Project

 Discussion and Research Questions 5-38 (page 179), 5-44 (page 182)

5-38 (Classification and Reliability of Audit Evidence) The following are examples of
documents typically obtained by auditors.

Required
For each example

a. Classify the document as internal or external evidence

b. Classify the document as to its relative reliability (high, moderate, or low)
c. Identify an account balance and related assertion(s) for which the auditor might
use the document

Documentary Evidence Utilized in an Audit:

1. Vendor invoices – External,

2. Vendor monthly statements - External
3. Sales invoices - Internal
4. Shipping documents for sales - Internal
5. Bank statements - External
6. Employee payroll time cards - Internal
7. Receiving reports for goods received from vendors - Internal
8. Sales contracts - Internal
9. Purchase commitment contracts - External
10. Lease agreements - Internal
11. Estimated warranty schedules - Internal
12. Purchase order stored on client computer and received by EDI - External
13. Credit rating reports - External
14. Vendor invoice stored on client computer and received by EDI - External

5-44 (Alternative Sources of Evidence) The following situations present the auditor with
alternative sources of evidence regarding a particular assertion

Required
a. For each of the following situations, identify the assertion the auditor is most
likely resting with the procedure
b. For each situation, identify which of the two sources presents the most persuasive
evidence, and briefly indicate the rationale for your answer.

Sources of Audit Evidence

1. Confirming accounts receivable with business organizations vs. confirming
receivables with consumers.

2. Visually inspecting an inventory of electronic components vs. performing an

inventory turnover and sales analysis by products and product lines
 3. Observing the counting of a client’s year-end physical inventory vs. confirming
the inventory held at an independent warehouse by requesting a confirmation
from the owner of the warehouse.

4. Confirming a year-end bank balance with the client’s banking institution vs.
reviewing the client’s year-end bank statement vs. having a cut-off bank statement
as of January 20 for all activity from December 31 to January 20 sent to the
auditor.

5. Observing the client’s inventory composed primarily of sophisticated radar

detectors and similar electronic equipment vs. observing the client’s inventory
composed primarily of sheet metal.

6. Confirming the client’s year-end bank balance with the bank vs. confirming the
potential loss due to a lawsuit with the client’s outside legal counsel.

7. Testing the client’s estimate of warranty liability by obtaining a copy of the

client’s spreadsheet used for calculating the liability and determining the accuracy
of the spreadsheet’s logic by entering new data into the spreadsheet and
independently calculating the result vs. developing an independent spreadsheet
and using regressing analysis to develop an independent estimate of the warranty
liability using client sales and warranty return data.

8. Reviewing all payments made to vendors and suppliers after year end to
determine if they were properly recorded as accounts payable vs. requesting
vendor statements at year end for all significant vendors from which the client
made purchases during the year.

9. For a financial institution, testing the organization’s controls for recording

customer savings deposit, including the existence of an independent department to
explore any inquiries by customer vs. confirming year-end savings account
balances with customers.

10. For a financial institution, testing the organization’s controls for making and
recording loans vs. confirming year-end loan balances directly with customers.

 Discussion and Research Questions 8-40 (page 313), and 8-44 (page 314)

8-40 (Computer Fraud)

Required
For each of the following situations involving computer fraud, briefly describe the
following:
 a. A control procedure that would have been effective in preventing or detecting the
fraud.
b. An audit procedure that would have detected the fraud

Computer Frauds
a. A computer programmer added a module to the payroll program that started with
an “IF” statement to identify his employee number. If it were his record, the
program was instructed to multiply computed pay by 1.5, thus increasing the
programmer’s pay by 50%

b. A state health and social services department made support payments to needy
residents. A resident could be input into the system only on recommendation of a
supervising caseworker. Some caseworkers entered fictitious residents on the
system and had support payments sent to authorized addresses. The caseworkers
then cashed the support payments and eventually transferred the cash to their own
accounts.

c. A student posed as a newspaper reporter doing a story on a phone company’s data

processing center. After leaving the center, he noticed a data processing manual
that had been discarded. He took the manual home and learned the access code to
the company’s parts-repair system. He could then log on and have repair parts
delivered to a specific location. Later he picked up the parts, which he sold back
to the company and to other customers.

d. A manufacturing company required all its hourly workers to sign in by passing

their personal identification cards across an automated time clock that captured
the data and transmitted it to the computer for subsequent processing. An
employee who worked the first shift arranged with her brother, who worked the
second shift, to use her card to sign out when he completed his work shift. The
employee thus generated pay for 16 hours per day, one-half at overtime rates. The
employee and her brother split the additional pay.

e. A disgruntled programmer often came to the office in the evenings to copy

confidential client data such as customer lists, discounts, and so forth on magnetic
tapes, which he sold to competitors at handsome prices.

8-44 (Use of Advanced Audit Techniques) IDS Corporation processes mortgage

payments and updates for itself, as well as for a number of other mortgage service
companies. The program tables are updated frequently for changes in interest rates for
variable mortgages, but not for the fixed mortgages. Because there are a number of
mortgage divisions as well as outside companies for which it provides processing, the
applicable edit tests for a particular division or department are stored in a table utilized as
part of a general validation routing before transactions are processed. Authorized interest
rates are kept in another table and are called by the application program according to
identified job codes.
Required
a. Explain how the auditor might use the ITF in auditing the mortgage processing
application described above.

b. What are the major limitations of using the ITF in this situation?

c. Assume that the auditor is concerned with the operation of the edit controls and is
especially concerned that the control procedures either are not functioning
effectively or are overridden by management. Would the ITF identify the problem

d. Would the ITF be useful in identifying whether or not fictitious data had been
added to the system? Explain