Exam 8: Planning and Testing Operating Effectiveness of Internal Control Over Financial Reporting

Professional skepticism means that the auditor:

AS#3 addresses audit documentation standards.

Related-party transactions frequently present greater risk than those transacted at "arm's length".

The risk of associating with a client known to have a dubious reputation for honesty is referred to as:

An audit by the IRS may indicate an illegal act.

Audit risk is a function of inherent risk, control risk, and engagement risk.

Auditors are not allowed to roll-forward tests of ITGC to year-end.

Jose is a senior auditor in charge of testing controls over financial reporting. The audit procedures require that Jose "maintain professional skepticism in assessing controls for fraud risk." In the course of his testing, Jose finds a transaction that occurred on January 5 at 11:30 P.M. that decreased the bad debts reserve account enough to increase earnings per share to $.20, which met analysts' predictions. Jose has a bad feeling about this transaction. For documentation purposes, he must articulate the red flags for fraud risk for this transaction. Required: (a)What are the red flags for fraud risk demonstrated by this transaction? (b) For each red flag state (a) why it is important, in other words what it suggests to the auditor and (b) the follow-up procedure that Jose might use.

The terms statistical testing and risk are intertwined. Below, describe how each of the statistical terms relates to sample size or sampling error and the different types of risk. Statistical Terms (a) Likely rate of deviation (b) Tolerable rate of deviation (c) Assessing control risk too high (d) Assessing control risk too low (e) Incorrect acceptance (f) Incorrect rejection

An expert system can be used to:

An auditor tests a sample of transactions for proper authorization. She concludes that the control is not operating effectively, although it actually is. This is an example of:

Sampling error occurs when incorrect conclusions are drawn from testing a sample versus the entire population.

Selecting the wrong control to test is an example of non sampling risk.

Entity-level controls include ITGC.

As the expected population deviation rate increases, the:

The difference between a significant deficiency and a material weakness is:

It is acceptable for auditors to reduce test of balances and transactions if the ITGC are effective.

The ICFR attests that the controls were operating effectively:

If detection risk is set too "high," then the sample sizes needed for testing are increased.

Deciding that internal controls are effective when they in fact they are not is an example of assessing control risk too high.