What is Audit Risk?
The possibility that the auditors may unknowingly fail to appropriately modify their opinion on financial statements that are materially misstated.
What must auditors due to reduce audit risk?
Auditors must obtain sufficient appropriate audit evidence to reduce audit risk to a low level in every audit.
What are relevant financial assertions?
Relevant assertions are those that, without regard for controls, have a reasonable possibility of containing a material misstatement.
Types of Financial Statement Assertions
- Assertions about account balances (accounts)
- Assertions about classes of transactions and events (transactions)
- Assertions about presentation and disclosure (Disclosures)
Definition: Existence or Occurrence
Assets, liabilities, and equity interests exist and recorded transactions have occurred.
Definition: Rights and Obligations
The company holds rights to the assets, and liability are the obligations of the company
Definition: Completeness
All assets, liabilities, equity interests, and transactions that should have been recorded have been recorded
Definition: Valuation, Allocation and Accuracy
All transactions, assets, liabilities and equity interests are included in the financial statements at proper amounts.
Definition: Cutoff
Transactions and events have been recorded int he correct accounting period.
Definition: Presentation and Disclosure
Accounts are described and classified in accordance with generally accepted accounting principles, and financial statement disclosures are complete, appropriate, and clearly expressed.
Definition: Inherent Risk
Risk of a material misstatement occurring in an assertion assuming no related internal controls.
Definition: Control Risk
Risk that a material misstatement in an assertion will not be prevented or detected on a timely basis by the company's internal control.
Definition: Detection Risk
Risk that the auditors' procedures will lead them to conclude that a material misstatement does not exist in an assertion when in fact such misstatement does exist.
What are the factors that affect inherent risk?
- Nature of the client and its environment
- Nature of the particular financial statement element
What are the business characteristics indicative of high inherent risk?
- Inconsistent profitability of client
- Operating results highly sensitive to economic factors
- Going concern problems
- Large known and likely misstatements detected in prior audits
- Substantial turnover, questionable reputation, or inadequate account
What do the assertions with high inherent risk involve?
- Difficult to audit transactions or balances
- Complex calculations
- Difficult accounting issues
- Significant judgment by management
- Valuations that vary significantly based on economic factors
What are the types of transactions?
- Routine
- Non Routine
- Estimation transactions
What are routine transactions?
- Recurring financial statement activities recorded in the accounting records in the normal course of business
- Lower inherent risk
What are nonroutine transactions?
- Involve activities that occur only periodically such as the taking of physical inventories
- High inherent risk
What are estimation transactions?
- Activities that create accounting estimates
- Higher Inherent risk
What is appropriate audit evidence?
Must be
- Relevant
- Reliable
When is audit evidence ordinarily more reliable?
When it is:
- Obtained from knowledgeable independent sources outside the company rather than nonindependent sources
- Generated internally through a system of effective controls rather than ineffective controls.
- Obtained directly by the auditor rather
What are the types of audit evidence?
1. Accounting information system
2. Documentary evidence
3. Third-party representations
4. Physical evidence
5. Computations
6. Data interrelationships
7. Client representations
What are common audit procedures?
- Inquiry
- Inspection of records or documents
- Inspection of tangible assets
- Observation
- External confirmation
- Recalculation
- Reperformance
- Analytical procedures
What are the types of audit procedures?
- Risk assessment procedures
- Further Audit Procedures: Test of controls & Substantive Procedures
What are risk assessment procedures?
To obtain an understanding of the client and its environment, including its internal controls, to assess the risks of materials misstatement
What are tests of controls?
When appropriate, to test the operating effectiveness of controls in preventing material misstatements
What are substantive procedures?
To detect material misstatements at relevant assertion level. Substantive procedures include (a) analytical procedures, (b) tests of details of account balances, transactions and disclosures
What are tests of details?
- Tests of account balances
- Tests of classes of transactions
- Tests of disclosures
- One may change the scope of audit procedures by changing the Nature, Timing and Extent.
Holding the extent of procedures constant, one may increase the scope of procedures (make them more effective) by either changing the _____ or ______.
Nature - Obtain more reliable evidence
Timing - wait until year-end to obtain evidence from entire set of transactions as contrasted to performing interim testing, say two months prior to year-end and simply updating those procedures.
What happens when you hold other factors such as the nature and timing of procedures constant?
- The greater the risk of material misstatement, the greater the needed extent of substantive procedures
- The main way to increase the extent of audit procedures is to examine more items
- Sample sizes should reduce detection risk so as to restrict audit
What is the timing of analytical procedures?
Risk assessment
Substantative procedures
Final Review
What are the steps involved with analytical procedures?
- Develop expectation of account (or ratio) balance
- Determine amount of difference that can be accepted without investigation
- Compare the company's account (ratio) with the expectation
- Investigate and evaluate significant differences
How do you develop an expectation?
- Prior period information
- Anticipated results
- Relationships among elements of financial information within a period
- Industry information
- Relationships between financial information and relevant nonfinancial data
What are the types of expectations?
- Trend analysis - analyze change in accounts of a company over time
- Ratio analysis - compare relationships between two or more financial statement accounts or comparisons of account balances to nonfinancial data
- Liquidity
- Leverage
- Profitability
-
What are the approaches to ratio analysis?
- Horizontal analysis
- Cross sectional analysis
- Vertical analysis
- Other (Regression analysis, reasonableness test)
What is Horizontal analysis?
Reviews ratios over time
What is cross sectional analysis?
Analyze ratios of similar firms at a point in time
What is Vertical analysis?
Analyze relationships within a period
"Common size" statements prepared
What are the basic approaches to auditing accounting estimates?
- Review and test managements process for developing the estimate
- Independently develop an estimate to compare to management's estimate.
- Review subsequent events or transactions bearing on the estimate
What are the inputs to use in applying valuation techniques?
- Level 1 - inputs of observable quoted prices in active markets for identical assets or liabilities
- Level 2 - inputs of observable quoted prices, generally for similar assets or liabilities in active markets
- Level 3 - inputs that are unobservable for
What are the primary functions of audit documentation?
Support the auditors' compliance with auditing standards
Support the auditors' opinon
What are the secondary functions of audit documentation?
- Assist continuing and new audit team members in planning and performing the audit
- Serves as a record of matters of continuing audit interest
- Assists in supervision and review of the audit
- Demonstrates the accountability of team members
- Assists i
Audit documentation should be sufficient to:
- Enable an experienced auditor to understand the work performed and the significant conclusions reached
- Identify who performed and reviewed the work
- Show that the accounting agree or reconcile to the financial statements
Audit documentation should include:
All significant audit findings and the actions taken to address them
Types of working papers
- Audit administrative working papers
- Working trial balance
- Lead schedules
- Adjusting journal entries and reclassification entries
- Supporting schedules
- Analysis of a ledger account
- Reconciliations
- Computational working papers
- Corroborating
Which of the following is not a component of audit risk?
a) Control Risk
b) Detection Risk
c) Sufficiency Risk
d) Inherent Risk
c) Sufficiency Risk
Which type of risk does an auditor have control over through substantive auditing procedures?
a) Control Risk
b) detection risk
c) sufficiency risk
d) inherent risk
b) detection risk
Which type of risk does the management of a company have the most control over in the short term?
a) Control risk
b) detection risk
c) sufficiency risk
d) inherent risk
a) Control risk
Which of the following descriptions best describes inherent risk?
a) Auditors fail to discover a material misstatement in the course of their audit and do not modify their audit opinion
b) A company's internal control fails to identify a material misstate
d) The possibility that a material misstatement will occur in any given account before considering internal control.
Further audit procedures include:
a) Risk assessment procedures
b) Audit planning
c) Tests of controls
d) Diagrams of transaction cycles
c) Tests of controls
Which of the following is a basic procedures used in an audit?
a) Tests of cycles
b) risk analytic testing
c) substantive procedures
d) test of evidential directionality
c) substantive procedures
Auditors must gather "sufficient appropriate audit evidence" to support their audit opinion. Which of the following is least likely to serve as a substitute for performing other audit procedures?
a) the physical observation of the counting of company inve
d) Obtaining a representation letter signed by top management
The type of transactions that ordinarily have a high inherent risk because they involve management judgments or assumptions are referred to as:
a) Estimation transactions
b) Nonroutine transactions
c) routine transactions
d) substantive transactions
a) Estimation transactions
Which of the following ordinarily is considered the weakest form of evidence?
a) Actual physical evidence
b) Documentary evidence obtained form outside the company
c) Documentary evidence obtained from inside the company
d) Replies to company employees to
d) Replies to company employees to auditor oral inquiries
Which method of analytical procedure analysis is most useful because many expenses, such as cost of goods sold, might be expected to bear a predictable relationship to net sales?
a) horizontal analysis
b) reasonableness analysis
c) trend analysis
d) verti
d) vertical analysis
One type of analytical procedure is trend analysis. Which of the following is the best example of trend analysis?
a) Comparison of company financial ratios to that of its competitors
b) Comparison of accounting records to budgeted amounts
c) Comparison of
c) Comparison of inventory levels over the past 3 years
Which of the following is not one of the primary approaches auditors use when evaluating the reasonableness of accounting estimates?
a) Review and test management's process of developing estimates
b) Confirm estimates directly with outsiders
c) Independen
b) Confirm estimates directly with outsiders
Audit documentation relating to the A company audit should be sufficient to allow which type of auditor to understand the audit work performed?
a) any auditor
b) any auditor that works on A Company's audit
c) an experienced auditor
d) an experienced audit
c) an experienced auditor
Documentation may not be deleted from the working papers after the:
a) Audit report delivery date
b) Date of the audit report
c) Documentation completion date
d) Final day of fieldwork
c) Documentation completion date
What are the steps for an audit process?
1. Plan the audit
2. Obtain an understanding of the client and its environment, including internal control
3. Assess the risks of material misstatement and design further audit procedures
4. Perform further audit procedures
5. Complete the audit
6. Form a
How do you establish an understanding with the client?
This is ordinarily accomplished through the use of an engagement letter.
Related, determine that
- The firm meets professional independence requirements
- There are no issues relating to management integrity
- The client understands the terms of the engag
What items need to be included in the engagement letter?
- Name of entity
- Management responsibilities
- Auditor responsibilities
What are the management responsibilities to be included in an engagement letter?
- Financial Statements
- Establishing effective internal control over financial reporting
- Compliance with laws and regulations
- Making records available to the auditors
- Providing written representations at the end of the audit, including that adjustm
What are the Auditor responsibilities to be included in an engagement letter?
-Conducting an audit in accordance with GAAS
- Obtaining an understanding of internal control to plan audit and to determine the nature, timing and extent of procedures
- Making communications required by GAAS
What are the risk assessment procedures?
- Inquiries of management and others within the entity
- Analytical procedures
- Observation and inspection relating to client activities, operations, documents, reports and premises
- Other procedures, such as inquiries of others outside the company and
How do you determine materiality?
- Use professional judgment and based on reasonable person
- Consider both quantitative and qualitative factors
What is materiality used in?
Planning the audit
- at the overall financial statement level
- Allocate to individual accounts
Evaluating audit findings
What are the two types of fraud?
- Fraudulent financial reporting
- Misappropriation of assets
What are the procedures to assess fraud risk
- Discussion among engagement team
- Inquiries of management and other personnel
- Risk assessment analytical procedures (to aid in planning the audit)
- Considering fraud risk factors
- Incentives
- Opportunity
- Attitude
What are some considerations for identifying fraud risk?
- Type
- Significance
- Likelihood that it will result in a material misstatement
- Pervasiveness
What are the steps if you discover fraud?
- Communication to appropriate level of management
- If fraud involves senior management or material misstatement communicate to audit committee
What should further audit procedures include?
- Substantive procedures for all relevant assertions
- Tests of controls when the auditors' risk assessment includes an expectation that controls are operating effectively, or when substantive procedures alone are not sufficient
What are the overall responses when assessed risks of material misstatement are high?
- Heightened professional skepticism
- Assigning more experienced staff
- Assigning staff with specialized skills
- Providing more supervision
What is an audit trail?
A trail of evidence that links source documents, journal entries and ledger entries
What directions may an auditor follow the audit trail related to the direction of testing?
- Test for existence or occurrence
- Test for completeness
What is the systems portion of an Audit program?
- Deals with client's internal control
- Evidence of test of controls and assessing control risk
What is the Substantive test portion of an audit program?
- Deals with financial statement account balances
- Indirect and direct verification of income statement accounts
What are the objectives of substantive programs for asset accounts?
- Establish the existence of assets
- Establish that the company has rights to the assets
- Establish the completeness of recorded assets
- Verify the cutoff of transactions
- Determine the appropriate valuation of the assets and accuracy of related trans
Adequate planning and design of an audit is necessary for an auditor to restrict which type of audit risk?
A) Control Risk
B) Detection Risk
C) Sufficiency Risk
D) Inherent Risk
Detection Risk
B&M auditors have been accepted as the auditors of World Wide Widgets (3W). What are B&M's responsibilities with regard to contacting 3W's predecessor auditors?
A) If 3W had a disagreement with its predecessor auditors, B&M should not contact the predeces
B&M should attempt communications with the predecessor auditors and ask if they had any accounting policy disagreements with 3W.
An engagement letter is best described as which of the following?
A) A letter from company management to the auditors specifying management's expectations for completion of the audit on a timely basis and the fees.
B) A letter from the auditors to company
A letter from the auditors to company management that specifies the responsibilities of both the company and the auditors in completing the audit and the timing for its completion.
Materiality can best be described as which of the following?
A) Materiality is typically measured as a fixed percentage of assets.
B) Materiality is typically measured as a fixed percentage of net income.
C) Materiality does not depend on the company bein
Materiality is the amount at which judgments based on the financial statements may be altered.
Which of the following is least likely to be required on an audit?
A) Test appropriateness of journal entries and adjustment
B) Review accounting estimates for biases
C) Evaluate the business rationale for significant, unusual transactions
D) Make a legal
Make a legal determination of whether fraud has occurred
Which of the following is most likely to be an overall response to fraud risks identified in an audit?
A) Supervise members of the audit team less closely and rely more upon judgment.
B) Use less predictable audit procedures.
C) Only use certified public
Use less predictable audit procedures.
Which of the following is most likely to be presumed to represent a fraud risk on an audit?
A) Capitalization of repairs and maintenance expense into the property, plant and equipment asset account
B) Improper revenue recognition
C) Improper interest expe
Improper revenue recognition
Which of the following is least likely to be included in an auditor's inquiry of management while obtaining information to identify the risks of material misstatement due to fraud?
A) Are financial reporting operations controlled by and limited to one loc
Are financial reporting operations controlled by and limited to one location?
An audit plan is a:
A) Detailed plan of analytical procedures and all substantive tests to be performed in the course of the audit.
B) Document that provides an overview of the company and a general plan for the audit work to be accomplished, timing of th
Document that provides an overview of the company and a general plan for the audit work to be accomplished, timing of the work, and other matters of concern to the audit.
An audit program is:
A) The detailed plan of audit procedures to be performed in the course of the audit.
B) An overview of the company and a general plan for the audit work to be accomplished.
C) A generic document that auditing firms have developed to l
The detailed plan of audit procedures to be performed in the course of the audit.
Which statement best describes the interaction of the systems and substantive approaches in the audit plan?
A) The systems approach focuses on testing controls to make sure they are effective, while the substantive approach is the detailed testing of spec
The systems approach focuses on testing controls to make sure they are effective, while the substantive approach is the detailed testing of specific accounts for accuracy.
Tracing from source documents to journals most directly addresses which financial statement assertion?
A) Completeness
B) Existence
C) Valuation
D) Rights
Completeness
Definition of Internal Control
A process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding, achievement of (the entity's) objectives on:
- Effectiveness and efficiency of operations
- Reliability of financi
What is the Foreign Corrupt Practices Act?
Passed in 1977 in response to American corporation practice of paying bribes and kickbacks to officials in foreign countries to obtain business.
The Act requires an effective system of internal control and makes illegal payment of bribes to foreign offici
What are preventive controls?
Aimed at avoiding the occurrence of misstatements in the financial statements.
What are detective controls
Designed to discover misstatements after they have occurred.
What are corrective controls?
Needed to remedy the situation uncovered by detective controls.
What are the components of internal control?
- The control environment
- Risk assessment
- The Accounting Information and Communication system
- Control Activities
- Monitoring
What are control environment factors?
- Integrity and ethical values
- Commitment to competence
- Board of directors or audit committee
- Management philosophy and operating style
- Organizational structure
- Human resource policies and practices
- Assignment of authority and responsibility
What are the factors indicative of increased financial reporting risk?
- Changes in regulatory or operating environment
- Changes in personnel
- Implementation of a new or modified information system
- Rapid growth of the organization
- Changes in technology affecting production processes or information systems
- Introductio
What are internal control activities?
- Performance reviews
- Information processing
- General control activities
- Application control activities
- Physical controls
- Segregation of duties
- Segregate authorization, recording and custody of assets
What are the objectives of an accounting system?
- Identify and record valid transactions
- Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions
- Measure the value of transactions appropriately
- Determine the time period in which the transact
What are ongoing monitoring activiities
Regularly performed supervisory and management activities
What are separate evaluations?
Performed on a nonroutine basis
What are the limitations of internal control?
- Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc.
- Controls that depend on the segregation of duties may be circumvented by collusion
- Management may override the structure
- Compliance may deteriorate over t
What are Auditors' Overall Approach with Internal Control?
1. Plan the audit
2. Obtain an understanding of the client and its environment, including internal control
3. Assess the risks of material misstatement and design further audit procedures
4. Perform further audit procedures
5. Complete the audit
6. Form a
Understanding of internal control is used to help the auditor to:
- Identify types of potential misstatements
- Consider factors that affect the risks of material misstatement
- Design tests of controls (when applicable) and substantive procedures.
What are the five internal control components that auditors must consider?
- Control environment
- Accounting information system
- Risk assessment
- Control activities
- Monitoring
How do auditors obtain understanding of internal control?
- Inquiring of entity personnel
- Observing the application of specific controls
- Inspecting documents and reports
- Tracing transactions through the information system relevant to financial reporting
How do they document the understanding of internal control?
Questionnaires
Written Narratives
Flowcharts
Walk-through
How do auditors assess the risks of material misstatement?
- Identify risks while obtaining an understanding of the client and its environment, including its internal control
- Relate the identified risks to what can go wrong at the relevant assertion level
- Consider whether the risks are of a magnitude that cou
What are the responses to high risks at the financial statement level?
- Assigning more experience staff or those with specialized skills
- Providing more supervision and emphasizing the need to maintain professional skepticism
- Incorporating additional elements of unpredictability in the selection of further audit procedur
What is test of controls?
- Identifies controls likely to prevent or detect material misstatements
- Perform tests of controls to determine whether they are operating efficiently
What do test of controls address?
- How controls were applied
- The consistency with which controls were applied
- By whom or by what means the controls were applied
What is included in the test of controls?
- Inquiries of appropriate client personnel
- Inspection of documents and reports
- Observation of the application of controls
- Reperformance of the controls
What are the results of the test of controls used for?
Determining the nature, timing and extent of substantive procedures.
What is included in Management's Report on Internal Control under section 404a?
- Acknowledgment of responsibility for internal control
- An assessment of internal control effectiveness as of the last day of the company's fiscal year using suitable criteria
- Support the evaluation with sufficient evidence
What is batch processing?
- Input data gathered and processed periodically in groups
- Often more efficient than other types of systems but does not provide up-to-minute information
What are the two types of online systems used?
- Online transaction processing
- Online analytical prcoessing
What is Online transaction processing (OLTP)?
Individual transactions entered from remote locations
Example: Bank balance at ATM
What is online analytical processing (OLAP)?
Enables user to query a system for analysis
Internal Control in IT
- Separation of duties
- Clearly defined responsibility
- Augmented by controls written into computer programs
What is the audit train impact of IT Accounting systems?
- In a traditional manual system, hard-copy documentation available for accounting cycle
- In computerized environment, audit train ordinarily still exists, but often not in printed form
- Can affect audit procedures
- Consulting auditors during design st
What are the responsibilities in an IT System?
Information systems management
- Supervise the operation of the department and report to vice president of finance
Systems analysis
- Responsible for designing the system
Application programming
- Design flowcharts and write programming code
Database admi
What are the IT Control Activities?
- Developing new programs and systems
- Changing existing programs and systems
- Access to programs and data
- IT operations controls
What are the user control activities in an IT System?
- Designed to test the completeness and accuracy of IT-processed transactions
- Designed to ensure reliability
- Reconciliation of control totals generated by system to totals developed at input phase
What are the techniques for testing application controls?
Auditing around the computer - Manually processing selected transactions and comparing results to computer output
Manual Tests of Computer Controls - Inspection of computer control reports and evidence of manual follow-up on exceptions
Auditing through th
Internal control is primarily established within a company to do which of the following?
A) Prevent fraud.
B) Provide reasonable assurance that the company's objectives will be achieved.
C) Catch all errors that may occur in the company.
D) Aid in the eff
Provide reasonable assurance that the company's objectives will be achieved.
Providing reasonable assurance with respect to which of the following is not required under the internal control provisions of the Foreign Corrupt Practices Act?
A) Management is responsibility for knowledge and authorization of transactions.
B) Transacti
Access to assets is limited to members of management.
Which of the following is considered a control environment factor by the COSO definition of internal control?
A) Control objectives
B) Integrity and ethical values
C) Reasonable assurance
D) Risk assessment
Integrity and ethical values
Billy Jo is responsible for custody of the finished goods in the warehouse. If his company wishes to maintain strong internal control, which of the following responsibilities are incompatible with his primary job?
A) He is also responsible for the company
He is responsible for the accounting records for all receipts and shipments of goods from the warehouse.
Which of the following is least likely when an auditor performs an integrated audit of a public company's financial statements?
A) Issuing an audit report on internal control over financial reporting.
B) Issuing an audit report on the financial statements
Omitting tests of controls for several major accounts.
Which of the following describes the function of a fidelity bond?
A) An insurance policy that covers theft by a bonded employee.
B) A short term investment that is secured by a bank.
C) It is a procedure to separate the duties of employees.
D) A contract
An insurance policy that covers theft by a bonded employee.
Tests of controls are used to test whether controls are:
A) Operating effectively.
B) Implemented (placed in operation).
C) Properly accumulated into balance sheet totals.
D) Properly documented by the client.
Operating effectively.
Tests of controls are least likely to include:
A) Inquiries of appropriate client vendors.
B) Reperformance of a control.
C) Observation of the application of an accounting procedure.
D) Inspection of documents.
Inquiries of appropriate client vendors.
Which of the following is most likely to be considered an inherent limitation of a client's internal control?
A) Complexity of the information system.
B) Human errors.
C) Management's interest in a profitable enterprise.
D) An ineffective audit committee.
Human errors.
Which of the following is one of the most fundamental and effective controls?
A) Increased use of computers for recording accounting transactions.
B) Increased reliance on internal auditors to monitor accounting systems.
C) Segregation of incompatible dut
Segregation of incompatible duties across several people.
Control risk is most likely to be assessed at a level below the maximum when?
A) No tests of controls have been performed.
B) Tests of controls have been performed.
C) Externally generated evidence supports management's contentions relating to internal co
Tests of controls have been performed.
The results of the consideration of internal control are least likely to affect the auditors' decisions pertaining to:
A) The use of analytical procedures.
B) The assessment of control risk.
C) The assessment of inherent risk.
D) Detailed tests of ending
The assessment of inherent risk.
Which of the following is not an advantage of a computerized accounting system?
A) Computers process transactions uniformly.
B) Computers help alleviate human errors.
C) Computers can process many transactions quickly.
D) Computers leave a thorough audit
Computers leave a thorough audit trail which can be easily followed.
One of the greatest difficulties in auditing a computerized accounting system is:
A) Data can be erased from the computer with no visible evidence.
B) Because of the lack of an audit trail, computer systems have weaker controls and more substantive testin
Data can be erased from the computer with no visible evidence.
How have electronic data interchange (EDI) systems affected audits?
A) Since orders and billing transactions are done over the computer, source documents cannot be obtained.
B) Auditors often need to plan ahead to capture information about selected transa
Auditors often need to plan ahead to capture information about selected transactions over the EDI.
Since the computer can do many jobs simultaneously, segregation is not as defined as it is in a manual system. How can a computer system be modified to compensate for the lack of segregation of duties?
A) The computer system should be under the direction
Strong controls should be built into both the computer software and hardware to limit access and manipulation.
One key control in the organization of the information systems department is the:
A) Separation of the systems development group and the operations (data processing) group.
B) Operating personnel should strictly control access to the client's database.
C)
Separation of the systems development group and the operations (data processing) group.
Which of the following represent examples of general, application and user control activities, respectively, in the computer environment?
A) Control over access to programs, computer exception reports, and manual checks of computer output.
B) Manual check
Control over access to programs, computer exception reports, and manual checks of computer output.
When would an auditor typically not perform additional tests of a computer systems controls?
A) When the assessed level of control risk is at a minimum.
B) When computer controls appear to be strong and risk is at a minimum.
C) When controls appear to be
When controls appear to be weak.
When would "auditing around the computer" be appropriate?
A) When controls over the computer system are strong.
B) When controls over the computer system are non-existent.
C) When controls over the computer system are adequate.
D) It is never appropriate
When controls over the computer system are non-existent.
Which of the following would not be an appropriate procedure for testing the general control activities of an information system?
A) Inquiries of client personnel.
B) Inspecting computer logs.
C) Testing for the serial sequence of source documents.
D) Exa
Testing for the serial sequence of source documents.
If an auditor is using test data in a client's computer system to test the integrity of the systems output, which of the following type of controls is the auditor testing:
A) General controls.
B) User controls.
C) Quantitative test controls.
D) Applicatio
Application controls.
Which of the following is not a function of generalized audit software?
A) To aid in the random selection of transactions for substantive testing
B) To run in parallel with the client's application software and compare the output
C) To test the mathematic
To keep an independent log of access to the computer application software
Which of the following is not a computer-assisted audit technique?
A) Test data
B) Tagging and lagging
C) Integrated test facility
D) Program analysis
Tagging and lagging