chapter 11 to 29 aud theory

CHAPTER 11

A RISK-BASED AUDIT APPROACH – PART II

I. Review Questions

1. Use the model AR = IR x CR x DR to solve for different values of Audit Risk (AR) when internal control risk (CR) is given different values. In all cases IR = 0.90 and DR = 0.10, therefore, AR = 0.90 x CR x 0.10

When CR is AR is0.10 0.009 or 0.9 percent0.50 0.045 or 4.5 percent0.70 0.063 or 6.3 percent0.90 0.081 or 8.1 percent1.00 0.090 or 9.0 percent

2. a. Risk of Assessing Control Risk Too Low or Overreliance is a matter of judgment about the importance (“key”) characteristic of a particular client control procedure. An auditor can take more risk of assessing control risk too low on unimportant controls than on important (“key”) ones. Alternatively, the risk of assessing control risk too low can be considered a constant (say, 0.05) and the importance of a control can be measured in terms of a smaller or larger tolerable rate. (The authors prefer the latter approach.)

b. Risk of Assessing Control Risk Too High or Underreliance is a matter of judgment about the efficiency of an audit engagement. The risk can be quite high when the audit team is willing to do extensive substantive work anyway. If the work budget is tight, auditors need to find objective ways (e.g., larger test of controls audit samples) to mitigate the risk.

c. Tolerable Deviation Rate is a judgment about how many control deviations can exist in the population, yet the control can still be considered effective. Auditors need to be careful about brushing aside findings of deviations.

d. Expected Deviation Rate in the Population is an estimate, usually based on assumptions or sketchy information, of the imbedded incidence of control deviations. The only use of this estimate in classical attribute sampling is to figure a sample size in advance. The statistical evaluation (CUL calculation) does not use it.

e. Population Definition might be called a judgment about identification of the population of control performances that correspond to an audit objective. For example, an auditor would want to be sure he is sampling from a file of

14-2 Solutions Manual - Principles of Auditing and Other Assurance Services

recorded documents if his objective is to audit the controls over transaction validity.

3. Assessing the control risk too low causes auditors to assign less control risk (CR) in planning procedures than proper evaluation would cause them to assign. The result could be (1) inadvertently conducting less audit work than properly necessary and taking more audit risk (AR) than originally contemplated, perhaps to the unpleasant results of failing to detect material misstatements (damaging the effectiveness of the audit) or (2) discovering in the course of the audit work that control is not as good as first believed, causing an increase in the audit work, perhaps at a time when doing so is very costly (damaging the efficiency of the audit).

4. The important consideration involved in judging an acceptable risk of assessing control risk too high is the efficiency of the audit. Assessing control risk too high causes auditors to think they need to perform a level of substantive work which is greater than a proper evaluation of control would suggest. Assessing control risk too high leads to overauditing.

Some auditors may be willing to accept high risks of assessing the control risk too high because they intend to overaudit anyway, and the audit budget can support the work.

Other auditors want to minimize their work (within acceptable professional bounds of audit risk) and thus want to minimize the risk (probability) of overauditing by mistake.

Technically, the risk of assessing control risk too high in relation to an attribute sample is the probability of finding in the sample (n) one deviation more than the “acceptable number” for the sampling plan. For example, if the plan called for a sample of 100 units and a tolerable rate of 3 percent at a 0.10 risk of assessing control risk too low, the “acceptable number” is zero deviations.

The probability of finding 1 or more deviations when the population rate is actually 2 percent is:

Probability (x > 0 : n = 100, r = 0.02) = 1 – (1 – r) n

= 1 – (1 – 0.02) 100 = 0.867 or 86.7 percent

5. All the elements of the risk model are products of auditors’ professional judgments. Auditors must judge:

Inherent risk – the probability that material errors or irregularities have entered the accounting system used to develop financial statements.

Audit Working Papers 14-3

Internal control risk – the probability that client’s system of internal control policies and procedures will fail to detect material errors and irregularities, provided any enter the data accounting system in the first place.

Analytical procedures risk – the probability that auditors’ analytical procedures will fail to produce evidence of material errors and irregularities, provided any have entered the accounting system in the first place and have not been detected and corrected by the client’s internal control procedures.

Audit risk – the probability that auditors will not discover by any means errors and irregularities that cause an account balance to be materially misstated.

Test of detail risk appears at first glance to be the product of a formula and not a professional judgment. However, everything in the risk model is a judgment, so the test of detail derived from the model is no less a judgment.

6. An incorrect acceptance decision directly impairs the effectiveness of an audit. Auditors wrap up the work and the material misstatement appears in the financial statements.

An incorrect rejection decision impairs the efficiency of an audit. Further investigation of the cause and amount of misstatement provides a chance to reverse the initial decision error.

7. Detection risk is the component of audit risk that is controllable by the auditor. It may be raised or lowered by reducing or increasing the amount of substantive audit testing. It is determined by the auditor’s assessment of inherent risk and control risk.

8. The auditor deals with both inherent risk and control risk during the planning phase of the audit. Inquiry of client personnel, study of the business and industry, application of analytical procedures, and documentation of the auditor’s initial understanding of internal control are all performed during the planning phase of the audit. Further study of internal control procedures may occur after the planning phase if the auditor wishes to further reduce the assessed level of control risk, and considers it economically feasible to do so.

9. An auditor would assess control risk to be at maximum when (1) effective controls for the assertion have either not been designed or not put in place, or (2) when the auditor believes performing substantive tests of the assertion is more cost effective. When an auditor assesses control risk to be below the maximum, the auditor should believe that effective controls are present to prevent or detect misstatements in the financial statement assertions.

10. When the auditor assesses control risk at a level lower than maximum, the auditor may generally perform fewer substantive tests.


11. The audit risk model is useful in managing audit risk for assertions. By determining planned audit risk for an assertion, assessing inherent and control risks, an auditor can determine the allowable detection risk (the amount of detection risk an auditor can allow) for an assertion. Allowable detection risk is used to determine the nature, timing, and extent of audit procedures for the assertion.

12. Detection risk exists because auditors (1) may use an inappropriate audit procedure, (2) may misapply an audit procedure, (3) may misinterpret the findings, or (4) do not examine 100 percent of an account balance or transaction class.

13. The amount of audit evidence an auditor must gather varies inversely with allowable detection risk. As allowable detection risk decreases, the amount of evidence required increases, and vice versa. Chapter 12 introduces audit procedures and discusses how auditors modify audit procedures to obtain sufficient competent evidential matter by changing (1) the nature, (2) the timing, or (3) the extent of procedures.

14. The audit risk model is

Audit risk (AR) = Inherent risk (IR) x Control risk (CR) x Detection risk (DR)

15. Risks identified at the financial statement level may have a substantial impact on the assessment of inherent risk for specific assertions. For example, concern about management integrity, identified as a risk at the financial statement level, would cause an auditor to assess a higher level of inherent risk for existence of sales.

II. Multiple Choice Questions

1. d 12. d 23. c 34. c2. d 13. a 24. c 35. d3. c 14. d 25. d 36. b4. d 15. d 26. d 37. d5. a 16. c 27. c 38. d6. b 17. b 28. b 39. c7. a 18. a 29. d 40. a8. a 19. a 30. a 41. c9. b 20. b 31. a 42. d10. b 21. d 32. b11. a 22. a 33. a


III. Comprehensive Cases

Case 1. Factors that will affect your evaluation of audit risk include

integrity of management – Jimenez’s reputation and lawsuit. trend toward domination of operating and financial decisions by

Jimenez. increased management compensation based on performance. aggressive attitude toward financial reporting by new personnel. profitability inconsistent with the industry.

Case 2. The factors that will affect Josefina’s audit risk and business risk are (a) this is a special audit, (b) the audit will be used to set the value of certain assets, (c) the auditor is to evaluate any disputed amount (although this is a common provision in purchase agreements, one might question whether auditors should agree to such terms), and (d) the materiality level is set at P50,000, even though that is considerably below an amount that might be determined using a percentage of assets and/or income. These factors will increase the risk at the financial statement level and potentially increase business risk.

Case 3. a. The audit risk model gives the following results:AR = IR x CR x DR (or) DR x AR / (IR x CR)

(1) 2.5% (4) 3.33%(2) 0.67% (5) 2.5%(3) 1

In the third situation, the auditor does not have to accumulate any evidence because inherent risk and control risk give the appropriate level of planned audit risk.

b. (1) 3 (tied) (4) 2(2) 5 (5) 3 (tied)(3) 1

Case 4. a. (1) Medium (4) Low(2) Low (5) Low(3) Low

b. (1) Least (4) 2 (tied)(2) 2 (tied) (5) 2 (tied)(3) 2 (tied)

14-6 Solutions Manual - Principles of Auditing and Other Assurance ServicesCase 5. 1. a. This will have an impact on audit risk for valuation of accounts

receivable.b. Accumulation of additional evidence regarding collectability of

receivables will be necessary.

2. a. This situation may or may not affect overall audit risk, depending on the impact of the financing needed and whether the company will become so heavily leveraged that profitability becomes inadequate. This situation might create increased business risk because of the potential change in ownership. It would have an impact on audit risk for valuation of stockholders’ equity.

b. Additional evidence will have to be accumulated relating to stockholders’ equity, as well as any additional debt incurred.

3. a. The client’s changing of its accounting system will affect control risk in each cycle, primarily for existence, completeness, and valuation.

b. Additional information will have to be accumulated about the system in each cycle.

4. a. This will affect risk at the financial statement level, which may also have an impact on risk for assertions relating to earnings and valuation of assets. For example, the volatility in the industry may indicate the potential for inadequate industry earnings or for a client’s earnings being inconsistent with the industry.

b. Additional evidence will have to be accumulated about the financial viability of the client and to provide evidence that management fraud does not exist.

5. a. The increase in inventory will affect existence and valuation of inventory.

b. Additional evidence will have to be accumulated about the existence and valuation assertions.

Case 6. 1. a. Sales and collectionb. Primarily affects existence, completeness, and valuation assertionsc. Increase

2. a. Acquisitions and paymentsb. Potential impact on all assertionsc. Increase

3. a. Sales and collectionsb. Valuation, cutoff, and existencec. No effect

4. a. Production and warehousingb. Valuationc. Increase


CHAPTER 12

AUDIT PROCEDURES

I. Review Questions

1. “Procedures” relate to acts to be performed. “Standards” deal with measures of the quality of performance of those acts and the objectives to be attained by the use of procedures. The standards are less subject to change. The standards provide the criteria for rejecting, accepting, or modifying a procedure in a given circumstance. An example of the relative stability of standards and procedures is found in the change from non-EDP to EDP systems. New procedures were required to audit EDP systems, but auditing standards remained unchanged and were the criteria for determining the adequacy of the new procedures.

2. A “substantive audit procedure” is any action (resembling a specific variation of one of the seven general audit procedures) undertaken for the purpose of producing evidence about a peso amount of a disclosure that appears in the financial statements under audit.

The nature of a procedure is its description – usually associated with one of the seven general audit procedures. For example, the nature of a procedure may be confirmation, document, vouching, etc.

The timing of a procedure is the period during which it is performed – usually distinguished as interim (before the balance sheet date), year-end (on or close to the balance sheet date), and subsequent (after the balance sheet date).

The extent of a procedure is the number of details audited with it, or another measure of intensity or frequency. Oftentimes, extent is measured by the sample size.

3. Inspection techniques include physical examination of assets, examination of documents and records, performance of mechanical accuracy tests, and analytical procedures.

4. Vouching and tracing are two types of commonly performed documentation. Vouching involves the examination of documents that served as a basis for recording the transaction. Vouching usually starts with a recorded transaction and works back to the documents and addresses existence. Tracing involves determining whether source documents have been recorded properly in the


accounting records. By tracing, an auditor can obtain evidence that the recording of the transaction is complete.

5. An inquiry involves requesting information from client personnel and receiving their response. The request and response may be either written or oral. A confirmation is a response a third party makes directly to the auditor on the request of a client. The response includes information about certain transactions, relationships, and/or balances that have an impact on a specific financial statement assertion.

6. Confirmations are usually considered more reliable because they are from outside parties, while inquiries are made of client personnel.

7. When equivalent procedures are available to satisfy the need for evidence, an auditor may consider cost in selecting among the alternatives.

8. Vouching is relevant to testing the existence of sales; tracing is not. Tracing is relevant to testing the completeness of sales, but vouching is not.


1. c 3. c 5. c 7. a 9. d2. d 4. a 6. c 8. d


Case 1. The objectives for the audit of Wesson’s securities investments at December 31 are to obtain evidence about the assertions implicit in the financial presentation, specifically:

1. Existence. Obtain evidence that the securities are bona fide and held by Wesson or by a responsible custodian.2. Occurrence. Obtain evidence that the loan transaction and securities purchase transactions actually took place during the year under audit.3. Completeness. Obtain evidence that all the securities purchase transactions

were recorded.4. Rights. Obtain evidence that the securities are owned by Wesson.

Obligation. Obtain evidence that P500,000 is the amount actually owed on the loan.

5. Valuation. Obtain evidence of the cost and market value of the securities held at December 31. Decide whether any writedowns to market are required by GAAP.

6. Measurement.7. Presentation and Disclosure. Obtain evidence of the committed nature of

the assets, which should mean they should be in a non-current classification


like the loan. Obtain evidence that restrictions on the use of the assets is disclosed fully and agrees with the loan documents.

Case 2. Types of procedures used by auditors in general, with examples:

1. Recalculation by the auditor* recomputing the client’s calculation of depreciation expense

2. Observation by the auditor* observation, test-counting of client’s physical inventory-taking

3. Confirmation by letter* obtaining accounts receivable confirmations* obtaining client’s lawyer’s letter

4. Inquiry and written representations* ask client personnel about accounting events* complete an internal control questionnaire* obtain written client representation letter

5. Vouching* find brokers’ invoices and cancelled checks showing agreement with

record amounts for securities investments

6. Tracing* select a sample of shipping documents and trace them to sales invoices,

sales journal recording and posting to general ledger

7. Scanning* scan expense accounts for credit entries* scan payroll check lists for unusually large checks

8. Analytical procedures – any example that fits one of these:* compare financial information with prior periods* compare financial information with budgets and forecasts* study predictable financial information patterns (e.g., ratio analysis)* compare financial information to industry statistics* study financial information in relation to nonfinancial information

Case 3. a. An audit confirmation is a written statement to the CPA from someone outside the enterprise on a fact that a person is qualified to affirm.

b. The two main characteristics a confirmation should possess are:

1. The party supplying the information requested must be knowledgeable and independent, i.e., he must have knowledge of information of interest to the auditor and he must be outside the scope of influence of the organization being audited, and


2. The auditor must obtain the information directly from the informed party.

Case 4. 1. Scanning for debit balances in accounts payableRecalculation of amounts on supporting documentsVouching of account entries to supporting documents

2. Vouching of policies from expense and prepayment entriesRecalculation of expiration of insurance premiumAnalysis of interrelationships – compare insurance coverage to assets owned and leased

3. Scanning inventory records for “old” last-issue datesVerbal inquiry – question inventory control personnel about slow-moving

inventoryVouching – examine journal entries for evidence of actual book write-down of the specific inventory items

4. Tracing – trace remittance amounts to appropriate customer’s accountRecalculation – recalculate amount of discounts and allowancesVouching – examine authoritative documents supporting unusual discounts

and/or allowances

5. Observation and examination by the auditor – of the inventory and the inventory-taking proceduresConfirmation by letter – of inventory held in outside warehouses Recalculation – of the accuracy cost-flow calculations

Case 5. a. A material decline in sales may indicate unrecorded sales; a decrease in cost of goods sold may be due to unrecorded purchases; and an increase in cost of good sold may be the result of omissions from the ending inventory. An increase or decrease in gross profit will result from any one or a combination of the above omissions.

b. A decline in the miscellaneous revenue account balance, or the absence of a previously existing source of miscellaneous revenue, could be attributable to a failure to record miscellaneous revenue.

c. Unrecorded accounts payable at year-end would cause an increase in calculated accounts payable turnover.

d. An apparent increase in accounts receivable turnover may, in fact, be the result of failure to record credit sales transactions.


e. A higher than average operating return may be indicative of unrecorded purchases or operating expenses; a lower than average return could result from unrecorded sales.

Case 6. a. This is an inappropriate application of cost/benefit to auditing. The second standard of audit field work states that the auditor is to gather sufficient competent evidential matter to support the audit opinion. If two or more sets of audit procedures are available for satisfactorily achieving a set of specific audit objectives, the cost/benefit concept suggests selection of the least costly set of procedures. In the present instance, the cost savings from not observing the branch inventories is achieved only at the sacrifice of obtaining sufficient evidence to support the audit objective concerning existence of the inventories.

b. This is an appropriate application of the cost/benefit concept. Confirmation with the trustee, who is an independent third party, achieves the audit objectives concerning existence and ownership just as satisfactorily as examination of the securities – and it is a less costly procedure.

Case 7.1. f 8. n2. l 9. k3. h 10. c4. e 11. a5. p 12. g6. m 13. b7. d 14. j

Case 8.1. observation2. inspection (analytical procedures)3. inspection (examination of documents)4. inspection (examination of documents)5. inquiry6. inspection (mechanical accuracy tests)7. inspection (examination of documents)8. confirmation


CHAPTER 13

audit evidence

I. Review Questions

1. Refer to page 494, 2nd and 4th paragraphs of the textbook.

2. Refer to page 494, 3rd paragraph of the textbook.


4. Refer to page 497, 1st paragraph of the textbook.

5. Refer to page 497, 2nd paragraph of the textbook.

6. Refer to page 498, 4th paragraph of the textbook.

7. External documentary evidence is evidential matter obtained from the other party to an arm’s-length transaction or from outside independent agencies. External evidence reaches the auditor directly and does not pass through the hands of the client.

External-internal documentary evidence is documentary material that originates outside the bounds of the client’s data processing system but which has been received and processed by the client.

Internal documentary evidence consists of documentary material that is produced, circulates, and is finally stored within the client’s information system. Such evidence is not touched by outside parties at all or is several steps removed from third-party attention.

8. Auditors can help the effectiveness of confirmation requests by:

a. Having the confirmation letters printed on the client’s letterhead and signed by a client officer.


b. Being careful to be assured of reliable addresses for recipients; that is, being assured that the confirmations are not misdirected (for example, to a client’s accomplices in fraud).

c. Asking confirmation of information that recipient can supply, like the amount of a balance or the amounts of specified invoices or notes (not the balances of homeowners’ mortgages or financial amounts, like certificates of deposit with accrued interest, for which people usually do not keep their own accounting records).

d. Controlling the mailing and return of confirmations so the client cannot tamper with them.

e. Receiving the reply directly, so the client cannot intercept and alter them.

9. Factual evidence is direct evidence, in that conclusions may be drawn from the evidence without further corroboration. An example of factual audit evidence is physical observation of inventory for existence. Inferential evidence is indirect, in that direct conclusions cannot be drawn from the evidence. The auditor typically examines other evidence to further corroborate the inferences drawn. An oral statement by a product manager that one or more products are fully saleable and not obsolete is an example of inferential evidence. The auditor may perform inventory turnover tests and/or determine the date of last sale of the product to further corroborate the product manager’s statement.

10. Sufficiency of audit evidence is a matter of audit judgment. Materiality and the quality of internal control are important ingredients in determining sufficiency. If internal control produces over sales processing and cash receipts, for example, are effective, the auditor may elect to confirm fewer customers’ accounts receivables than under conditions of weak internal control.

11. Physical evidence tests the existence assertion. Examples of physical evidence are inventory observation, examination of securities, inspection of plant asset additions, and count of cash on hand.

12. The quality of existing internal control is the major factor supporting the strength of documentary evidence. A voucher produced under conditions of strong internal control over the processing of vendors’ invoices, for example, possesses greater validity and is therefore stronger evidence than vouchers produced under weak control conditions.

13. Auditing standards define an accounting estimate as “an approximation of a financial statement element, item or amount.” Estimates are used because (1) an amount is uncertain pending specific future events or (2) relevant data cannot be accumulated on a timely, cost-effective basis. Examples of accounting estimates include allowance for uncollectible accounts, obsolete inventory, useful lives and residual values of fixed assets, natural resources and intangibles, accruals for taxes on real and personal property, accruals based on actual assumptions in


pension plans, contract revenue using percentage of completion method, litigation losses, fair values in nonmonetary exchanges, and current values in personal financial statements.

14. In evaluating the reasonableness of accounting estimates, an auditor should consider the internal controls related to the estimates in order to reduce the likelihood of material misstatements in the estimates, whether the accounting estimates are reasonable given the situation, and whether the accounting estimates are presented in accordance with appropriate accounting principles.

15. Evidence is persuasive if the auditor considers the evidence to be sufficient and competent enough to afford a reasonable basis for an opinion.


1. d 4. c 7. d 10. d 13. b2. d 5. a 8. b 11. a3. c 6. d 9. d 12. b


Case 1. a. Evidential matter obtained from independent sources outside an enterprise provides greater assurance of reliability (competency) than that which is secured solely within the enterprise.

b. Accounting data and financial statements developed under satisfactory conditions of internal control are more reliable (competent) than those which are developed under unsatisfactory conditions of internal control.

c. Direct personal knowledge obtained by the independent auditor through physical examination, observation, computation, and inspection is more persuasive than information obtained indirectly.

Case 2. 1. Types of evidence

Evidential items/sources in reliability rankd. Letter from creditor 1. Externala. Monthly statements 2. External-internalb. Voucher register 3. Internalc. Audit computation of discounts 4. Mathematical (based on

unaudited data)

2.c. Audit computation of expense

amounts1. Mathematical (based on

unaudited data)


a. Letter from bond trustee 2. Externald. Cancelled checks 3. External-internalb. Minutes of directors’ meetings 4. Internal

CHAPTER 14

audit working papers

I. Review Questions


2. The major function of audit workpapers is to provide evidence of conformance with generally accepted auditing standards. As a body, the workpapers are the principal record of the evidence which the auditor has gathered and evaluated in support of the audit opinion.

3. Refer to pages 524 to 525 of the textbook.

4. Refer to page 524, 2nd paragraph of the textbook.

5. With electronic spreadsheets, audit adjustments need only be entered once – in the supporting schedule. The adjustments are then automatically reflected in lead schedules and in the working trial balance through equations entered in appropriate cells. The cell equations “link” the workpapers such that an adjustment need be entered only once in order for all affected workpapers to be automatically updated.

6. Permanent files contain information that is of a continuing interest to the auditor. A permanent file typically contains (1) copies or abstracts of significant company documents and (2) auditor- or client-prepared information on accounts. Current-year files contain working papers prepared to support the assertions embodied in the financial statements.

7. Client personnel may prepare working papers to reduce the time spent by the auditor on the engagement. When client personnel prepare working papers, the auditor should give the client personnel detailed instructions. Working papers prepared by the client should be identified as PBC (prepared by client) and should involve no decision making. The auditor should test completed working papers against underlying documentation.


8. The lead schedule, especially on larger engagements, is designed to bridge the gap between the working trial balance and the general ledger by listing all general ledger accounts that are reported as one account in the financial statements. Supporting schedules is a term for working papers that support the amounts presented in the financial statements by providing support for a detailed account on a lead schedule. Supporting schedules represent the bulk of working papers.

9. In general, a properly prepared working paper should meet firm policy, have a proper heading, clearly indicate the work performed, clearly meet the audit objective for which it was designed, and clearly state the auditors’ conclusion.

10. The prior year’s audit working papers are a useful guide to staff assistants because the audit procedures performed in the prior year usually are similar to those of the current year. By referring to last year’s working papers, the assistant can see how the procedures were documented and is given a possible format for organizing the current year’s working paper. In addition, exceptions noted in last year’s working papers may alert the assistant to possible problems in the current year. Finally, the prior year’s working papers contain information substantiating the beginning balances for the current year.

11. The more common types of audit working papers and their principal purposes may be summarized as follows:

(1) Audit administrative working papers – aid the auditors in planning and administration of the audit, and include such items as the audit programs, questionnaires and flowcharts, decision aids, time budgets, and engagement letters.

(2) Working trial balance – represents the backbone of the auditors’ working papers, for it contains the balances of the ledger accounts, the adjustments and reclassifications deemed necessary by the auditors, and the adjusted amounts that appear in the financial statements. It also contains references to all supporting schedules and analyses, thus serving to control the other types of working papers.

(3) Lead schedules – working papers that serve to combine similar general ledger accounts, the total of which appears on the working trial balance.

(4) Adjusting journal entries – material misstatements in the accounts disclosed by the auditors’ investigation are corrected by means of adjusting journal entries. These appear on the auditors’ working trial balance, and in addition, a list of such entries is turned over to the client at the conclusion of the audit with the request that they be approved and entered in the accounting records.


(5) Reclassification entries – entries necessary to properly reflect financial results but not representing misstatements in the financial records of the client.

(6) Supporting schedules – although the term schedule is at times applied to various types of working papers, the preferred usage is to designate a listing of the details or elements comprising the balance in an account at a specified date. Preparation of such a listing is often an essential step in determining the nature of an account.

(7) Analyses – consist of working papers showing the changes which occurred in an account during a given period. By analyzing an account, the auditors determine its nature and contents.

(8) Reconciliations – working papers that prove the relationship between two amounts obtained from different sources.

(9) Computational working papers – used to verify such data as interest expense, income taxes, and earnings per share.

(10) Corroborating documents – working papers that provide support for specific representations made in the financial statements, such as letters of representations from clients, lawyers’ letters, audit confirmations, and copies of the contracts.

12. Audit working papers are the property of the auditor; however, they must not violate the confidential relationship between client and auditors by making the papers available to outsiders or even to the client’s employees without specific permission from the client.

13. Refer to page 535, 1st and 2nd paragraphs of the textbook.



1. d 9. b 17. d 25. b2. d 10. b 18. c 26. d3. c 11. a 19. c 27. d4. a 12. d 20. d 28. c5. d 13. d 21. b 29. d6. c 14. b 22. d 30. c7. c 15. d 23. a 31. d8. d 16. d 24. b 32. d


14-18 Solutions Manual - Principles of Auditing and Other Assurance ServicesCase 1. a. (1) The functions of audit working papers are to aid the CPA in the

conduct of his work and to provide support for his opinion and his compliance with auditing standards.

(2) Working papers are the CPA’s records of the procedures performed, and conclusions reached in the audit.

b. The factors that affect the CPA’s judgment of the type and content of the working papers for a particular engagement include:

1. The nature of the auditor’s report.2. The nature of the client’s business.3. The nature of the financial statements, schedules or other information

upon which the CPA is reporting and the materiality of the items included therein.

4. The nature and condition of the client’s records and internal controls.5. The needs for supervision and review of work performed by assistants.

c. Evidence which should be included in audit working papers to support a CPA’s compliance with generally accepted auditing standard includes:

1. Evidence that the financial statements or other information upon which the auditor is reporting were in agreement or reconciled with the client’s records.

2. Evidence that the client’s system of internal control was reviewed and evaluated to determine the nature, timing, and extent of audit procedures.

3. Evidence of the auditing procedures performed in obtaining evidential matter for evaluation

4. Evidence of how exceptions and unusual matters disclosed by auditing procedures were resolved or treated.

5. Evidence of the auditor’s conclusions on significant aspects of the engagement with appropriate commentaries.

d. The CPA should perform an adequate examination at minimum cost and effort and the preceding year’s programs will aid in doing this. The preceding year’s audit programs ordinarily contain information useful in the current examination (such as descriptions of the unique features of a client’s operations or records, a formalized sequence of audit steps in logical order, and approximate time requirements to perform various phases of the work). The auditor should decide whether to use the old program or prepare a new one.

Case 2. In general, the working paper is not set up in a logical manner to show what the auditor wants to accomplish. The primary objective of the working paper is to verify the ending balance in notes receivable and interest receivable. A secondary objective is to account for all interest income, cash received and cash


disbursed for new notes, collateral as security, and other information about the notes for disclosure purposes.

Specific deficiencies of the working paper presented in the question are:

a.DEFICIENCY

b.IMPROVEMENT

1. Tick mark explanation “tested” does not indicate specifically what was done.

Should have separate tick marks meaning: Agreed to confirmation Footed Traced to cash receipts journal Recomputed, etc.

2. Explanation of some tick marks is not given.

Explain all tick marks on the same page of the working paper.

3. Classification of long-term portion indicates no verification.

Recompute portions of notes which are long-term.

4. Paid-to-date row is confusing. Column should say “date paid to” and this should be confirmed.

5. Due dates are missing for C.C. Co., P. Pablo and Tetra Co.

Include due dates on working paper for these notes.

c. SPREADSHEET SOLUTION

The purpose of using an Excel spreadsheet in this problem is to give the student some experience in preparing a simple working paper using an Excel spreadsheet. It should be explained to students that this type of working paper may or may not be prepared in actual practice, and that often templates are used to prepare more time-consuming working papers. Also, whether or not tick marks are computerized is a matter to be decided. The advantage is that the completed audit work can then be stored and reviewed electronically, a direction many firms are going. On the other hand, it may be more efficient to indicate audit work manually as it is performed, and a contrast in the color of the tick marks through use of a colored pencil may be desirable.

The formulas used are self-evident, so no listing is provided. Two items deserve comment:


1. An advantage of using a spreadsheet program for these types of analyses is that footing and crossfooting are done automatically.

2. When auditor tick marks are done by computer, a problem arises as to how to place them on the worksheet. One could use narrow columns inserted between the scheduled client data, or, as done here, the tick marks are placed in blank rows beneath the related data.


FOURTH PACIFIC COMPANY Schedule N-1 DateA/C # 110 – NOTE RECEIVABLE Prepared by JD 1/21/0412/31/03 Approved by PP 2/15/04

Account # 110 – Notes Receivable Interest

Maker

Date Made / Due

Interest Rate / Date Paid to

Face Amount

Value of Security

Balance 12/31/02 Additions Payments

Balance12/31/03

Receivable 12/31/02 Earned Received

Receivable 12/31/03

Alba Co. c * 6/15/02 / 5% / 5000 None 4000 0 1000 3000 104 175 0 2796/15/04 None pd. tp r tp <

Barrios, Inc. c * 11/21/02 / 5% / 3591 None 3591 0 3591 0 0 102 102 0Demand 12/31/03 tp r tp < r

C.C. Co. c * 11/1/02 / 5% / 13180 24000 12780 0 2400 10380 24 577 601 04/1/08 12/31/03 tp r tp < r(P200/Mo.)

P. Pablo c * 7/26/03 / 5% / 25000 50000 0 25000 5000 20000 0 468 200 2688/1/05 9/30/03 r r < r(P1000/Mo.)

Martin Cruz c * 5/12/02 / 5% / 2100 None 2100 0 2100 0 0 105 105 0Demand 12/31/03 tp r tp < r

Tetra Co. c * 9/3/03 / 6% / 12000 10000 0 12000 1600 10400 0 162 108 542/1/06 11/30/03 r r < r(P400/Mo.)

22471 37000 15691 43780 128 1589 1116 601

f f f f, cf f f f f, cftp wtb tb op wtb

Legend of Auditor’s Tick Marksf Footedcf Crossfootedtp Traced to prior year working paperswtb Traced total to working trial balanceop Traced total to operations working paper – OP6* Examined note for payee, made and due dates, interest rate, face amount, and value of

security. No exceptions noted.c Received confirmation, including date interest paid to, interest rate, interest paid during 2003,

note balance, and security. No exceptions noted.r Traced to cash receipts journal< Recomputed for the year

MANAGEMENT ACCOUNTING (VOLUME II) - Solutions Manual

CHAPTER 15

BASIC CONCEPTS AND ELEMENTS OF INTERNAL CONTROL

I. Review Questions

1. Refer to page 548, 3rd paragraph and page 549, 1st paragraph of the textbook.

2. Internal control systems are defined as “. . . the process by which an entity’s board of directors, management and/or other personnel obtain reasonable assurance as to the achievement of specified objectives.”

3. The basic elements of internal control are:

a. Control environment, andb. Control procedures.

4. All internal control systems, due to the human factor, contain certain inherent limitations. Because of these inherent limitations, internal control provides reasonable, but not absolute, assurance as to the achievement of control objectives.

5. Management support of internal control is prerequisite to its effectiveness. That is, no matter how sound the other components, the system will not be effective if management does not support it and communicate that support throughout the organization. An organizational awareness that management takes internal control seriously, helps to maximize the effectiveness of the control activities.

A management operating style that supports proper ethical behavior also enhances the effectiveness of the entity’s internal control. If employees perceive that management conducts itself in accordance with proper ethical behavior, such conduct will tend to reflect itself throughout the organization. Proper ethical behavior, in turn, minimizes the probability that financial statements will be intentionally misstated.

6. A centralized, efficient human resources function, an integral part of the control environment, enhances competence by placing the right people in the right jobs and training them properly to perform their assigned tasks.

7. An effective set of internal controls requires a careful analysis of decision alternatives, and the assumption of high risk only where warranted. A

18-22

Application of Quantitative Techniques in Planning, Control and Decision Making – II Chapter 18

management attitude geared toward excessive risk-taking hampers goal attainment and thereby compromises control.

8. Monitoring affects all of the other controls by assuring their effectiveness over time. “Ongoing” monitoring is recurring and somewhat automatic. An example is the periodic analysis of cost variances and follow-up control where the variance is material and controllable. “Separate evaluation” applies to those controls not conducive to ongoing monitoring. Integrity, ethical values, and competence, for example, cannot be monitored on a “real-time” basis, but require periodic review for effectiveness.

9. Fixing of responsibility enhances control by providing accountability for assets. The person responsible for prelisting incoming cash receipts, for example, will be initially accountable for any discrepancy between such prelisting and the receipted deposit ticket obtained from the bank. Knowledge of such accountability, in turn, will encourage care in preparing the prelisting and in transferring the cash receipts to the person designated as responsible for preparing and making bank deposits.

10. Any internal control system, regardless of how sound it is, has certain inherent limitations. The system can be circumvented by collusion among two or more employees; management can override the structure; and the procedures can break down temporarily causing a lag in the adaptation of the controls. For these reasons, an effective system of internal control provides reasonable, but not absolute assurance as to the prevention and detection of material errors or irregularities. Auditors, therefore, must not rely totally on a sound control system as support for their audit opinion. Rather, they must recognize the inherent limitations and, at the very least, perform a minimum amount of substantive audit testing.

11. Small entities, typically, cannot afford the degree of separation of functional responsibilities existing in larger firms. Also, small firms, typically, cannot support a separate internal audit staff. For these reasons, compensating controls are necessary in smaller organizations. Such compensating controls ordinarily require that the owner/manager assume an active role in reviewing transactions, examining documents, reconciling bank accounts, and otherwise performing many of the tasks normally done by internal auditors in larger organizations.

12. Separating recordkeeping from custody of the related assets provides an independently maintained record which may periodically be reconciled with assets on hand. This independent record holds the personnel of a custodial department accountable for assets entrusted to their care. If the accounting records were maintained by the custodial department, opportunity would exist for that department to conceal its errors or shortages by manipulating the records.

18-23

Chapter 18 Application of Quantitative Techniques in Planning, Control and Decision Making - II

13. Most controls can be classified as either prevention controls or detection controls. A control environment, for example, that reflects strong management support of effective control activities and proper ethical behavior, will encourage organizational personnel to be conscientious in performing their assigned tasks, and thereby assist in preventing errors or irregularities. Periodic inventories and comparisons, on the other hand, will assist in detecting errors or irregularities which have already occurred. Both types of controls are vital to an effective system of internal control.

14. A company control procedure is an action taken for the purpose of preventing, detecting, or correcting errors and irregularities in transactions.

15. Examples of periodic comparisons:

Count of cash on hand.Reconciliation of bank accounts.Count of securities.Confirmation of accounts receivable.Confirmation of accounts payable.Physical count of inventory.

16. Four kinds or functional responsibilities that should be segregated:

1. Authorization to execute transactions.2. Recording of transactions (bookkeeping).3. Custody of assets.4. Periodic reconciliation (comparison) of existing (real) assets to

recorded amounts.

17. Key factors in protecting against losses through embezzlement include an adequate internal control structure, fidelity bonds, and regular audits by independent public accountants.

18. Assuming that the general category of transaction has already been authorized by top management, at least three employees or departments should usually participate in each transaction to achieve strong internal control. One employee approves the transaction after determining that the details conform to company policies, another employee records the transaction in the accounting records, and the third employee executes the transaction by releasing and/or taking custody of the related assets. (Note: the approval function may be omitted in an extremely simple transaction such as a cash sale not involving a check).

19. Refer to page 557 of the textbook.


18-24


1. d 4. d 7. b 10. a2. d 5. d 8. a 11. c3. b 6. b 9. d 12. c


Case 1. RELEVANT TO

AUDIT?ASSERTION AFFECTED

HOW AFFECTED?

a. Yes CompletenessValuation

Year-end adjustments for accruals and/or allocations may be overlooked.

b. Yes ExistenceValuation

Customers may be billed for goods not shipped. If so, customer accounts may not be valid.

c. No N/A N/A

d. Yes ValuationPresentation

Debits and credits to incorrect accounts are likely to cause materiality errors.

e. Yes No assertions are adversely affected, given the compensating control of conducting an annual physical inventory

f. Yes Completeness Some cash receipts may not be deposited.

Valuation Cash in bank and/or accounts receivable may be overstated, depending on whether or not undeposited cash was recorded.

g. Yes Presentation Trade accounts receivable should be kept separate from nontrade receivables. Credit balances in customer accounts should be reported as current liabilities.

h. Yes ExistenceValuation

Invoices may be submitted a second time for payment and the signed disbursement checks misappropriated. The result may be debits to inventory or other accounts for nonexistent goods or services.

i. No N/A N/A

18-25


Case 2. INHERENT OR CONTROL

WEAKNESSTYPE OF INHERENT OR

CONTROL REMEDY

a. Inherent Temporary breakdown: environmental changes not accompanied by revised controls.

b. Control Chart of accounts and accounting manuals; training of personnel who determine debits to various expenditure accounts; review of account distribution by second person; internal auditor review of transactions on a test basis.

c. Inherent Management override.

d. Control Bills of lading evidencing shipment of goods should be prenumbered and signed by the carrier. A copy should be forwarded to accounts receivable and should trigger the mailing of an invoice to the customer. The numeric sequence of used bills of lading should be accounted for periodically and bills of lading should be matched with customer invoices on a test basis.

e. Control Billing clerks should not handle cash receipts. Incoming cash receipts should be prelisted and compared with daily deposits. Credits to customer accounts should be made from remittance advices. Checks should be forwarded directly to the treasurer (cashier) for deposit. Writeoffs of customer accounts should require approval by the credit manager or some other responsible officer.

f. Inherent Collusion

Case 3. a. The planned assessed level of control risk is the level the auditors intend to use in performing the audit for a particular financial statement assertion. For example, after obtaining the understanding of internal control necessary to plan the audit, the auditors will project a planned assessed level of

18-26


control risk based on their understanding of the internal control structure. The assessed level of control risk is the level of risk based on the tests of controls performed to evaluate control risk for an assertion. Control risk is the actual, but unknown, level of risk pertaining to an assertion.

b. While obtaining an understanding of the internal control structure, the auditors may determine a planned assessed level of control risk for the existence of accounts receivable which requires them to test a sample of sales transactions. Based on the results of the tests of controls for sales, the auditors may arrive at an assessed level of control risk that is either higher or lower than the level planned. The actual level of control risk for existence of receivables is, as always, at an unknown level.

Case 4. a. After obtaining an understanding of the internal control structure, the auditors assess control risk. At this point they may or may not have performed some tests of controls. When they believe that a lower level of assessed control risk may be possible, and that the related reduction of substantive tests may be cost justified, the auditors will perform additional tests of controls. Finally, when the additional tests of controls have been performed, the auditors will reassess control risk and design substantive tests.

b. Obtain an understanding Prepare flowchartPrepare checklistsPrepare questionnairesPerform walk-through of transactionsPerform some tests of controls

Determine the planned assessedlevel of control risk Analyze results obtained

Perform additional testsof controls Perform inquiry procedures

Inspect documents for performanceObserve application of proceduresReperform application of procedures

Reassess control risk anddesign substantive tests Analyze results obtained

Case 5. Since Vasquez’s consideration of the internal control structure shows that controls are very weak, he may omit performing tests of controls. He must, however, have an adequate understanding of internal control to plan the remainder of the audit. At a minimum, Vasquez should obtain a basic understanding of the control environment, accounting system, and important control procedures. He should document this understanding, and also document that control risk is assessed at the maximum level.

18-27


Case 6. a. (1) The primary advantage of the internal control questionnaire is that control weaknesses, including the absence of control procedures, are prominently identified by the “no” answers. Another advantage of the questionnaire is its simplicity. If the questions have been predetermined, as is usual, the auditors’ responsibility includes the completion of the questionnaire with yes-or-no answers, and written explanations are required only for the “no” or unfavorable answers. Also, the comprehensive list of questions provides assurance of complete coverage of significant control areas.

(2) An advantage of the written narrative approach in reviewing internal control is that the description is designed to explain the precise controls applicable to each examination. In this sense, the working paper description is tailor-made for each engagement and thus offers flexibility in its design and application. A second advantage is that its preparation normally requires a penetrating analysis of the client’s system. In requiring a written description of the flow of transactions, records maintained, and the division of responsibilities, the memorandum method minimizes the tendency to perform a perfunctory review.

(3) The use of a flowchart in documenting internal control offers the advantage of a graphic presentation of a system or a series of sequential processes. It shows the steps required and the flow of forms or other documents from person to person in carrying out the function depicted. Thus, the tendency to overlook the controls existing between functions or departments is minimized. Another advantage is that the flowchart method avoids the detailed study of written descriptions of procedures without sacrificing the CPA’s ability to appraise the effectiveness of internal controls under review. An experienced auditor can gain a working understanding of the system much more readily by reviewing a flowchart than by reading questionnaires or lengthy narratives. Information about specific procedures, documents, and accounting records can also be located more quickly in a flowchart. Because of these advantages, flowcharting has become the most widely used method of describing internal control in audit working papers.

b. Even though internal control appears to be strong, the auditors are required to conduct tests of controls. Just because policies and procedures are prescribed does not mean that the client’s personnel are adhering to those requirements. Employees may not understand their assigned duties, or may perform those duties in a careless manner, or other factors may cause the internal controls actually in place to differ from those prescribed.

18-28


Through tests of controls the CPAs obtain reasonable assurance that the internal control policies and procedures are in use and are operating as planned, and they may detect material errors of types not susceptible to effective internal control. In addition, such testing enables the CPAs to comply with the third standard of field work which calls for obtaining sufficient competent evidential matter to provide a reasonable basis for an opinion.Note to instructor – Auditors may forego tests of controls if they conclude that internal controls are so weak as to provide no basis for assessing control risk at a level lower than the maximum.

Case 7.PURPLE CORP.

Raw Materials Recording and Transferring System FlowchartDecember 31, 2003

STORESACCOUNTING

INVENTORY CLERK MANUFACTURING

18-29

Start

Goods from

Supplier

Storeskeeper Prepares

Stock-in Report

Stock-in Report

1

Filed by

date

Stock-in Report 1

2

Posts Perpetual Inventory Records

2

Filed by

date

Inventory Records at Standard

Cost

ClerkPrepares

Requisition

Requisition 1

2

Supervisor Approves

Requisition

Approved Requisitio

n1

2

Approved Requisitio

n

Reviews for

Completeness

Posts Transfer to Perpetual

Inventory Records

4

Filed by

date

3

Filed by Job Order

Inventory Records at Standard

Cost


Case 8. a. The quantity of serially numbered tickets issued during the shift of each cashier is multiplied by the price per ticket to determine the amount of cash which the cashier should have on hand at the end of the shift.

Two employees participate in each transaction. The withholding cash receipts would require collusion between the cashier and the door attendant because the door attendant does not have access to cash and the cashier cannot cause a patron to be admitted without issuing to him a serially numbered ticket.

b. The following steps should be taken by the manager to make these controls work effectively:

(1) Maintain careful control over unused rolls of tickets.(2) Make a record of the serial number of the first and last ticket issued on

each cashier’s shift.(3) Count the cash in possession of cashier at beginning and end of shift.

In addition to these regular routines, the manager should take the following steps at unannounced intervals:

(4) Observe that the cashier never has loose tickets in his or her possession and does not sell tickets in any manner other than ejecting them from the ticket machine.(5) Verify by inspection of tickets being presented by patrons to the door

attendant that only recently issued tickets (current serial numbers) are being used.

c. Collusion by the cashier and door attendant to abstract cash receipts often consists of the door attendant pocketing whole tickets presented by patrons rather than tearing the ticket in half. He or she may then give these unused tickets to the cashier; the cashier may then resell the tickets to customers at the box office rather than punching out new tickets on the machines. The cashier withholds the cash received from sales of these “used tickets” and divides it with the door attendant.

d. Observation on a surprise basis by the manager of the serial numbers of tickets being presented at the door by customers may reveal that these

18-30


tickets are not freshly issued ones. Observation of the cashier’s work may reveal that this employee is handling loose tickets.

CHAPTER 16

CONSIDERATION OF INTERNAL CONTROL IN A FINANCIAL STATEMENTS AUDIT

I. Review Questions

1. An auditor obtains an understanding of a client’s internal control structure as a part of the control risk assessment process in order (1) to plan the nature, timing, and extent of subsequent substantive audit procedures, and (2) to obtain information about reportable conditions (control deficiencies) to report to the client.

2. The primary reason for conducting an evaluation of a client’s existing internal control system is to give the auditors a basis for finalizing the details of the account balance audit program – to determine the nature, timing and extent of subsequent substantive audit procedures.

A secondary purpose for conducting an evaluation of internal control is to be able to make constructive suggestions for improvements. Officially, the profession considers these suggestions a part of the audit function and does not define the work as a MAS consultation.

Another purpose of the evaluation is to report to management and the board of directors or its audit committee any discovery of “any reportable conditions” of internal control deficiencies.

3. Refer to page 590, 1st paragraph of the textbook.

4. 1. Advantages of control questionnaire:Easy to complete.Checklist of questions.Less chance of overlooking something important.

Disadvantages:May contain numerous irrelevant questions.Tendency to treat it like another form to fill out.

18-31


2. Advantages of memorandum documentation:Can explain the precise controls applicable to the particular client.

(precise tailoring)Requires penetrating analysis.Minimizes tendency toward perfunctory review.

Disadvantages:Hard to write. Often lengthy.Hard to revise in subsequent years.

3. Advantages of flowchart:Graphic presentation of systems.Shows the steps required and the flow of forms and documents.Easy to read and analyze.Easy to update in subsequent years.

Disadvantages:Takes some time to draw neatly.

5. “Observation,” in a test of control procedure, refers to auditors looking to see whether client personnel stamped, initialed, or left other signs that their assigned control procedures had been performed.

“Reperformance,” in a test of control procedure, refers to auditors doing again the control that was supposed to have been performed by the client personnel (recalculating, looking up the right price, comparing quantities, and so forth).

6. Written reports on internal accounting control (IAC) for external use.

Type of Engagement Character of ReportSpecial IAC study Report on IAC with opinion on IAC

system taken as a whole.

Service auditor engaged to report for benefit of user auditor and their mutual client.

A special-purpose report on IAC can take special forms, the main feature of which includes an opinion relating to the controls applied by the service organization to the client organization’s transactions.

7. The auditor must obtain a sufficient understanding of the client’s system of internal financial controls to identify the types of potential material misstatements of financial statement components, and the risks associated with each. Such understanding is obtained by gathering evidence relating to the basic elements of the client’s internal financial controls.

18-32


8. The auditor obtains an initial understanding of the client’s financial controls by studying the organizational structure, inquiring of management, and studying last year’s working papers if a recurring audit.

9. The documentation of the auditor’s understanding must provide clear evidence of support for the auditor’s conclusions regarding the assessed level of control risk. This is especially necessary if control risk is assessed below the maximum level. The documentation at this point typically consists of some combination of narrative memoranda, questionnaires or checklists, and internal control flowcharts, as well as documentation of the auditor’s conclusions, and the reason(s) for assessing control risk below maximum, if applicable.

10. Testing of internal financial controls may permit the auditor to further reduce the assessed level of control risk. This, in turn, should lead to a decrease in the nature, timing, and/or extent of substantive audit testing in the circumstances.

11. The following factors may cause the auditor to decide not to test the client’s internal financial controls beyond obtaining an initial understanding:

a. Controls may already have been evaluated as ineffective;b. Further testing is not cost effective (i.e., the cost of further testing is

greater than the cost savings resulting from reduced substantive testing)

12. Some combination of the following means is typically utilized by the auditor in testing a client’s internal financial controls:

a. Reprocessing transactions through the client’s system;b. Observation of controls; andc. Document examination and testing.

13. Misrepresentation is a form of financial statement misstatement caused by intentional efforts by management to distort reported financial position and/or results of operations. Misappropriation is a form of fraud whereby one or more employees effect a transfer of assets from employer to employee, accompanied by concealment in the form of account or substance alteration.

14. The following are some examples of internal control weaknesses and suggested expanded substantive testing, given the weaknesses:

a. Perpetual inventory records not maintained: Expand test counts during inventory observationb. Bank accounts not reconciled: Expand year-end audit of cash accounts c. Customer exceptions to monthly statements not investigated and

cleared: Expand accounts receivable confirmation at year-end.

18-33


15. Reportable conditions are matters coming to the auditor’s attention, as a result of his/her study and evaluation of the client’s internal financial controls, relating to significant deficiencies in the design or operation or of the internal controls that could adversely affect the organization’s ability to record, process, summarize, and report financial data consistent with the assertions of management in the financial statements. The purpose of the reportable conditions letter is to inform the audit committee, or similar body within the organization, of weaknesses for which they may not be aware. Such communication increases the likelihood that the weaknesses will be corrected on a timely basis.

16. Use of any one of the approaches to studying and documenting a client’s internal financial controls, by itself, is inadequate. Each approach adds a needed dimension to the analysis. The memorandum requires depth of analysis not found in the flowchart. The flowchart, on the other hand, promotes ease of understanding and ready identification of strengths and weaknesses in controls. The questionnaires and checklists add the dimension of completeness of coverage. By using the three tools in combination, the auditor is able to gain a deeper and clearer understanding of each of the subsets of the transaction cycles, including major control strengths and weaknesses, thereby permitting more accurate control risk assessments and more useful substantive audit programs based on such assessments.


1. b 8. a 15. d 22. a2. a 9. b 16. c 23. a3. b 10. c 17. b 24. d4. d 11. b 18 b 25. b5. b 12. a 19. a 26. d6. b 13. b 20. d 27. b7. b 14. b 21. a 28. d


Case 1. a. Given identified financial control weaknesses, the auditor may elect to expand the extent of substantive testing, or search for and test compensating controls. In the present case, the following errors and irregularities may occur, given the control weaknesses in the payroll subset of the expenditure cycle:

1. Hours may be in error, inasmuch as the time cards are prepared by employees and not reviewed. This could lead to overstatement or understatement of wages expense in the income statement. This could also affect the carrying value of finished goods inventories if Quicky is a manufacturing company.

18-34


2. The payroll could be “padded” inasmuch as signed checks are returned to the department supervisors for distribution. This could result in overstatements of salaries and wages expense on the income statement. It could also cause a finished goods inventory overstatement.

b. If, based on the initial understanding, controls are thought to be adequate, the auditor should consider the following alternatives:

1. Document the understanding, assess control risk below maximum, as considered appropriate, and document the basis for conclusions; or

2. Document the understanding and test controls as a means for further reduction in the assessed level of control risk. This alternative would be chosen if the following conditions exist:

a. Controls are thought to be effective; and

b. Cost reductions through reduced substantive testing exceed cost of further testing of controls.

c. 1. Auditors must study and evaluate internal control each year because the environment within which the client operates is subject to constant change; and controls must adapt to these changes if the system is to remain effective. The auditor must identify the environmental changes and determine that the relevant control points remain covered after the changes.

2. A minimum audit is necessary, even under conditions of excellent internal control, because of the following inherent limitations in all internal control systems:

Internal control assumes the nonexistence of collusion;Management can override the financial controls;Temporary breakdowns in the control system may occur and

produce material errors;

Given that these inherent limitations could produce material financial statement misstatements, and given that the audit report provides reasonable assurance that the financial statements do not contain material misstatements, the auditor must perform a minimum audit, even under conditions of excellent internal control if such assurance is to be provided.

18-35


Case 2.ISLANDER DRUG STORE, INC.

Processing Cash CollectionsInternal Control Questionnaire

-Question Yes No

Are customers who pay by check identified via store I.D. card or other means?

Does company policy prohibit accepting checks for anything except merchandise sales plus a nominal cash amount?

Is a receipt produced by the cash register given to each customer?

Is the reading of each cash register taken periodically by an employee who is independent of the handling of cash receipts?

Are cash counts made on a surprise basis by an individual who is independent of the handling of cash receipts?

Is the reading of each cash register compared regularly to the cash received?

Is a summary listing of cash register readings prepared by an employee who is independent of physically handling cash receipts?

Are receipts forwarded to an independent employee who makes the bank deposits?

Are each day’s receipts deposited intact daily?Is the summary listing of cash register receipts reconciled to the

duplicate deposit slips authenticated by the bank?Are entries to the cash receipts journal prepared from duplicate

deposit slips or the summary listing of cash register readings?

Are the entries to the cash receipts journal compared to the deposits per bank statement?

Are areas involving the physical handling of cash reasonably safeguarded?

18-36


Are employees who handle receipts bonded?Are charged back items (NSF checks, etc.) directed to an

employee who does not physically handle receipts or have access to the books?

CHAPTER 17

BASIC AUDIT SAMPLING CONCEPTS

I. Review Questions



3. Refer to page 640 of the textbook.

4. Audit conclusions can be made only about the population from which the sample was drawn, and a conclusion can only be valid if the sample on which it is based actually shows the characteristics of the population. Auditors can attempt to achieve representativeness, but they cannot guarantee it. Sampling risk – the probability that the sample does not adequately reflect the population – always exists.

5. Refer to page 646, 2nd paragraph; page 647, 1st paragraph of the textbook.


7. Refer to page 652, paragraphs 1 to 4 of the textbook.

8. Refer to page 652, paragraphs 3 and 4 of the textbook.

9. Refer to page 653, 4th paragraph & page 654, 1st to 3rd paragraph of the textbook.

10. Sampling risk is the probability that the auditor’s conclusions concerning the population will be in error. In terms of conclusions regarding internal control, sampling risk consists of two subsets:

Alpha risk, the risk that the auditor will assess control risk too high and perform more substantive testing than is necessary under the circumstances; and Beta risk, the risk that the auditor will assess control risk too low and perform less substantive testing than is necessary.

18-37


For control testing purposes, the auditor is more concerned with beta risk than alpha risk, because beta risk poses the threat of underauditing and is therefore the basis for the audit opinion. The auditor controls this risk by setting beta risk sufficiently low as to maintain overall audit risk at a level less than or equal to 10%.




1. b 3. d 5. d 7. a 9. a2. c 4. c 6. b 8. d 10. c


Case 1. a. Areas requiring the auditors to make judgment decisions when statistical sampling techniques are employed (only four required):

(1) Defining population, characteristics to be tested, and deviations. Unless a relationship is defined between the occurrence rate of deviations in the population and either the validity of the client’s financial statement or the strength of internal control, little useful information is gained by estimating the occurrence rate.

(2) Determining the appropriate statistical selection techniques for drawing a random sample. The auditors must recognize the advantages and disadvantages of stratified selection, unstratified selection, and systematic selection, and determine which technique is appropriate for selecting an economical random sample.

(3) Establishing the required maximum tolerable deviation rate and the risk of assessing control risk too low for the procedure. This requires judgment decisions regarding materiality, time, cost, and the planned assessed level of control risk.

(4) Interpreting sample results. This requires a decision as to whether the results support the auditors’ planned assessed level of control risk, or whether additional sampling is necessary to reach a conclusion.

(5) Following up on the discovery of critical errors or unacceptable deviation rates.

(6) Determining the circumstances under which statistical sampling is appropriate, and those in which other techniques should be used in lieu, of or to supplement, the statistical sampling techniques.

This is an open-ended question. The student may identify numerous other areas in which the auditors must make judgment decisions.

18-38


b. If the CPAs’ sample shows an unacceptable deviation rate, they may take the following actions:

(1) They may enlarge their sample to increase the precision of their estimate.

(2) They may isolate the type of deviation and expand examination as it relates to the transactions that give rise to that type of misstatement.

(3) The auditors’ usual response to an unacceptably high deviation rate is to increase their assessed level of control risk. Accordingly, the auditors would increase the intensity of their substantive tests.

c. Techniques for selecting an unstratified random sample of accounts payable vouchers include the following:

Random Sample. A random sample is a sample of a given size drawn from a population in a manner such that every possible sample of that size is equally likely to be drawn. Items may be selected randomly by:

(1) Table of Random Numbers. Use one of a number of published tables. Using four columns in the table, select the first 80 numbers which fall within the range of 1 to 3,200. The starting point in the table should be selected randomly and the path to be followed through the table should be set in advance and followed consistently.

(2) Random Number Generator: Using generalized audit software, generate a list of 80 random numbers.

Systematic Sample. A systematic sample is drawn by selecting every nth

item beginning with a random start.

(1) Every nth item. Select every 40th voucher after selecting the initial voucher (from 1 to 40) randomly.

(2) Several random starting points. For example, use two random starting points and select 40 of the 80 vouchers from each of the two sequences. Select every 80th voucher (3,200/40) after each of the two random starting points between 1 and 80 for each of the two sequences.

Case 2. a. (1) Since the results of tests of controls typically play a significant role in determining the nature, timing, and extent of other audit procedures, the auditors usually specify a low level of risk of assessing control risk too low. It is usually set at 5 or 10 percent.

(2) In determining the tolerable deviation rate, an auditor should consider the planned assessed level of control risk and the extent of assurance desired from the evidential matter included in the sample.

18-39


(3) In determining the expected population deviation rate, an auditor should consider the results of prior years’ tests, the overall control environment, or utilize a preliminary sample.

b. (1) There is a decrease in sample size if the acceptable level of the risk of assessing control risk too low is increased.

(2) There is a decrease in sample size if the tolerable deviation is increased.

(3) There is an increase in sample size if the population deviation rate is increased.

c. Using a statistical sampling approach, Figure 18.4 reveals that 7 deviations in a sample of size 100 results in an achieved upper deviation rate of 12.8%, well in excess of the tolerable deviation rate (8%). The sample results should thus be interpreted as not supporting the planned assessed level of control risk.

Using a nonstatistical sampling approach, the 7% estimated population deviation rate identified in the sample (7 deviations / 100 sample items) approaches the tolerable deviation rate of 8%. Therefore, using a nonstatistical approach, the sample result would also be interpreted as not supporting the planned assessed level of control risk.

d. Statistical sampling allows the auditors to quantify sampling risk. As described in part (c), only when statistical sampling is used do the auditors know that the achieved upper deviation rate is 12.8%.

CHAPTER 18

APPLICATION OF QUANTITATIVE TECHNIQUES IN PLANNING, CONTROL AND DECISION MAKING -

II

18-40


I. Questions

1. PERT is superior to Gantt Charts in complex projects because:

a. PERT charts are flexible and can reflect slippage or changes in plans, but Gantt charts simply plot a bar chart against a calendar scale.

b. PERT charts reflect interdependencies among activities; Gantt charts do not.

c. PERT charts reflect uncertainties or tolerances in the time estimates for various activities; Gantt charts do not.

2. The use of PERT provides a structured foundation for planning complex projects in sufficient detail to facilitate effective control.

A workable sequence of events that comprise the project are first identified. Each key event should represent a task; then the interdependent relationships between the events are structured.

After the network of events is constructed, cost and time parameters are established for each package. Staffing plans are reviewed and analyzed.

The “critical path” computation identifies sequence of key events with total time equal to the time allotted for the project’s completion. Jobs which are not on the critical path can be slowed down and the slack resources available on these activities reallocated to activities on the critical path.

Use of PERT permits sufficient scheduling of effort by functional areas and by geographic location. It also allows for restructuring scheduling efforts and redeployment of workers as necessary to compensate for delays or bottlenecks. The probability of completing this complex project on time and within the allotted budget is increased.

3. Time slippage in noncritical activities may not warrant extensive managerial analysis because of available slack, but activity cost usually increases with time and should be monitored.

4. The critical path is the network path with the longest cumulative expected activity time. It is critical because a slowdown along this path delays the entire project.

5. Crashing the network means finding the minimum cost for completing the project in minimum time in order to achieve an optimum tradeoff

18-41


between cost and time. The differential crash cost of an activity is the additional cost of that activity for each period of time saved.

6. Slack is the amount of time an event can be delayed without affecting the project’s completion date. Slack can be utilized by management as a buffer against bottlenecks that may occur on the critical path.

7. Unit gross margin are typically computed with an allocation of fixed costs. Total fixed costs generally will not change with a change in volume within the relevant range. Unitizing the fixed costs results in treating them as though they are variable costs when, in fact, they are not. Moreover, when multiple products are manufactured, the relative contribution becomes the criterion for selecting the optimal product mix. Fixed costs allocations can distort the relative contributions and result in a suboptimal decision.

8. This approach will maximize profits only if there are no constraints on production or sales, or if both products use all scarce resources at an equal rate. Otherwise management would want to maximize the contribution per unit of scarce resource.

9. The opportunity cost of a constraint is the cost of not having additional availability of the constrained resources. This is also called a shadow price.

10. The feasible production region is the area which contains all possible combinations of production outputs. It is bounded by the constraints imposed on production possibilities. The production schedule which management chooses must come from the feasible production region.

11. The accountant usually supplies the contribution margin data that is used in formulating a profit-maximizing objective function. In addition, the accountant participates in the analysis of linear programming outputs by assessing the costs of additional capacity or of changes in product mix.

12. a. Hourly fee for inventory audit (C)b. Salary of purchasing supervisor (N)c. Costs to audit purchase orders and invoices (P)d. Taxes on inventory (C)e. Stockout costs (P)f. Storage costs charged per unit in inventory (C)g. Fire insurance on inventory (C)h. Fire insurance on warehouse (N)i. Obsolescence costs on inventory (C)

18-42


j. Shipping costs per shipment (P)

13. Although the inventory models are developed by operations researchers, statisticians and computer specialists, their areas of expertise do not extend to the evaluation of the differential costs for the inventory models. Generally, discussions of inventory models take the costs as given. It is the role of the accountant to determine which costs are appropriate for inclusion in an inventory model.

14. Cost of capital represents the interest expense on funds if they were borrowed or opportunity cost if funds were provided internally or by owners. It is included as carrying cost of inventory because funds are tied up in inventory.

15. Costs that vary with the average number of units in inventory:

Inventory insurance P 2.80Inventory tax 2.05 (P102.25 x 2%)

Total P 4.85

Costs that vary with the number of units purchased:

Purchase price P102.25Insurance on shipment 1.50

Total P103.75

Total carrying cost = (25% x P103.75) cost of capital + P4.85 = P25.94 + P4.85 = P30.79

Order costs:Shipping permit P201.65Costs to arrange for the shipment 21.45Unloading 80.20Stockout costs 122.00

Total P425.30

II. Problems

Problem 1 (Solution is found on the next page.)

Problem 2

18-43


Requirement (a)

The critical path through each of the three alternative paths calculated as the longest is 0 - 1 - 6- 7- 8.

0 - 1 - 2 - 5 - 8 2 + 8 + 10 + 14 = 340 - 1 - 3 - 4 - 7 - 8 2 + 8 + 7 + 5 + 3 = 250 - 1 - 6 - 7 - 8 2 + 26 + 9 + 3 = 40*________

* critical

Requirement (b)

40 - 3 - 5 = 32

Requirement (c)

If path 4 - 7 has an unfavorable time variance of 10, this means it takes a total time of 15 to finish this activity rather than 5. This gives the path 0 - 1 - 3 - 4 - 7 - 8 a total time of 35, but since this is less than the critical path of 40, it has no effect.

Requirement (d)

The earliest time for reaching event 5 via 0 - 1 - 2 - 5 is 20, the sum of the expected times.

Problem 3

No, they didn’t make a right decision, since they included fixed costs which do not differ in the short run. If they had used contribution margin instead of gross margin, they would have had P5 for G1 and P6.50 for G2, therefore they would have decided to produce G2 exclusively.

18-44


Problem 1

Requirement (a)

TASKS

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Hobbing Order 1 Order 3 Order 4 Order 2

Machining X X X X Order 1 X X Order 3 X X X Order 4 Order 2

___________

X Dead Time

Requirement (b)

28 days are required for the four orders.

18-45


Problem 4

a. Carrying costs:

Order costs:

b. Economic order quantity:

Carrying costs:

Order costs:

18-46

Order costs = Insurance + Other order costs

APQ =

1,500 x P878250

APQ =

1,500 x P878155

P =

= P 5,268.00

= P 8,496.77

P860 + P18 = P878

P18,943.00

P16,975.27

Carrying costs =

Total

Total

Out-of-pocketcosts

Cost of capitalon inventory

Q* =

+

2 x 1,500 x P878P109.40

S =

= 24,077 = 155 units

P65 + 20% x P222 = P119.40

QS2 =

250 x P109.402 = P13,675.00

QS2 =

155 x P109.402 = P 8,478.50

A Risk-based Audit Approach – Part II 11-47

Problem 5

It is necessary to evaluate the annual carrying costs and expected stockout costs at each safety-stock level. The carrying cost will be P24.40 for each unit in safety stock. With the given order size, there are 15 orders placed a year (i.e., 39,000/2,600 = 15). Based on these computations, we prepare the following schedule:

Safety Stock

Carrying Costs of Safety Stock

Expected Stockout Costs

Total Costs

0 0 0.50 x 15a x P1,650 = P12,375 P12,375150 150 x P24.40 = P3,660 0.20 x 15a x P1,650 = P 4,950 8,610175 175 x P24.40 = P4,270 0.05 x 15a x P1,650 = P 1,273.5 5,507.5 (optional)250 250 x P24.40 =

P6,100b0.01 x 15a x P1,650 = P 247.5 6,347.5

Additional computations:a 15 is the number of orders per year.b It should be evident that at this level the carrying costs alone exceed

the total costs at a safety stock of 175 units. Therefore, it is not possible for this or any safety-stock level larger than 250 to be less costly than 175 units. Indeed, given a total cost at 175 units of P5,507.5, stockout costs would have to occur with probability zero for any safety stock greater than 225.72 units (i.e., P5,507.5 / P24.40 = P225.72).

III. Multiple Choice Questions

1. C 11. D 21. D 31. C2. B 12. C 22. C 32. D3. D 13. A 23. C 33. A4. B 14. A 24. D 34. C5. D 15. A 25. D 35. D6. C 16. C 26. B 36. C7. A 17. C 27. D 37. D8. A 18. D 28. E 38. D9. A 19. C 29. B10. C 20. D 30. A

21. 31.

18-47


CHAPTER 19

AUDIT SAMPLING FOR SUBSTANTIVE TESTS

I. Review Questions

1. An incorrect acceptance decision directly impairs the effectiveness of an audit. Auditors wrap up the work and the material misstatement appears in the financial statements.

An incorrect rejection decision impairs the efficiency of an audit. Further investigation of the cause and amount of misstatement provides a chance to reverse the initial decision error.

2. The two methods of projecting the known misstatement to the population are the average difference method and the ratio method. Refer to Chapter 19 for formula expressions of each.

3. The important thing is to audit all the sample units. You cannot simply discard one that is hard to audit in favor of adding to the sample a customer whose balance is easy to audit. This action might bias the sample. If considering the entire balance to be misstated will not alter your evaluation conclusion, then you do not need to work on it any more. Your evaluation conclusion might be to accept the book value, as long as the account counted in error is not big enough to change the conclusion. Your evaluation conclusion might already be to reject the book value, and considering another account to be misstated just reinforces the decision.

If considering the entire balance to be misstated would change an acceptance evaluation to a rejection evaluation, you need to do something about it. Since the example seems to describe a dead end, you may need to select more accounts (expand the sample) and perform the procedures on them (excluding confirmation) and reevaluate the results.

4. Two main reasons for stratifying a population when sampling for variables (peso) measurement:

a. Some units may be individually significant (e.g., large) and taking sampling risk with respect to them is not a good idea.

b. Auditors may want to achieve audit coverage of a large proportion of pesos in the balance by choosing the largest units (a protective sampling objective, which is closely related to avoiding sampling risk).

18-48


5. The tolerable misstatement (judged for the audit of a particular account balance) must be less than the monetary misstatement considered material to the overall financial statements. Also, the aggregation of multiple tolerable misstatement amounts for several different balances under audit must be equal to or less than the amount of monetary misstatement considered material to the overall statements.

6. The appropriate general set of objectives is the objective(s) of obtaining evidence about each of the client’s assertions in the financial balance. In general, the assertions are about:

Existence (and cutoff)Occurrence (and cutoff)Completeness (and cutoff)Rights and obligations (ownership, owership)Valuation MeasurementPresentation and disclosure

7. Influence on sample size:

Sample Size Relationships: Audit of Account Balances

Predetermined Sample Size Will Be:

Sample Size InfluenceHigh Rate or

Large AmountLow Rate or

Small AmountSample Size

Relation1. Risk of incorrect

acceptanceSmaller Larger Inverse

2. Risk of incorrect rejection

Smaller Larger Inverse

3. Tolerable misstatement

Smaller Larger Inverse

4. Expected misstatement

Larger Smaller Direct

5. Population variability

Larger Smaller Direct

6. Population size Larger Smaller Direct

8. The three basic steps in quantitative evaluation are these:

1. Figure the total amount of actual misstatement found in the sample. This amount is called the known misstatement.

2. Project the known misstatement to the population. The projected amount is called the likely misstatement.

18-49


3. Compare the likely misstatement (also called the projected misstatement) to the tolerable misstatement for the account, and consider the

a. Risk of incorrect acceptance that likely misstatement could be less than tolerable misstatement even though the actual misstatement in the population is greater, or theb. Risk of incorrect acceptance that likely misstatement could be greater

than tolerable misstatement even though the actual misstatement in the population is smaller.

9. Nonstatistical measurements described in Chapter 19 (page 718) leave only one avenue for “accounting for further misstatement”: Apply experience and professional judgment to decide if further misstatement could be large enough to prevent an acceptance decision. If the projected likely misstatement is a great deal less than the amount considered material, an auditor could judge that further misstatement, if known, would not affect acceptance. If projected likely misstatement is close to the amount considered material, maybe acceptance is not warranted.

10. Account balances also can be audited, at least in part, at an interim date. When account balance audit work is done before the company’s year-end date, auditors must extend the interim-date audit conclusion to the balance-sheet date. The process of extending the audit conclusion amounts to nothing more (and nothing less) than performing substantive-purpose audit procedures on the transactions in the remaining period and on the year-end balance to produce sufficient competent evidence for a decision about the year-end balance.

Additional considerations include:

a. If the company’s internal control over transactions that produce the balance under audit are not particularly strong, you should time the substantive detail work at year-end instead of at interim.

b. If control risk is high, then the substantive work on the remaining period will need to be extensive.

c. If rapidly changing business conditions might predispose managers to misstate the accounts (try to slip one by the auditors), the work should be timed at year-end. In most cases, careful scanning of transactions and analytical review comparisons should be performed on transactions that occur after the interim date.

As an example, accounts receivable confirmation can be done at an interim date. Subsequently, efforts must be made to ascertain whether controls continue to be strong. You must scan the transactions of the remaining period, audit any new large balances, and update work on collectibility, especially with analysis of cash received after the year-end.

18-50


11. Classical variables sampling estimates the value of a population by calculating the mean and standard deviation of a sample and imputing the results to the population. Probability proportional to size sampling uses the results of sampling to calculate an estimated upper error limit and compares this with a preset tolerable error limit. Although used for substantive testing purposes, PPS sampling is actually a variation for attribute sampling.

12. Detection (or beta) risk affects sample size inversely for substantive testing purposes. That is, the higher the acceptable detection risk, the smaller the sample size; and the lower the acceptable detection risk, the larger the sample size.

13. Precision is the range + – within which the true answer most likely falls. It is set by the auditor as a function of materiality and those levels of beta and alpha risk deemed acceptable. Reliability is the likelihood that the sample range contains the true value. Also referred to as the confidence level, reliability is set by the auditor on the basis of overall audit risk.

14. PPS sampling is restricted to populations for which the auditor suspects a few errors of overstatement only.

15. Several statistical software packages are available to facilitate audit sampling applications. In addition to calculating sample size and evaluating sample results, these packages can also assist in the following sampling areas:

a. Stratify populations for sampling purposes;b. Generate random numbers to facilitate sample selection;c. Draw the sample, given computerized data bases.


1. b 5. c 9. d 13. a 17. d2. a 6. b 10. a 14. a 18. b3. c & d 7. b 11. a 15. c 19. c4. b 8. d 12. c 16. d 20. d

Supporting Computations:

3. c. = 0.99 ;

d. = P4

1,200 x P4 = P4,800

18-51

Audited Value 47,520Book Value 48,000

490,000 x 0.99 = 485,100490,000 – 485,100 = P4,900

P480120

P 17,500P500,000


7. = 3.5%

P450,000 x 3.5% = P157,500III. Comprehensive Cases

Case 1. a. Alpha risk is the risk of rejecting a population that is essentially correct. Beta risk is the risk of accepting a population that is materially incorrect. Alpha risk affects audit efficiency because overauditing results from incorrectly rejecting a population. Beta risk impacts audit effectiveness because underauditng results from incorrectly accepting a population. Collectively, alpha and beta risk comprise sampling risk, defined as the probability that the auditor will draw erroneous conclusions about a population.

b. Attention to, and quantification of, alpha and beta risk assist the auditor in applying an audit risk approach to substantive testing. During the audit planning stage, the auditor identifies areas of high audit risk and sets detection (beta) risk low for these areas. The result is that more substantive testing is devoted to the high risk areas relative to the lower risk areas. This approach enhances both audit efficiency and audit effectiveness.

c. Because it is closely related to the basis for the auditor’s opinion, alpha risk is usually set equal to overall audit risk. Beta risk is set on the basis of the auditor’s evaluation of inherent risk and control risk. The greater these risk factors, as determined by the auditor during the audit planning stages, the lower the beta risk set by the auditor. The lower the acceptable beta risk, the larger the sample sizes for substantive testing purposes. Alpha and beta risk, therefore, provide the necessary link between audit risk analysis and substantive audit testing.

Case 2. a. (1) Mean-per-unit estimates the total value of a population by (1) using the sample mean as an estimate of the true population mean, and (2) extending this estimated population mean by the number of items in the population. The computations are as follows:

(1) Estimated population mean =

P582,000 / 200 lots = P2,910 per lot

(2) Estimated total value =

P2,910 per lot x 2,000 lots = P5,820,000

18-52


(2) Ratio estimation estimates total population value by (1) using the ratio of the sample audited values to book values as an estimate of the ratio of population audited value to book value, and (2) applying the estimated ratio to the population book value. The computations are as follows:(1) Estimated ratio of audited to book value =

P582,000 / P600,000 = 97%


97% x P5,900,000 = P5,723,000

(3) Difference estimation estimates total population values by (1) using the average difference between the audited and book values of sample items as an estimate of the average difference for all population items, (2) extending the estimated average difference by the number of items in the population, and (3) using the resulting estimate of the total difference between audited and book value to compute the estimated total value. The computations are as follows:

(1) Estimated average difference in audit and book values:

(P582,000 - P600,000) / 200 lots = - P90 per lot

(2) Estimated total difference =

- P90 per lot x 2,000 lots = - P180,000


P5,900,000 - P180,000 = P5,720,000

b. The sample contains an element of sampling error with respect to the average peso value of production lots. The mean book value of the population is P2,950 (P5,900,000 / 2,000 lots), while the mean book value in the sample is P3,000 (P600,000 / 200 lots). Mean-per-unit estimation uses the mean value of the sample as the basis for estimating total value. Thus, if the sample contains a disproportionate number of higher (or lower) priced items, this sampling error will affect the estimate of the total population value.

The estimate of total value developed in ratio estimation is based upon the ratio of audited values to book values, rather than upon mean peso value. If this ratio has no tendency to vary with the peso value of the lot, the estimate

18-53


of total value is not affected by the mean value of items in the sample. However, sampling error may still be present if the sample lots are not representative of the population with respect to the ratio of audited values to book values.

Case 3. The auditors would project the misstatement found in the sample to the population using either the ratio or difference approach. The ratio approach would result in a projected misstatement of P65,500. This may be computed by first calculating the ratio of the audited to book value as 1.0131 [P23,100 / P22,800 (since there is a net understatement of P300, the audited value is P23,100)] and estimating the audited value of the population as:

1.0131 x P5,000,000 = P5,065,500 (rounded)

The projected misstatement is thus P65,500 under the ratio method.

The difference approach results in an average difference of P1.50 (P300 net difference divided by 200 items). Multiplying by the 100,000 invoices indicates a projected misstatement of P62,400 (P1.50 x 41,600).

Case 4. The audit risk (ultimate risk) of material misstatement in the financial statements (AR) is the product of:

(1) Inherent risk (IR), the risk of material misstatement in an assertion, assuming there were no related internal controls.

(2) Control risks (CR), the risk of material misstatement occurring in an assertion, and not being prevented or detected on a timely basis by the internal control structure.

(3) Detection risk (DR), the risk that the auditors’ procedures will lead them to conclude an assertion is not materially misstated, when in fact such misstatement does exist.

In equation form, this relationship is expressed as follows:

AR = IR x CR x DR

This equation may be restated to solve for the allowable detection risk as follows:

DR = AR / (CR x IR)

Using the risk levels set forth in the problem, the allowable risk of reliance upon substantive tests is computed as illustrated below:

DR = .02 / (.2 x .5) = .20

18-54


Thus the risk of incorrect acceptance should be limited to 20 percent if the auditors are to achieve their objective of holding audit risk to 2 percent.

Case 5. a. (1) Required sample size is calculated as follows:

Sample size =

Sample size = = 69

Note: The reliability factor is from the zero misstatements row of the PPS sampling table given in the case.

(2) The sampling interval is calculated simply by dividing the book value of receivables by the sample size, as follows:

Sampling interval = Recorded receivables / Sample size = P500,000 / 69 = P7,246

b. The results may be evaluated as follows:

(1) Projected misstatement =

Book Value

Audited Value Misstatement

Tainting %

Sampling Interval

Projected Misstatement

P 50 P 47 P 3 6% P7,246 P 435800 760 40 5% 7,246 362

8,500 8,100 400 NA NA 400P1,197

(2) Basic precision = Reliability factor x Sampling interval

= 3.0 x P7,246 = P21,738

(3) Incremental allowance =

Reliability Projected Incremental

18-55

Recorded amount of population x Reliability factor

Tolerable misstatement –(Expected misstatement x Expansion factor)

P500,000 x 3

P25,000 – (P2,000 x 1.6)


Factor Increment (Increment – 1) Misstatement Allowance3.004.75 1.75 .75 P435 P3266.30 1.55 .55 362 199

P525

(4) Upper limit on misstatement = P1,197 + P21,738 + P525

= P23,460

NOTES:

Projected misstatement

(a) Tainting percentages are calculated as the difference between book and audited value divided by book value (e.g., (P50 – P47) / P50 = 6%).

(b) No tainting percentage is calculated for items in excess of the sample interval and the actual misstatement is extended to projected misstatement (as for the third error).

Basic precision is always the reliability factor for zero misstatements multiplied times the sampling interval.

Incremental allowance

(a) Reliability factors are read from the PPS sampling table given in the case, starting at zero misstatements.

(b) “Increment – 1” is the difference in the two adjacent reliability factors minus 1 (e.g., 4.75 – 3.00 – 1.00 = .75).

(c) Misstatements in excess of the sampling interval are not considered in the incremental allowance. This is because the nature of the process requires that all items in excess of the sampling interval be included in the sample – therefore no allowance for items not in the sample is necessary.

c. The results obtained in part b would indicate that the auditors may accept the population as not containing a tolerable misstatement at the 5 percent level of risk of incorrect acceptance. The auditors would also consider the results obtained in conjunction with other audit tests.

Case 6. a. The advantages of probability-proportional-to-size (PPS) sampling over classical variables sampling are as follows:

PPS sampling is generally easier to use than classical variables sampling.

18-56


The size of a PPS sample is not based on the estimated variation of audited amounts.

PPS sampling automatically results in a stratified sample. Individually significant items are automatically identified. If no misstatements are expected, PPS sampling will usually result

in a smaller sample size than classical variables sampling. A PPS sample can be easily designed and sample selection can

begin before the complete population is available.

b. Sampling interval = Recorded receivables / Sample size

= P300,000 / 60 = P5,000

c. Projected misstatement =

Book Value

Audited Value Misstatement

Tainting %

Sampling Interval

Projected Misstatement

P 400 P 320 P 80 20% P1,000 P 200500 0 500 100% 1,000 1,000

3,000 2,500 NA NA NA 500P1,700

CHAPTER 20

THE COMPUTER ENVIRONMENT

I. Review Questions

1. In a batch processing system, documents evidencing transactions and events are gathered and processed by groups. The day’s sales invoices, for example, may be converted to machine-readable form and processed the next morning. In a real time system, transactions are input into the system and processed as they occur. A branch sale, for example, may be input into the system via a terminal at a remote location. The computer checks for product availability, customer authenticity, customer credit approval, and shipping terms; and if all conditions are met, the sale is processed immediately and the sales invoice and shipping order are produced.

2. In a real-time system, much of the data are stored internally and documentation is often not as extensive as in a batch system. Retrieval

18-57


and audit of transaction data, therefore, are often more difficult in a real-time system. Also, controls are more likely to be programmed in real-time systems, and for this reason, are more difficult to test.

3. Inasmuch as computer processing requires increased dependence on the computer systems and software for the accuracy and completeness of processing, documentation assumes major significance relative to effective control. Documentation facilitates reviewing and updating systems and programs as the environment changes; and it also minimizes the probability of unauthorized system and program changes which could result in loss of control and decreased reliability of financial data.

4. In a batch system, files are stored off-line for the most part, and access control assumes the form of safeguarding the programs, transaction files, and master files by assigning responsibility for the files to a librarian and instituting a formal checkout system. Only those persons authorized to process transactions (computer operators) are permitted access to transaction and master files; and programmers are permitted access to programs only for testing and “debugging” purposes. In an on-line, real-time system, transactions and master files are stored internally, often in a system of integrated data bases. Access control in this type of data environment assumes the form of controlling access to data bases and fixing of responsibility for the data base components. Assigning a password to an individual who is responsible for the data base component accessible by that password, canceling passwords of former employees, and frequent changing of existing employees’ passwords are examples of access controls in a real-time system.

5. Recording forms and transaction logs assure consistency and completeness of data inputs. The form or log should include codes describing such transaction components as employee number, customer number, vendor number, department number, stock number, purchased part number, or job number. The form should also provide for quantities, prices, dates, and usually a short narrative description of products, parts, materials, or services for purchase and sales transactions.

6. A transaction file is the batch of entered data that has been converted into machine-readable form. A transaction file may contain payroll information for a specific period of time. It is similar to a journal in a manually prepared system. A master file contains updated information through a particular time period. It is similar to a ledger in a manual system.

7. Small businesses have found that microcomputers or personal computer systems are cost effective for processing accounting data. In small businesses, one

18-58


would expect to find microcomputers (or personal computers) using commercially available software.

8. In the computerized system, documents to support a transaction may not be maintained in readable form, requiring associated performance of controls. However, the computerized system will enable processing of transactions to be done more consistently, duties to be consolidated, and reports to be generated more easily.


1. d 5. c 9. c 13. c 17. c2. c 6. c 10. c 14. d 18. a3. a 7. c 11. d 15. a 19. b4. a 8. b 12. c 16. a 20. a


An auditor should have the following concerns about the Box system:

Does the system have any flaws or incompatibilities? (No one appears to have tested the software or found out about others’ satisfaction with it.)

The computer sits out in the open. (Anyone could have access to and damage the hardware.)

Anyone could come up with the password by guessing.

The backup disks are not stored in a safe place.

Was the conversion appropriately executed, with no data lost or added?

CHAPTER 21

INTERNAL CONTROL IN THE COMPUTER INFORMATION SYSTEM

I. Review Questions

1. The proper installation of IT can lead to internal control enhancements by replacing manually-performed controls with computer-performed controls. IT-based accounting systems have the ability to handle tremendous volumes of complex business transactions cost effectively. Computer-performed controls can reduce the potential for human error by replacing manual controls with

18-59


programmed controls that apply checks and balances to each transaction processed. The systematic nature of IT offers greater potential to reduce the risk of material misstatements resulting from random, human errors in processing.

The use of IT based accounting systems also offers the potential for improved management decisions by providing more and higher quality information on a more timely basis than traditional manual systems. IT-based systems are usually administered effectively because the complexity requires effective organization, procedures, and documentation. That in turn enhances internal control.

2. When entities rely heavily on IT systems to process financial information, there are new risks specific to IT environments that must be considered. Key risks include the following:

Reliance on the functioning capabilities of hardware and software. The risk of system crashes due to hardware or software failures must be evaluated when entities rely on IT to produce financial statement information.

Visibility of audit trail. The use of IT often converts the traditional paper trail to an electronic audit trail, eliminating source documents and paper-based journal and records.

Reduced human involvement. The replacement of traditional manual processes with computer-performed processes reduces opportunities for employees to recognize misstatements resulting from transactions that might have appeared unusual to experienced employees.

Systematic versus random errors. Due to the uniformity of processing performed by IT based systems, errors in computer software can result in incorrect processing for all transactions processed. This increases the risk of many significant misstatements.

Unauthorized access. The centralized storage of key records and files in electronic form increases the potential for unauthorized on-line access from remote locations.

Loss of data. The centralized storage of data in electronic form increases the risk of data loss in the event the data file is altered or destroyed.

Reduced segregation of duties. The installation of IT-based accounting systems centralizes many of the traditionally segregated manual tasks into one IT function.

Lack of traditional authorization. IT-based systems can be programmed to initiate certain types of transactions automatically without obtaining traditional manual approvals.

Need for IT experience. As companies rely to a greater extent on IT-based systems, the need for personnel trained in IT systems increases in order to install, maintain, and use systems.

18-60


3. General controls relate to all aspects of the IT function. They have a global impact on all software applications. Examples of general controls include controls related to the administration of the IT function; software acquisition and maintenance; physical and on-line security over access to hardware, software, and related backup; back-up planning in the event of unexpected emergencies; and hardware controls. Application controls apply to the processing of individual transactions. An example of an application control is a programmed control that verifies that all time cards submitted are for valid employee ID numbers included in the employee master file.

4. The most significant separation of duties unique to computer systems are those performed by the systems analyst, programmer, computer operator, and data base administrator. The idea is that anyone who designs a processing system should not also do the technical work, and anyone who performs either of these tasks should not also be the computer operator when real data is processed.

5. Typical duties of personnel:

a. Systems analysis: Personnel will design and direct the development of new applications.

b. Programming: Other personnel will actually do the programming dictated by the system design.

c. Operating: Other people will operate the computer during processing runs, so that programmers and analysts cannot interfere with the programs designed and executed, even if they produce errors.

d. Converting data: Since this is the place where misstatements and errors can be made – the interface between the hardcopy data and the machine-readable transformation, people unconnected with the computer system itself do the data conversion.

e. Library-keeping: Persons need to control others’ access to system and program software so it will be used by authorized personnel for authorized purposes.

f. Controlling: Errors always occur, and people not otherwise connected with the computer system should be the ones to compare input control information with output information, provide for correction of errors not involving system failures, and distribute output to the people authorized to receive it.

6. Documentation differs significantly as to inclusion of program flowcharts, program listings, and technical operating instructions. File security and retention differs because of the relatively delicate form of the magnetic media requiring fireproof vault storage, insulation from other magnetic fields, safeguards from accidental writing on data files, and so forth.

7. Auditors review documentation to gain an understanding of the system and to determine whether the documentation itself is adequate for helping manage and control the computer processing.

18-61


8. Responsibilities of the database administrator (DBA) function are:

Design the content and organization of the database, including logical data relationships, physical storage strategy and access strategy.

Protect the database and its software, including control over access to and use of the data and DBMS and provisions for backup and recovery in the case of errors or destruction of the database.

Monitor the performance of the DBMS and improve efficiency. Communicate with the database users, arbitrate disputes over data

ownership and usage, educate users about the DBMS and consult users when problems arise.

Provide standards for data definition and usage and documentation of the database and its software.

9. Five things a person must have access to in order to facilitate computer fraud are:

a. The computer itself.b. Data files.c. Computer programs.d. System information (documentation).e. Time and opportunity to convert assets to personal use.

10. Because many companies that operate in a network environment decentralize their network servers across the organization, there is an increased risk for a lack of security and lack of overall management of the network operations. The decentralization may lead to a lack of standardized equipment and procedures. In many instances responsibility for purchasing equipment and software, maintenance, administration, and physical security, often resides with key user groups rather than with features, including segregation of duties, typically available in traditionally centralized environments because of the ready access to software and data by multiple users.


1. c 7. b 13. c 19. c 25. b2. a 8. b 14. c 20. c 26. c3. d 9. c 15. c 21. a 27. c4. b 10. a 16. a 22 c 28. d5. d 11. b 17. b 23. b 29. b6. d 12. a 18. a 24. c 30. d


Case 1. Does access to on-line files require specific passwords to be entered to identify and validate the terminal user?

18-62


POSSIBLE ERRORS OR IRREGULARITIES – unauthorized access may be obtained to processing programs or accounting data resulting in the loss of assets or other company resources.

Are control totals established by the user prior to submitting data for processing? POSSIBLE ERRORS OR IRREGULARITIES – sales transactions may be lost in data conversion or processing, or errors made in data conversion or processing.

Are input totals reconciled to output control totals? POSSIBLE ERRORS AND IRREGULARITIES – (same as above). Control totals are useless unless reconciled to equivalent controls created during processing.

Case 2. a. 1. Input control objectivesTransactions have been recorded properly (neither double-counted nor omitted – that is, control over validity and completeness)Transactions are transmitted from recording point to processing pointTransactions are in acceptable form

2. Processing control objectivesLoss or nonprocessing of data is detectedArithmetic functions are performed accuratelyTransactions are posted properlyErrors detected in the processing of data are controlled until corrected and processed

3. Output control objectivesProcessed data are reported correctly and without unauthorized alterationOutput is required by the userOutput is distributed only to persons authorized to receive it

b. 1. Control procedures – input source dataRegistration at point of entrySequential numberingGrouping (batching) with control totalsKey verificationProgrammed editsEdits for completeness and reasonablenessChecklists to ensure input arrived and on time

2. Control procedures – processing controlsPrevention of loss or nonprocessing of data (e.g., control totals)Performance of arithmetic functions

18-63


Assurance of proper posting (sample test of postings)Correction of errorsExclusion of unauthorized persons from operating areas (e.g., programmers)

3. Control procedures – output controlsReview performed by originating area of the reports and other output dataSampling and testing of individual transactions Use of control totals obtained independently from prior processing or original source dataDistribution lists used to route output only to authorized persons Making inquiries as to whether the output is desired by the recipient

Case 3. a. The primary internal control objectives in separating the programming and operating functions are achieved by preventing operator access to the computer or to input or to output documents, and by preventing operator access to operating programs and operating program documentation, or by preventing operators from writing or changing programs.

Programmers should not be allowed in the computer room during production processing. They should submit their tests to be scheduled and run by the operators as any other job.

Operators should not be allowed to interfere with the running of any program. If an application fails, the operators should not be allowed to attempt to fix the programs. The failed application should be returned to the programmers for correction.

b. Compensating controls usually refer to controls in user departments (departments other than computer data processing). In a small computer installation where there are few employees, segregation of the programming and operating functions may not be possible (as in a microcomputer or minicomputer environment). An auditor may find compensating controls in the user department such as: (1) manual control totals compared to computer output totals and (2) careful inspection of all output. Such compensating controls in a simple processing system could provide reasonable assurance that all transactions were processed, processing was proper and no unauthorized transactions were processed.

An auditor may find the following compensating controls that are particularly important when the programming and operating functions are not separate:

1. Joint operation by two or more operators.2. Rotation of computer duties.

18-64


3. Comparison of computer times to an average or norm.4. Investigation of all excess computer time (errors).5. Adequate supervision of all computer operations.6. Periodic comparison of a program code value to a control value.7. Required vacations for all employees.

Case 4. a. Input editing is the process of including, in EDP systems, programmed routines for computer checking as to validity and accuracy of input. Types of input editing controls are: tests for valid codes; tests for reasonableness; completeness tests; check digits; and tests for consistency of data entered in numeric and alphabetic fields.

b. Examples of payroll input editing controls are:Test for validity of employee number;Test for proper pay rate;Test for reasonableness of hours worked.

Examples of sales input editing controls are:Test for validity of customer number;Test for credit approval;Credit limit test;Sales price list.

c. As EDP system complexity increases, documentation, as well as manual checking decreases. To provide reasonable assurance as to completeness, existence, and accuracy of processed transactions under these circumstances, input editing becomes increasingly necessary.

Case 5. a. Most commonly associated with supervisory programs contained in on-line real-time systems, design phase auditing involves the auditor in system design. The goal is to ensure inclusion of controls that will detect exceptions or unusual conditions and record and log information about the initiating transactions. Once the necessary controls have been designed and incorporated into the system, frequent visits by the auditor to the client’s premises are necessary to determine that the controls are functioning properly.

b. Some individuals and groups have suggested that independence may be impaired, given auditor monitoring and reviewing a system which he/she has helped to design. The AICPA has taken the position that making control recommendations during system design is no different from auditor recommendations for control improvements after the fact and documented in the management letter.

18-65


c. In some complex EDP systems, a computer audit specialist may be needed to assist in designing the necessary controls, as well as monitoring and reviewing the control functions. A computer audit specialist is an employee of the CPA firm who, typically, will have served on the audit staff for a period of time, followed by specialized training in computer system design and control, and EDP auditing.

d. The auditor may rely on the computer audit specialist to whatever degree considered necessary to assure proper control installation and implementation. The in-charge field auditor must keep in mind, however, that use of a computer audit specialist does not compensate for the field auditor’s lack of understanding of the internal control, including the EDP applications.

CHAPTER 22

AUDITING IN A COMPUTER INFORMATION SYSTEMS (CIS) ENVIRONMENT

I. Review Questions

1. Additional planning items that should be considered when computer processing is involved are:

The extent to which the computer is used in each significant accounting application.

The complexity of the computer operations used by the entity, including the use of an outside service center.

The organizational structure of the computer processing activities. The availability of data. The computer-assisted audit techniques to increase the efficiency of

audit procedures. The need for specialized skills.

2. Understanding the control environment is a part of the preliminary phase of control risk assessment. Computer use in data processing affects this understanding in each of the parts of the control environment as follows:

The organizational structure – should include an understanding of the organization of the computer function. Auditors should obtain and evaluate: (a) a description of the computer resources and (b) a description of the organizational structure of computer operations.

18-66


Methods used to communicate responsibility and authority – should include the methods related to computer processing. Auditors should obtain information about the existence of: (a) accounting and other policy manuals including computer operations and user manual and (b) formal job descriptions for computer department personnel. Further, auditors should gain an understanding of: (a) how the client’s computer resources are managed, (b) how priorities for resources are determined and (c) if user departments have a clear understanding of how they are to comply with computer related standards and procedures.

Methods used by management to supervise the system – should include procedures management uses to supervise the computer operations. Items that are of interest to the auditors include: (a) the existence of systems design and documentation standards and the extent to which they are used, (b) the existence and quality of procedures for systems and program modification, systems acceptance approval and output modification, (c) the procedures limiting access to authorized information, (d) the availability of financial and other reports and (e) the existence of an internal audit function.

3. The “audit trail” is the source documents, journal postings and ledger account postings maintained by a client in order to keep books. These are a “trail” of the bookkeeping (transaction data processing) that the auditor can follow forward with a tracing procedure or back ward with a vouching procedure.

In a manual system this “trail” is usually visible to the eye with posting references in the journal and ledger and hard-copy documents in files. But in a computer system, the posting references may not exist, and the “records must be read using the computer rather than the naked eye.” Most systems still have hard-copy papers for basic documentation, but in some advanced systems even these might be absent.

4. The audit trail (sometimes called “management trail” as it is used more in daily operations than by auditors) is composed of all manual and computer records that allow one to follow the sequence of processing on (or because of) a transaction.

The audit trail in advanced systems may not be in a human-readable form and may exist for only a fraction of a second.

The first control implication is that concern for an audit trail needs to be recognized at the time a system is designed. Techniques such as integrated test facility, audit files and extended records must be specified to the systems designer. The second control implication is that if the audit trail exists only momentarily in the form of transaction logs or master records before destructive update, the external auditor must review and evaluate the transaction flow at various times throughout the processing period. Alternatively, the external

18-67


auditor can rely more extensively on the internal auditor to monitor the audit trail.

5. Major characteristics:

1. Staff and location of the computer – operated by small staff located within the user department and without physical security.

2. Programs – supplied by computer manufacturers or software houses.3. Processing mode – interactive data entry by users with most of the master file

accessible for inquiry and direct update.

Control Problems:

1. Lack of segregation of duties.2. Lack of controls on the operating system and application programs.3. Unlimited access to data files and programs.4. No record of usage.5. No backup of essential files.6. No audit trail of processing.7. No authorization or record of program changes.

6. Auditing through the computer refers to making use of the computer itself to test the operative effectiveness of application controls in the program actually used to process accounting data. Thus the term refers only to the proper study and evaluation of internal control. Auditing with the computer refers both to the study of internal control (the same as “auditing through”) and to the use of the computer to perform audit tasks.

7. Both are audit procedures that use the computer to test controls that are included in a computer program. The basic difference is that the test data procedure utilizes the client’s program with auditor-created transactions, while parallel simulation utilizes an auditor-created program with actual client transactions. In the test data procedure the results from the client program are compared to the auditor’s predetermined results to determine whether the controls work as described. In the parallel simulation procedures the results from the auditor program are compared to the results from the client program to determine whether the controls work as described.

8. The test data technique utilizes simulated transactions created by the auditor, processed by actual programs but at a time completely separate from the processing of actual, live transactions. The integrated test facility technique is an extension of the test data technique, but the simulated transactions are intermingled with the real transactions and run on the actual programs processing actual data.

18-68


9. User identification numbers and passwords prevent unauthorized access to accounting records and application programs. The transaction log does not prevent unauthorized access but may be reviewed to detect unauthorized access. Even then, responsibility could not be traced to a particular individual without user identification numbers and passwords. The transaction log is more important to establish the audit trail than to detect unauthorized access.

10. Generalized audit software is a set of preprogrammed editing, operating, and output routines that can be called into use with a simple, limited set of programming instructions by an auditor who has one or two weeks intensive training.

11.Phases Noncomputer auditor involvement

1. Define the audit objectively 1. Primary responsibility2. Feasibility 2. Evaluate alternatives3. Planning 3. Review with computer auditor4. Application design 4. none5. Coding 5. none6. Testing 6. Review final test results, compare to plan7. Processing 7. Actual computer processing – none

Use of results – depends on application8. Evaluation 8. Full responsibility

12. Automated microcomputer work paper software generally consists of trial balance and adjustment worksheets, working paper (lead schedule) forms, easy facilities for adjusting journal entries, and electronic spreadsheets for various analyses.

13. A microcomputerized electronic spreadsheet can be used instead of paper and pencil to create the form of a bank reconciliation, with space provided for text lists of outstanding items (using the label input capability), and math formulas inserted for accurate arithmetic in the reconciliation. Printing such a reconciliation is easy (and much prettier than most accountants’ handwriting!).

14. With either data base or spreadsheet software packages, macros (sets of instructions) can be developed for retrieving data from the working trial balance and converting this data into classified financial statements. If one or more subsidiaries are to be included, the consolidated process can also be automated by the inclusion of special modules designed for that purpose. The standard audit report, as well as recurring footnotes, can be included in the data base, and modified to fit the circumstances of the current year’s audit results.

18-69


15. Relational data base packages have all the advantages of spreadsheets, and, in addition, have the capacity to store and handle larger quantities of data. They are especially useful in manipulating large data bases, such as customer accounts receivable, plant assets, and inventories.


1. a 5. d 9. b 13. c 17. b2. c 6. d 10. d 14. a 18. c3. c 7. c 11. b 15. d 19. d4. d 8. b 12. b 16. b


Case 1. a. Auditing “around” the computer generally refers to examinations of transactions in which a representative sample of transactions is traced from the original source documents, perhaps through existing intermediate records in hard copy, to output reports or records, or from reports back to source documents. Little or no attempt is made to audit the computer program or procedures employed by the computer to process the data. This audit approach is based on the premise that the method of processing data is irrelevant as long as the results can be traced back to the input of data and the input can be validated. If the sample of transactions has been handled correctly, then the system outputs can be considered to be correct within a satisfactory degree of confidence.

b. The CPA would decide to audit “through” the computer instead of “around” the computer (1) when the computer applications become complex or (2) when audit trails become partly obscured and external evidence is not available.

Auditing “around” the computer would be inappropriate and inefficient in the examination of transactions when the major portion of the internal control system is embodied in the computer system and when accounting information is intermixed with operation information in a computer program that is too complex to permit the ready identification of data inputs and outputs. Auditing “around” the computer will also be ineffective if the sample of transactions selected for auditing does not cover unusual transactions that require special treatment.

c. (1) “Test data” is usually a set of data in the form of punched cards or magnetic tape representing a full range of simulated transactions, some of

18-70


which may be erroneous, to test the effectiveness of the programmed controls and to ascertain how transactions would be handled (accepted or rejected) and if accepted, the effect they would have on the accumulated accounting data.

(2) The auditor may use test data to gain a better understanding of what the data processing system does, and to check its conformity to desired objectives. Test data may be used to test the accuracy of programming by comparing computer results with results predetermined manually. Test data may also be used to determine whether errors can occur without observation and thus test the system’s ability to detect noncompliance with prescribed procedures and methods.

Assurance is provided by the fact that if one transaction of a given type passes a test, then all transactions containing the identical test characteristics will – if the appropriate control features are functioning – pass the same test. Accordingly, the volume of test transactions of a given type is not important.

d. In addition to actually observing the processing of data by the client, the CPA can satisfy himself that the computer program tapes presented to him are actually being used by the client to process its accounting data by requesting the program of a surprise basis from a computer librarian and using it to process test data.

The CPA may also request, on a surprise basis, that the program be left in the computer at the completion of processing data so that he can use the program to process his test data. This procedure may reveal computer operation intervention. If, so, ensures that a current version of the program is being audited, an important procedure in computer installations newly installed and undergoing many program changes. To gain further assurance about this matter, the CPA should inquire into the client’s procedures and controls for making program changes and erasing superseded program tapes, and should examine log tapes where available.

Case 2. a. Document retention

IMPACT ON THE INTERNAL CONTROL SYSTEM: In on-line real time systems and EDI systems, the audit trail is frequently modified in the form of reduced documentation. To compensate, internal controls should provide for adequate input editing, as well as some form of transaction log as documentation at the input stage.

IMPACT ON THE INDEPENDENT AUDIT: In examining internal control, under these circumstances, the auditor must rely more on observation, inquiry, and reprocessing of transactions for control testing purposes, and less on document testing. If documents are retained for only

18-71


a short period, the auditor should also consider the feasibility of frequent visits for both substantive and control testing purposes.

b. Uniformity of processing

IMPACT ON THE INTERNAL CONTROL SYSTEM: The impact of this internal control characteristic is to generally strengthen control by increasing the consistency of processing. Once the proper controls are installed and tested, processing consistency increases the accuracy of transaction processing over that which exists in manual systems.

IMPACT ON THE INDEPENDENT AUDIT: The auditor must emphasize control study and testing at the point of transaction input and processing to determine that the necessary controls exist and are functioning. Upon determining that the necessary input and processing controls are in place and functioning properly, the auditor may elect to perform little or no document testing.

c. Concentration of functions

IMPACT ON THE INTERNAL CONTROL SYSTEM: In manual systems, separation of functional responsibilities provides a double-check for the purpose of enhancing processing accuracy. In EDP accounting systems, consistency of processing removes the need for double-check.

IMPACT ON THE INDEPENDENT AUDIT: The auditor must determine that the necessary input editing controls are in place and functioning to ensure that transactions are accurately introduced into the processing stream. Moreover, to ensure checks and balances within the electronic data processing function, the auditor should study the organizational structure of the EDP group to ascertain proper separation among the following functions:

Systems analysis and designProgram design, development, and testingComputer operations involving data processingDistribution of EDP output and reprocessing of errors

d. Access to data bases

IMPACT ON THE INTERNAL CONTROL SYSTEM: The greater the number of input terminals providing access to data bases, and the more integrated the data base, the greater the danger of unauthorized access. To protect the data bases under these circumstances, the internal control policies and procedures should provide for effective control over identification codes and passwords permitting access to data bases; and the

18-72


control policies should also fix responsibility in designated individuals for specified elements of data bases.

In batch systems, access to magnetic tape and disk files and programs should be secured by assigning responsibility over these files to one or more individuals designated as “librarians,” and instituting a formal “checkout” system for releasing and reacquiring files and programs.

IMPACT ON THE INDEPENDENT AUDIT: The auditor should determine that proper control over I.D. codes and passwords exists, that codes and passwords are changed frequently and voided upon termination of employment, and that responsibility for elements of data bases has been appropriately fixed.

In batch systems, the auditors should determine that tape and disk files and programs stored off-line are properly secured.

Case 3. a. Test data approach: The auditor prepares simulated input data (both valid and invalid transactions) that are processed, under the auditor’s control, by the client’s processing system.

Advantage: A good way of testing existing controls for proper functioning.

Disadvantage: Difficulty in designing comprehensive test data; Difficulty in ascertaining whether the programs tested are the same programs used by the client in processing actual transactions and events during the year.

ITF approach: The auditor creates a fictitious entity within the client’s actual data files, and processes simulated data during live processing by client. The auditor then compares the results of processing with anticipated results.

Advantage: Greater assurance that programs tested are programs used by the client (the approach can be applied at different points in time during the year).

Disadvantage: Difficult to remove test data from the system without harming client’s files.

Tagging and tracing: This is a technique whereby an identifier or “tag” is affixed to a transaction record; and the tag triggers “snapshots” during the processing of transactions. Following the tagged transactions through the system permits the auditor to evaluate the logic of the processing steps and the adequacy of programmed controls.

Advantage: The use of actual data eliminates the need for removing data from the client’s processing system.

18-73


Disadvantage: The auditor analyzes the transactions only after processing is completed.

SCARF: A systems control audit review file is an audit log used to collect information for subsequent analysis and review. An imbedded audit module monitors selected transactions as they pass by specific processing points. The module then captures the input data so that relevant information, accessible only by the auditor, is displayed at key points in the processing system.

Advantage: Utilizes real- rather than simulated-transaction data, and does not require reversing the entries.

Disadvantage: Does not necessarily capture erroneous data.

Surprise audit: The auditor, on an unannounced basis, requests copies of client’s programs, and compares them with auditor’s copy of authorized versions.

Advantage: Assists the auditor in determining whether client personnel are using authorized versions of programs in processing data.

Disadvantage: Auditor may not always be notified by the client when program changes are made, thus making the comparison irrelevant.

b. Inasmuch as each of the above alternatives have distinct advantages and disadvantages, a combination approach overcomes the disadvantages resulting from using a single approach. Using ITF, for example on a few simulated transactions, while applying the tagging and tracing or SCARF approach for numerous actual transactions, provides effective testing of control procedures for error prevention and detection, without requiring the reversal of a large number of simulated transactions from the client’s system.

c. In auditing around the computer, the auditor predetermines the processing results (output) of selected input data, and compares the predetermined results with actual computer output. The advantage of this approach is its ease of application; a significant disadvantage is that the auditor gains no understanding of how the computer processes data, nor of the controls which have been incorporated into the computer programs.

In auditing through the computer, the auditor actually tests the programmed controls used in processing specific applications. Such techniques as design phase auditing, ITF, tagging and tracing, SCARF, test data, and surprise audit are examples of auditing through the computer.

18-74


d. Parallel simulation is an automated version of auditing around the computer in that the auditor creates a set of application programs that simulate the processing system, and compares output from the real and simulated systems. Comparison of input with output ignores the essential characteristics of the processing system and assumes that if the outputs are identical, the system is processing transactions accurately.

The auditor might elect to use parallel simulation in combination with design phase auditing. Design phase auditing ensures that the necessary controls are installed during system design. By permitting the auditor to test large volumes of transactions, parallel simulation helps to confirm whether these controls are working.

Case 4. (a) Test decks, also called “test data,” are sets of computer input data which reflect a variety of auditor-identified transactions for verification through actual computer processing to detect invalid processing of results (i.e., existing programs run test data). Ideal test data should present the application under examination with every possible combination of transactions, master file situations, and processing logic which could be encountered during actual comprehensive processing. Test data are usually processed separately from actual data using copies of master files. Test decks are most feasible when the variety of transactions processing and controls is relatively limited (i.e., fairly simple files).

Uses include checking and verifying: (1) input transaction validation routines, error detection, and application system controls, (2) processing logic, and controls associated with creation and maintenance of master files, (3) computational routines such as interest and asset depreciation, and (4) incorporation of program changes.

(b) Parallel simulation consists of the preparation of a separate computer application that performs the same functions as those used by the actual application programs. The simulation programs read the same input data as the application programs, use the same files, and attempt to produce the same results (e.g., real data run through test programs). These simulated results are matched with those from the live programs, providing a means for testing through comparison.

Uses include all those cited for test decks.

(c) The integrated test facility approach permits the introduction of auditor-selected test data into a computer system with actual or “live” data and then traces the flow of transactions through the various system processing

18-75


functions for comparison to predetermined actual results. An ITF involves the creation or establishment of a “dummy” entity (e.g., a branch or division) to receive the results of the test processing. Therefore, transactions are processed against the test entity together with actual transactions. Test data must be removed from the entity’s records upon completion of the test. Uses are identical to the test deck technique.

(d) Tagging and tracing and SCARF are forms of transaction tracking provided only for auditor selected computer inputs carrying a special code. If the capability is provided in the application system in advance, the attachment of a code to any input transaction can be made to generate a printed transaction trail for that item following each step of the application processing.

Uses include: (1) determining the impact of specific transactions on master records or calculations in high volume systems, (2) “flagging” unusual or abnormal transactions, and (3) “debugging” application programs.

Case 5. In an audit of a computer-based system, adequate training and experience must be directly related to EDP. In particular, the auditor should be knowledgeable of what computer systems do, how to test the operations of an EDP system, and how to use EDP-unique documentation.

The training and proficiency standard contributes to satisfaction of the independence standard by enabling the auditor to make his own decisions and judgments. Otherwise, he might tend to subordinate his judgment to other persons, possibly to client personnel. When the auditor lacks training and proficiency, it is virtually impossible to maintain an operational independence over audit decisions. An independence of mental attitude is futile if actual decisions are subordinated to others.

The exercise of due audit care requires a critical review at every level of audit supervision of the work done and the decisions made by auditors. Lacking the requisite skills and lacking independent decisions, the due care expected of an auditor at operational, supervisor, and review levels cannot be delivered.

The Philippine Standards on Auditing require adequate planning and supervision of assistants. Training and proficiency in computer systems auditing is necessary in order to plan access to computerized records, programs, and to obtain machine time for conducting audit procedures. The planning should provide for an early examination of the computer system so that further procedures involving non-computer control and accounting features may be planned should they depend upon computer control procedures.

18-76


Training and proficiency are very important for being able to obtain an understanding of the internal control structure in a computer system. Client personnel will expect audit personnel to be capable of working with a computer system.

The Philippine Standards on Auditing also require the auditor to obtain sufficient competent evidential matter to provide a basis for an opinion on financial statements. Documentary evidence relating to a computer system includes program flow charts, logic diagrams, and decision tables that are not normally used in non-computer systems. Since these types of documentation are a part of the evidence, they must be understood by the auditor, and understanding of them comes through training and proficiency in their use.

CHAPTER 23

TESTS OF CONTROLS

I. Review Questions

1. Directly. Higher levels of control risk induce auditors to audit larger samples of receivables, with confirmation date closer to the fiscal year end date. As for nature of the procedures: higher levels of control risk induce auditors to use positive confirmations instead of negative confirmations, and to consider vouching subsequent payments by the customers.

2. A “walk through” is the process of following a transaction from its initiation (customer order in the Revenue Cycle) through all the various processing steps until it is recorded in the formal accounting records (accounts receivable and sales). Usually samples of all documents are collected (sales order, sales invoices, sales return slip, credit memo, shipping document, remittance advice and daily remittance report) and notes are made of procedures each person performs.

The purpose of the “walk through” is to obtain an understanding of the transaction flow, the control procedures and populations of documents that may be utilized in test of controls auditing.

3. The review (obtaining an understanding) of the control structure is primarily a process of identifying control procedures (strengths) and lack of controls (weaknesses) which will affect subsequent substantive procedures.

18-77


4. The internal auditors should, through periodic checks, ensure that the control account is periodically reconciled to the customer subsidiary accounts, bank statements are reconciled and that all prenumbered documents, especially invoices, have all numbers accounted for. Some internal auditors also confirm accounts receivable. Internal auditors also might review and evaluate customer complaints for signs of weaknesses in the procedures leading to errors in accounts receivable.

5. The features of a cash receipts internal control system which would be expected to prevent an employee from absconding with company funds and covering with funds from the employee pension fund is the prohibition against one employee having custody of company funds and noncompany funds. The auditor can detect such transfers by controlling and counting both funds simultaneously.

To prevent the cash receipts journal and recorded cash sales from reflecting more than the amount shown on the daily deposit slip, the internal control system should provide that receipts be recorded daily and intact. A careful bank reconciliation by an independent person could detect such errors.

6. The evaluation after the review phase was to determine which controls appeared adequate as a basis for justifying a low control risk assessment. The final assessment after test of controls auditing is to determine if the controls are actually operating as well as they appeared to be.

7. The objectives of internal control relate to transactions, and by category are: validity, completeness, authorization, accuracy, classification, accounting and proper period. The objectives expensed in general terms and specific terms applied to cash receipts are as follows:

General ObjectiveExample of Cash Receipts

Specific Objective

1. Recorded transactions are valid and documented.

1. Recorded cash receipts are supported by remittance advices.

2. All valid transactions are recorded and none omitted.

2. All cash receipts are entered in the daily remittance list, deposited intact and recorded in the accounts receivable control account.

3. Transactions are authorized by company policy.

3. Cash receipts for transactions other than merchandise sales (scrap sales, sales of fixed assets) are properly authorized.

4. Transaction peso amounts are 4. Cash receipts are compared to

18-78


properly calculated. invoice terms to determine proper cash discounts.

5. Transactions are properly classified in the accounts.

5. Cash receipts for nonmerchandise sales are posted to proper accounts.

6. Transaction accounting is complete.

6. All cash receipts for credit sales are posted to customer individual accounts.

7. Transactions are accounted in the proper period.

7. Cash receipts are deposited daily intact and recorded as of date received.

8. If the credit limits are set and entered incorrectly, the credit approval process will be systematically deficient.

9. The functions which should be separated to maintain internal control in a purchasing system include (1) custody of the goods (receiving and stores departments), (2) authority to initiate a transaction (purchasing department) and (3) bookkeeping (accounts payable department, inventory record-keeping department).

10. The “walk through” of a purchase transaction would begin with the preparation of the requisition by the Stores department, through the bidding process and preparation of the purchase order by the purchasing agent, to receipt of vendor’s invoices and receiving report by the purchasing agent and finally to accounts payable voucher preparation. Procedures would be observed and notations made on document samples of procedures followed.

Documents are collected to note where documentary evidence exists or control procedures being followed. The following documents would be collected: requisition, purchase order, receiving report and voucher. The “walk through” and sample documents would assist the auditor in understanding the flow of transactions.

11. a. Blank vouchers kept in secure location available only to authorized personnel.

b. Blank supporting documents (invoices, receiving reports, requisitions, purchase orders) kept in secure locations available only to authorized personnel.

c. Supporting documents canceled by Cash Disbursement function when checks are prepared.

d. Separation of duties of preparers of supporting documents, preparation of vouchers, check preparation, and check signing.

e. Vouchers and other supporting documents reviewed by check signers.f. Checks mailed directly by signer and not returned to accounts payable.

18-79


12. Authorization for vouchers payable recording mainly consist of an approved purchase order, a receiving report, and an accurate vendor invoice. Auditors should look for purchase approval signatures, receiving approval signatures, and approval of the vendor invoice – checks by client for proper quantity, price, and discount.

13. The point of this quotation is to generate discussion on the source of errors and therefore the controls necessary when an accounting process is computerized. Discussion items might include the following:

1. People have bad days and make mistakes; computers do not have bad days.2. Murphy’s Law – If it is possible to make an error, someone will find a way

to do it.3. People initiate the transactions and will make errors.4. All controls should be considered together (manual and computer).

Excellent computer controls cannot be relied upon if the related manual controls are weak.

5. In computer systems, it is extremely important to establish extensive input validation controls to prevent people errors from getting into the processing (GIGO – garbage in, garbage out).

6. People can prevent a good computer system from working well if they are not convinced it is in their best interests.

7. People will rarely question computer printed output, even though it may not be correct.

8. Most computer controls are to prevent, detect, or correct errors made by people.

14. The purpose of the auditor’s search for unrecorded liabilities is to gather evidence as to whether the liability assertion is true. The same concern exists in the internal control objective “all valid transactions are recorded and none are omitted.” From an evidence gathering perspective, it is much more difficult to gather evidence on unrecorded transactions than to gather evidence that recorded transactions (and account balances) are proper.

The search for unrecorded liabilities includes procedures in other audit areas such as questions on bank and insurance confirmations and vouching the source of funds for asset additions. Specific audit procedures in the search for unrecorded liabilities include:

1. Obtain vendor’s invoices (or accounts payable vouchers) recorded for several days after the balance sheet date to determine if the liability relates to the balance sheet period under audit.

2. Scan cash disbursements for several days subsequent to year-end and vouch to support to determine if cutoff was proper. Scan all cash disbursements

18-80


until the end of field work for unusual amounts and payees to determine if amounts paid represent liabilities of the balance sheet period.

3. Examine BIR tax reports and correspondence and the audit reports of tax authorities and trace additional tax assessments to the accounts.

4. Confirmation of accounts payable. 5. Use analytical procedures such as trend comparisons of accounts payable to

sales, sales taxes to sales, payroll taxes to gross payroll and interest expense to average notes payable.

15. A “walk through” involves following a transaction from initiation through the various steps until the transaction is recorded in the formal accounting records. In the conversion cycle, the following would constitute a complete “walk through:”

Step Documents Collected Controls Noted

Prepare production orders

Production Order (P.O.) Support for P.O.

Prepare bill of materials and manpower needs

Bill of materials (B.M.) Manpower needs (M.N.)

Separation planning from production.

Assign job order and foreman

Note separation production supervisor from foreman duties.

Job tickets and material requisitions prepared

Job tickets (JT) Material requisition (MR)

Production foreman duties separated from authorization.

Raw material records updated, issue slips prepared

Issue slip (IS) Materials not issued without MR. IS prepared for all materials released.

Observe time entered and foreman approval on JT

Approval by foreman of hours.

Direct labor report prepared

Labor report (LR) Job tickets support L.R.

Observe timekeeping, compare job tickets to clock cards

Reconciliation hours per clock cards to hours per J.T.

Material used report prepared

Material used report (MUR)

Issue slips and requisitions support MUR.

Observe matching issue slips and material used

Records from sources

18-81


report reconciled.

Observe matching job time tickets (or labor distribution) to labor report

Records from separate sources reconciled.

Enter costs in job cost sheets

Job cost sheets (JCS) Support for all entries in JCS.

Summary entry prepared.

Summary entry form Job cost sheets support summary entries.

Trace summary entry to General Ledger posting

Separation of duties; cost accounting and general ledger.

Preparation of completion report

Report of units completed (RUC)

Independent report of production completed.

Observe units compared to RUC, post finished records

Independent check of RUC.

Products received report prepared

Products received report (PRR)

Independent records of units put into finished goods inventory.

Observe comparison RUC and PRR

Records from separate sources reconciled.

Job sheets closed out, summary entry prepared

Summary entry form Closed job sheets, RUC and PRR support summary entries.

Trace summary entry to General Ledger posting

Separation of duties; cost accounting and general ledger.

16. Weaknesses (lack of control where auditors believe one is necessary) are not audited because auditors do not rely upon weaknesses to prevent, detect or correct material errors. Auditors must consider the financial impact of weaknesses on financial statements and plan substantive tests accordingly.

A control strength may be identified in interviews during the review phase (or in preparing the flowcharts or questionnaires), but during test of controls auditing, found to be nonexistent or operating ineffectively. For example, in the conversion cycle the production management may state that foremen approve workers’ job time tickets. However, when a sample of job time tickets are examined by auditors for evidence of approval, none is found. Thus, a weakness

18-82


is not found until the control is tested. Therefore, control risk should not be assessed low until evidence is gathered that the control is operating effectively.

17. The purpose of this review question is to foster discussion toward what information an independent auditor needs to know. Items relevant to the quotation might include:

1. Reference to the standard regarding “adequate technical training and proficiency as an auditor.”

2. Reference to the standard regarding “due professional care.”3. Obviously, the auditor must be knowledgeable about cost accounting to

audit a manufacturing company.4. In a manufacturing company, the inventories most likely will be a major

asset which will require substantial audit work.5. A proficient auditor must be knowledgeable in all phases of the business,

including production, marketing, finance as well as accounting data processing.

18. The surprise observation enables the auditor to see how the distribution system really works and increases his chances of detecting fraud. Such an observation involves taking control of paychecks, then accompanying a client representative as the distribution takes place. The auditor checks to see that each employee is identified and that only one check is given to each individual. Unclaimed checks are controlled and examined to detect any fictitious persons on the payroll.

19. A “walk through” of a personnel and payroll transaction would include discussions with each person handling personnel and payroll records. The following illustrates the steps and documents collected.

Steps Document(s) CollectedHiring – personnel dept. Authorization to hire and rate assignmentDeductions – personnel

dept.Personnel forms, employee authorization for

deductions Timekeeping Clock cardShops Job time ticketCost distribution Labor distribution sheetAccounts payable Payroll voucherCash disbursement Payroll checks

If the payroll is processed by computer, the clock cards and job time tickets would be traced to batch control in the timekeeping and production departments, to data preparation (keying to machine sensible form), to edit and validation error reports and other computer output indicating control and finally to computer prepared checks, labor distribution reports and summary general ledger entries.

18-83



1. c 5. a 9. d 13. b 17. d2. c 6. c 10. b 14. a 18. d3. b 7. c 11. a 15. c 19. c4. c 8. b 12. a 16. d 20. b


Case 1. 1. Controlled access to blank sales invoices.a. Observation. Visit the storage location yourself and see if unauthorized

persons could obtain blank sales invoices. Pick some up yourself to see what happens.

b. Someone could pick up a blank and make out a fictitious sale. However, getting it recorded would be difficult because of the other controls such as matching with a copy from the shipping department. (Thus a control access deficiency may be compensated by other control procedures.)

2. Sales invoices check for accuracy.a. Vouching and Recalculation. Select a sample of recorded sales

invoices and vouch quantities thereon to bills of lading, vouch prices to price lists, and recalculate the math.

b. Errors on the invoice could cause lost billings and lost revenue or overcharges to customers which are not collectible (thus overstating sales and accounts receivable).

3. Duties of accounts receivable bookkeeper.a. Observation and Inquiry. Look to see who is performing bookkeeping

and cash functions. Determine who is assigned to each function by reading organization charts. Ask other employees.

b. The bookkeeper might be able to steal cash and manipulate the accounting records to give the customer credit and hide the theft. (Debit a customer’s payment to Returns and Allowances instead of to cash, or just charge the control total improperly).

4. Customer accounts regularly balanced with the control account.a. Recalculation. Review the client’s working paper showing the

balancing/reconciliation. Do the balancing yourself.b. Accounting entries could be made inaccurately or incompletely and the

control account may be overstated or understated.

Case 2. The discussion could take several directions, including some or all of the following:

18-84


1. Material Weakness. The facts seem to suggest “a condition in which specific control features (few or none are described) or the degree of compliance with them do not reduce to a relatively low level the risk that errors or irregularities in amounts that could be material to the financial statements may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions.” Castro has authority and influence over too many interrelated activities. Nothing he does seems to be subject to review or supervision. He even is able to exclude the internal auditor.

An identification of the potential irregularities will illustrate the misdeeds he can perpetrate almost single-handedly.

2. Potential irregularities include:

a. Castro can collude with customers to rig low bids and take kickbacks, thereby depriving the company of legitimate revenue.

b. Castro can direct purchases to favored suppliers, pay unnecessarily high prices and take kickbacks. He might even set up a controlled dummy company to sell overpriced materials to the company. No competitive bidding control prevents these activities.

c. Castro, through the control of physical inventory, can (i) remove materials for himself, and (ii) manipulate the inventory accounts to conceal shortages.

d. Castro can order truck shipping services for his own purposes and cause the charges to be paid by the company.

e. Castro can manipulate the customer billing (similar to a above) to deprive the company of legitimate revenue while taking an unauthorized commission or kickback.

3. Almost every desirable characteristic of good internal control has been circumvented:

a. Segregation of Functional Responsibilities. Castro has authorization and custodial responsibilities.

b. Authorization, Supervision. Castro is apparently subject to no supervision or review. The accounting staff is probably powerless to challenge transactions because of Samuel’s apparent approval of Castro’s powers.

c. Controlled Access. The whole situation gives Castro access to necessary papers, records, and assets to carry out his one-man show.

d. Periodic Comparison. No one else apparently has any access to the materials inventory in order to conduct an actual count for comparison to the book value (recorded accountability) of the inventory.

18-85

11-86 Solutions Manual - Principles of Auditing and Other Assurance ServicesCase 3. The purpose of this question is to get the student to consider where the functions

that are considered incompatible in a manual system occur in a computer system.

The functions should be separated in a manual or computer accounting system such that different people authorize the sales transactions, record the transactions, have custody to the assets (inventory) and reconcile the books to the assets.

Different people should: indicate the sales order source document (authorize), prepare the computer program (authorize and record), operate the computer (record), have custody of inventory and correct errors (reconciliation).

Case 4. If the credit limits are set and entered incorrectly, the credit approval process will be systematically deficient.

Case 5. Memorandum

TO: Board of Directors, The Potter Art LeagueFROM: (Student’s name)DATE:SUBJECT: Control weaknesses related to Cash Admission Fees

You requested a report which identifies the weaknesses in the existing system of cash admission fees and my recommendations. Below are the weaknesses that exist and my recommendations for procedures that overcome these weaknesses. I will be pleased to discuss these at the next board meeting and offer further explanations that may be necessary.

Weakness: There is no segregation of duties between persons responsible for collecting admission fees and persons responsible for authorizing admission. Recommendation: One clerk (hereafter referred to as the collection clerk) should collect admission fees and issue prenumbered tickets. The other clerk (hereafter referred to as the admission clerk) should authorize admission upon receipt of the ticket or proof of membership.

Weakness: An independent count of paying patrons is not made.Recommendation: The admission clerk should retain a portion of the prenumbered admission ticket (admission ticket stub).

Weakness: There is no proof of accuracy of amounts collected by the clerks.

18-86


Recommendation: Admission ticket stubs should be reconciled with cash collected by the treasurer daily.

Weakness: Cash receipts are not promptly prepared.Recommendation: The cash collections should be recorded by the collection clerk daily on a permanent record that will serve as the first record of accountability.

Weakness: Cash receipts are not promptly deposited. Cash should not be left undeposited for a week.Recommendation: Cash should be deposited at least once each day.

Weakness: There is no proof of accuracy of amounts deposited.Recommendation: Authenticated deposit slips should be compared with daily cash collection records. Discrepancies should be promptly investigated and resolved. In addition, the treasurer should establish a policy that includes an analytical review of cash collections.

Weakness: There is no record of the internal accountability of cash.Recommendation: The treasurer should issue a signed receipt of all proceeds received from the collection clerk. These receipts should be maintained and should be periodically checked against cash collection and deposit records.

Case 6. a. The purposes of these audit procedures are:

1. To substantiate the validity of the asset “cash” in the balance sheet, as it may substantially consist of “cash in transit” from several sales divisions.

2. To determine proper cash “cutoff”, i.e., to detect any unintentional errors overstating or understating cash between the current and the following accounting period.

3. To disclose “kiting” (if any), e.g., perpetrated by the home office cashier in collusion with one or more sales divisions employees.

b. Audit Program for Sales Divisions – Audit Steps

1. Prepare a schedule of transfer payments made by the branch for a period covering two weeks prior and two weeks after the end of the fiscal period showing:

Check numberDate of entry in cash disbursements bookAmount of checkDate of perforation by paying bankTransfer checks outstanding at the date of cutoffTransfer checks outstanding at the date of reconciliation.

2. Compare dates of issue on canceled checks and of entries.

3. Trace and compare dates of perforation and dates of payment on the bank statement and the “cutoff” statement.

18-87


4. Compare dates of issue of checks to date of perforation looking for:

a. unusual delays in paymentb. discrepancy in accounting periods for the two dates.

5. Scan cancelled checks and cash disbursements records during the year for:

a. names of payees,b. consecutive numbers of checks to determine whether any payments

other than regular transfers to main office were made from this account.

6. Reconcile individually several transfers during the year to corresponding collections presumed to be transferred as of each individual date.

7. Reconcile total collections for the year to total transfers.

Case 7. 1. a. Recorded payroll transactions are valid (no fictitious employees).b. Paychecks might be delayed and terminated workers might continue to

be “paid” (with theft of check by someone else) if payroll is not promptly notified of new hires and terminations.

2. a. Recorded payroll deductions are valid.b. Incorrect amounts might be deducted from pay.

3. a. Recorded payroll transactions are valid and authorized.b. If payroll department personnel were also responsible for time records,

they would have effective control over transaction authorization (i.e., hours worked approval) and could overpay themselves or friends.

4. a. Payroll and labor cost transactions are complete.b. Cost accounting records might contain more or fewer pesos than

actually paid (per payroll data). Simple errors in cost analyses might occur.

CHAPTER 24

SUBSTANTIVE TESTS OF TRANSACTIONS AND BALANCES

18-88


I. Review Questions

1. The cutoff bank statement is a bank statement sent by the bank directly to the auditor, and it is usually for a fifteen or twenty day period following the reconciliation date. The basic use of the statement by the auditor is to determine whether outstanding checks were actually mailed before the reconciliation date.

2. All cash funds (and negotiable investment stock and bond certificates) should be counted at the same time (simultaneously) so that money (or securities) cannot be shifted from one location to another to conceal a shortage. If simultaneous count cannot be made, as each fund (or each negotiable asset) is counted, it should be locked and sealed until all are counted.

3. Kiting is the practice of recording a deposit of an interbank transfer in one period, but delaying the recording of the disbursement until the next period – thus double counting the amount of the transfer. It is used to cover up a cash shortage. Auditors schedule all bank transfers around the year-end and examine the dates deposited and disbursed per books and the dates deposited and disbursed per bank. Thus, the auditors can determine if both sides of the transfers are recorded in the same period and the proper period.

4. A “positive” confirmation is a request for a response from an independent party who the auditor has reason to expect is able to reply. A “negative” confirmation is a request for a response from the independent party only if the information is disputed. Negative confirmations should also be sent only if the recipient can be expected to detect error and reply accordingly.

5. Generally, vouching of documentation underlying receivables balances is deferred until after confirmation. Then vouching is performed in regard to accounts for which confirmations were mailed but no replies received. Additionally, vouching may be used to gather evidence about account discrepancies and disputes indicated on confirmation responses.

6. Sales cutoff is audited by selecting sales invoices, shipping documents, and contracts created in the period (usually 10 days to two weeks) before and after the fiscal year-end. The transactions are traced to the sales and receivables accounts to prove whether they were recorded in the proper period. Similarly, recorded sales in this period may be vouched to underlying documents to determine whether recording was in the proper period.

7. Refer to pages 458 to 460; 824 to 825; 827 to 828.

8. To prevent embezzlement through creation of fictitious credit memos, the internal control system should provide that all credit memos be prenumbered, controlled, and approved by a party independent of the preparer. Additionally,

18-89


credit memos should be approved only with proper supporting documentation, e.g., a receiving report or correspondence.

9. Auditors get in the most trouble by missing overstated assets and understated liabilities. Therefore, they need to audit for the existence of assets and the completeness of liabilities.

10. Notes payable audit evidence obtained from a standard bank confirmation used in the audit cash. Sales tax liability derived partially from the audit of sales revenue (also commissions payable and excise taxes payable). Income tax liability is derived from the net income number (audit of all revenue and expense accounts).

11. The types of fraud and material misstatement with respect to cash disbursements include:

1. The sending of checks to a fictitious person or company to accomplices outside (coupled with internal record alterations).

2. The increasing (altering) of amounts payable to outside accomplices.3. The intercepting of payments to a bank (coupled with internal record

alterations).4. The drawing of checks payable to cash or bearer for one’s own use.

The procedures auditors use most frequently to detect cash disbursement embezzlement schemes include:

1. A proof of cash – a recalculation – which reconciles cash receipts and disbursements per the bank statement with receipts and disbursements recorded in the accounts. The auditor will satisfy himself as to the propriety of all checks payable to “cash” or bearer, NSF checks, and checks drawn to officers and other employees.

2. The confirmation with all bank creditors of amounts owed, terms and activity during the period.

3. The auditor’s test of purchase transactions – vouching, tracing and recalculation in regard to purchase orders, supplier invoices, cash disbursement journal and voucher register.

4. The auditor’s obtaining satisfaction of the proper separation of functions: To establish that a proper separation exist, the auditor will not only examine internal records purporting a proper separation, he will also examine documents for compliance and observe personally the flow of operations and activities.

12. The characteristics that the auditor is looking for in his review of the client’s inventory-taking instructions include:

1. Names of client personnel responsible for the count.

18-90


2. Dates and times of inventory-taking.3. Names of client personnel who will participate in the inventory-taking.4. Detail instructions for recording accurate descriptions of inventory items,

for count and double-count, and for measuring or translating physical quantities.

5. Detail instructions for making notes of obsolete or worn items.6. Detail instructions for the use of tags, punched cards, count sheets, or other

media devices, and for their collection and control.7. Plans for shutting down plant operations or for taking inventory after store

closing hours, and plans for having goods in proper places.8. Plans for counting or controlling movement of goods in receiving and

shipping areas if those operations are not shut down during the count.9. Detail instructions for compiling the count media (e.g., tags and punched

cards) into final inventory listings or summaries.10. Detail instructions for pricing the inventory items.11. Detail instructions for review and approval of the inventory count, notations

of obsolescence, or other matters by supervisory personnel.

13. As is true in other areas of a financial audit, verbal inquiry is a valuable tool for obtaining preliminary evidence in the audit of inventory and cost of sales. For example, the auditor can gain information such as the locations of inventory, dates for the physical count, inventory held by consignees and public warehouses, the cost-flow assumption used to price cost of goods sold and inventories, and the pledging of inventory as collateral on loans.

In addition to providing preliminary evidence, verbal inquiry frequently provides information about the status and value of slow-moving inventory, apparently worn, damaged or obsolete inventory, and the existence of large inventory stockpiles.

14. Cost of goods sold is generally audited through a combination of limited vouching and extensive analytical procedures.

Inventory balances are generally audited through heavy reliance on observation, vouching and recalculation, with much less emphasis on analytical procedures.

15. The auditor can obtain preliminary evidence through physically observing plant facilities and making verbal inquiries; for example, evidence can be obtained regarding the quantity and size of assets, their location and apparent physical condition, the activity surrounding them, and ownership of the facilities.

Further preliminary evidence of existence may be gained by a review of internal management reports. Examples of such reports include capital expenditure proposals, capital budgets, construction cost or acquisition cost postanalysis,

18-91


maintenance and repair reports, reports of sales or retirements, and insurance and property tax analyses.

The preliminary evidence should be corroborated by auditor tracing to the detailed records to ascertain that existing assets are recorded. Further, new asset acquisitions should be traced to directors’ authorizations for expenditures and to the capital budget.

16. To obtain relevant audit data about investment securities, auditors’ procedures include:

1. Inspecting the securities in the presence of a responsible client officer.2. Personally examining the securities while other negotiable fund sources are

sealed off or are being examined simultaneously.3. Obtaining a written statement from the client’s representative that the

securities were returned intact.4. Obtaining the information by confirmation from an independent party (e.g.,

trustee) who holds the securities.

17. Investment cost can be vouched to brokers’ advices, monthly statements and canceled checks. The auditors can similarly vouch the price of securities sold and investment income to this documentary evidence and then trace amounts to income, gain and loss, and cash accounts.

18. If investments are sold at substantial losses early in the period following year-end, there is evidence that the securities were overvalued at the balance sheet date. Accordingly, the auditor will consider whether such securities should be written down in the financial statements of the period under audit.

19. The long-term liabilities (and fixed assets and owners’ equity) are characterized by a few large transactions, unlike the current assets and liabilities which have numerous small transactions. Except for the initial year of an audit, the entire balance is not verified each year. Only the changes in the account that occurred in the current period need to be audited. The results of the audit of prior year’s changes are recorded in “carry-forward” working papers for these accounts.

20. By vouching open purchase orders, inquiry of purchase personnel, and confirmation with suppliers, the auditor is seeking to learn of commitments to purchase inventories at fixed prices. If the client faces significant losses on fixed-price purchase commitments, appropriate provision for the losses should be made in the period’s financial statements.

21. “Off-balance sheet information” refers to information that relates to obligations and commitments assumed by the clients that do not appear on the balance sheet as current or long-term liabilities. Such information should be disclosed by the

18-92


client in the footnotes to the financial statements. Therefore, the auditors must be alert to these items and gather evidence that will allow the auditors to determine if the footnote disclosure is adequate. Such information includes: leases, endorsements on discounted notes or others’ obligations, guarantees, repurchase or remarketing agreements, commitments to purchase at fixed prices, commitments to sell at fixed prices, legal judgment, litigation, pending litigation.

22. The following matters are usually covered during the conference with the client at audit completion:

a. Proposed audit adjustments;b. Material internal financial control weaknesses;c. Recommended footnote disclosures;d. Type of audit report to be rendered.


1. b 5. c 9. b 13. c 17. d2. b 6. c 10. c & d 14. d 18. a3. d 7. c 11. b 15. d 19. a4. d 8. b 12. b 16. c 20. c


Case 1. a. The CPA’s test of the sales cutoff at June 30 should include the following steps:

1. Determine what JETO’s cutoff policy is, review the policy for reasonableness, and compare it to the prior year for consistency.

2. Select a sample of sales invoices (including the last serial invoice number) from those recorded in the last few days of June and the first few days of July.

3. Trace these sales invoices to shipping documents and determine that sales have been recorded in the proper period in accordance with company cutoff policy.

4. Determine that the cost of goods sold has been recorded in the period of sale.

5. Select a sample of shipping documents for the same period and trace these to the sales invoice. Determine that the sale and the cost of goods sold have been recorded in the proper period.

6. Review the cutoff for sales returns and allowances, determine that it has been based upon a consistent policy and that there have not been abnormal sales returns and allowances in July; this might indicate either an overstatement of sales during the audit period or the need for a

18-93


valuation account at June 30 to provide for future returns and allowances.

b. (1) The CPA will use the July 10 cutoff bank statement in his review of the June 30 bank reconciliation to determine whether:

(a) The opening balance on the cutoff bank statement agrees with the “balance per bank” on the June 30 reconciliation.

(b) The June 30 bank reconciliation includes those canceled checks that were returned with the cutoff bank statement and are dated or bear bank endorsements prior to July 1.

(c) Deposits in transit cleared within a reasonable time.(d) Interbank transfers have been considered properly in determining

the June 30 adjusted bank balance.(e) Other reconciling items which had not cleared the bank at June 30

(such as bank errors) clear during the cutoff period.

(2) The CPA may obtain other audit information by:

(a) Investigating unusual entries on the cutoff bank statement.(b) Examining canceled checks, particularly noting unusual payees or

endorsements.(c) Reviewing other documentation supporting the cutoff bank

statement.

Case 2. The procedure followed appears to be appropriate except that the examination of detail transactions for three months might be considered to be excessive in view of the exceptionally good internal control. A lighter test of such transactions, designed to test the effectiveness of the control procedures, might be devised.

The procedures followed should be supplemented by the following:

1. Review the company’s method of sales cutoff at year-end and test billings and shipments (including returns) for an adequate period before and after year-end to establish that cut-off procedures have been adhered to.

2. Examine collections in early part of subsequent period to determine if a substantial portion of the receivables has been collected.

3. Examine agreements entered into with the distributors. If price protection clauses are included, review the current price position and distributor inventory positions to determine whether a reserve for such protection is needed.

4. When a company deals with a limited number of customers, it is dependent upon the continued solvency of all such customers.

5. Obtain a representation letter from appropriate company officials covering the receivables.

18-94


Case 3. 1. a. Notes payable are authorized according to company policy (proper authorization).

b. For each note outstanding or paid during the year, vouch to written authorizing document.

c. Funds might be borrowed in the company’s name without the knowledge of responsible officers.

2. a. Recorded notes payable are valid and documented (separation of duties).

b. Observe the client personnel record-keeping duties.c. Someone might intercept a check made out to a bank and convert

company funds to his or her own use. Notes payable records could be falsified for a short time to hide the theft.

3. a. Valid liabilities are recorded and none omitted (sound error checking practices).

b. Observe client personnel making comparisons. Review correcting journal entries that result from the comparison.

c. Purchases or other liabilities may fail to be recorded and the error not detected by any other means.

4. a. Recorded liabilities and cash disbursements valid and documented (sound record keeping).

b. Inspect notes to see if they are marked “paid.”c. Notes may get “paid” a second time if put back through the cash

disbursements system (intentionally or inadvertently).

Case 4. a. The fact that the client made a journal entry to record vendors’ invoices which were received late should simplify the CPA’s audit for unrecorded liabilities and reduce the possibility of a need for a further adjustment, but the CPA’s audit is nevertheless required. If the client has not journalized late invoices, the CPA is compelled in his testing to substantiate what will ultimately be recorded as an adjusting entry. In this examination the CPA should audit entries in the 2004 voucher register to ascertain that all items which according to dates of receiving reports or vendors’ invoices were applicable to 2004 have been included in the journal entry recorded by the client.

b. No. The CPA should obtain a letter in which responsible executives of the client’s organization represent that to the best of their knowledge all liabilities have been organized. However, this is done as a normal audit procedure to afford additional assurance to the CPA and it does not relieve him of the responsibility for doing his own audit work.

18-95


c. Whenever a CPA is justified in relying on work done by an internal auditor, he should curtail (but not eliminate) his own audit work. In this case, the CPA should have ascertained early in his examination that Ozone’s internal auditor is qualified by being both technically competent and reasonably independent. Once satisfied as to these points, the CPA should discuss the nature and scope of the internal audit program with the internal auditor and review his working papers in order that the CPA may properly coordinate his own program with that of the internal auditor. If the Ozone internal auditor is qualified and has made tests for unrecorded liabilities, the CPA may limit his work in this audit area.

d. In addition to the 2005 voucher register, the CPA should consider the following sources for possible unrecorded liabilities:

1. Unentered vendors’ invoice file.2. Status of tax returns for prior years still open.3. Discussions with employees.4. Representations from management.5. Comparison of account balances with preceding year.6. Examination of individual accounts during the year.7. Existing contracts and agreements.8. Minutes.9. Attorney’s bills and letter of representation.10. Status of renegotiable business.11. Correspondence with principal suppliers.12. Audit testing of cutoff date for reciprocal accounts, e.g., inventory and

fixed assets.

Case 5. a. Lourdes should find in the audit working papers a planning memo describing the client’s inventory-taking plan and notes about the auditor’s first-hand observation of the instructions being given to counters, along with a memo about the auditors’ observation of the counting. This memo should tell about supervision of the audit staff, and the working papers (test counts) should show the review signatures of the supervising auditors.

b. Working papers should document performance of these substantive procedures for the existence and completeness assertions:

1. Conduct an observation of the company’s physical inventory count.2. Scan the inventory compilation for items added from sources other than

the physical inventory count. . .3. At year end, obtain the number of the last shipping and receiving

documents . . . Use these to scan the sales, inventory/cost of sales, and accounts payable entries for proper cutoff.

4. Confirm or inspect inventories held in public warehouses.

18-96


Case 6. The three categories of major losses or manipulations in the area of investments are: theft of diversion of funds, manipulation of accounting, and business espionage. Business espionage is generally outside the sphere of independent auditors’ interest.

Case 7. a. The objectives (specific assertions) for the audit of non-current investment securities are to obtain evidence regarding the:

Existence of the investment securities at the balance sheet date. Ownership of the investment securities. Cost and carrying value of the investment securities. Proper presentation and disclosure of the investment securities in

the financial statement. Proper recognition of interest income. Proper recognition of investment gains and losses.

b. The following audit procedures should be undertaken with respect to the audit of Tess’ investment securities:

Inspect and count securities in the company’s safe and safe deposit box.

Examine brokers’ statements to obtain assurance that all transactions were recorded.

Examine documents in support of purchases and sales of investment securities.

Inspect the minutes of the board of directors meetings. Review the audited financial statements of the (25 percent)

investee. Verify the equity method of accounting was used for carrying

value of the investment in Dee Industrial. Obtain a client representation letter that confirms the client’s

representations concerning the noncurrent investment securities. Verify the calculation of interest income. Review the propriety of the presentation and disclosure of the

securities in the financial statements. Make certain that the client representation letter includes the

proper assertions concerning accounts payable. Investigate and resolve confirmation exceptions and other matters

requiring follow-up.Case 8. a. The audit objectives in the examination of long-term debt are to determine

that:

1. All liabilities were properly recorded.2. Items recorded as liabilities are bona fide obligations.3. Interest expense and/or amortization was properly computed and

recorded.

18-97


4. The client is not in violation of restrictions or requirements imposed on it by the terms of the loan agreement.

5. Satisfactory authority existed to enter into long-term obligation agreements.

6. All long-term obligations are properly classified in the balance sheet.7. Assets pledged as security are adequately disclosed.

b. The following procedures should be included in an audit program for the examination of the long-term note between Odette and First National Bank:

1. Confirm the loan and terms of the agreement with the bank.2. Review the agreement between Odette and the bank to determine that:

a. The debt is long-term (by reference to dates).b. Provisions of the agreement have not been violated, e.g., that

Odette is complying with any restrictions on the payment of dividends, on the amount of working capital to be maintained, or on the uses to which the funds may be employed and is maintaining the plant pledged as security for the loan.

c. The agreement was signed by person(s) having authority.3. Trace the receipt of funds into the bank account and cash receipts book.4. Check the computation of interest expense for the period May 1 to June

30, and trace the recording of the expense and the accrual on the books.5. Determine that authority to borrow was granted and is recorded in the

board of directors’ minutes.

CHAPTER 25

AUDITING FAIR VALUE MEASUREMENTS AND DISCLOSURES

I. Review Questions

1. Refer to page 856, paragraph 1 of the textbook.



18-98




6. Refer to page 861, no. 5 of the textbook.

7. Refer to page 863, no. 8 of the textbook.

8. Refer to page 864, no. 9, 3rd paragraph of the textbook.



1. b2. b3. d4. d5. c

CHAPTER 26

USING THE WORK OF OTHERS

I. Review Questions

1. An auditor who reports on the financial statements of a combined entity when he or she audited the major part of the combined entity is the principal auditor. Auditing standards identify procedures to be followed by a principal auditor.

To be able to serve as auditor of a combined entity, an auditor must determine that he or she is able to be the principal auditor based on the materiality of the portion of the financial statements that he or she has examined, his or her knowledge of the overall financial statements, and the importance of the components he or she has audited.

2. The principal auditors must perform one or more of the following procedures:

Visit the auditor. Review the audit programs. Review audit work papers.

18-99


Perform additional audit procedures.

3. Refer to page 879.

4. Refer to pages 879 to 880.

5. While the external auditor has sole responsibility for the audit opinion expressed and for determining the nature, timing, and extent of external audit procedures, certain parts of internal auditing work may be useful to the external auditor.

The external auditor should obtain a sufficient understanding of internal audit activities to assist in planning the audit and developing an effective audit approach.

Effective internal auditing will often allow a modification in the nature and timing, and a reduction in the extent of procedures performed by the external auditor but cannot eliminate them entirely. In some cases, however, having considered the activities of internal auditing, the external auditor may decide that internal auditing will have no effect on external audit procedures.

The external auditor’s preliminary assessment of the internal audit function will influence the external auditor’s judgment about the use which may be made of internal auditing in modifying the nature, timing and extent of external audit procedures.


1. c 3. d 5. b2. b 4. b 6. c


a. Tan should ask San Nicolas to authorize Andres to respond fully to her inquiries. If San Nicolas refuses or limits the responses, Tan should request San Nicolas to explain the reasons. After obtaining the explanation, Tan should consider whether to continue pursuing the engagement.

b. Tan will have to (1) obtain additional information about the client and possibly about the industry, which Andres would have obtained in prior years, (2) make a more detailed evaluation of whether to accept this client, (3) obtain information about the client’s internal control, which Andres would have obtained in prior years, and (4) obtain evidence about beginning balance sheet balances, which Andres would have obtained in prior years.

CHAPTER 28

18-100


THE AUDITOR’S REPORT ON FINANCIAL STATEMENTS

I. Review Questions

1. Scope paragraph

(a) The objects of the audit are the financial statements – balance sheet(s), income statement(s), and cash flow statement(s), and related footnote disclosure, not the “books and records.”

(b) The description of the audit means:

(1) the auditors were trained and proficient.(2) the auditors were independent.(3) due professional care was exercised.(4) the work was planned and supervised.(5) internal controls was properly studied and evaluated.(6) sufficient competent evidential matter was obtained.(7) the GAAS reporting standards were followed.

* Professional judgment was exercised in performing the tests and choosing the procedures to perform in the circumstances.

2. Report and the evidence dimension

Fully sufficient competent evidence

Isolated evidence

deficiencyPervasive lack

of evidenceUnqualified opinion XAdverse opinion XOpinion qualified for a

departure from SFAS XParagraph for

inconsistent GAAP application X

Paragraph for an uncertainty X

Disclaimer of opinion X

3. Major reasons for departure from the standard unqualified report

18-101


1. Disagreement with management regarding the acceptability of the accounting policies selected, the method of their application or the adequacy of financial statement disclosure.

2. Limitation on scope of the audit (resulting in a lack of evidence).3. Using extra paragraph(s) to emphasize significant matters.4. Different opinion on prior year comparative statements.5. Relying on the work and reports of other independent auditors.6. Required supplementary data omitted or departs from guidelines.7. “Other information” inconsistent with financial statements or contains

material misstatement of fact.8. Auditor is not independent.

4. Students may identify more than one description of the “most important” distinction between an opinion and a disclaimer. All the following are valid, although (a) is intended to be the “Most Important:”

a. An opinion (unqualified, qualified or adverse) is an explicit statement of the auditor’s conclusion(s), while a disclaimer is an (empty) assertion of “no conclusion.”

b. An (unqualified) opinion is the highest level of assurance, while a disclaimer is the lowest level (no assurance).

c. An opinion requires evidence as a basis, while a disclaimer results from lack of evidence.

d. Auditors must be independent to give an opinion, while a disclaimer can result from a CPA’s lack of independence.

5. A material scope restriction occurs when the auditor is unable to gather sufficient competent evidence to support an unqualified opinion on the financial statements. Scope restrictions may be client-imposed or they may result from other circumstances, e.g., appointment of the auditor after the client’s physical inventory has been taken. A material scope restriction need not result in a modification of the auditor’s opinion provided the auditor can obtain satisfaction by alternate means.

6. A principal auditor is one who has examined the major portion of the combined entity.

7. When financial statements of the prior year are presented together with those of the current year, a continuing auditor must report on both years. In “updating” the prior year’s report, the auditor must decide whether to restate the report in its same form or modify it to reflect current information not available at the date of issuance of the prior report.

8. A continuing auditor can update a previously-issued report by obtaining and evaluating information during the current engagement. Thus, an updated report

18-102


is a previously-issued report that has been reevaluated in light of current information and evidence. (The updated report itself may be a compilation report, a review report, or an audit report).

The reevaluation may cause the updated version to be different from the report previously issued (for example, a new reason to write a qualification may be found).

An updated report carries a current date, not the date of the previous report.

A predecessor auditor usually does not have the current information necessary to update a report.

Either a continuing auditor or a predecessor auditor can reissue previously-reissued report. The process does not contemplate consideration of information and evidence obtained during a current engagement. Thus, a reissued report is a current release of a previously-issued report without benefit of any additional examination or review of the subject financial statements. The report date should be the date of the end of field work for the original issue of the report.

9. A principal auditor is the one who (a) audits a material portion of a reporting entity’s assets, liabilities, revenues and expenses (usually over 50 percent) and (b) knows enough about the whole entity to sign the audit report.

10. The principal auditor’s reference in his report to another auditor is not a qualification in scope. The reference only shows the divided responsibility for the audit work.

11. When an auditor is not independent with respect to a client, a disclaimer of opinion must be rendered. The disclaimer must be issued because the statements cannot be audited in accordance with generally accepted auditing standards. (An accountant, not an auditor, is the person associated with compiled and reviewed financial statements. An accountant can give a compilation – disclaimer – report on compiled unaudited financial statements).

12. When the “going concern assumption” is in doubt, auditors have serious reservations about the recoverability and amounts of reported assets and the amount and classification of reported liabilities. These opinions may be used, depending on the circumstances:

a. Standard unqualified report with an uncertainty notice paragraph calling attention to the going concern problem.

b. Disclaimer of opinion to express unwillingness to give an opinion on the presentation.

c. Opinion qualified or adverse for departure from GAAP if all appropriate disclosures are not made.

18-103


13. According to PSA 700,

“In certain circumstances, an auditor’s report may be modified by adding an emphasis of matter paragraph to highlight a matter affecting the financial statements which is included in a note to the financial statements that more extensively discusses the matter. The addition of such an emphasis of matter paragraph does not affect the auditor’s opinion. The paragraph would preferably be included after the opinion paragraph and would ordinarily refer to the fact that the auditor’s opinion is not qualified in this respect.

The auditor should modify the auditor’s report by adding a paragraph to highlight a material matter regarding a going concern problem.

The auditor should consider modifying the auditor’s report by adding a paragraph if there is a significant uncertainty (other than a going concern problem), the resolution of which is dependent upon future events and which may affect the financial statements. An uncertainty is a matter whose outcome depends on future actions or events not under the direct control of the entity but that may affect the financial statements.”

14. Whether to divide responsibility or accept full responsibility is a function of:

a. Relationship of the principal auditor to the other auditors; andb. Materiality of the component(s) examined by other auditors.

15. The auditor may decide to disclaim an opinion when confronted by a material scope limitation that precludes gathering sufficient evidence to support an opinion as to overall fairness of financial presentation. The auditor may also disclaim an opinion if his/her name is associated with financial statements for which an audit was not intended (e.g., compilations and reviews), or if the auditor is not independent.

16. Two conditions are necessary for an unqualified opinion:

a. No material scope restrictions have prevented the auditor from collecting sufficient, competent evidence; and

b. The financial statements, including footnote disclosures, contain no material departures from GAAP.

17. An auditor may agree with a departure from a designated principle only when, in his/her judgment, application of the designated principle would make the financial statements materially misleading.

18-104


18. The audit opinion does not extend to the other information, and therefore, the opinion is not affected by omission or inconsistency or incorrect supplemental information.

19. The auditor must evaluate, on every audit, the ability of the entity to meet its obligations on a continuing basis during a reasonable period (usually 12 months) following the balance sheet date. Although the auditor is not required to apply additional procedures in making the initial evaluation, if he/she has substantial doubt as to ability of the client to continue, added procedures may have to be applied to resolve the issues.

20. The auditor should add an explanatory paragraph regarding a material uncertainty, provided the outcome of the events surrounding the uncertainty cannot be reasonably estimated by management. If the probability of an unfavorable outcome is remote, the explanatory paragraph is not needed. If a material loss is probable, but is not susceptible to reasonable measurement, and is properly footnoted, the auditor should add an explanatory paragraph directing the reader’s attention to the footnote.

The greater the materiality, and the higher the probability of loss, the more inclined will be the auditor to add the explanatory paragraph.

21. Upon learning of a change in accounting principle, the auditor should first determine the materiality and appropriateness of the change. If material and the auditor agree with the client’s justification for the change, an explanatory paragraph should be added following the opinion paragraph. The paragraph will refer to the footnote describing the change. If the change is not properly accounted for or is inadequately disclosed, the auditor should consider issuing a qualified or adverse opinion.


1. c 11. c 21. c 31. b2. d 12. b 22. c 32. c3. a 13. d 23. a 33. b4. c 14. a 24. d 34. c5. c 15. b 25. c 35. d6. c 16. d 26. a 36. b7. c 17. d 27. a 37. d8. a 18. a 28. c 38. a9. d 19. b 29. c 39. d10. c 20. c 30. b 40. b

18-105

11-106 Solutions Manual - Principles of Auditing and Other Assurance ServicesIII. Comprehensive Cases

Case 1. You must determine whether an unqualified opinion satisfies the GAAS reporting standard, in particular:

a. Determine whether the financial statements are presented in conformity with GAAP.

1. Read the footnote description of accounting policies.

2. Use a GAAP checklist.

3. Review the working papers for any indication of accounting policies not described in the footnote or ones apparently not in conformity with GAAP.

4. Determine if:

(i) The accounting principles are generally acceptable, having authoritative support.

(ii) The accounting principles are appropriate in the circumstances.

(iii) The financial statements are informative.

(iv) The information is reasonably summarized.

(v) Material adjustments have not been waived without good reasons.

b. Determine whether any accounting changes have been made and whether accounting principles have been applied consistently.

c. Determine whether the footnote disclosures are adequate to inform users of any material information evident in the working papers.

Case 2. 1. The auditor is reporting to the body that has engaged the auditing services. While the report may be read and used by others who are indirect beneficiaries of the audit, current custom is not to address the report to the unknown class of users.

2. The scope paragraph should specifically identify the audited statements by name so that there can be no mistake about the subject of the report. The alternative language is not as precise.

3. The standard language effectively bases the audit on an extensive body of written auditing standards that are known to others and can be cited in case of controversy. The alternative language, on the other hand, seems to break loose from profession-wide quality norms and make the audit quality depend more on “the circumstances,” which introduces an element of mystery and lack of definition into the report.

18-106


4. The alternative wording is similar to the typical British audit report, and they seem to be able to live with it, but American auditors believe that “opinion” connotes belief or judgment stronger than impression but less strong than positive knowledge. American auditors do not wish to appear to have full, positive knowledge about the statements on the grounds that it’s not feasible to know all there is to know about the financial statements. Also, the standard language leans heavily on GAAP as the criteria for fair presentation whereas the alternative language contains no reference to authoritative accounting criteria.

Case 3. 1. Title. The report needs a title referring to Rose as the independent auditor or independent accountant.

2. Notice of audit. The report does not give the proper declaration of an audit of the financial statements, especially the part about “in accordance with your instructions,” which suggest that Rose surrendered some audit independence. The reference to a “complete audit” is ill advised because it suggests a 100% investigation, which is contradicted by the sentence about “tests of the sales records.”

3. Responsibilities. The report says nothing about the auditor’s responsibility for the audit report.

4. Opinion. The opinion sentence should not be modified with the phrase “with the explanation given above.”

5. Opinion. The opinion sentence should not mention “minor errors we consider immaterial,” but it should contain the phrase “presents fairly in all material respects.”

6. Opinion/Identification of Financial Statements. The opinion should not include reference to cash flows because the introductory paragraph did not state that the cash flow statement was audited. This may be a deficiency in the identification of the financial statements that were actually audited.

7. Opinion. The opinion paragraph refers improperly to ASC pronouncements. It should refer to “generally accepted accounting principles.”

8. Date. The date accompanying Rose’s signature should be September 23 – the day the field work was completed – not the company’s fiscal year-end date.

9. Other. The commentary on the economy and the strike are not generally appropriate for an audit report. Even if the auditor wanted to draw attention to these matters, their relevance for understanding the financial statements and their manner of expression are both questionable.

10. Other. The negative assurance (concerning the recording of sales) is not permitted in audit reports.

18-107


Case 4.Independent Auditor’s Report

To the shareholders and board of directors of Various Fabrics, Inc.:

We have audited the accompanying balance sheets of Various Fabrics, Inc. as of January 31, 2004 and 2003 and the related statements of income, retained earnings, and cash flows for the years then ended. These financial statements are the responsibility of the company’s management. Our responsibility is to express an opinion on these financial statements based on our audits.

We conducted our audits in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.

In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of Various Fabrics, Inc. as of January 31, 2004 and 2003 and the results of its operations and its cash flows for the years then ended in conformity with generally accepted accounting principles.

Aya de Jesus, CPAMarch 2, 2004

Case 5. 1. F, L 5. B, I2. B, I 6. B, I3. B, Q 7. E, J4. A, J

Case 6. A. 1, 7c.B. 2, 7a.C. 4.D. 1.E. 6.F. 5.G. 2 (Note: The change in principle should be described in the descriptive

paragraph following the scope paragraph.)H. 3, 7c.I. 2, 7b.J. 3, 7d.K. 6. (given the materiality of property, plant, and equipment)L. 1, 7e.

18-108


M. 1, 7b and 7e.CHAPTER 29

PROCEDURES AND REPORTS ON SPECIAL PURPOSE AUDIT ENGAGEMENTS

I. Review Questions

1. The report simply states: “The financial statements are not intended to be presented in conformity with generally accepted accounting principles.” The opinion expression thereafter refers to a description of the comprehensive basis used.

Non-GAAP accounting bases include:

1. Statutory or regulatory accounting requirements

2. Tax basis accounting

3. Cash and modified cash bases

4. General price level-adjusted statements

5. Any other basis having “substantial support” (Auditing standards do not explain how non-GAAP accounting can have “substantial support.” In practice, accountants will report on any reasonable accounting basis, which explains why reports exist on diverse types of current value financial statements.)

2. The following are four comprehensive bases of accounting other than GAAP:

1. A basis of accounting to comply with the requirements of a governmental regulatory agency (for example, insurance companies use a basis of accounting pursuant to the rules of the insurance commission)

2. A basis of accounting used to file an income tax return

3. The cash receipts and disbursements basis of accounting (cash basis) and modifications to the cash basis, such as recording depreciation on fixed assets or accruing income tax.

4. A definite set of criteria having substantial support that is applied to all material items in the financial statements, such as the price-level basis of accounting.

3. A CPA may be asked to report on the application of GAAP by another auditor’s client who disagrees with the auditor’s view of proper accounting for the transaction. Auditing standards apply when a CPA in public practice, either in

18-109


connection with a proposal to obtain a new client or otherwise, provides oral or written advice on the application of accounting principles to a specific transaction or the type of opinion that may be rendered on an entity’s financial statements. In forming a judgment, the CPA should perform the following procedures:

Obtain an understanding of the form and substance of the transaction(s).

Review applicable GAAP.

If appropriate, consult with other professionals or experts.

If appropriate, perform research or other procedures to ascertain and consider the existence of creditable precedents or analogies.

The reporting CPA is required to consult with an entity’s continuing CPA to ascertain all the relevant facts. The continuing CPA can provide information about the form and substance of the transaction, how management has applied accounting principles to similar transactions, and whether the method of accounting recommended by the continuing CPA is disputed by management.

4. The following difficulties might arise:

Prior-year statements were unaudited: The auditor should label the prior-year columns “Unaudited” and modify the report by adding a paragraph that disclaims an opinion on the statements.

Audited by another auditor:

Alternative 1: Predecessor auditor reissues report.

Alternative 2: If predecessor’s report is not presented, the auditor indicates in the introductory paragraph (1) that the financial statements of the prior period were audited by another auditor (but does not name the predecessor auditor), (2) the date of the report, (3) the type of report issued by the predecessor auditor, and (4) if the report was not a standard unqualified report, the substantive reasons therefor. When the predecessor auditor’s report is not presented, the audit report would have an added sentence at the end of the first paragraph, and the opinion paragraph would refer only to the current-year statements.

Different reports on comparative statements: An auditor may issue modified reports on either of the financial statements reported on comparatively. In this situation, the auditor must exercise care to relate the opinion to the appropriate year’s financial statements.

18-110



1. b 5. b 9. a 13. d 17. b2. a 6. a 10. a 14. a 18. c3. c 7. a 11. d 15. a 19. b4. a 8. a 12. d 16. a 20. a


Case 1.To the Board of Directors of Neiny Ltd.:

We have reviewed the accompanying balance sheet of Neiny Ltd. as of December 31, 2004, and the related statements of income, retained earnings, and cash flows for the year then ended, in accordance with standards established by the Auditing Standards and Practices Council. All information included in these financial statements is the representation of the management of Neiny Ltd.

A review consists principally of inquiries of company personnel and analytical procedures applied to financial data. It is substantially less in scope than an examination in accordance with generally accepted auditing standards, the objective of which is the expression of an opinion regarding the financial statements taken as a whole. Accordingly, we do not express such an opinion.

Based on our review, we are not aware of any material modifications that should be made to the accompanying 2004 financial statements in order for them to be in conformity with generally accepted accounting principles.

The financial statements for the year ended December 31, 2003, were audited by us, and we expressed an unqualified opinion on them in our report dated February 27, 2004, but we have not performed any auditing procedures since that date.

Modelle & Co.March 3, 2006

Case 2. a. The assertions that are incorrect and should otherwise be deleted are the following:

1. Report should be addressed to Ms. Clean Corporation’s Board of Directors.

2. Delete the entire paragraph describing the scope except for the reference to cash in banks and accounts receivable.

3. Delete the opinion rendered on cash in banks and accounts receivable.4. Delete the recommendation to acquire Ajacks.

b. The assertions that are missing and should be inserted are the following:

1. Date of the report.2. Statement limiting the distribution of the report to Ms. Clean’s

management.

18-111


3. Description of the procedures performed.4. Statement that the agreed-upon procedures applied are not adequate to

constitute a GAAS audit.5. Description of the accountant’s findings.6. Disclaimer of an opinion concerning cash in banks and accounts

receivable.7. Statement limiting the report only to cash in banks and accounts

receivable and indicating that the report does not extend to the financials taken as a whole.

Case 3.Independent Auditor’s Report

[Addressee]

We have audited the statement of assets, liabilities, and capital (income tax [cash] basis) of Vanda & Corona, a partnership, as of December 31, 2004, and the related statements of revenue and expenses (income tax [cash] basis) and statement of changes in partners’ capital accounts (income tax [cash] basis) for the year then ended. These financial statements are the responsibility of the company’s management. Our responsibility is to express an opinion on these financial statements based on our audits.

We conducted our audits in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.

As described in Note X, the partnership’s policy is to prepare its financial statements on the accounting basis used for income tax purposes; consequently, certain revenue and related assets are recognized when received rather than when earned, and certain expenses are recognized when paid rather than when the obligation is incurred. Accordingly, the accompanying financial statements are not intended to present financial position and results of operations in conformity with generally accepted accounting principles.

In addition, the company is involved in continuing litigation relating to patent infringement. The amount of damages resulting from this litigation, if any, cannot be determined at this time.

In our opinion, the financial statements referred to above present fairly the assets, liabilities, and capital of the Vanda & Corona partnership as of December 31, 2004, and its revenue and expenses and changes in its partners’ capital accounts for the year then ended, on the income tax (cash) basis of accounting as described in Note X, which basis has been applied in a manner consistent with that of the preceding year.

[Sterling & Co.][Date]

18-112