Testbank

to accompany

Audit and assurance

1 edition
st

by

Leung et al.

© John Wiley & Sons Australia, Ltd 2019

 Chapter 10: Tests of controls

Chapter 10: Tests of controls

Multiple-choice questions

1. When tests of controls are not performed while obtaining an understanding under the
predominantly substantive approach:

a. preliminary control risk must be assessed at below maximum.

b. preliminary control risk must be assessed at the minimum.
c. they must be performed at year-end.
*d. preliminary control risk must be assessed at the maximum.

The correct option is d.

Learning objective 10.1 ~ explain the relationship between control risk assessment and audit
strategy.

2. The relationship between the required understanding of the internal control structure and
the preliminary audit strategy is that:

*a. normally, greater understanding is required when the lower assessed level of control
risk approach is used.
b. normally, greater understanding is required when the primarily substantive approach
is used.
c. no understanding is required in the planning stage unless tests of controls are a
planned part of the strategy.
d. normally, less understanding is required when the lower assessed level of control risk
approach is used.

The correct option is a.

Learning objective 10.1 ~ explain the relationship between control risk assessment and audit
strategy.

3. After the auditor planned the audit based on the lower assessed level of control risk
approach it was found that the tests of control did not support this approach. Although the
controls were well designed they were not implemented and therefore ineffective. What
audit strategy should the auditor now pursue?

*a. Adopt a predominantly substantive approach.

b. Perform more extensive tests of control than originally planned.
c. Reduce the level of substantive procedures.
d. None of the above.

The correct option is a.

Learning objective 10.1 ~ explain the relationship between control risk assessment and audit
strategy.

John Wiley & Sons Australia, Ltd 2019

10.2
Testbank to accompany Auditing and assurance 1e

4. Assessing control risk at a level below high most likely would involve:

*a. identifying specific internal controls relevant to specific assertions.

b. changing the timing of substantive tests by omitting interim testing and performing
the tests at year-end.
c. reducing inherent risk for most of the assertions relevant to significant account
balances.
d. performing more extensive substantive tests with larger sample sizes than originally
planned.

The correct option is a.

Learning objective 10.1 ~ explain the relationship between control risk assessment and audit
strategy.

5. What is the purpose of the preliminary assessment of control risk?

*a. To obtain a reasonable expectation of controls so as to decide on an appropriate audit

strategy.
b. To determine the extent to which internal controls have been implemented.
c. To obtain the necessary information for developing the flowchart.
d. To provide management with an opinion on the effectiveness of controls.

The correct option is a.

Learning objective 10.1 ~ explain the relationship between control risk assessment and audit
strategy.

6. Which of the following statements is true?

a. Tests of controls are not a form of audit evidence.

b. With good results from tests of controls, an auditor will most likely increase the level
of substantive testing of transactions and balances.
c. Where the auditor decides to use a substantive approach to obtaining evidence, it is
not necessary to obtain an understanding of internal controls to assess the risk of
possible financial statement misstatements.
*d. If the preliminary assessment of internal controls suggests that controls cannot be
relied on, the auditor should go straight to performing substantive testing.

The correct option is d.

Learning objective 10.1 ~ explain the relationship between control risk assessment and audit
strategy.

John Wiley & Sons Australia, Ltd 2019

10.3
 Chapter 10: Tests of controls

7. ‘Enquiring’ is a control test used by auditors. It requires the auditor to:

a. re-perform the control.

b. observe client personnel perform their duties.
c. inspect documents for signatures that indicate the control was performed.
*d. question client personnel about the performance of their duties.

The correct option is d.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

8. Which of these would be a necessary control to prevent a cash payment being made for an
unauthorised purpose?

a. Invoices being required before cheques are issued.

b. Only authorised people being able to issue cheques.
c. The duties of approving invoices and signing cheques are separated.
*d. All of the above.

The correct option is d.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

9. Which of the following would be a necessary control to avoid an invoice being paid
twice?

a. Segregating the duties of approving invoices and signing cheques.

*b. Invoice stamped paid when the cheque is issued.
c. Making payments by cheque.
d. Periodic bank reconciliations.

The correct option is b.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

10. Tests of controls are auditing procedures performed to determine:

a. whether required internal controls have been put in place.
b. the efficiency of the information flow.
*c. the effectiveness of the design and operation of internal controls.
d. b and c.

The correct option is c.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

John Wiley & Sons Australia, Ltd 2019

10.4
Testbank to accompany Auditing and assurance 1e

11. The timing of tests of controls refers to:

*a. whether they relate to part or the whole of the accounting period.
b. the end of the year being audited.
c. whether they are performed earlier or later during the audit.
d. none of the above.

The correct option is a.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

12. After performing additional tests of controls, the auditor reassesses control risk from the
initial planning level of slightly below maximum to moderate. The auditor should now:

a. decrease the level of detection risk, and decrease substantive testing.

b. increase the level of detection risk, and increase substantive testing.
c. increase planned substantive testing.
*d. increase the level of detection risk, and decrease substantive testing.

The correct option is d.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

13. If the auditor decides to seek a further reduction in control risk, this will require them to:

*a. perform additional tests of control.

b. increase, proportionately, assessed inherent risk.
c. rely exclusively on analytical procedures.
d. expand the scope of substantive testing during interim work.

The correct option is a.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

John Wiley & Sons Australia, Ltd 2019

10.5
 Chapter 10: Tests of controls

14. Based on a study and evaluation completed at an interim date, the auditor concludes that
no significant internal accounting control weaknesses exist. The records and procedures
would most likely be tested again at year-end if:

a. the internal accounting control system provides a basis for reliance in reducing the
extent of substantive testing.
b. tests of controls were not performed by the internal auditor during the remaining
period.
*c. inquiries and observations lead the auditor to believe that conditions have changed.
d. the auditor uses non-statistical sampling during interim compliance testing.

The correct option is c.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

15. Which of the following is a limitation of using ‘observation’ for tests of controls?

*a. Employees may perform the control differently when not being observed.
b. The evidence applies for the entire period.
c. It is a dual-purpose test.
d. It shows how employees perform their duties.

The correct option is a.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

16. The audit test that would normally be regarded as a test of control is:

a. enquiries of third parties.

b. test of the specific items making up the balance in a given general ledger account.
c. test of the additions to property, plant, and equipment by physical inspections.
*d. test of the signatures on purchase orders to a list of approved signatories.

The correct option is d.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

17. Of the following, the procedure that would produce the most reliable evidence on the
segregation of duties is:

a. analytical procedures.
b. reconciliation.
c. re-performance.
*d. observation.

The correct option is d.

John Wiley & Sons Australia, Ltd 2019

10.6
Testbank to accompany Auditing and assurance 1e

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.
18. The test of control that is known as a dual-purpose test is:

a. inspecting.
b. observing.
c. enquiring.
*d. re-performing the control.

The correct option is d.

Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.

19. Testing the work of the internal auditors is least likely when the external auditor has
decided that:

a. the internal auditors will be used to directly assist in the conduct of the audit.
*b. the internal auditors have operating responsibilities as well as their auditing role.
c. the internal auditors are full-time employees of the client.
d. the reports of the internal auditors are consistent with the results of the work
performed.

The correct option is b.

Learning objective 10.3 ~ clarify how the work of internal auditing may be used in tests of
controls.

20. The incorrect statement is: The external auditor:

a. may coordinate their audit work with that of the internal auditor.
b. may use the internal auditors to provide direct assistance with some types of audit
work.
*c. may delegate some of the substantive testing to the internal auditor.
d. none of the statements is incorrect, i.e. all are correct statements.

The correct option is c.

Learning objective 10.3 ~ clarify how the work of internal auditing may be used in tests of
controls.

John Wiley & Sons Australia, Ltd 2019

10.7
 Chapter 10: Tests of controls

21. To determine whether the internal control structure policies and procedures operate
effectively to minimise errors of failure to invoice a shipment, the auditor would select a
sample of transactions from the population represented by the:

a. subsidiary customer accounts ledger.

b. sales invoice file.
*c. bill of lading file.
d. customer order file.

The correct option is c.

Learning objective 10.4 ~ explain the process of assessing control risk and documenting the
conclusion.

22. When control risk is assessed at the maximum, the extent of documentation required in
the working papers is that:

a. only the basis for the assessment must be documented.

*b. only the conclusion needs to be documented.
c. the basis for the assessment and the conclusion must both be documented.
d. no documentation is necessary.

The correct option is b.

Learning objective 10.4 ~ explain the process of assessing control risk and documenting the
conclusion.

23. When it is concluded that the nature and frequency of deviations exceeds the tolerable
level, the auditor should:

*a. increase the extent of substantive procedures.

b. adopt a lower assessed level of control risk strategy.
c. reduce the level of control risk.
d. increase the level of detection risk.

The correct option is a.

Learning objective 10.4 ~ explain the process of assessing control risk and documenting the
conclusion.

John Wiley & Sons Australia, Ltd 2019

10.8
Testbank to accompany Auditing and assurance 1e

24. External auditors have a duty to communicate in writing significant deficiencies in

internal control to those charged with governance. Which of the following is unlikely to
be relevant when determining whether a ‘significant deficiency’ exists?

a. The susceptibility to loss or fraud of the related asset.

*b. The extent of substantive procedures performed.
c. The likelihood of deficiencies leading to material misstatements in the financial
statements in the future.
d. The importance of controls to the financial reporting process.

The correct option is b.

Learning objective 10.5 ~ indicate the appropriate communications the auditor makes on
internal control matters.

25. The untrue statement concerning the communication of internal control matters to
management during a financial statement audit is:

a. the duties relating to communication are included in ASA 265/ISA 265.

b. the auditor shall communicate in writing significant deficiencies in internal control
identified.
c. circumstances where it may be inappropriate to communicate deficiencies in the
internal control system include situations where there are other deficiencies that are
of sufficient importance to merit management’s attention.
*d. none of the statements are untrue, i.e. all are true statements.

The correct option is d.

Learning objective 10.5 ~ indicate the appropriate communications the auditor makes on
internal control matters.

26. In a computer information system control procedures that provide reasonable assurance
that the recording, processing and reporting of data are properly performed for specific
applications are known as:

*a. application controls.

b. general controls.
c. user controls.
d. integrated testing.

The correct option is a.

Learning objective 10.6 ~ describe the types of controls you would expect to see in an
information technology environment.

John Wiley & Sons Australia, Ltd 2019

10.9
 Chapter 10: Tests of controls

27. The statement that is accurate concerning audit testing is:

*a. the test data approach involves dummy transactions prepared by and processed under
the control of the auditor.
b. the test data approach is relatively complicated, time consuming and expensive.
c. the test data approach involves dummy transactions prepared by the client and
processed under the control of the auditor.
d. the test data approach involves dummy transactions prepared by the auditor and
processed under the control of the client.

The correct option is a.

Learning objective 10.7 ~ identify the alternative types of computer-assisted audit techniques.

28. The name given to the test of control where the auditor reprocesses actual entity data
using auditor-controlled software is:

*a. parallel simulation.

b. dual-purpose testing.
c. test data approach.
d. integrated test facility.

The correct option is a.

Learning objective 10.7 ~ identify the alternative types of computer-assisted audit techniques.

29. A disadvantage of the integrated test facility approach to a computer-assisted audit is:

a. it does not overcome the limitations of the use of test data.

b. it is disruptive to the client.
*c. there is a risk that errors could be created in the client’s data.
d. all the above are limitations.

The correct option is c.

Learning objective 10.7 ~ identify the alternative types of computer-assisted audit techniques.

30. Which of the following is not an advantage of the test data approach?

a. It is simple to use.
b. It is a way of auditing ‘through the computer’.
*c. There is no examination of the documentation actually processed by the system.
d. There is not much disruption to the client’s computer system.

The correct option is c.

Learning objective 10.7 ~ identify the alternative types of computer-assisted audit techniques.

John Wiley & Sons Australia, Ltd 2019

10.10
Testbank to accompany Auditing and assurance 1e

Short answer questions

31.
1. Identify the steps involved in a preliminary assessment of risk.
2. What is the requirement for documenting the assessed level of control risk when:
i. control risk is at the maximum
ii. control risk is below the maximum?
3. Tests of controls pertaining to effectiveness of operation focus on what two
questions?

Correct answer:
1. Step 1: perform procedures to obtain an understanding of internal control
Step 2: identify potential misstatements in the financial statements
Step 3: identify the necessary controls that are likely to prevent or detect potential
misstatements.
2. The requirement is:
i. Only the conclusion needs to be documented
ii. The basis for the assessment must be documented.
3. i. how was the control applied? and ii. was it applied consistently during the year?

Reference: Learning objective 10.1 ~ explain the relationship between control risk
assessment and audit strategy.
Learning objective 10.2 ~ describe the purpose of tests of controls and the nature, timing and
extent of such tests.
Learning objective 10.4 ~ explain the process of assessing control risk and documenting the
conclusion.

John Wiley & Sons Australia, Ltd 2019

10.11
 Chapter 10: Tests of controls

32. For the following potential misstatements for cash payments, identify a necessary control
and a test of the operational effectiveness of that control.

1 a cash payment may be made for an unauthorised purpose.

2 an invoice may be paid twice.
3 a cheque may be issued for the wrong amount.
4 a cash payment transaction may not be recorded.

Correct answer:

Possible tests of operational

Possible necessary controls:
1. Appropriate documentation is required for
each payment transaction
Only authorised personnel are permitted to
sign cheques
The duties of approving invoices and
signing cheques are segregated
2. The documents are stamped ‘paid’ when
the cheque is issued
3. Signers should verify the agreement
between the cheque and invoice amounts
before signing
4. All payment transactions are to be made by
cheque
All cheques are to be pre-numbered and
accounted for
Unused cheques are to be stored in a secure
area
An independent check of the daily
summary of cheques issued and the cash
payments journal entries
Periodic bank reconciliations
effectiveness:
Test a sample of transactions to find the
supporting documents
Observe individuals signing cheques and
identify them as authorised signatories
Observe the segregation of duties
Observe documents being stamped and/or
inspect a sample for the ‘paid’ stamp
Observe cheque signers performing an
independent check
Enquire about methods of making
payments and/or inspect cheque butts for a
sample of payments
Examine evidence of the use and
accounting for pre-numbered cheques
Observe the handling and storage of
unused cheques
Observe the performance of an independent
check and/or re-perform the check
Observe and/or inspect bank
reconciliations

Reference: Learning objective 10.2 ~ describe the purpose of tests of controls and the nature,
timing and extent of such tests.

John Wiley & Sons Australia, Ltd 2019

10.12
Testbank to accompany Auditing and assurance 1e

33. When an auditor is designing tests of the operational effectiveness of controls they must
decide their nature, timing and extent. Explain what each of these concepts mean and why
they are important in designing these tests.

Correct answer:
Nature of tests: auditors need to decide what type of test will be conducted, whether it be
enquiring, observing, inspecting or re-performing. The auditor should select the procedure
that will provide the most reliable evidence about the effectiveness of the control.

Timing: the timing of tests refers to the part of the accounting period to which they relate. As
auditors are making an assessment on the controls for the whole period it is necessary for
them to test the controls as late in the interim period as possible whilst taking into
consideration audit efficiency.

Extent: More extensive tests of control provide more evidence of the operating effectiveness
of a control. The extent of tests of control is determined by the auditor’s planned assessed
level of control risk. More extensive testing will be needed for a low assessed level of control
risk than for a moderate level.

Reference: Learning objective 10.2 ~ describe the purpose of tests of controls and the nature,
timing and extent of such tests.

34. What audit strategy is the auditor likely to adopt if at the planning stage, control risk is
assessed as less than high?

Correct answer:
In assessing the control risk at less than high, the auditor has identified specific internal
control policies and procedures that they believe will be effective in preventing or detecting
misstatements related to the assertion. Evidence is needed to support this.

The auditor requires stronger evidence if the assessed level of control risk is low rather than
medium. This is because a low assessment of control risk indicates that the auditor is going to
place greater reliance on this procedure as an appropriate form of audit evidence: the greater
the reliance, the greater the evidence required.

Reference: Learning objective 10.1 ~ explain the relationship between control risk
assessment and audit strategy.

John Wiley & Sons Australia, Ltd 2019

10.13
 Chapter 10: Tests of controls

35. At what stage during the audit is the existence of internal controls tested and how are
these tests carried out?

Correct answer:
The existence of internal control will usually be tested during the control risk assessment
stage. Types of testing the auditor would undertake in evaluating the existence of an internal
control include inquiries of entity personnel, inspection of documents and reports, and
observation of the application of specific internal control policies and procedures, including
walk-throughs.

Tests of the effectiveness and continuity of controls (commonly called operating

effectiveness) are undertaken as a test of the controls that are expected to be relied upon.

Reference: Learning objective 10.2 ~ describe the purpose of tests of controls and the nature,
timing and extent of such tests.

36. Outline the factors that will determine whether the auditor has obtained sufficient
appropriate evidence to support a particular risk assessment.

Correct answer:
There are a number of factors that will determine whether the auditor has obtained sufficient
appropriate evidence to support a particular control risk assessment. The auditor requires
stronger evidence if the assessed level of control risk is low rather than medium. If control
risk is high, the auditor does not have to gather evidence to support this assessment, as they
do not intend to rely on controls. They will gather their evidence via substantive testing.
Other factors that the auditor considers in determining whether the tests of controls have
yielded sufficient appropriate evidence include: type and source of evidence (some types of
audit tests provide stronger evidence); timeliness of evidence; and interrelationship with other
evidence (does all evidence point to the same conclusion?).

Reference: Learning objective 10.2 ~ describe the purpose of tests of controls and the nature,
timing and extent of such tests.

37. Discuss the test data approach to testing controls.

Correct answer:
Under the test data approach, dummy transactions are prepared by the auditor and processed
under auditor control by the entity’s software. The test data consist of one transaction for
each valid or invalid condition that the auditor wants to test.

Reference: Learning objective 10.7 ~ identify the alternative types of computer-assisted

audit techniques.

John Wiley & Sons Australia, Ltd 2019

10.14