Professional Documents
Culture Documents
to accompany
by
Leung et al.
Multiple-choice questions
1. When tests of controls are not performed while obtaining an understanding under the
predominantly substantive approach:
2. The relationship between the required understanding of the internal control structure and
the preliminary audit strategy is that:
*a. normally, greater understanding is required when the lower assessed level of control
risk approach is used.
b. normally, greater understanding is required when the primarily substantive approach
is used.
c. no understanding is required in the planning stage unless tests of controls are a
planned part of the strategy.
d. normally, less understanding is required when the lower assessed level of control risk
approach is used.
3. After the auditor planned the audit based on the lower assessed level of control risk
approach it was found that the tests of control did not support this approach. Although the
controls were well designed they were not implemented and therefore ineffective. What
audit strategy should the auditor now pursue?
4. Assessing control risk at a level below high most likely would involve:
8. Which of these would be a necessary control to prevent a cash payment being made for an
unauthorised purpose?
9. Which of the following would be a necessary control to avoid an invoice being paid
twice?
*a. whether they relate to part or the whole of the accounting period.
b. the end of the year being audited.
c. whether they are performed earlier or later during the audit.
d. none of the above.
12. After performing additional tests of controls, the auditor reassesses control risk from the
initial planning level of slightly below maximum to moderate. The auditor should now:
13. If the auditor decides to seek a further reduction in control risk, this will require them to:
14. Based on a study and evaluation completed at an interim date, the auditor concludes that
no significant internal accounting control weaknesses exist. The records and procedures
would most likely be tested again at year-end if:
a. the internal accounting control system provides a basis for reliance in reducing the
extent of substantive testing.
b. tests of controls were not performed by the internal auditor during the remaining
period.
*c. inquiries and observations lead the auditor to believe that conditions have changed.
d. the auditor uses non-statistical sampling during interim compliance testing.
15. Which of the following is a limitation of using ‘observation’ for tests of controls?
*a. Employees may perform the control differently when not being observed.
b. The evidence applies for the entire period.
c. It is a dual-purpose test.
d. It shows how employees perform their duties.
16. The audit test that would normally be regarded as a test of control is:
17. Of the following, the procedure that would produce the most reliable evidence on the
segregation of duties is:
a. analytical procedures.
b. reconciliation.
c. re-performance.
*d. observation.
Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.
18. The test of control that is known as a dual-purpose test is:
a. inspecting.
b. observing.
c. enquiring.
*d. re-performing the control.
19. Testing the work of the internal auditors is least likely when the external auditor has
decided that:
a. the internal auditors will be used to directly assist in the conduct of the audit.
*b. the internal auditors have operating responsibilities as well as their auditing role.
c. the internal auditors are full-time employees of the client.
d. the reports of the internal auditors are consistent with the results of the work
performed.
a. may coordinate their audit work with that of the internal auditor.
b. may use the internal auditors to provide direct assistance with some types of audit
work.
*c. may delegate some of the substantive testing to the internal auditor.
d. none of the statements is incorrect, i.e. all are correct statements.
21. To determine whether the internal control structure policies and procedures operate
effectively to minimise errors of failure to invoice a shipment, the auditor would select a
sample of transactions from the population represented by the:
22. When control risk is assessed at the maximum, the extent of documentation required in
the working papers is that:
23. When it is concluded that the nature and frequency of deviations exceeds the tolerable
level, the auditor should:
25. The untrue statement concerning the communication of internal control matters to
management during a financial statement audit is:
26. In a computer information system control procedures that provide reasonable assurance
that the recording, processing and reporting of data are properly performed for specific
applications are known as:
*a. the test data approach involves dummy transactions prepared by and processed under
the control of the auditor.
b. the test data approach is relatively complicated, time consuming and expensive.
c. the test data approach involves dummy transactions prepared by the client and
processed under the control of the auditor.
d. the test data approach involves dummy transactions prepared by the auditor and
processed under the control of the client.
28. The name given to the test of control where the auditor reprocesses actual entity data
using auditor-controlled software is:
29. A disadvantage of the integrated test facility approach to a computer-assisted audit is:
30. Which of the following is not an advantage of the test data approach?
a. It is simple to use.
b. It is a way of auditing ‘through the computer’.
*c. There is no examination of the documentation actually processed by the system.
d. There is not much disruption to the client’s computer system.
31.
1. Identify the steps involved in a preliminary assessment of risk.
2. What is the requirement for documenting the assessed level of control risk when:
i. control risk is at the maximum
ii. control risk is below the maximum?
3. Tests of controls pertaining to effectiveness of operation focus on what two
questions?
Correct answer:
1. Step 1: perform procedures to obtain an understanding of internal control
Step 2: identify potential misstatements in the financial statements
Step 3: identify the necessary controls that are likely to prevent or detect potential
misstatements.
2. The requirement is:
i. Only the conclusion needs to be documented
ii. The basis for the assessment must be documented.
3. i. how was the control applied? and ii. was it applied consistently during the year?
Reference: Learning objective 10.1 ~ explain the relationship between control risk
assessment and audit strategy.
Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.
Learning objective 10.4 ~ explain the process of assessing control risk and documenting the
conclusion.
32. For the following potential misstatements for cash payments, identify a necessary control
and a test of the operational effectiveness of that control.
Correct answer:
Reference: Learning objective 10.2 ~ describe the purpose of tests of controls and the nature,
timing and extent of such tests.
33. When an auditor is designing tests of the operational effectiveness of controls they must
decide their nature, timing and extent. Explain what each of these concepts mean and why
they are important in designing these tests.
Correct answer:
Nature of tests: auditors need to decide what type of test will be conducted, whether it be
enquiring, observing, inspecting or re-performing. The auditor should select the procedure
that will provide the most reliable evidence about the effectiveness of the control.
Timing: the timing of tests refers to the part of the accounting period to which they relate. As
auditors are making an assessment on the controls for the whole period it is necessary for
them to test the controls as late in the interim period as possible whilst taking into
consideration audit efficiency.
Extent: More extensive tests of control provide more evidence of the operating effectiveness
of a control. The extent of tests of control is determined by the auditor’s planned assessed
level of control risk. More extensive testing will be needed for a low assessed level of control
risk than for a moderate level.
Reference: Learning objective 10.2 ~ describe the purpose of tests of controls and the nature,
timing and extent of such tests.
34. What audit strategy is the auditor likely to adopt if at the planning stage, control risk is
assessed as less than high?
Correct answer:
In assessing the control risk at less than high, the auditor has identified specific internal
control policies and procedures that they believe will be effective in preventing or detecting
misstatements related to the assertion. Evidence is needed to support this.
The auditor requires stronger evidence if the assessed level of control risk is low rather than
medium. This is because a low assessment of control risk indicates that the auditor is going to
place greater reliance on this procedure as an appropriate form of audit evidence: the greater
the reliance, the greater the evidence required.
Reference: Learning objective 10.1 ~ explain the relationship between control risk
assessment and audit strategy.
35. At what stage during the audit is the existence of internal controls tested and how are
these tests carried out?
Correct answer:
The existence of internal control will usually be tested during the control risk assessment
stage. Types of testing the auditor would undertake in evaluating the existence of an internal
control include inquiries of entity personnel, inspection of documents and reports, and
observation of the application of specific internal control policies and procedures, including
walk-throughs.
Reference: Learning objective 10.2 ~ describe the purpose of tests of controls and the nature,
timing and extent of such tests.
36. Outline the factors that will determine whether the auditor has obtained sufficient
appropriate evidence to support a particular risk assessment.
Correct answer:
There are a number of factors that will determine whether the auditor has obtained sufficient
appropriate evidence to support a particular control risk assessment. The auditor requires
stronger evidence if the assessed level of control risk is low rather than medium. If control
risk is high, the auditor does not have to gather evidence to support this assessment, as they
do not intend to rely on controls. They will gather their evidence via substantive testing.
Other factors that the auditor considers in determining whether the tests of controls have
yielded sufficient appropriate evidence include: type and source of evidence (some types of
audit tests provide stronger evidence); timeliness of evidence; and interrelationship with other
evidence (does all evidence point to the same conclusion?).
Reference: Learning objective 10.2 ~ describe the purpose of tests of controls and the nature,
timing and extent of such tests.
Correct answer:
Under the test data approach, dummy transactions are prepared by the auditor and processed
under auditor control by the entity’s software. The test data consist of one transaction for
each valid or invalid condition that the auditor wants to test.