If a company’s control risk is initially assessed as low, the auditor needs to gather evidence on the operating effectiveness of the controls. For each of the following control activities listed as (1)–(10), do the following two tasks:
a. Describe the test of control that the auditor would use to determine the operating effectiveness of the control.
b. Briefly describe how substantive tests of account balances should be modified if the auditor finds that the control is not working as planned. In doing so, indicate (a) what misstatement could occur because of the control deficiency, and (b) how the auditor’s substantive tests should be expanded to test for the potential misstatement.
3. Payments for goods received are made only by the accounts payable department on receipt of a vendor invoice, which is then matched for prices and quantities with approved purchase orders and receiving slips.
A)
B)
Introduction: The control in the question is addressing two below risks
1. The segregation of duties among two different functions that is invoice payments and invoice processing function. The invoice processing person should not process the payment also because if he processes the fake invoice, then there wont be an independent person to verify the same and find out. The risk of fraud is high if this control fails
2. Payment is made only after the approved Purchase order and Invoice is received. Any body wants to make payment only for the quantity of goods that they receive and price which they agreed with the customer. That is the reason a Purchase Order is important and invoice from the vendor is important with price and quantities matched before payment is done.
Test of Control:- This control can be tested by obtaining the system configuration screenshots that a payment can be processed only after an Invoice quantity and price has been matched with PO quantity and price and a goods receipt has been created for the same. It can also be tested by creating a fake entity in the system and processing a dummy payment and checking if the system can process. If these controls are disabled in the system then the auditor has to modify his substantive procedures to ensure that there is no material misstatement. Below are the procedures that the auditor has to implement in order ascertain that there is no material misstatement.
1. Obtain the list of payments done during the audit period and check if there are authorized purchase orders for the same on sample basis
2.Check that the goods receipt is created for the samples after verifying the goods inward register. if not obtain the confirmation from the requesting department that the same has been received,
3. Check that Prices and quantities match between Invoice and Purchase order.
4. On a sample basis obtain a direct confirmation from vendors for the reconciliation statement.
If a company’s control risk is initially assessed as low, the auditor needs to gather evidence...
If a company’s control risk is initially assessed as low, the auditor needs to gather evidence on the operating effectiveness of the controls. For each of the following control activities listed as (1)–(10), do the following two tasks: a. Describe the test of control that the auditor would use to determine the operating effectiveness of the control. b. Briefly describe how substantive tests of account balances should be modified if the auditor finds that the control is not working as...
If a company’s control risk is initially assessed as low, the auditor needs to gather evidence on the operating effectiveness of the controls. For each of the following control activities listed as (1)–(10), do the following two tasks: a. Describe the test of control that the auditor would use to determine the operating effectiveness of the control. b. Briefly describe how substantive tests of account balances should be modified if the auditor finds that the control is not working as...
Control 2: If a company’s control risk is initially assessed as low, the auditor needs to gather evidence on the operating effectiveness of the controls. For the following control activity listed, do the following two tasks: a. Describe the test of control that the auditor would use to determine the operating effectiveness of the control. b. Briefly describe how substantive tests of account balances should be modified if the auditor finds that the control is not working as planned. In...
Control 1: If a company’s control risk is initially assessed as low, the auditor needs to gather evidence on the operating effectiveness of the controls. For the following control activity listed, do the following two tasks: a. Describe the test of control that the auditor would use to determine the operating effectiveness of the control. b. Briefly describe how substantive tests of account balances should be modified if the auditor finds that the control is not working as planned. In...
Which of the following is a false statement about the assessment of the risks of material misstatement? A. The assessed levels will affect the nature, timing, and extent of substantive testing. B. The auditor may use certain tests of details of transactions concurrently as tests of controls. C. The ultimate purpose is to determine the operating effectiveness of controls. D. The auditor’s understanding of internal control should be documented.
The auditor has provided a preliminary assessment of control risk of low in the revenue cycle accounts of Acco, Inc. for each of the relevant assertions. The auditor selected a sample of sales transactions for control testing. Each of the following types of control or transaction-processing deficiencies uncovered in the sample was significant enough to cause the auditor to increase control risk assessment from low to moderate. For each deficiency, label as (a) through (i), discuss the type of financial...
Which of the following should an auditor do when control risk is assessed at the maximum level? Multiple Choice A. Document the control structure more extensively. B. Perform fewer substantive tests of details. C. Document the assessment. D. Perform more tests of controls.
Question: Question 183 Processing auditor test data using the client's software application _______. -will allow the auditor to verify manual controls within the software application are functioning as designed -may corrupt the client's system, and should not be attempted -will allow the auditor to verify that the software application is functioning as designed -should be performed without the knowledge of the client's senior management Question 19 The tolerable deviation rate _______. -relates to how many immaterial misstatements the auditor finds...
If an auditor decides to assess control risk as low based on IT application control procedures, which of the following would not be part of the auditor’s strategy for testing controls? a. Testing the effectiveness of management review controls used to monitor the results of operations. b. Testing the effectiveness of manual follow-up procedures. c. Testing the effectiveness of the application with test data. d. Testing the effectiveness of IT general control procedures.
A firm uses the audit risk model, AR=RMMxDR, to plan audit programs, as described below. Audit Risk: The firm’s AR ranges, for any materiality amount, are: VERY LOW 1% to <5% LOW 5% to <10% MODERATE 10% to 30% HIGH Not permissible These ranges are modified according to the type of risk, as described below. If an auditor doesn’t specify a numerical risk level for AR, the auditor must specify a category...