CPA REVIEW SCHOOL OF THE PHILIPPINES AT-9005

Manila

AUDITING THEORY CPA Review

PSA 330
THE AUDITOR’S RESPONSES TO ASSESSED RISKS

Overall Responses

1. The auditor should design and implement overall responses to address the risks of material
misstatement at the financial statement level. Such responses may include:
• Emphasizing to the audit team the need to maintain professional skepticism.
• Assigning more experienced staff or those with special skills or using experts.
• Providing more supervision.
• Incorporating additional elements of unpredictability in the selection of further audit
procedures to be performed.
• Making general changes to the nature, timing, or extent of audit procedures.

Audit Procedures Responsive to Risks of Material Misstatement at the Assertion Level

1. In designing the further audit procedures, the auditor shall:

(a) Consider the reasons for the assessment given to the risk of material misstatement at
the assertion level for each class of transactions, account balance, and disclosure,
including:
i. The likelihood of material misstatement due to the particular characteristics of
the relevant class of transactions, account balance or disclosure (that is, the
inherent risk); and
ii. Whether the risk assessment takes account of relevant controls (that is, the
control risk), thereby requiring the auditor to obtain audit evidence to
determine whether the controls are operating effectively (that is, the auditor
intends to rely on the operating effectiveness of controls in determining the
nature, timing and extent of substantive procedures); and

(b) Obtain more persuasive evidence the higher the auditor’s assessment of risk.

2. Considering the nature, timing, and extent of further audit procedures

The nature of further audit procedures refers to their:

a) Purpose – tests of controls or substantive procedures.
b) Type – inspection, observation, inquiry, confirmation, recalculation, reperformance, or
analytical procedures.

Timing refers to when audit procedures are performed or the period or date to which the
audit evidence applies.

Extent includes the quantity of a specific audit procedure to be performed.

TESTS OF CONTROLS

1. The auditor is required to perform tests of controls when:

a) The auditor’s risk assessment includes an expectation of the operating effectiveness of
controls; or
b) Substantive procedures alone cannot provide sufficient appropriate audit evidence at the
assertion level.

Page 1 of 7 Pages
CPAR - MANILA AT-9005

2. Tests of the operating effectiveness of controls are performed only on those controls that the
auditor has determined are suitably designed to prevent, or detect and correct, a material
misstatement in an assertion.

3. Testing the operating effectiveness of controls includes obtaining evidence about:

a) How controls were applied at relevant times during the period under audit;
b) The consistency with which they were applied; and
c) By whom or by what means they were applied.

SUBSTANTIVE PROCEDURES

1. Substantive test procedures are performed in order to detect material misstatements at the
assertion level, and include:
• Tests of details of classes of transactions, account balances, and disclosures; and
• Substantive analytical procedures.

2. The auditor’s substantive procedures should include the following audit procedures related to
the financial statement closing process:
• Agreeing or reconciling the financial statements with the underlying accounting records;
and
• Examining material journal entries and other adjustments made during the course of
preparing the financial statements.

3. The auditor should perform audit procedures to evaluate whether the overall presentation of
the financial statements, including the related disclosures, are in accordance with the
applicable financial reporting framework.

Evaluating the sufficiency and appropriateness of audit evidence obtained

1. Based on the audit procedures performed and the audit evidence obtained, the auditor should
evaluate whether the assessments of the risks of material misstatement at the assertion level
remain appropriate.

2. The auditor should conclude whether sufficient appropriate audit evidence has been obtained
to reduce to an acceptably low level the risk of material misstatement in the financial
statements.

3. If the auditor has not obtained sufficient appropriate audit evidence as to a material financial
statement assertion, the auditor shall attempt to obtain further audit evidence. If the auditor
is unable to obtain further audit evidence, the auditor shall express a qualified opinion or a
disclaimer of opinion.

Documentation

1. The auditor shall include in the audit document:

• The overall responses to address the assessed risks of material misstatement at the
financial statement level and the nature, timing, and extent of the further audit
procedures;
• The linkage of those procedures with the assessed risks at the assertion level; and
• The results of the audit procedures.

2. If the auditor plans to use audit evidence about the operating effectiveness of controls
obtained in prior audits, the auditor should document the conclusions reached with regard to
relying on such controls that were tested in a prior audit.

3. The auditor’s documentation shall demonstrate that the financial statements agree or
reconcile with the underlying accounting records.

Page 2 of 7 Pages
CPAR - MANILA AT-9005

MULTIPLE CHOICE QUESTIONS

1. Control risk should be assessed in terms of

A. Specific control procedures. C. Financial statement assertions.
B. Types of potential fraud. D. Control environment factors.

2. Tests of controls are used to test whether controls are:

A. Operating effectively
B. Properly documented by the client
C. Placed in operation or implemented
D. Properly incorporated in the financial statements

3. Which of the following statements is true?

A. Tests of controls are necessary if the auditor plans to use the primarily substantive
approach.
B. Tests of controls are necessary if the auditor plans to assess the level of control risk at
maximum.
C. The auditor can simultaneously obtain an understanding of internal control and perform
tests of controls.
D. After performing tests of controls, the auditor will always assess control risk at maximum.

4. After considering a client’s internal controls, an auditor has concluded that it is well designed
and is functioning as intended. Under these circumstances the auditor would most likely
A. Perform tests of controls to the extent outlined in the audit program.
B. Determine the control procedures that should prevent or detect errors and fraud.
C. Not increase the extent of predetermined substantive tests.
D. Determine whether transactions are recorded to permit preparation of financial
statements in accordance with PFRS.

5. The audit risk against which the auditor and those who rely on his or her opinion require
reasonable protection is a combination of two separate risks at the assertion level. The first
risk is that balances, classes of transactions, or disclosures contain material misstatements.
The second is that
A. The auditor will reject a correct account balance as incorrect.
B. Material misstatements that occur will not be detected by the audit.
C. The auditor will apply an inappropriate audit procedure.
D. The auditor will apply an inappropriate measure of audit materiality.

6. Which of the following statements about the auditor’s response to assessed risks of material
misstatement in a financial statement audit is true?
A. When the risks of material misstatement are high, an auditor should reduce the amount
of substantive testing.
B. Reliance on internal control may be sufficient to allow the auditor to eliminate substantive
testing for significant transaction classes.
C. When assessing the risks of material misstatement, an auditor should not consider
evidence obtained in prior audits about the operation of controls.
D. Risk assessment procedures performed to obtain an understanding of an entity’s internal
control also may serve as tests of controls.

7. In a financial statement audit, the auditor is required to perform tests of controls when
I. The auditor’s risk assessment includes an expectation of the operating effectiveness of
controls.
II. When substantive procedures alone do not provide sufficient appropriate audit evidence
at the assertion level.
A. I only C. Either I or II
B. II only D. Neither I nor II

Page 3 of 7 Pages
CPAR - MANILA AT-9005

8. After gaining an understanding of internal control and assessing the risks of material
misstatement, an auditor decided to perform tests of controls. The auditor most likely decided
that
A. Additional evidence to support a further reduction in control risk is not available.
B. It is not possible or practicable to reduce the risks of material misstatement at the
assertion level to an acceptably low level with audit evidence obtained only from
substantive test procedures.
C. There were many internal control weaknesses that could allow misstatements to enter the
accounting system.
D. An increase in the assessed level of control risk is justified for certain financial statement
assertions.

9. Tests of controls are concerned primarily with each of the following questions, except
A. By whom were the controls applied?
B. Were the necessary controls consistently performed?
C. How were the controls applied?
D. Why were the controls applied?

10. How frequently must an auditor test operating effectiveness of controls that appear to
function as they have in past years and on which the auditor wishes to rely in the current
year?
A. Monthly. C. At least every second audit.
B. Annually. D. At least every third audit.

11. An auditor intends to perform tests of control on a client’s cash disbursements procedures. If
the control procedures leave no audit trail of documentary evidence, the auditor most likely
will test the procedures by
A. Inquiry and analytical procedures.
B. Inquiry and observation.
C. Analytical procedures and confirmation.
D. Confirmation and observation.

12. Before assessing control risk at a level lower than the maximum, the auditor obtains
reasonable assurance that controls are in use and operating effectively. This assurance is
most likely obtained in part by
A. Preparing flowcharts and narratives of the entity’s internal control system.
B. Performing substantive test of details of transactions and balances.
C. Analyzing tests of trends and ratios.
D. Inspection of documents.

13. The following statements relate to the use of audit evidence when testing the operating
effectiveness of relevant controls. Which is false?
A. An auditor who obtains sufficient appropriate audit evidence about the operating
effectiveness of controls during the interim period should no longer obtain additional
evidence of operating effectiveness for the remaining period.
B. An auditor may plan to use audit evidence about the operating effectiveness of controls
obtained in prior audits.
C. If an auditor plans to rely on controls that have changed since they were last tested, the
auditor should test the operating effectiveness of such controls in the current audit.
D. Audit evidence pertaining only to a point in time may be sufficient for the auditor’s
purpose, for example, when testing controls over an entity’s physical count of inventories
at year-end.

14. An auditor may decide to assess control risk at the maximum level for certain assertions
because the auditor believes
A. Controls are unlikely to pertain to the assertions.
B. The entity’s control components are interrelated.
C. Sufficient appropriate audit evidence to support the assertions is likely to be available.
D. More emphasis on tests of controls than substantive tests is warranted.

Page 4 of 7 Pages
CPAR - MANILA AT-9005

15. Which of the following statements is correct concerning an auditor’s assessment of control
risk?
A. Assessing control risk may be performed concurrently during an audit with obtaining an
understanding of the entity’s internal control.
B. Evidence about the operation of controls in prior audits may not be considered during the
current year’s assessment of control risk.
C. The basis for an auditor’s conclusions about the assessed level of control risk need not be
documented unless control risk is assessed at the maximum level.
D. The lower the assessed level of control risk, the less assurance the evidence must provide
that the controls are operating effectively.

16. On the basis of audit evidence gathered and evaluated, an auditor decides to increase the
assessed level of control risk from that originally planned. To achieve an overall audit risk
level that is substantially the same as the planned audit risk level, the auditor would
A. Increase inherent risk. C. Decrease inherent risk.
B. Increase materiality level. D. Decrease detection risk.

17. When an auditor increases the planned assessed level of control risk because certain controls
were determined to be ineffective, the auditor would most likely increase the
A. Extent of tests of details. C. Extent of tests of controls.
B. Level of inherent risk. D. Level of detection risk.

18. Regardless of the assessed level of control risk, an auditor would perform some
A. Tests of controls to determine the effectiveness of internal control policies.
B. Analytical procedures to verify the design of internal control procedures.
C. Substantive tests to restrict detection risk for significant transaction classes.
D. Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary
control risk.

19. Which of the following types of evidence would an auditor most likely examine to determine
whether controls are operating as designed?
A. Confirmations of receivables verifying account balances.
B. Letters of representations corroborating inventory pricing.
C. Attorneys’ responses to the auditor’s inquiries.
D. Client records documenting the use of computer programs.

20. When an accounting application is processed by computer, an auditor cannot verify the
reliable operation of programmed control procedures by
A. Manually comparing detail transaction files used by an edit program with the program’s
generated error listings to determine that errors were properly identified by the edit
program.
B. Constructing a processing system for accounting applications and processing actual data
from throughout the period through both the client’s program and the auditor’s program.
C. Manually reperforming, as of a moment in time, the processing of input data and
comparing the simulated results with the actual results.
D. Periodically submitting auditor-prepared test data to the same computer process and
evaluating the results.

21. During the consideration of a small business client’s internal control, the auditor discovered
that the accounts receivable clerk approves credit memos and has access to cash. Which of
the following controls would be most effective in offsetting this weakness?
A. The controller reconciles the total of the detail accounts receivable accounts to the amount
shown in the ledger.
B. The controller receives the monthly bank statement directly and reconciles the checking
accounts.
C. The owner reviews errors in billings to customers and postings to the subsidiary ledger.
D. The owner reviews credit memos after they are recorded.

Page 5 of 7 Pages
CPAR - MANILA AT-9005

22. In assessing control risk for the purchasing cycle, the auditor will be least influenced by
A. The effectiveness of controls in other cycles, e.g., the sales-receivables-cash receipts
cycle.
B. The existence within the purchasing cycle of internal control strengths that offset
weaknesses.
C. The audit work performed in the purchasing cycle by the company’s internal auditor.
D. The availability of a company manual describing policies and procedures for the
purchasing cycle.

23. Which of the following procedures would an auditor most likely perform to test controls
relating to management’s assertion concerning the completeness of sales transactions?
A. Verify that extensions and footings on the entity’s sales invoices and monthly customer
statements have been recomputed.
B. Compare the invoiced prices on prenumbered sales invoices to the entity’s authorized
price list.
C. Inquire about the entity’s credit granting policies and the consistent application of credit
checks.
D. Inspect the entity’s reports of prenumbered shipping documents that have not been
recorded in the sales journal.

24. Which of the following tests of controls most likely would help assure an auditor that goods
shipped are properly billed?
A. Scan the sales journal for sequential and unusual entries.
B. Examine shipping documents for matching sales invoices.
C. Compare the accounts receivable ledger to daily sales summaries.
D. Inspect unused sales invoices for consecutive prenumbering.

25. An auditor is least likely to test controls that provide for

A. Approval of the purchase and sale of trading securities.
B. Classification of revenue and expense transactions by product line.
C. Segregation of the functions of recording disbursements and reconciling the bank account.
D. Comparison of receiving reports and vendors’ invoices with purchase orders.

26. Which of the following procedures concerning accounts receivable would an auditor most
likely perform to obtain evidential matter in support of an assessed level of controls risk below
the maximum level?
A. Observing an entity’s employee prepare the schedule of past due accounts receivable.
B. Sending confirmation requests to an entity’s principal customers to verify the existence of
accounts receivable.
C. Inspecting an entity’s analysis of accounts receivable for unusual balances.
D. Comparing an entity’s uncollectible accounts expense to actual uncollectible accounts
receivable.

27. An internal control questionnaire indicates that an approved receiving report is required to
accompany every check request for payment of merchandise. Which of the following
procedures provides the greatest assurance that this control is operating effectively?
A. Select and examine receiving reports and ascertain that the related canceled checks are
dated no earlier than the receiving reports.
B. Select and examine receiving reports and ascertain that the related canceled checks are
dated no later than the receiving reports.
C. Select and examine canceled checks and ascertain that the related receiving reports are
dated no earlier than the checks.
D. Select and examine canceled checks and ascertain that the related receiving reports are
dated no later than the checks.

28. An auditor uses the knowledge provided by the understanding of internal control and the final
assessed level of control risk primarily to determine the nature, timing, and extent of the
A. Attribute tests C. Tests of controls
B. Compliance tests D. Substantive tests

Page 6 of 7 Pages
CPAR - MANILA AT-9005

29. When there are numerous property and equipment transactions during the year, an auditor
who plans to assess control risk at a low level usually performs
A. Tests of controls and extensive tests of property and equipment balances at the end of
the year.
B. Analytical procedures for current year property and equipment transactions.
C. Tests of controls and limited tests of current year property and equipment transactions.
D. Analytical procedures for property and equipment balances at the end of the year.

30. Tests of controls are least likely to be omitted with regard to

A. Accounts believed to be subject to ineffective controls.
B. Accounts representing few transactions.
C. Accounts representing many transactions.
D. Subsequent events.

--- END ---

Page 7 of 7 Pages