual transactions?
 How certain is the auditor that test data is effectively eliminated from the client’s records once testing is completed?
10-15 An online sales ordering system poses many potential risks for an audit client. Risks that may exist include:
1. Customer data is susceptible to interception by unauthorised third parties.
2. The client company’s data, programs and hardware are susceptible to potential interception or sabotage by external
parties.
3. An unauthorised third party may attempt to transact business with the client company.
These risks can be addressed by the use of firewalls, encryption techniques and digital signatures. A firewall is a system
of hardware and software that monitors and controls the flow of e-commerce communications by channelling all network
connections through a control gateway. A firewall protects data, programs and other IT resources from external users
accessing the system through networks, such as the Internet. Encryption techniques are based on computer programs
that transform a standard message into a coded (encrypted) form. One key (the public key) is used for encoding the
message and the other key (the private key) is used to decode the message. Encryption techniques protect the security
of electronic communication during the transmission process. Finally, the use of digital signatures can enhance internal
controls over the online sales order system by authenticating the validity of customers and other trading partners who
conduct business with the client company.
10-19 A schedule showing the pertinent transaction-related audit objectives and application controls for each type of
misstatement is as follows:
MISSTATEMENT
1. A customer order was filled 
and shipped to a former
customer that had already
gone into liquidation.
2. The sales manager approved
the price of goods ordered
by a customer, but she wrote
down the wrong price.
3. Several remittance advices 
were prepared ready for data
entry. The cash receipts clerk
stopped for coffee, placed
them on a box and failed to
deliver them to the data
entry personnel.
a. b.
TRANSACTION- COMPUTER-BASED
RELATED AUDIT CONTROLS
OBJECTIVE
Recorded transactions  Pre-processing
occurred authorisation
 Pre-processing review
 Programmed controls
(e.g. comparison to
customer file)
Transactions are stated  Pre-processing review
at the correct amounts  Programmed controls
(e.g. comparison to the
online authorised price
list)
Existing transactions are Control totals reconciled
recorded to manual totals of all
Transactions are batches
recorded on the correct  Computer accounts for
dates numerical sequence of
batches submitted
 MISSTATEMENT a. b.

TRANSACTION- COMPUTER-BASED
RELATED AUDIT CONTROLS
OBJECTIVE
4. A customer number on a  Recorded transactions  Key verification
sales invoice was transposed occurred  Check digit
and, as a result, charged to  Transactions are properly  Reconciliation to
the wrong customer. By the posted and summarised customer number on
time the error was found, the purchase order and
original customer was no bill of lading
longer in business.

5. A former computer operator, Recorded transactions  Input security controls

who is now a programmer, occurred over cash receipts
entered information for a records
fictitious sales return and ran  Scheduling of computer
it through the computer processing
system at night. When the  Controls over access to
money came in, he took it equipment
and deposited it in his own  Controls over access to
account. live application
programs

6. A computer operator picked  Recorded transactions  Correct file controls

up a transaction file for sales occurred  Cutoff procedures
of the wrong week and  Transactions are  Programmed controls
processed them through the recorded on the correct (e.g. check for
system a second time. dates sequence of dates)
 MISSTATEMENT a. b.

7. For a sale, a data entry
operator erroneously failed
to enter the information for
the sales representative’s
department. As a result, the
sales representative
received no commission for
that sale.
8. A non-existent part number
was included in the
description of goods on a
shipping document.
Therefore, no charge was
made for those goods.
TRANSACTION- COMPUTER-BASED
RELATED AUDIT CONTROLS
OBJECTIVE
 Existing transactions are Conversion verification
recorded (e.g. key verification)
 Programmed controls
(e.g. check field for
completeness)
 Existing transactions  Pre-processing
are recorded review
 Programmed
controls (e.g. compare
part number to parts
list master file)

10-20

PERSON 1 PERSON 2 PERSON 3 PERSON 4

 a) • Systems analyst • Computer • Librarian • Data control
• Programmer operator

b) • Systems analyst • Computer • Librarian N/A

• Programmer operator • Data control

c) • Systems analyst • Computer N/A N/A

• Programmer operator
• Data control* • Librarian*

* This solution assumes the data control procedures will serve as a check on the computer operator and will allocate
work across both persons.

d) If all five functions were performed by one person, internal control would certainly be weakened. However, the company
need not be unauditable, for two reasons. First, there may be controls outside the IT function that accomplish good
control. For example, users may reconcile all input and output data on a regular basis. Second, the auditor is not required
to rely on internal control. He or she may take a substantive approach to the audit assuming adequate evidence is
available in support of transactions and balances.
10-24 a. The major problems the auditor faces in verifying sales and accounts receivable include:

1. Determining that both cash and credit sales are valid, and that all were recorded in the proper amount.
2. Determining that accounts receivable balances are proper and that transactions were recorded in the proper amount and
to the proper customer.
3. Determining whether the internal controls are adequate, so that he or she may rely on the system to provide correct
information.

In this case, meeting some of these objectives is complicated by the fact that much of the pertinent information
is in machine-readable form only.
b. The concept of test data can be employed in this audit by having the auditor make test purchases in different
departments of the store and observing whether the sales are recorded properly in the appropriate records. The
auditor may also wish to enter invalid data to be sure that the programmed controls reject the transactions. Some of
the difficulties the auditor would have to overcome in using test data are:

1. The test data must comprise all relevant conditions that the auditor desires to test so as to test every
conceivable weakness of consequence in the system.
2. The program tested by the auditor’s test data must be the same program that is used throughout the year by
the client to ensure the validity of results.
3. The test data will probably have to be eliminated from most of the client’s records since the auditor’s purchases
would not be part of the company’s regular business.

c. Generalised audit software can be employed in this audit by following these steps:

1. Decide the objectives of the test (e.g. to select and analyse a random sample of sales invoices or to compare
the totals of master files to the balances in the general ledger).
2. Begin to design the application by identifying and selecting pertinent data from the client’s files.
3. Design the most useful format and contents of the auditor’s generalised audit software reports.
4. Complete the application design by developing the logical and programmed approach to extract and
manipulate the data to produce reports.
5. Process the program and information to produce the reports.

Several tests that can be conducted using a generalised audit program are:

1. Select accounts according to certain selection criteria for accounts receivable confirmation and print the
confirmations.
2. Prepare an analysis of sales and cost of sales.
3. Test the year-end cutoff of sales.
4. Review all inter-company sales transactions.
5. Foot the various files and select unusual or large transactions according to certain criteria.
 6. Age accounts receivable.
7. Test the recording of sales transactions by parallel simulation.

d. Five programmed controls the auditor could recommend to reduce the likelihood of errors made by cash register
operators would be:

1. A check on the correctness of the selling price for a given product.

2. Test for proper data, store and sales clerk number.
3. A check on the reasonableness of the quantity and price.
4. A check on the existence of the customer’s account and credit limit.
5. Test for inventory quantity in stock.

e. Several ways to reduce the information entered into the cash register are:

1. By setting the date in the register for the day, there will be no need to enter the date.
2. Same as 1 for store code number and sales clerk number.
3. There is no need to enter cash sale or credit sale since entering the customer account number implies a credit
sale.
4. Install optical scanning point of sale equipment.
5. Have the computer determine unit prices based on product number from the price list master file.
11-1 The five types of tests auditors use to determine whether financial statements are fairly stated can be categorised into
two main areas (see Figure 11.1):

1 Risk assessment procedures:

These procedures are used to assess the risk of material misstatement (represented by the combination of IR and
CR), and other procedures:
2. Tests of controls
3. Substantive tests of transactions
4. Analytical procedures
5. Tests of details of balances
 While risk assessment procedures help the auditor obtain information to make an initial assessment of inherent and
control risk, tests of controls must be performed as support of an assessment of control risk that is below maximum. The
purpose of tests of controls is to obtain evidence regarding the effectiveness of controls, which may allow the auditor to assess
control risk below maximum. If controls are found to be effective and functioning, the substantive evidence may be reduced.
Substantive evidence is obtained to reduce planned detection risk. Substantive evidence includes evidence from substantive
tests of transactions, analytical procedures and tests of details of balances.

11-6 The auditor resolves the problem by making assumptions about the results of the tests of controls and performing both
the tests of controls and substantive tests of transactions on the basis of these assumptions (i.e. through their judgment about
control risk). If the auditor’s risk assessment procedures indicate that control risk is low, the auditor assumes an effective
system of internal control with few or no exceptions planned. If the results of the tests of controls are as good as or better than
the assumptions that were originally made, the auditor can be satisfied with the substantive tests of transactions, unless the
substantive tests of transactions themselves indicate the existence of misstatements. If the tests of controls results were not as
good as the auditor assumed in designing the original tests, expanded substantive tests must be performed.

11-8 When the results of analytical procedures (ASA 520) are different from the auditor’s expectations and thereby indicate
that there may be a misstatement in the balance in accounts receivable or sales, the auditor should extend the tests to
determine why the ratios are different from expectations. Confirmation of accounts receivable and cutoff tests for sales are two
procedures that can be used to do this. On the other hand, if the ratios are approximately what the auditor expects, the other
tests can be reduced. This means that the auditor can satisfy the evidence requirements in different ways and that analytical
procedures and confirmation are complementary when the results of the tests are both good.

11-24 (TD of B = test of details of balances, AP = analytical procedure, T of C = test of control, S T of T = substantive test of
transactions)

a. b.
TEST EVIDENCE
1. TD of B Re-performance (checking additions and agreement of balance with the general ledger)

Inspection (of documentation) (i.e. the vendor’s invoice)

2. TD of B
Analytical procedures (trend comparisons)
3. AP
Inquiry and observation (discussion with client staff)
4. T of C
External confirmation (of vendor’s ending balance)
5. TD of B
Inspection (of documentation) (examine cheque sequence)
6. T of C
Inspection (physical examination) (sighting assets)
7. T D of B
Inspection (of documentation) (documents to support entries in the purchase journal)
8. S T of T
Analytical procedures (overall reasonableness test of commission)

9. AP Inspection (of documentation) (vendors’ invoices)

10. TD of B Inquiry (with regard to payables supervisor review of an exception report)

11. T of C
ACCY342 Autumn 2018 Solutions
P a g e | 11
11-27

a. b. c.
TRANSACTION-RELATED TEST OF CONTROL SUBSTANTIVE TEST
AUDIT PROCEDURE
OBJECTIVE(S)
1. Existing acquisition Account for numerical Reconcile vendor statements to
transactions are sequence of receiving accounts payable listing
recorded. reports and trace to
(Completeness) acquisitions journal entry
2. Existing cash payment Observe cash handling Prepare a bank reconciliation as at
transactions are procedures and examine balance sheet date
recorded; recorded bank reconciliation to
transactions occurred; determine if was prepared
and recorded by an independent person
transactions are stated
at the correct amounts.
(Completeness,
Occurrence and
Accuracy).
3. Recorded transactions Examine invoice packages Examine supporting invoices and
exist, recorded for initials indicating that recheck items checked by the clerk
transactions are stated review has been performed
at the correct amounts,
and transactions are
properly classified.
(Occurrence, Accuracy
and Classification)
4. Recorded transactions Examine invoices for the Examine supporting invoices for the
exist. (Occurrence)* controller’s initials in the same information examined by the
‘grid stamp’ controller
5. Recorded transactions Examine invoices for Examine supporting invoices,
exist. (Occurrence) indication of cheque purchase orders and receiving
number and date reports containing the proper
cheque number and date for each
cash payment

* The objectives satisfied depend upon what she examines. She might for example examine
supporting documents for accuracy and even for account classification. In that event, those two
objectives would be added.

11-32
ACCY342 Autumn 2018 Solutions
P a g e | 12

TESTS OF
SUBSTANTIVE DETAILS
RISK TESTS OF TESTS OF ANALYTICAL OF
AUDIT ASSESSMENT CONTROLS TRANSACTIONS PROCEDURES BALANCES
AA E E S E S

BB M N S M/E E
CC E E M E S,E*

E = Extensive amount of testing. Where controls are deemed effective, more

work is needed to gain an understanding of internal controls.
M = Medium amount of testing.
S = Small amount of testing.
N = No testing.
S,E* = Small amount of testing for the gross balance in accounts
receivable; extensive testing done for the collectability of the accounts.

a. For audit A, the recommended strategy is to maximise the testing of internal controls and
minimise the testing of the details of all ending balances in inventory. The most important
objective would be to minimise the number of locations that need to be visited. The
justification for doing this is the quality of the internal controls and the results of prior
years’ audits. Assuming that some of the locations have a larger portion of the ending
inventory balance than other locations, the auditor can likely completely eliminate tests
of physical counts of some locations and emphasise the locations with larger dollar
balances. An alternative would be cyclical testing of locations with smaller balances and
effective use of analytical procedures. The entire strategy is oriented to minimising the
need to visit locations.

b. Acceptable audit risk for this audit should be set at low because of the plans to sell the
business, severe under-financing and a first-year audit. The lack of controls over accounts
payable and the large number of adjusting entries in accounts payable indicate the
auditor cannot consider the internal controls effective. Therefore, the plan should be to
do extensive tests of details of balances, probably through accounts payable
confirmations and other end-of-year procedures. No tests of controls are recommended
because of the impracticality of reduced assessed control risk. Some substantive tests of
transactions and medium to extensive analytical procedures are recommended to verify
the correctness of acquisitions and to obtain information about the reasonableness of the
balances.

c. The most serious concern in this audit is the evaluation of the allowance for uncollectable
accounts. Given the adverse economic conditions and significant increase of loans
receivable, the auditor must be greatly concerned about the adequacy of the allowance
for uncollectable accounts and the possibility of uncollectable accounts being included in
ACCY342 Autumn 2018 Solutions
P a g e | 13
loans receivable. Given the internal controls, the auditor is not likely to be greatly
concerned about the gross accounts receivable balance, except for accounts that need to
be written off. Therefore, for the audit of gross accounts receivable there will be a greatly
reduced assessed control risk and relatively minor confirmation of accounts receivable. In
evaluating the allowance for uncollectable accounts, the auditor should test the controls
over granting loans and following up on collections. However, given the changes in the
economy, it will be necessary to do significant additional testing of the allowance for
uncollectable accounts. Therefore, an ‘S’ is included for tests of details of balances for
gross accounts receivable and an ‘E’ for the tests of net realisable value.