chapter 11 to 29 aud

112
CHAPTER 11 A RISK-BASED AUDIT APPROACH – PART II I. Review Questions 1. Use the model AR = IR x CR x DR to solve for different values of Audit Risk (AR) when internal control risk (CR) is given different values. In all cases IR = 0.90 and DR = 0.10, therefore, AR = 0.90 x CR x 0.10 When CR is AR is 0.10 0.009 or 0.9 percent 0.50 0.045 or 4.5 percent 0.70 0.063 or 6.3 percent 0.90 0.081 or 8.1 percent 1.00 0.090 or 9.0 percent 2. a. Risk of Assessing Control Risk Too Low or Overreliance is a matter of judgment about the importance (“key”) characteristic of a particular client control procedure. An auditor can take more risk of assessing control risk too low on unimportant controls than on important (“key”) ones. Alternatively, the risk of assessing control risk too low can be considered a constant (say, 0.05) and the importance of a control can be measured in terms of a smaller or larger tolerable rate. (The authors prefer the latter approach.) b. Risk of Assessing Control Risk Too High or Underreliance is a matter of judgment about the efficiency of an audit engagement. The risk can be quite high when the audit team is willing to do extensive substantive work anyway. If the work budget is tight, auditors need to find objective ways (e.g., larger test of controls audit samples) to mitigate the risk. c. Tolerable Deviation Rate is a judgment about how many control deviations can exist in the population, yet the control can still be considered effective. Auditors need to be careful about brushing aside findings of deviations. d. Expected Deviation Rate in the Population is an estimate, usually based on assumptions or sketchy information, of the imbedded incidence of control deviations. The only use of this estimate in classical attribute sampling is to figure a sample size in advance. The statistical evaluation (CUL calculation) does not use it. e. Population Definition might be called a judgment about identification of the population of control performances that correspond to an audit objective. For example, an auditor would want to be sure he is sampling from a file of

Upload: janicasia

Post on 19-Jul-2016

32 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: Chapter 11 to 29 Aud

CHAPTER 11

A RISK-BASED AUDIT APPROACH – PART II

I. Review Questions

1. Use the model AR = IR x CR x DR to solve for different values of Audit Risk

(AR) when internal control risk (CR) is given different values. In all cases IR =

0.90 and DR = 0.10, therefore, AR = 0.90 x CR x 0.10

When CR is AR is

0.10 0.009 or 0.9 percent

0.50 0.045 or 4.5 percent

0.70 0.063 or 6.3 percent

0.90 0.081 or 8.1 percent

1.00 0.090 or 9.0 percent

2. a. Risk of Assessing Control Risk Too Low or Overreliance is a matter of

judgment about the importance (“key”) characteristic of a particular client

control procedure. An auditor can take more risk of assessing control risk

too low on unimportant controls than on important (“key”) ones.

Alternatively, the risk of assessing control risk too low can be considered a

constant (say, 0.05) and the importance of a control can be measured in

terms of a smaller or larger tolerable rate. (The authors prefer the latter

approach.)

b. Risk of Assessing Control Risk Too High or Underreliance is a matter of

judgment about the efficiency of an audit engagement. The risk can be

quite high when the audit team is willing to do extensive substantive work

anyway. If the work budget is tight, auditors need to find objective ways

(e.g., larger test of controls audit samples) to mitigate the risk.

c. Tolerable Deviation Rate is a judgment about how many control deviations

can exist in the population, yet the control can still be considered effective.

Auditors need to be careful about brushing aside findings of deviations.

d. Expected Deviation Rate in the Population is an estimate, usually based on

assumptions or sketchy information, of the imbedded incidence of control

deviations. The only use of this estimate in classical attribute sampling is to

figure a sample size in advance. The statistical evaluation (CUL

calculation) does not use it.

e. Population Definition might be called a judgment about identification of the

population of control performances that correspond to an audit objective.

For example, an auditor would want to be sure he is sampling from a file of

Page 2: Chapter 11 to 29 Aud

14-2 Solutions Manual - Principles of Auditing and Other Assurance Services

recorded documents if his objective is to audit the controls over transaction

validity.

3. Assessing the control risk too low causes auditors to assign less control risk

(CR) in planning procedures than proper evaluation would cause them to assign.

The result could be (1) inadvertently conducting less audit work than properly

necessary and taking more audit risk (AR) than originally contemplated, perhaps

to the unpleasant results of failing to detect material misstatements (damaging

the effectiveness of the audit) or (2) discovering in the course of the audit work

that control is not as good as first believed, causing an increase in the audit

work, perhaps at a time when doing so is very costly (damaging the efficiency of

the audit).

4. The important consideration involved in judging an acceptable risk of assessing

control risk too high is the efficiency of the audit. Assessing control risk too

high causes auditors to think they need to perform a level of substantive work

which is greater than a proper evaluation of control would suggest. Assessing

control risk too high leads to overauditing.

Some auditors may be willing to accept high risks of assessing the control risk

too high because they intend to overaudit anyway, and the audit budget can

support the work.

Other auditors want to minimize their work (within acceptable professional

bounds of audit risk) and thus want to minimize the risk (probability) of

overauditing by mistake.

Technically, the risk of assessing control risk too high in relation to an attribute

sample is the probability of finding in the sample (n) one deviation more than

the “acceptable number” for the sampling plan. For example, if the plan called

for a sample of 100 units and a tolerable rate of 3 percent at a 0.10 risk of

assessing control risk too low, the “acceptable number” is zero deviations.

The probability of finding 1 or more deviations when the population rate is

actually 2 percent is:

Probability (x > 0 : n = 100, r = 0.02) = 1 – (1 – r) n

= 1 – (1 – 0.02) 100

= 0.867 or 86.7 percent

5. All the elements of the risk model are products of auditors’ professional

judgments. Auditors must judge:

Inherent risk – the probability that material errors or irregularities have entered

the accounting system used to develop financial statements.

Page 3: Chapter 11 to 29 Aud

Audit Working Papers 14-3

Internal control risk – the probability that client’s system of internal control

policies and procedures will fail to detect material errors and irregularities,

provided any enter the data accounting system in the first place.

Analytical procedures risk – the probability that auditors’ analytical procedures

will fail to produce evidence of material errors and irregularities, provided

any have entered the accounting system in the first place and have not been

detected and corrected by the client’s internal control procedures.

Audit risk – the probability that auditors will not discover by any means errors

and irregularities that cause an account balance to be materially misstated.

Test of detail risk appears at first glance to be the product of a formula and not a

professional judgment. However, everything in the risk model is a judgment, so

the test of detail derived from the model is no less a judgment.

6. An incorrect acceptance decision directly impairs the effectiveness of an audit.

Auditors wrap up the work and the material misstatement appears in the

financial statements.

An incorrect rejection decision impairs the efficiency of an audit. Further

investigation of the cause and amount of misstatement provides a chance to

reverse the initial decision error.

7. Detection risk is the component of audit risk that is controllable by the auditor.

It may be raised or lowered by reducing or increasing the amount of substantive

audit testing. It is determined by the auditor’s assessment of inherent risk and

control risk.

8. The auditor deals with both inherent risk and control risk during the planning

phase of the audit. Inquiry of client personnel, study of the business and

industry, application of analytical procedures, and documentation of the

auditor’s initial understanding of internal control are all performed during the

planning phase of the audit. Further study of internal control procedures may

occur after the planning phase if the auditor wishes to further reduce the

assessed level of control risk, and considers it economically feasible to do so.

9. An auditor would assess control risk to be at maximum when (1) effective

controls for the assertion have either not been designed or not put in place, or (2)

when the auditor believes performing substantive tests of the assertion is more

cost effective. When an auditor assesses control risk to be below the maximum,

the auditor should believe that effective controls are present to prevent or detect

misstatements in the financial statement assertions.

10. When the auditor assesses control risk at a level lower than maximum, the

auditor may generally perform fewer substantive tests.

Page 4: Chapter 11 to 29 Aud

14-4 Solutions Manual - Principles of Auditing and Other Assurance Services

11. The audit risk model is useful in managing audit risk for assertions. By

determining planned audit risk for an assertion, assessing inherent and control

risks, an auditor can determine the allowable detection risk (the amount of

detection risk an auditor can allow) for an assertion. Allowable detection risk is

used to determine the nature, timing, and extent of audit procedures for the

assertion.

12. Detection risk exists because auditors (1) may use an inappropriate audit

procedure, (2) may misapply an audit procedure, (3) may misinterpret the

findings, or (4) do not examine 100 percent of an account balance or transaction

class.

13. The amount of audit evidence an auditor must gather varies inversely with

allowable detection risk. As allowable detection risk decreases, the amount of

evidence required increases, and vice versa. Chapter 12 introduces audit

procedures and discusses how auditors modify audit procedures to obtain

sufficient competent evidential matter by changing (1) the nature, (2) the timing,

or (3) the extent of procedures.

14. The audit risk model is

Audit risk (AR) = Inherent risk (IR) x Control risk (CR) x Detection risk (DR)

15. Risks identified at the financial statement level may have a substantial impact on

the assessment of inherent risk for specific assertions. For example, concern

about management integrity, identified as a risk at the financial statement level,

would cause an auditor to assess a higher level of inherent risk for existence of

sales.

II. Multiple Choice Questions

1. d 12. d 23. c 34. c

2. d 13. a 24. c 35. d

3. c 14. d 25. d 36. b

4. d 15. d 26. d 37. d

5. a 16. c 27. c 38. d

6. b 17. b 28. b 39. c

7. a 18. a 29. d 40. a

8. a 19. a 30. a 41. c

9. b 20. b 31. a 42. d

10. b 21. d 32. b

11. a 22. a 33. a

Page 5: Chapter 11 to 29 Aud

Audit Working Papers 14-5

III. Comprehensive Cases

Case 1. Factors that will affect your evaluation of audit risk include

integrity of management – Jimenez’s reputation and lawsuit.

trend toward domination of operating and financial decisions by

Jimenez.

increased management compensation based on performance.

aggressive attitude toward financial reporting by new personnel.

profitability inconsistent with the industry.

Case 2. The factors that will affect Josefina’s audit risk and business risk are (a) this is a

special audit, (b) the audit will be used to set the value of certain assets, (c) the

auditor is to evaluate any disputed amount (although this is a common provision

in purchase agreements, one might question whether auditors should agree to

such terms), and (d) the materiality level is set at P50,000, even though that is

considerably below an amount that might be determined using a percentage of

assets and/or income. These factors will increase the risk at the financial

statement level and potentially increase business risk.

Case 3. a. The audit risk model gives the following results:

AR = IR x CR x DR (or) DR x AR / (IR x CR)

(1) 2.5% (4) 3.33%

(2) 0.67% (5) 2.5%

(3) 1

In the third situation, the auditor does not have to accumulate any evidence

because inherent risk and control risk give the appropriate level of planned

audit risk.

b. (1) 3 (tied) (4) 2

(2) 5 (5) 3 (tied)

(3) 1

Case 4. a. (1) Medium (4) Low

(2) Low (5) Low

(3) Low

b. (1) Least (4) 2 (tied)

(2) 2 (tied) (5) 2 (tied)

(3) 2 (tied)

Page 6: Chapter 11 to 29 Aud

14-6 Solutions Manual - Principles of Auditing and Other Assurance Services

Case 5. 1. a. This will have an impact on audit risk for valuation of accounts

receivable.

b. Accumulation of additional evidence regarding collectability of

receivables will be necessary.

2. a. This situation may or may not affect overall audit risk, depending on

the impact of the financing needed and whether the company will

become so heavily leveraged that profitability becomes inadequate.

This situation might create increased business risk because of the

potential change in ownership. It would have an impact on audit risk

for valuation of stockholders’ equity.

b. Additional evidence will have to be accumulated relating to

stockholders’ equity, as well as any additional debt incurred.

3. a. The client’s changing of its accounting system will affect control risk in

each cycle, primarily for existence, completeness, and valuation.

b. Additional information will have to be accumulated about the system in

each cycle.

4. a. This will affect risk at the financial statement level, which may also

have an impact on risk for assertions relating to earnings and valuation

of assets. For example, the volatility in the industry may indicate the

potential for inadequate industry earnings or for a client’s earnings

being inconsistent with the industry.

b. Additional evidence will have to be accumulated about the financial

viability of the client and to provide evidence that management fraud

does not exist.

5. a. The increase in inventory will affect existence and valuation of

inventory.

b. Additional evidence will have to be accumulated about the existence

and valuation assertions.

Case 6. 1. a. Sales and collection

b. Primarily affects existence, completeness, and valuation assertions

c. Increase

2. a. Acquisitions and payments

b. Potential impact on all assertions

c. Increase

3. a. Sales and collections

b. Valuation, cutoff, and existence

c. No effect

4. a. Production and warehousing

b. Valuation

c. Increase

Page 7: Chapter 11 to 29 Aud

Audit Working Papers 14-7

CHAPTER 12

AUDIT PROCEDURES

I. Review Questions

1. “Procedures” relate to acts to be performed. “Standards” deal with measures of

the quality of performance of those acts and the objectives to be attained by the

use of procedures. The standards are less subject to change. The standards

provide the criteria for rejecting, accepting, or modifying a procedure in a given

circumstance. An example of the relative stability of standards and procedures

is found in the change from non-EDP to EDP systems. New procedures were

required to audit EDP systems, but auditing standards remained unchanged and

were the criteria for determining the adequacy of the new procedures.

2. A “substantive audit procedure” is any action (resembling a specific variation of

one of the seven general audit procedures) undertaken for the purpose of

producing evidence about a peso amount of a disclosure that appears in the

financial statements under audit.

The nature of a procedure is its description – usually associated with one of the

seven general audit procedures. For example, the nature of a procedure may be

confirmation, document, vouching, etc.

The timing of a procedure is the period during which it is performed – usually

distinguished as interim (before the balance sheet date), year-end (on or close to

the balance sheet date), and subsequent (after the balance sheet date).

The extent of a procedure is the number of details audited with it, or another

measure of intensity or frequency. Oftentimes, extent is measured by the sample

size.

3. Inspection techniques include physical examination of assets, examination of

documents and records, performance of mechanical accuracy tests, and

analytical procedures.

4. Vouching and tracing are two types of commonly performed documentation.

Vouching involves the examination of documents that served as a basis for

recording the transaction. Vouching usually starts with a recorded transaction

and works back to the documents and addresses existence. Tracing involves

determining whether source documents have been recorded properly in the

accounting records. By tracing, an auditor can obtain evidence that the

recording of the transaction is complete.

Page 8: Chapter 11 to 29 Aud

14-8 Solutions Manual - Principles of Auditing and Other Assurance Services

5. An inquiry involves requesting information from client personnel and receiving

their response. The request and response may be either written or oral. A

confirmation is a response a third party makes directly to the auditor on the

request of a client. The response includes information about certain

transactions, relationships, and/or balances that have an impact on a specific

financial statement assertion.

6. Confirmations are usually considered more reliable because they are from

outside parties, while inquiries are made of client personnel.

7. When equivalent procedures are available to satisfy the need for evidence, an

auditor may consider cost in selecting among the alternatives.

8. Vouching is relevant to testing the existence of sales; tracing is not. Tracing is

relevant to testing the completeness of sales, but vouching is not.

II. Multiple Choice Questions

1. c 3. c 5. c 7. a 9. d

2. d 4. a 6. c 8. d

III. Comprehensive Cases

Case 1. The objectives for the audit of Wesson’s securities investments at December 31

are to obtain evidence about the assertions implicit in the financial presentation,

specifically:

1. Existence. Obtain evidence that the securities are bona fide and held by

Wesson or by a responsible custodian.

2. Occurrence. Obtain evidence that the loan transaction and securities

purchase transactions actually took place during the year under audit.

3. Completeness. Obtain evidence that all the securities purchase transactions

were recorded.

4. Rights. Obtain evidence that the securities are owned by Wesson.

Obligation. Obtain evidence that P500,000 is the amount actually owed on

the loan.

5. Valuation. Obtain evidence of the cost and market value of the securities

held at December 31. Decide whether any writedowns to market are

required by GAAP.

6. Measurement.

7. Presentation and Disclosure. Obtain evidence of the committed nature of

the assets, which should mean they should be in a non-current classification

like the loan. Obtain evidence that restrictions on the use of the assets is

disclosed fully and agrees with the loan documents.

Page 9: Chapter 11 to 29 Aud

Audit Working Papers 14-9

Case 2. Types of procedures used by auditors in general, with examples:

1. Recalculation by the auditor

* recomputing the client’s calculation of depreciation expense

2. Observation by the auditor

* observation, test-counting of client’s physical inventory-taking

3. Confirmation by letter

* obtaining accounts receivable confirmations

* obtaining client’s lawyer’s letter

4. Inquiry and written representations

* ask client personnel about accounting events

* complete an internal control questionnaire

* obtain written client representation letter

5. Vouching

* find brokers’ invoices and cancelled checks showing agreement with

record amounts for securities investments

6. Tracing

* select a sample of shipping documents and trace them to sales invoices,

sales journal recording and posting to general ledger

7. Scanning

* scan expense accounts for credit entries

* scan payroll check lists for unusually large checks

8. Analytical procedures – any example that fits one of these:

* compare financial information with prior periods

* compare financial information with budgets and forecasts

* study predictable financial information patterns (e.g., ratio analysis)

* compare financial information to industry statistics

* study financial information in relation to nonfinancial information

Case 3. a. An audit confirmation is a written statement to the CPA from someone

outside the enterprise on a fact that a person is qualified to affirm.

b. The two main characteristics a confirmation should possess are:

1. The party supplying the information requested must be knowledgeable

and independent, i.e., he must have knowledge of information of interest to

the auditor and he must be outside the scope of influence of the organization

being audited, and

2. The auditor must obtain the information directly from the informed

party.

Page 10: Chapter 11 to 29 Aud

14-10 Solutions Manual - Principles of Auditing and Other Assurance

Services

Case 4. 1. Scanning for debit balances in accounts payable

Recalculation of amounts on supporting documents

Vouching of account entries to supporting documents

2. Vouching of policies from expense and prepayment entries

Recalculation of expiration of insurance premium

Analysis of interrelationships – compare insurance coverage to assets

owned and leased

3. Scanning inventory records for “old” last-issue dates

Verbal inquiry – question inventory control personnel about slow-moving

inventory

Vouching – examine journal entries for evidence of actual book write-down

of the specific inventory items

4. Tracing – trace remittance amounts to appropriate customer’s account

Recalculation – recalculate amount of discounts and allowances

Vouching – examine authoritative documents supporting unusual discounts

and/or allowances

5. Observation and examination by the auditor – of the inventory and the

inventory-taking procedures

Confirmation by letter – of inventory held in outside warehouses

Recalculation – of the accuracy cost-flow calculations

Case 5. a. A material decline in sales may indicate unrecorded sales; a decrease in cost

of goods sold may be due to unrecorded purchases; and an increase in cost

of good sold may be the result of omissions from the ending inventory. An

increase or decrease in gross profit will result from any one or a

combination of the above omissions.

b. A decline in the miscellaneous revenue account balance, or the absence of a

previously existing source of miscellaneous revenue, could be attributable

to a failure to record miscellaneous revenue.

c. Unrecorded accounts payable at year-end would cause an increase in

calculated accounts payable turnover.

d. An apparent increase in accounts receivable turnover may, in fact, be the

result of failure to record credit sales transactions.

e. A higher than average operating return may be indicative of unrecorded

purchases or operating expenses; a lower than average return could result

from unrecorded sales.

Page 11: Chapter 11 to 29 Aud

Audit Working Papers 14-11

Case 6. a. This is an inappropriate application of cost/benefit to auditing. The second

standard of audit field work states that the auditor is to gather sufficient

competent evidential matter to support the audit opinion. If two or more

sets of audit procedures are available for satisfactorily achieving a set of

specific audit objectives, the cost/benefit concept suggests selection of the

least costly set of procedures. In the present instance, the cost savings from

not observing the branch inventories is achieved only at the sacrifice of

obtaining sufficient evidence to support the audit objective concerning

existence of the inventories.

b. This is an appropriate application of the cost/benefit concept. Confirmation

with the trustee, who is an independent third party, achieves the audit objectives

concerning existence and ownership just as satisfactorily as examination of the

securities – and it is a less costly procedure.

Case 7. 1. f 8. n

2. l 9. k

3. h 10. c

4. e 11. a

5. p 12. g

6. m 13. b

7. d 14. j

Case 8.

1. observation

2. inspection (analytical procedures)

3. inspection (examination of documents)

4. inspection (examination of documents)

5. inquiry

6. inspection (mechanical accuracy tests)

7. inspection (examination of documents)

8. confirmation

Page 12: Chapter 11 to 29 Aud

14-12 Solutions Manual - Principles of Auditing and Other Assurance

Services

CHAPTER 13

audit evidence

I. Review Questions

1. Refer to page 494, 2nd

and 4th

paragraphs of the textbook.

2. Refer to page 494, 3rd

paragraph of the textbook.

3. Refer to page 496, 3rd

paragraph of the textbook.

4. Refer to page 497, 1st paragraph of the textbook.

5. Refer to page 497, 2nd

paragraph of the textbook.

6. Refer to page 498, 4th

paragraph of the textbook.

7. External documentary evidence is evidential matter obtained from the other

party to an arm’s-length transaction or from outside independent agencies.

External evidence reaches the auditor directly and does not pass through the

hands of the client.

External-internal documentary evidence is documentary material that originates

outside the bounds of the client’s data processing system but which has been

received and processed by the client.

Internal documentary evidence consists of documentary material that is

produced, circulates, and is finally stored within the client’s information system.

Such evidence is not touched by outside parties at all or is several steps removed

from third-party attention.

8. Auditors can help the effectiveness of confirmation requests by:

a. Having the confirmation letters printed on the client’s letterhead and signed by a

client officer.

b. Being careful to be assured of reliable addresses for recipients; that is, being

assured that the confirmations are not misdirected (for example, to a client’s

accomplices in fraud).

c. Asking confirmation of information that recipient can supply, like the

amount of a balance or the amounts of specified invoices or notes (not the

balances of homeowners’ mortgages or financial amounts, like certificates

Page 13: Chapter 11 to 29 Aud

Audit Working Papers 14-13

of deposit with accrued interest, for which people usually do not keep their

own accounting records).

d. Controlling the mailing and return of confirmations so the client cannot

tamper with them.

e. Receiving the reply directly, so the client cannot intercept and alter them.

9. Factual evidence is direct evidence, in that conclusions may be drawn from the

evidence without further corroboration. An example of factual audit evidence is

physical observation of inventory for existence. Inferential evidence is indirect,

in that direct conclusions cannot be drawn from the evidence. The auditor

typically examines other evidence to further corroborate the inferences drawn.

An oral statement by a product manager that one or more products are fully

saleable and not obsolete is an example of inferential evidence. The auditor may

perform inventory turnover tests and/or determine the date of last sale of the

product to further corroborate the product manager’s statement.

10. Sufficiency of audit evidence is a matter of audit judgment. Materiality and the

quality of internal control are important ingredients in determining sufficiency.

If internal control produces over sales processing and cash receipts, for example,

are effective, the auditor may elect to confirm fewer customers’ accounts

receivables than under conditions of weak internal control.

11. Physical evidence tests the existence assertion. Examples of physical evidence

are inventory observation, examination of securities, inspection of plant asset

additions, and count of cash on hand.

12. The quality of existing internal control is the major factor supporting the

strength of documentary evidence. A voucher produced under conditions of

strong internal control over the processing of vendors’ invoices, for example,

possesses greater validity and is therefore stronger evidence than vouchers

produced under weak control conditions.

13. Auditing standards define an accounting estimate as “an approximation of a

financial statement element, item or amount.” Estimates are used because (1) an

amount is uncertain pending specific future events or (2) relevant data cannot be

accumulated on a timely, cost-effective basis. Examples of accounting estimates

include allowance for uncollectible accounts, obsolete inventory, useful lives

and residual values of fixed assets, natural resources and intangibles, accruals

for taxes on real and personal property, accruals based on actual assumptions in

pension plans, contract revenue using percentage of completion method,

litigation losses, fair values in nonmonetary exchanges, and current values in

personal financial statements.

14. In evaluating the reasonableness of accounting estimates, an auditor should

consider the internal controls related to the estimates in order to reduce the

Page 14: Chapter 11 to 29 Aud

14-14 Solutions Manual - Principles of Auditing and Other Assurance

Services

likelihood of material misstatements in the estimates, whether the accounting

estimates are reasonable given the situation, and whether the accounting

estimates are presented in accordance with appropriate accounting principles.

15. Evidence is persuasive if the auditor considers the evidence to be sufficient and

competent enough to afford a reasonable basis for an opinion.

II. Multiple Choice Questions

1. d 4. c 7. d 10. d 13. b

2. d 5. a 8. b 11. a

3. c 6. d 9. d 12. b

III. Comprehensive Cases

Case 1. a. Evidential matter obtained from independent sources outside an enterprise

provides greater assurance of reliability (competency) than that which is

secured solely within the enterprise.

b. Accounting data and financial statements developed under satisfactory

conditions of internal control are more reliable (competent) than those which are

developed under unsatisfactory conditions of internal control.

c. Direct personal knowledge obtained by the independent auditor through

physical examination, observation, computation, and inspection is more

persuasive than information obtained indirectly.

Case 2. 1. Types of evidence

Evidential items/sources in reliability rank

d. Letter from creditor 1. External

a. Monthly statements 2. External-internal

b. Voucher register 3. Internal

c. Audit computation of discounts 4. Mathematical (based on

unaudited data)

2.

c. Audit computation of expense

amounts

1. Mathematical (based on

unaudited data)

a. Letter from bond trustee 2. External

d. Cancelled checks 3. External-internal

b. Minutes of directors’ meetings 4. Internal

Page 15: Chapter 11 to 29 Aud

Audit Working Papers 14-15

CHAPTER 14

audit working papers

I. Review Questions

1. Refer to page 522, 3rd

paragraph of the textbook.

2. The major function of audit workpapers is to provide evidence of conformance

with generally accepted auditing standards. As a body, the workpapers are

the principal record of the evidence which the auditor has gathered and

evaluated in support of the audit opinion.

3. Refer to pages 524 to 525 of the textbook.

4. Refer to page 524, 2nd

paragraph of the textbook.

5. With electronic spreadsheets, audit adjustments need only be entered once – in

the supporting schedule. The adjustments are then automatically reflected

in lead schedules and in the working trial balance through equations entered

in appropriate cells. The cell equations “link” the workpapers such that an

adjustment need be entered only once in order for all affected workpapers to

be automatically updated.

6. Permanent files contain information that is of a continuing interest to the

auditor. A permanent file typically contains (1) copies or abstracts of significant

company documents and (2) auditor- or client-prepared information on accounts.

Current-year files contain working papers prepared to support the assertions

embodied in the financial statements.

7. Client personnel may prepare working papers to reduce the time spent by the

auditor on the engagement. When client personnel prepare working papers, the

auditor should give the client personnel detailed instructions. Working papers

prepared by the client should be identified as PBC (prepared by client) and

should involve no decision making. The auditor should test completed working

papers against underlying documentation.

8. The lead schedule, especially on larger engagements, is designed to bridge the

gap between the working trial balance and the general ledger by listing all

general ledger accounts that are reported as one account in the financial

statements. Supporting schedules is a term for working papers that support the

amounts presented in the financial statements by providing support for a detailed

Page 16: Chapter 11 to 29 Aud

14-16 Solutions Manual - Principles of Auditing and Other Assurance

Services

account on a lead schedule. Supporting schedules represent the bulk of working

papers.

9. In general, a properly prepared working paper should meet firm policy, have a

proper heading, clearly indicate the work performed, clearly meet the audit

objective for which it was designed, and clearly state the auditors’ conclusion.

10. The prior year’s audit working papers are a useful guide to staff assistants

because the audit procedures performed in the prior year usually are similar to

those of the current year. By referring to last year’s working papers, the

assistant can see how the procedures were documented and is given a possible

format for organizing the current year’s working paper. In addition, exceptions

noted in last year’s working papers may alert the assistant to possible problems

in the current year. Finally, the prior year’s working papers contain information

substantiating the beginning balances for the current year.

11. The more common types of audit working papers and their principal purposes

may be summarized as follows:

(1) Audit administrative working papers – aid the auditors in planning and

administration of the audit, and include such items as the audit programs,

questionnaires and flowcharts, decision aids, time budgets, and

engagement letters.

(2) Working trial balance – represents the backbone of the auditors’ working

papers, for it contains the balances of the ledger accounts, the adjustments

and reclassifications deemed necessary by the auditors, and the adjusted

amounts that appear in the financial statements. It also contains references

to all supporting schedules and analyses, thus serving to control the other

types of working papers.

(3) Lead schedules – working papers that serve to combine similar general

ledger accounts, the total of which appears on the working trial balance.

(4) Adjusting journal entries – material misstatements in the accounts disclosed by

the auditors’ investigation are corrected by means of adjusting journal entries.

These appear on the auditors’ working trial balance, and in addition, a list of

such entries is turned over to the client at the conclusion of the audit with the

request that they be approved and entered in the accounting records.

(5) Reclassification entries – entries necessary to properly reflect financial

results but not representing misstatements in the financial records of the

client.

(6) Supporting schedules – although the term schedule is at times applied to

various types of working papers, the preferred usage is to designate a

listing of the details or elements comprising the balance in an account at a

specified date. Preparation of such a listing is often an essential step in

determining the nature of an account.

Page 17: Chapter 11 to 29 Aud

Audit Working Papers 14-17

(7) Analyses – consist of working papers showing the changes which occurred in an

account during a given period. By analyzing an account, the auditors determine

its nature and contents.

(8) Reconciliations – working papers that prove the relationship between two

amounts obtained from different sources.

(9) Computational working papers – used to verify such data as interest

expense, income taxes, and earnings per share.

(10) Corroborating documents – working papers that provide support for specific

representations made in the financial statements, such as letters of

representations from clients, lawyers’ letters, audit confirmations, and copies of

the contracts.

12. Audit working papers are the property of the auditor; however, they must not

violate the confidential relationship between client and auditors by making the

papers available to outsiders or even to the client’s employees without specific

permission from the client.

13. Refer to page 535, 1st and 2

nd paragraphs of the textbook.

14. Refer to page 535, 3rd

paragraph of the textbook.

II. Multiple Choice Questions

1. d 9. b 17. d 25. b

2. d 10. b 18. c 26. d

3. c 11. a 19. c 27. d

4. a 12. d 20. d 28. c

5. d 13. d 21. b 29. d

6. c 14. b 22. d 30. c

7. c 15. d 23. a 31. d

8. d 16. d 24. b 32. d

III. Comprehensive Cases

Case 1. a. (1) The functions of audit working papers are to aid the CPA in the

conduct of his work and to provide support for his opinion and his

compliance with auditing standards.

(2) Working papers are the CPA’s records of the procedures performed,

and conclusions reached in the audit.

b. The factors that affect the CPA’s judgment of the type and content of the

working papers for a particular engagement include:

1. The nature of the auditor’s report.

2. The nature of the client’s business.

Page 18: Chapter 11 to 29 Aud

14-18 Solutions Manual - Principles of Auditing and Other Assurance

Services

3. The nature of the financial statements, schedules or other information

upon which the CPA is reporting and the materiality of the items

included therein.

4. The nature and condition of the client’s records and internal controls.

5. The needs for supervision and review of work performed by assistants.

c. Evidence which should be included in audit working papers to support a

CPA’s compliance with generally accepted auditing standard includes:

1. Evidence that the financial statements or other information upon which

the auditor is reporting were in agreement or reconciled with the

client’s records.

2. Evidence that the client’s system of internal control was reviewed and

evaluated to determine the nature, timing, and extent of audit

procedures.

3. Evidence of the auditing procedures performed in obtaining evidential

matter for evaluation

4. Evidence of how exceptions and unusual matters disclosed by auditing

procedures were resolved or treated.

5. Evidence of the auditor’s conclusions on significant aspects of the

engagement with appropriate commentaries.

d. The CPA should perform an adequate examination at minimum cost and

effort and the preceding year’s programs will aid in doing this. The

preceding year’s audit programs ordinarily contain information useful in the

current examination (such as descriptions of the unique features of a client’s

operations or records, a formalized sequence of audit steps in logical order,

and approximate time requirements to perform various phases of the work).

The auditor should decide whether to use the old program or prepare a new

one.

Case 2. In general, the working paper is not set up in a logical manner to show what the

auditor wants to accomplish. The primary objective of the working paper is to

verify the ending balance in notes receivable and interest receivable. A

secondary objective is to account for all interest income, cash received and cash

disbursed for new notes, collateral as security, and other information about the

notes for disclosure purposes.

Page 19: Chapter 11 to 29 Aud

Audit Working Papers 14-19

Specific deficiencies of the working paper presented in the question are:

a.

DEFICIENCY

b.

IMPROVEMENT

1. Tick mark explanation “tested”

does not indicate specifically

what was done.

Should have separate tick marks

meaning:

Agreed to confirmation

Footed

Traced to cash receipts journal

Recomputed, etc.

2. Explanation of some tick marks is

not given.

Explain all tick marks on the same

page of the working paper.

3. Classification of long-term

portion indicates no verification.

Recompute portions of notes which are

long-term.

4. Paid-to-date row is confusing. Column should say “date paid to” and

this should be confirmed.

5. Due dates are missing for C.C.

Co., P. Pablo and Tetra Co.

Include due dates on working paper

for these notes.

c. SPREADSHEET SOLUTION

The purpose of using an Excel spreadsheet in this problem is to give the

student some experience in preparing a simple working paper using an

Excel spreadsheet. It should be explained to students that this type of

working paper may or may not be prepared in actual practice, and that often

templates are used to prepare more time-consuming working papers. Also,

whether or not tick marks are computerized is a matter to be decided. The

advantage is that the completed audit work can then be stored and reviewed

electronically, a direction many firms are going. On the other hand, it may

be more efficient to indicate audit work manually as it is performed, and a

contrast in the color of the tick marks through use of a colored pencil may

be desirable.

The formulas used are self-evident, so no listing is provided. Two items

deserve comment:

1. An advantage of using a spreadsheet program for these types of

analyses is that footing and crossfooting are done automatically.

2. When auditor tick marks are done by computer, a problem arises as

to how to place them on the worksheet. One could use narrow

columns inserted between the scheduled client data, or, as done

here, the tick marks are placed in blank rows beneath the related

data.

Page 20: Chapter 11 to 29 Aud

14-20 Solutions Manual - Principles of Auditing and Other Assurance

Services

Page 21: Chapter 11 to 29 Aud

14-21 Solutions Manual - Principles of Auditing and Other Assurance Services

FOURTH PACIFIC COMPANY Schedule N-1 Date

A/C # 110 – NOTE RECEIVABLE Prepared by JD 1/21/04

12/31/03 Approved by PP 2/15/04

Account # 110 – Notes Receivable Interest

Maker

Date Made / Due

Interest Rate / Date Paid to

Face

Amount

Value of Security

Balance 12/31/02

Additions

Payments

Balance 12/31/03

Receivable 12/31/02

Earned

Received

Receivable 12/31/03

Alba Co. c * 6/15/02 / 5% / 5000 None 4000 0 1000 3000 104 175 0 279 6/15/04 None pd. tp r tp < Barrios, Inc. c * 11/21/02 / 5% / 3591 None 3591 0 3591 0 0 102 102 0 Demand 12/31/03 tp r tp < r C.C. Co. c * 11/1/02 / 5% / 13180 24000 12780 0 2400 10380 24 577 601 0 4/1/08 12/31/03 tp r tp < r (P200/Mo.) P. Pablo c * 7/26/03 / 5% / 25000 50000 0 25000 5000 20000 0 468 200 268 8/1/05 9/30/03 r r < r (P1000/Mo.) Martin Cruz c * 5/12/02 / 5% / 2100 None 2100 0 2100 0 0 105 105 0 Demand 12/31/03 tp r tp < r Tetra Co. c * 9/3/03 / 6% / 12000 10000 0 12000 1600 10400 0 162 108 54 2/1/06 11/30/03 r r < r (P400/Mo.) 22471 37000 15691 43780 128 1589 1116 601 f f f f, cf f f f f, cf tp wtb tb op wtb Legend of Auditor’s Tick Marks

f Footed cf Crossfooted tp Traced to prior year working papers wtb Traced total to working trial balance op Traced total to operations working paper – OP6 * Examined note for payee, made and due dates, interest rate, face amount, and value of

security. No exceptions noted.

c Received confirmation, including date interest paid to, interest rate, interest paid during 2003, note balance, and security. No exceptions noted.

r Traced to cash receipts journal < Recomputed for the year

Page 22: Chapter 11 to 29 Aud

MANAGEMENT ACCOUNTING (VOLUME II) - Solutions Manual

18-22

CHAPTER 15

BASIC CONCEPTS AND ELEMENTS OF INTERNAL CONTROL

I. Review Questions

1. Refer to page 548, 3rd

paragraph and page 549, 1st paragraph of the textbook.

2. Internal control systems are defined as “. . . the process by which an entity’s

board of directors, management and/or other personnel obtain reasonable

assurance as to the achievement of specified objectives.”

3. The basic elements of internal control are:

a. Control environment, and

b. Control procedures.

4. All internal control systems, due to the human factor, contain certain inherent

limitations. Because of these inherent limitations, internal control provides

reasonable, but not absolute, assurance as to the achievement of control

objectives.

5. Management support of internal control is prerequisite to its effectiveness. That

is, no matter how sound the other components, the system will not be effective if

management does not support it and communicate that support throughout the

organization. An organizational awareness that management takes internal

control seriously, helps to maximize the effectiveness of the control activities.

A management operating style that supports proper ethical behavior also

enhances the effectiveness of the entity’s internal control. If employees perceive

that management conducts itself in accordance with proper ethical behavior,

such conduct will tend to reflect itself throughout the organization. Proper

ethical behavior, in turn, minimizes the probability that financial statements will

be intentionally misstated.

6. A centralized, efficient human resources function, an integral part of the control

environment, enhances competence by placing the right people in the right jobs

and training them properly to perform their assigned tasks.

7. An effective set of internal controls requires a careful analysis of decision

alternatives, and the assumption of high risk only where warranted. A

Page 23: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-23

management attitude geared toward excessive risk-taking hampers goal

attainment and thereby compromises control.

8. Monitoring affects all of the other controls by assuring their effectiveness over

time. “Ongoing” monitoring is recurring and somewhat automatic. An example

is the periodic analysis of cost variances and follow-up control where the

variance is material and controllable. “Separate evaluation” applies to those

controls not conducive to ongoing monitoring. Integrity, ethical values, and

competence, for example, cannot be monitored on a “real-time” basis, but

require periodic review for effectiveness.

9. Fixing of responsibility enhances control by providing accountability for assets.

The person responsible for prelisting incoming cash receipts, for example, will

be initially accountable for any discrepancy between such prelisting and the

receipted deposit ticket obtained from the bank. Knowledge of such

accountability, in turn, will encourage care in preparing the prelisting and in

transferring the cash receipts to the person designated as responsible for

preparing and making bank deposits.

10. Any internal control system, regardless of how sound it is, has certain inherent

limitations. The system can be circumvented by collusion among two or more

employees; management can override the structure; and the procedures can

break down temporarily causing a lag in the adaptation of the controls. For

these reasons, an effective system of internal control provides reasonable, but

not absolute assurance as to the prevention and detection of material errors or

irregularities. Auditors, therefore, must not rely totally on a sound control

system as support for their audit opinion. Rather, they must recognize the

inherent limitations and, at the very least, perform a minimum amount of

substantive audit testing.

11. Small entities, typically, cannot afford the degree of separation of functional

responsibilities existing in larger firms. Also, small firms, typically, cannot

support a separate internal audit staff. For these reasons, compensating controls

are necessary in smaller organizations. Such compensating controls ordinarily

require that the owner/manager assume an active role in reviewing transactions,

examining documents, reconciling bank accounts, and otherwise performing

many of the tasks normally done by internal auditors in larger organizations.

12. Separating recordkeeping from custody of the related assets provides an

independently maintained record which may periodically be reconciled with

assets on hand. This independent record holds the personnel of a custodial

department accountable for assets entrusted to their care. If the accounting

records were maintained by the custodial department, opportunity would exist

for that department to conceal its errors or shortages by manipulating the

records.

Page 24: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-24

13. Most controls can be classified as either prevention controls or detection

controls. A control environment, for example, that reflects strong

management support of effective control activities and proper ethical

behavior, will encourage organizational personnel to be conscientious in

performing their assigned tasks, and thereby assist in preventing errors or

irregularities. Periodic inventories and comparisons, on the other hand, will

assist in detecting errors or irregularities which have already occurred.

Both types of controls are vital to an effective system of internal control.

14. A company control procedure is an action taken for the purpose of preventing,

detecting, or correcting errors and irregularities in transactions.

15. Examples of periodic comparisons:

Count of cash on hand.

Reconciliation of bank accounts.

Count of securities.

Confirmation of accounts receivable.

Confirmation of accounts payable.

Physical count of inventory.

16. Four kinds or functional responsibilities that should be segregated:

1. Authorization to execute transactions.

2. Recording of transactions (bookkeeping).

3. Custody of assets.

4. Periodic reconciliation (comparison) of existing (real) assets to

recorded amounts.

17. Key factors in protecting against losses through embezzlement include an

adequate internal control structure, fidelity bonds, and regular audits by

independent public accountants.

18. Assuming that the general category of transaction has already been authorized

by top management, at least three employees or departments should usually

participate in each transaction to achieve strong internal control. One employee

approves the transaction after determining that the details conform to company

policies, another employee records the transaction in the accounting records, and

the third employee executes the transaction by releasing and/or taking custody

of the related assets. (Note: the approval function may be omitted in an

extremely simple transaction such as a cash sale not involving a check).

19. Refer to page 557 of the textbook.

II. Multiple Choice Questions

Page 25: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-25

1. d 4. d 7. b 10. a

2. d 5. d 8. a 11. c

3. b 6. b 9. d 12. c

III. Comprehensive Cases

Case 1.

RELEVANT TO

AUDIT?

ASSERTION

AFFECTED

HOW

AFFECTED?

a. Yes Completeness

Valuation

Year-end adjustments for accruals

and/or allocations may be

overlooked.

b. Yes Existence

Valuation

Customers may be billed for goods

not shipped. If so, customer

accounts may not be valid.

c. No N/A N/A

d. Yes Valuation

Presentation

Debits and credits to incorrect

accounts are likely to cause

materiality errors.

e. Yes No assertions are adversely affected, given the

compensating control of conducting an annual physical

inventory

f. Yes Completeness Some cash receipts may not be

deposited.

Valuation Cash in bank and/or accounts

receivable may be overstated,

depending on whether or not

undeposited cash was recorded.

g. Yes Presentation Trade accounts receivable should

be kept separate from nontrade

receivables. Credit balances in

customer accounts should be

reported as current liabilities.

h. Yes Existence

Valuation

Invoices may be submitted a

second time for payment and the

signed disbursement checks

misappropriated. The result may

be debits to inventory or other

accounts for nonexistent goods or

services.

i. No N/A N/A

Page 26: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-26

Case 2.

INHERENT OR CONTROL

WEAKNESS

TYPE OF INHERENT OR

CONTROL REMEDY

a. Inherent Temporary breakdown: environmental

changes not accompanied by revised

controls.

b. Control Chart of accounts and accounting

manuals; training of personnel who

determine debits to various expenditure

accounts; review of account distribution

by second person; internal auditor

review of transactions on a test basis.

c. Inherent Management override.

d. Control Bills of lading evidencing shipment of

goods should be prenumbered and

signed by the carrier. A copy should be

forwarded to accounts receivable and

should trigger the mailing of an invoice

to the customer. The numeric sequence

of used bills of lading should be

accounted for periodically and bills of

lading should be matched with customer

invoices on a test basis.

e. Control Billing clerks should not handle cash

receipts. Incoming cash receipts should

be prelisted and compared with daily

deposits. Credits to customer accounts

should be made from remittance advices.

Checks should be forwarded directly to

the treasurer (cashier) for deposit.

Writeoffs of customer accounts should

require approval by the credit manager

or some other responsible officer.

f. Inherent Collusion

Case 3. a. The planned assessed level of control risk is the level the auditors intend to

use in performing the audit for a particular financial statement assertion.

For example, after obtaining the understanding of internal control necessary

to plan the audit, the auditors will project a planned assessed level of

Page 27: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-27

control risk based on their understanding of the internal control structure.

The assessed level of control risk is the level of risk based on the tests of

controls performed to evaluate control risk for an assertion. Control risk is

the actual, but unknown, level of risk pertaining to an assertion.

b. While obtaining an understanding of the internal control structure, the

auditors may determine a planned assessed level of control risk for the

existence of accounts receivable which requires them to test a sample of

sales transactions. Based on the results of the tests of controls for sales, the

auditors may arrive at an assessed level of control risk that is either higher

or lower than the level planned. The actual level of control risk for

existence of receivables is, as always, at an unknown level.

Case 4. a. After obtaining an understanding of the internal control structure, the

auditors assess control risk. At this point they may or may not have

performed some tests of controls. When they believe that a lower level of

assessed control risk may be possible, and that the related reduction of

substantive tests may be cost justified, the auditors will perform additional

tests of controls. Finally, when the additional tests of controls have been

performed, the auditors will reassess control risk and design substantive

tests.

b. Obtain an understanding Prepare flowchart

Prepare checklists

Prepare questionnaires

Perform walk-through of transactions

Perform some tests of controls

Determine the planned assessed

level of control risk Analyze results obtained

Perform additional tests

of controls Perform inquiry procedures

Inspect documents for performance

Observe application of procedures

Reperform application of procedures

Reassess control risk and

design substantive tests Analyze results obtained

Case 5. Since Vasquez’s consideration of the internal control structure shows that

controls are very weak, he may omit performing tests of controls. He must,

however, have an adequate understanding of internal control to plan the

remainder of the audit. At a minimum, Vasquez should obtain a basic

understanding of the control environment, accounting system, and important

control procedures. He should document this understanding, and also document

that control risk is assessed at the maximum level.

Page 28: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-28

Case 6. a. (1) The primary advantage of the internal control questionnaire is that

control weaknesses, including the absence of control procedures, are

prominently identified by the “no” answers. Another advantage of the

questionnaire is its simplicity. If the questions have been

predetermined, as is usual, the auditors’ responsibility includes the

completion of the questionnaire with yes-or-no answers, and written

explanations are required only for the “no” or unfavorable answers.

Also, the comprehensive list of questions provides assurance of

complete coverage of significant control areas.

(2) An advantage of the written narrative approach in reviewing internal

control is that the description is designed to explain the precise controls

applicable to each examination. In this sense, the working paper

description is tailor-made for each engagement and thus offers

flexibility in its design and application. A second advantage is that its

preparation normally requires a penetrating analysis of the client’s

system. In requiring a written description of the flow of transactions,

records maintained, and the division of responsibilities, the

memorandum method minimizes the tendency to perform a perfunctory

review.

(3) The use of a flowchart in documenting internal control offers the

advantage of a graphic presentation of a system or a series of sequential

processes. It shows the steps required and the flow of forms or other

documents from person to person in carrying out the function depicted.

Thus, the tendency to overlook the controls existing between functions

or departments is minimized. Another advantage is that the flowchart

method avoids the detailed study of written descriptions of procedures

without sacrificing the CPA’s ability to appraise the effectiveness of

internal controls under review. An experienced auditor can gain a

working understanding of the system much more readily by reviewing

a flowchart than by reading questionnaires or lengthy narratives.

Information about specific procedures, documents, and accounting

records can also be located more quickly in a flowchart. Because of

these advantages, flowcharting has become the most widely used

method of describing internal control in audit working papers.

b. Even though internal control appears to be strong, the auditors are required

to conduct tests of controls. Just because policies and procedures are prescribed

does not mean that the client’s personnel are adhering to those requirements.

Employees may not understand their assigned duties, or may perform those

duties in a careless manner, or other factors may cause the internal controls

actually in place to differ from those prescribed.

Page 29: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-29

Through tests of controls the CPAs obtain reasonable assurance that the

internal control policies and procedures are in use and are operating as

planned, and they may detect material errors of types not susceptible to

effective internal control. In addition, such testing enables the CPAs to

comply with the third standard of field work which calls for obtaining

sufficient competent evidential matter to provide a reasonable basis for an

opinion.

Note to instructor – Auditors may forego tests of controls if they conclude

that internal controls are so weak as to provide no basis for assessing

control risk at a level lower than the maximum.

Case 7.

PURPLE CORP.

Raw Materials Recording and Transferring System Flowchart

December 31, 2003

STORES

ACCOUNTING INVENTORY CLERK

MANUFACTURING

Start

Goods from

Supplier

Storeskeeper Prepares Stock-in Report

Stock-in

Report

1

Filed by

date

Stock-in Report 1

2

Posts Perpetual Inventory Records

2

Filed by

date

Inventory Records at Standard

Cost

Clerk Prepares

Requisition

Requisition 1

2

Supervisor Approves

Requisition

Approved

Requisition 1 2

Approved

Requisition

Reviews for

Completeness

Posts Transfer to Perpetual Inventory

Records

4

Filed by

date

3

Filed by Job

Order

Inventory Records at Standard

Cost

Page 30: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-30

Case 8. a. The quantity of serially numbered tickets issued during the shift of each

cashier is multiplied by the price per ticket to determine the amount of cash

which the cashier should have on hand at the end of the shift.

Two employees participate in each transaction. The withholding cash

receipts would require collusion between the cashier and the door attendant

because the door attendant does not have access to cash and the cashier

cannot cause a patron to be admitted without issuing to him a serially

numbered ticket.

b. The following steps should be taken by the manager to make these controls

work effectively:

(1) Maintain careful control over unused rolls of tickets.

(2) Make a record of the serial number of the first and last ticket issued on

each cashier’s shift.

(3) Count the cash in possession of cashier at beginning and end of shift.

In addition to these regular routines, the manager should take the following

steps at unannounced intervals:

(4) Observe that the cashier never has loose tickets in his or her possession

and does not sell tickets in any manner other than ejecting them from the

ticket machine.

(5) Verify by inspection of tickets being presented by patrons to the door

attendant that only recently issued tickets (current serial numbers) are

being used.

c. Collusion by the cashier and door attendant to abstract cash receipts often

consists of the door attendant pocketing whole tickets presented by patrons

rather than tearing the ticket in half. He or she may then give these unused

tickets to the cashier; the cashier may then resell the tickets to customers at the

box office rather than punching out new tickets on the machines. The cashier

withholds the cash received from sales of these “used tickets” and divides it with

the door attendant.

d. Observation on a surprise basis by the manager of the serial numbers of

tickets being presented at the door by customers may reveal that these

Page 31: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-31

tickets are not freshly issued ones. Observation of the cashier’s work may

reveal that this employee is handling loose tickets.

CHAPTER 16

CONSIDERATION OF INTERNAL CONTROL IN A FINANCIAL STATEMENTS AUDIT

I. Review Questions

1. An auditor obtains an understanding of a client’s internal control structure as a

part of the control risk assessment process in order (1) to plan the nature, timing,

and extent of subsequent substantive audit procedures, and (2) to obtain

information about reportable conditions (control deficiencies) to report to the

client.

2. The primary reason for conducting an evaluation of a client’s existing internal

control system is to give the auditors a basis for finalizing the details of the

account balance audit program – to determine the nature, timing and extent of

subsequent substantive audit procedures.

A secondary purpose for conducting an evaluation of internal control is to be

able to make constructive suggestions for improvements. Officially, the

profession considers these suggestions a part of the audit function and does not

define the work as a MAS consultation.

Another purpose of the evaluation is to report to management and the board of

directors or its audit committee any discovery of “any reportable conditions” of

internal control deficiencies.

3. Refer to page 590, 1st paragraph of the textbook.

4. 1. Advantages of control questionnaire:

Easy to complete.

Checklist of questions.

Less chance of overlooking something important.

Disadvantages:

May contain numerous irrelevant questions.

Tendency to treat it like another form to fill out.

Page 32: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-32

2. Advantages of memorandum documentation:

Can explain the precise controls applicable to the particular client.

(precise tailoring)

Requires penetrating analysis.

Minimizes tendency toward perfunctory review.

Disadvantages:

Hard to write. Often lengthy.

Hard to revise in subsequent years.

3. Advantages of flowchart:

Graphic presentation of systems.

Shows the steps required and the flow of forms and documents.

Easy to read and analyze.

Easy to update in subsequent years.

Disadvantages:

Takes some time to draw neatly.

5. “Observation,” in a test of control procedure, refers to auditors looking to see

whether client personnel stamped, initialed, or left other signs that their assigned

control procedures had been performed.

“Reperformance,” in a test of control procedure, refers to auditors doing again

the control that was supposed to have been performed by the client personnel

(recalculating, looking up the right price, comparing quantities, and so forth).

6. Written reports on internal accounting control (IAC) for external use.

Type of Engagement Character of Report

Special IAC study Report on IAC with opinion on IAC

system taken as a whole.

Service auditor engaged to report for

benefit of user auditor and their

mutual client.

A special-purpose report on IAC can

take special forms, the main feature of

which includes an opinion relating to

the controls applied by the service

organization to the client

organization’s transactions.

7. The auditor must obtain a sufficient understanding of the client’s system of

internal financial controls to identify the types of potential material

misstatements of financial statement components, and the risks associated with

each. Such understanding is obtained by gathering evidence relating to the basic

elements of the client’s internal financial controls.

Page 33: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-33

8. The auditor obtains an initial understanding of the client’s financial controls by

studying the organizational structure, inquiring of management, and studying

last year’s working papers if a recurring audit.

9. The documentation of the auditor’s understanding must provide clear evidence

of support for the auditor’s conclusions regarding the assessed level of control

risk. This is especially necessary if control risk is assessed below the maximum

level. The documentation at this point typically consists of some combination of

narrative memoranda, questionnaires or checklists, and internal control

flowcharts, as well as documentation of the auditor’s conclusions, and the

reason(s) for assessing control risk below maximum, if applicable.

10. Testing of internal financial controls may permit the auditor to further reduce the

assessed level of control risk. This, in turn, should lead to a decrease in the

nature, timing, and/or extent of substantive audit testing in the circumstances.

11. The following factors may cause the auditor to decide not to test the client’s

internal financial controls beyond obtaining an initial understanding:

a. Controls may already have been evaluated as ineffective;

b. Further testing is not cost effective (i.e., the cost of further testing is

greater than the cost savings resulting from reduced substantive testing)

12. Some combination of the following means is typically utilized by the auditor in

testing a client’s internal financial controls:

a. Reprocessing transactions through the client’s system;

b. Observation of controls; and

c. Document examination and testing.

13. Misrepresentation is a form of financial statement misstatement caused by

intentional efforts by management to distort reported financial position and/or

results of operations. Misappropriation is a form of fraud whereby one or more

employees effect a transfer of assets from employer to employee, accompanied

by concealment in the form of account or substance alteration.

14. The following are some examples of internal control weaknesses and suggested

expanded substantive testing, given the weaknesses:

a. Perpetual inventory records not maintained: Expand test counts during

inventory observation

b. Bank accounts not reconciled: Expand year-end audit of cash accounts

c. Customer exceptions to monthly statements not investigated and

cleared: Expand accounts receivable confirmation at year-end.

Page 34: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-34

15. Reportable conditions are matters coming to the auditor’s attention, as a result of

his/her study and evaluation of the client’s internal financial controls, relating to

significant deficiencies in the design or operation or of the internal controls that

could adversely affect the organization’s ability to record, process, summarize,

and report financial data consistent with the assertions of management in the

financial statements. The purpose of the reportable conditions letter is to inform

the audit committee, or similar body within the organization, of weaknesses for

which they may not be aware. Such communication increases the likelihood

that the weaknesses will be corrected on a timely basis.

16. Use of any one of the approaches to studying and documenting a client’s

internal financial controls, by itself, is inadequate. Each approach adds a needed

dimension to the analysis. The memorandum requires depth of analysis not

found in the flowchart. The flowchart, on the other hand, promotes ease of

understanding and ready identification of strengths and weaknesses in controls.

The questionnaires and checklists add the dimension of completeness of

coverage. By using the three tools in combination, the auditor is able to gain a

deeper and clearer understanding of each of the subsets of the transaction cycles,

including major control strengths and weaknesses, thereby permitting more

accurate control risk assessments and more useful substantive audit programs

based on such assessments.

II. Multiple Choice Questions

1. b 8. a 15. d 22. a

2. a 9. b 16. c 23. a

3. b 10. c 17. b 24. d

4. d 11. b 18 b 25. b

5. b 12. a 19. a 26. d

6. b 13. b 20. d 27. b

7. b 14. b 21. a 28. d

III. Comprehensive Cases

Case 1. a. Given identified financial control weaknesses, the auditor may elect to

expand the extent of substantive testing, or search for and test compensating

controls. In the present case, the following errors and irregularities may

occur, given the control weaknesses in the payroll subset of the expenditure

cycle:

1. Hours may be in error, inasmuch as the time cards are prepared by

employees and not reviewed. This could lead to overstatement or

understatement of wages expense in the income statement. This

could also affect the carrying value of finished goods inventories if

Quicky is a manufacturing company.

Page 35: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-35

2. The payroll could be “padded” inasmuch as signed checks are

returned to the department supervisors for distribution. This could

result in overstatements of salaries and wages expense on the

income statement. It could also cause a finished goods inventory

overstatement.

b. If, based on the initial understanding, controls are thought to be adequate,

the auditor should consider the following alternatives:

1. Document the understanding, assess control risk below maximum,

as considered appropriate, and document the basis for conclusions;

or

2. Document the understanding and test controls as a means for

further reduction in the assessed level of control risk. This

alternative would be chosen if the following conditions exist:

a. Controls are thought to be effective; and

b. Cost reductions through reduced substantive testing

exceed cost of further testing of controls.

c. 1. Auditors must study and evaluate internal control each year because the

environment within which the client operates is subject to constant

change; and controls must adapt to these changes if the system is to

remain effective. The auditor must identify the environmental changes

and determine that the relevant control points remain covered after the

changes.

2. A minimum audit is necessary, even under conditions of excellent

internal control, because of the following inherent limitations in all

internal control systems:

Internal control assumes the nonexistence of collusion;

Management can override the financial controls;

Temporary breakdowns in the control system may occur and

produce material errors;

Given that these inherent limitations could produce material financial

statement misstatements, and given that the audit report provides

reasonable assurance that the financial statements do not contain

material misstatements, the auditor must perform a minimum audit,

even under conditions of excellent internal control if such assurance is

to be provided.

Page 36: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-36

Case 2.

ISLANDER DRUG STORE, INC.

Processing Cash Collections

Internal Control Questionnaire

-Question Yes No

Are customers who pay by check identified via store I.D. card or other means?

Does company policy prohibit accepting checks for anything except merchandise sales plus a nominal cash amount?

Is a receipt produced by the cash register given to each customer?

Is the reading of each cash register taken periodically by an employee who is independent of the handling of cash receipts?

Are cash counts made on a surprise basis by an individual who is independent of the handling of cash receipts?

Is the reading of each cash register compared regularly to the cash received?

Is a summary listing of cash register readings prepared by an employee who is independent of physically handling cash receipts?

Are receipts forwarded to an independent employee who makes the bank deposits?

Are each day’s receipts deposited intact daily?

Is the summary listing of cash register receipts reconciled to the duplicate deposit slips authenticated by the bank?

Are entries to the cash receipts journal prepared from duplicate deposit slips or the summary listing of cash register readings?

Are the entries to the cash receipts journal compared to the deposits per bank statement?

Page 37: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-37

Are areas involving the physical handling of cash reasonably safeguarded?

Are employees who handle receipts bonded?

Are charged back items (NSF checks, etc.) directed to an employee who does not physically handle receipts or have access to the books?

CHAPTER 17

BASIC AUDIT SAMPLING CONCEPTS

I. Review Questions

1. Refer to page 638, 3rd

paragraph of the textbook.

2. Refer to page 638, 4th

paragraph of the textbook.

3. Refer to page 640 of the textbook.

4. Audit conclusions can be made only about the population from which the

sample was drawn, and a conclusion can only be valid if the sample on which it

is based actually shows the characteristics of the population. Auditors can

attempt to achieve representativeness, but they cannot guarantee it. Sampling

risk – the probability that the sample does not adequately reflect the population

– always exists.

5. Refer to page 646, 2nd

paragraph; page 647, 1st paragraph of the textbook.

6. Refer to page 647, 6th

paragraph of the textbook.

7. Refer to page 652, paragraphs 1 to 4 of the textbook.

8. Refer to page 652, paragraphs 3 and 4 of the textbook.

9. Refer to page 653, 4th

paragraph & page 654, 1st to 3

rd paragraph of the textbook.

10. Sampling risk is the probability that the auditor’s conclusions concerning the

population will be in error. In terms of conclusions regarding internal control,

sampling risk consists of two subsets:

Page 38: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-38

Alpha risk, the risk that the auditor will assess control risk too high and

perform more substantive testing than is necessary under the circumstances;

and

Beta risk, the risk that the auditor will assess control risk too low and

perform less substantive testing than is necessary.

For control testing purposes, the auditor is more concerned with beta risk than

alpha risk, because beta risk poses the threat of underauditing and is therefore

the basis for the audit opinion. The auditor controls this risk by setting beta risk

sufficiently low as to maintain overall audit risk at a level less than or equal to

10%.

11. Refer to pages 661 to 663 of the textbook.

12. Refer to pages 655 to 660 of the textbook.

II. Multiple Choice Questions

1. b 3. d 5. d 7. a 9. a

2. c 4. c 6. b 8. d 10. c

III. Comprehensive Cases

Case 1. a. Areas requiring the auditors to make judgment decisions when statistical

sampling techniques are employed (only four required):

(1) Defining population, characteristics to be tested, and deviations.

Unless a relationship is defined between the occurrence rate of

deviations in the population and either the validity of the client’s

financial statement or the strength of internal control, little useful

information is gained by estimating the occurrence rate.

(2) Determining the appropriate statistical selection techniques for drawing

a random sample. The auditors must recognize the advantages and

disadvantages of stratified selection, unstratified selection, and

systematic selection, and determine which technique is appropriate for

selecting an economical random sample.

(3) Establishing the required maximum tolerable deviation rate and the risk

of assessing control risk too low for the procedure. This requires

judgment decisions regarding materiality, time, cost, and the planned

assessed level of control risk.

(4) Interpreting sample results. This requires a decision as to whether the

results support the auditors’ planned assessed level of control risk, or

whether additional sampling is necessary to reach a conclusion.

(5) Following up on the discovery of critical errors or unacceptable

deviation rates.

Page 39: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-39

(6) Determining the circumstances under which statistical sampling is

appropriate, and those in which other techniques should be used in lieu,

of or to supplement, the statistical sampling techniques.

This is an open-ended question. The student may identify numerous other

areas in which the auditors must make judgment decisions.

b. If the CPAs’ sample shows an unacceptable deviation rate, they may take

the following actions:

(1) They may enlarge their sample to increase the precision of their

estimate.

(2) They may isolate the type of deviation and expand examination as it

relates to the transactions that give rise to that type of misstatement.

(3) The auditors’ usual response to an unacceptably high deviation rate is

to increase their assessed level of control risk. Accordingly, the

auditors would increase the intensity of their substantive tests.

c. Techniques for selecting an unstratified random sample of accounts payable

vouchers include the following:

Random Sample. A random sample is a sample of a given size drawn from

a population in a manner such that every possible sample of that size is

equally likely to be drawn. Items may be selected randomly by:

(1) Table of Random Numbers. Use one of a number of published tables.

Using four columns in the table, select the first 80 numbers which fall

within the range of 1 to 3,200. The starting point in the table should be

selected randomly and the path to be followed through the table should

be set in advance and followed consistently.

(2) Random Number Generator: Using generalized audit software,

generate a list of 80 random numbers.

Systematic Sample. A systematic sample is drawn by selecting every nth

item beginning with a random start.

(1) Every nth

item. Select every 40th

voucher after selecting the initial

voucher (from 1 to 40) randomly.

(2) Several random starting points. For example, use two random starting

points and select 40 of the 80 vouchers from each of the two sequences.

Select every 80th

voucher (3,200/40) after each of the two random

starting points between 1 and 80 for each of the two sequences.

Case 2. a. (1) Since the results of tests of controls typically play a significant role in

determining the nature, timing, and extent of other audit procedures, the

Page 40: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-40

auditors usually specify a low level of risk of assessing control risk too

low. It is usually set at 5 or 10 percent.

(2) In determining the tolerable deviation rate, an auditor should consider

the planned assessed level of control risk and the extent of assurance

desired from the evidential matter included in the sample.

(3) In determining the expected population deviation rate, an auditor

should consider the results of prior years’ tests, the overall control

environment, or utilize a preliminary sample.

b. (1) There is a decrease in sample size if the acceptable level of the risk of

assessing control risk too low is increased.

(2) There is a decrease in sample size if the tolerable deviation is increased.

(3) There is an increase in sample size if the population deviation rate is

increased.

c. Using a statistical sampling approach, Figure 18.4 reveals that 7 deviations

in a sample of size 100 results in an achieved upper deviation rate of 12.8%,

well in excess of the tolerable deviation rate (8%). The sample results

should thus be interpreted as not supporting the planned assessed level of

control risk.

Using a nonstatistical sampling approach, the 7% estimated population

deviation rate identified in the sample (7 deviations / 100 sample items)

approaches the tolerable deviation rate of 8%. Therefore, using a

nonstatistical approach, the sample result would also be interpreted as not

supporting the planned assessed level of control risk.

d. Statistical sampling allows the auditors to quantify sampling risk. As

described in part (c), only when statistical sampling is used do the auditors

know that the achieved upper deviation rate is 12.8%.

Page 41: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-41

CHAPTER 18

APPLICATION OF QUANTITATIVE TECHNIQUES IN PLANNING, CONTROL AND DECISION MAKING - II

I. Questions

1. PERT is superior to Gantt Charts in complex projects because:

a. PERT charts are flexible and can reflect slippage or changes in plans,

but Gantt charts simply plot a bar chart against a calendar scale.

b. PERT charts reflect interdependencies among activities; Gantt charts

do not.

c. PERT charts reflect uncertainties or tolerances in the time estimates

for various activities; Gantt charts do not.

2. The use of PERT provides a structured foundation for planning complex

projects in sufficient detail to facilitate effective control.

A workable sequence of events that comprise the project are first

identified. Each key event should represent a task; then the

interdependent relationships between the events are structured.

After the network of events is constructed, cost and time parameters are

established for each package. Staffing plans are reviewed and analyzed.

The “critical path” computation identifies sequence of key events with

total time equal to the time allotted for the project’s completion. Jobs

which are not on the critical path can be slowed down and the slack

resources available on these activities reallocated to activities on the

critical path.

Use of PERT permits sufficient scheduling of effort by functional areas

and by geographic location. It also allows for restructuring scheduling

efforts and redeployment of workers as necessary to compensate for

delays or bottlenecks. The probability of completing this complex

project on time and within the allotted budget is increased.

3. Time slippage in noncritical activities may not warrant extensive

managerial analysis because of available slack, but activity cost usually

increases with time and should be monitored.

Page 42: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-42

4. The critical path is the network path with the longest cumulative

expected activity time. It is critical because a slowdown along this path

delays the entire project.

5. Crashing the network means finding the minimum cost for completing

the project in minimum time in order to achieve an optimum tradeoff

between cost and time. The differential crash cost of an activity is the

additional cost of that activity for each period of time saved.

6. Slack is the amount of time an event can be delayed without affecting the

project’s completion date. Slack can be utilized by management as a

buffer against bottlenecks that may occur on the critical path.

7. Unit gross margin are typically computed with an allocation of fixed

costs. Total fixed costs generally will not change with a change in

volume within the relevant range. Unitizing the fixed costs results in

treating them as though they are variable costs when, in fact, they are

not. Moreover, when multiple products are manufactured, the relative

contribution becomes the criterion for selecting the optimal product mix.

Fixed costs allocations can distort the relative contributions and result in

a suboptimal decision.

8. This approach will maximize profits only if there are no constraints on

production or sales, or if both products use all scarce resources at an

equal rate. Otherwise management would want to maximize the

contribution per unit of scarce resource.

9. The opportunity cost of a constraint is the cost of not having additional

availability of the constrained resources. This is also called a shadow

price.

10. The feasible production region is the area which contains all possible

combinations of production outputs. It is bounded by the constraints

imposed on production possibilities. The production schedule which

management chooses must come from the feasible production region.

11. The accountant usually supplies the contribution margin data that is used

in formulating a profit-maximizing objective function. In addition, the

accountant participates in the analysis of linear programming outputs by

assessing the costs of additional capacity or of changes in product mix.

12. a. Hourly fee for inventory audit (C)

b. Salary of purchasing supervisor (N)

c. Costs to audit purchase orders and invoices (P)

d. Taxes on inventory (C)

Page 43: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-43

e. Stockout costs (P)

f. Storage costs charged per unit in inventory (C)

g. Fire insurance on inventory (C)

h. Fire insurance on warehouse (N)

i. Obsolescence costs on inventory (C)

j. Shipping costs per shipment (P)

13. Although the inventory models are developed by operations researchers,

statisticians and computer specialists, their areas of expertise do not

extend to the evaluation of the differential costs for the inventory models.

Generally, discussions of inventory models take the costs as given. It is

the role of the accountant to determine which costs are appropriate for

inclusion in an inventory model.

14. Cost of capital represents the interest expense on funds if they were

borrowed or opportunity cost if funds were provided internally or by

owners. It is included as carrying cost of inventory because funds are

tied up in inventory.

15. Costs that vary with the average number of units in inventory:

Inventory insurance P 2.80

Inventory tax 2.05 (P102.25 x 2%)

Total P 4.85

Costs that vary with the number of units purchased:

Purchase price P102.25

Insurance on shipment 1.50

Total P103.75

Total carrying cost = (25% x P103.75) cost of capital + P4.85 = P25.94 +

P4.85 = P30.79

Order costs:

Shipping permit P201.65

Costs to arrange for the shipment 21.45

Unloading 80.20

Stockout costs 122.00

Total P425.30

II. Problems

Page 44: Chapter 11 to 29 Aud

Chapter 18 Application of Quantitative Techniques in Planning, Control and

Decision Making - II

18-44

Problem 1 (Solution is found on the next page.)

Problem 2

Requirement (a)

The critical path through each of the three alternative paths calculated as the

longest is 0 - 1 - 6- 7- 8.

0 - 1 - 2 - 5 - 8 2 + 8 + 10 + 14 = 34

0 - 1 - 3 - 4 - 7 - 8 2 + 8 + 7 + 5 + 3 = 25

0 - 1 - 6 - 7 - 8 2 + 26 + 9 + 3 = 40*

________

* critical

Requirement (b)

40 - 3 - 5 = 32

Requirement (c)

If path 4 - 7 has an unfavorable time variance of 10, this means it takes a

total time of 15 to finish this activity rather than 5. This gives the path 0 - 1 -

3 - 4 - 7 - 8 a total time of 35, but since this is less than the critical path of 40,

it has no effect.

Requirement (d)

The earliest time for reaching event 5 via 0 - 1 - 2 - 5 is 20, the sum of the

expected times.

Problem 3

No, they didn’t make a right decision, since they included fixed costs which

do not differ in the short run. If they had used contribution margin instead of

gross margin, they would have had P5 for G1 and P6.50 for G2, therefore

they would have decided to produce G2 exclusively.

Page 45: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making – II Chapter 18

18-45

Problem 1

Requirement (a)

TASKS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

Hobbing Order 1 Order 3 Order 4 Order 2

Machining X X X X Order 1 X X Order 3 X X X Order 4 Order 2

___________

X Dead Time

Requirement (b)

28 days are required for the four orders.

Page 46: Chapter 11 to 29 Aud

Application of Quantitative Techniques in Planning, Control and Decision Making

– II Chapter 18

18-46

Problem 4

a. Carrying costs:

Order costs:

b. Economic order quantity:

Carrying costs:

Order costs:

Order costs = Insurance + Other order costs

AP

Q =

1,500 x P878

250

AP

Q =

1,500 x P878

155

P =

= P 5,268.00

= P 8,496.77

P860 + P18 = P878

P18,943.00

P16,975.27

Carrying costs =

Total

Total

Out-of-pocket

costs

Cost of capital

on inventory

Q* =

+

2 x 1,500 x P878

P109.40

S =

= 24,077 = 155 units

P65 + 20% x P222 = P119.40

QS

2 =

250 x P109.40

2 = P13,675.00

QS

2 =

155 x P109.40

2 = P 8,478.50

Page 47: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-47

18-47

Problem 5

It is necessary to evaluate the annual carrying costs and expected stockout

costs at each safety-stock level. The carrying cost will be P24.40 for each

unit in safety stock. With the given order size, there are 15 orders placed a

year (i.e., 39,000/2,600 = 15). Based on these computations, we prepare the

following schedule:

Safety

Stock

Carrying Costs

of Safety Stock

Expected Stockout

Costs

Total

Costs

0 0 0.50 x 15a x P1,650 = P12,375 P12,375

150 150 x P24.40 = P3,660 0.20 x 15a x P1,650 = P 4,950 8,610

175 175 x P24.40 = P4,270 0.05 x 15a x P1,650 = P 1,273.5 5,507.5 (optional)

250 250 x P24.40 = P6,100b 0.01 x 15a x P1,650 = P 247.5 6,347.5

Additional computations:

a 15 is the number of orders per year.

b It should be evident that at this level the carrying costs alone exceed

the total costs at a safety stock of 175 units. Therefore, it is not

possible for this or any safety-stock level larger than 250 to be less

costly than 175 units. Indeed, given a total cost at 175 units of

P5,507.5, stockout costs would have to occur with probability zero

for any safety stock greater than 225.72 units (i.e., P5,507.5 / P24.40

= P225.72).

III. Multiple Choice Questions

1. C 11. D 21. D 31. C

2. B 12. C 22. C 32. D

3. D 13. A 23. C 33. A

4. B 14. A 24. D 34. C

5. D 15. A 25. D 35. D

6. C 16. C 26. B 36. C

7. A 17. C 27. D 37. D

8. A 18. D 28. E 38. D

9. A 19. C 29. B

10. C 20. D 30. A

21. 31.

Page 48: Chapter 11 to 29 Aud

11-48 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-48

CHAPTER 19

AUDIT SAMPLING FOR SUBSTANTIVE TESTS

I. Review Questions

1. An incorrect acceptance decision directly impairs the effectiveness of an audit.

Auditors wrap up the work and the material misstatement appears in the

financial statements.

An incorrect rejection decision impairs the efficiency of an audit. Further

investigation of the cause and amount of misstatement provides a chance to

reverse the initial decision error.

2. The two methods of projecting the known misstatement to the population are the

average difference method and the ratio method. Refer to Chapter 19 for

formula expressions of each.

3. The important thing is to audit all the sample units. You cannot simply discard

one that is hard to audit in favor of adding to the sample a customer whose

balance is easy to audit. This action might bias the sample. If considering the

entire balance to be misstated will not alter your evaluation conclusion, then you

do not need to work on it any more. Your evaluation conclusion might be to

accept the book value, as long as the account counted in error is not big enough

to change the conclusion. Your evaluation conclusion might already be to reject

the book value, and considering another account to be misstated just reinforces

the decision.

If considering the entire balance to be misstated would change an acceptance

evaluation to a rejection evaluation, you need to do something about it. Since

the example seems to describe a dead end, you may need to select more

accounts (expand the sample) and perform the procedures on them (excluding

confirmation) and reevaluate the results.

4. Two main reasons for stratifying a population when sampling for variables

(peso) measurement:

a. Some units may be individually significant (e.g., large) and taking sampling risk

with respect to them is not a good idea.

b. Auditors may want to achieve audit coverage of a large proportion of pesos

in the balance by choosing the largest units (a protective sampling

objective, which is closely related to avoiding sampling risk).

Page 49: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-49

18-49

5. The tolerable misstatement (judged for the audit of a particular account balance)

must be less than the monetary misstatement considered material to the overall

financial statements. Also, the aggregation of multiple tolerable misstatement

amounts for several different balances under audit must be equal to or less than

the amount of monetary misstatement considered material to the overall

statements.

6. The appropriate general set of objectives is the objective(s) of obtaining

evidence about each of the client’s assertions in the financial balance. In

general, the assertions are about:

Existence (and cutoff)

Occurrence (and cutoff)

Completeness (and cutoff)

Rights and obligations (ownership, owership)

Valuation

Measurement

Presentation and disclosure

7. Influence on sample size:

Sample Size Relationships: Audit of Account Balances

Predetermined Sample Size Will Be:

Sample Size Influence

High Rate or

Large Amount

Low Rate or

Small Amount

Sample Size

Relation

1. Risk of incorrect

acceptance

Smaller Larger Inverse

2. Risk of incorrect

rejection

Smaller Larger Inverse

3. Tolerable

misstatement

Smaller Larger Inverse

4. Expected

misstatement

Larger Smaller Direct

5. Population

variability

Larger Smaller Direct

6. Population size Larger Smaller Direct

8. The three basic steps in quantitative evaluation are these:

1. Figure the total amount of actual misstatement found in the sample. This

amount is called the known misstatement.

2. Project the known misstatement to the population. The projected amount is

called the likely misstatement.

3. Compare the likely misstatement (also called the projected misstatement) to the

tolerable misstatement for the account, and consider the

Page 50: Chapter 11 to 29 Aud

11-50 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-50

a. Risk of incorrect acceptance that likely misstatement could be less than tolerable

misstatement even though the actual misstatement in the population is

greater, or the

b. Risk of incorrect acceptance that likely misstatement could be greater

than tolerable misstatement even though the actual misstatement in the

population is smaller.

9. Nonstatistical measurements described in Chapter 19 (page 718) leave only one

avenue for “accounting for further misstatement”: Apply experience and

professional judgment to decide if further misstatement could be large enough to

prevent an acceptance decision. If the projected likely misstatement is a great

deal less than the amount considered material, an auditor could judge that

further misstatement, if known, would not affect acceptance. If projected likely

misstatement is close to the amount considered material, maybe acceptance is

not warranted.

10. Account balances also can be audited, at least in part, at an interim date. When

account balance audit work is done before the company’s year-end date, auditors

must extend the interim-date audit conclusion to the balance-sheet date. The

process of extending the audit conclusion amounts to nothing more (and nothing

less) than performing substantive-purpose audit procedures on the transactions

in the remaining period and on the year-end balance to produce sufficient

competent evidence for a decision about the year-end balance.

Additional considerations include:

a. If the company’s internal control over transactions that produce the balance

under audit are not particularly strong, you should time the substantive

detail work at year-end instead of at interim.

b. If control risk is high, then the substantive work on the remaining period

will need to be extensive.

c. If rapidly changing business conditions might predispose managers to

misstate the accounts (try to slip one by the auditors), the work should be

timed at year-end. In most cases, careful scanning of transactions and

analytical review comparisons should be performed on transactions that

occur after the interim date.

As an example, accounts receivable confirmation can be done at an interim date.

Subsequently, efforts must be made to ascertain whether controls continue to be

strong. You must scan the transactions of the remaining period, audit any new

large balances, and update work on collectibility, especially with analysis of

cash received after the year-end.

11. Classical variables sampling estimates the value of a population by calculating

the mean and standard deviation of a sample and imputing the results to the

Page 51: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-51

18-51

population. Probability proportional to size sampling uses the results of

sampling to calculate an estimated upper error limit and compares this with a

preset tolerable error limit. Although used for substantive testing purposes, PPS

sampling is actually a variation for attribute sampling.

12. Detection (or beta) risk affects sample size inversely for substantive testing

purposes. That is, the higher the acceptable detection risk, the smaller the

sample size; and the lower the acceptable detection risk, the larger the sample

size.

13. Precision is the range + – within which the true answer most likely falls. It is

set by the auditor as a function of materiality and those levels of beta and alpha

risk deemed acceptable. Reliability is the likelihood that the sample range

contains the true value. Also referred to as the confidence level, reliability is set

by the auditor on the basis of overall audit risk.

14. PPS sampling is restricted to populations for which the auditor suspects a few

errors of overstatement only.

15. Several statistical software packages are available to facilitate audit sampling

applications. In addition to calculating sample size and evaluating sample

results, these packages can also assist in the following sampling areas:

a. Stratify populations for sampling purposes;

b. Generate random numbers to facilitate sample selection;

c. Draw the sample, given computerized data bases.

II. Multiple Choice Questions

1. b 5. c 9. d 13. a 17. d

2. a 6. b 10. a 14. a 18. b

3. c & d 7. b 11. a 15. c 19. c

4. b 8. d 12. c 16. d 20. d

Supporting Computations:

3. c. = 0.99 ;

d. = P4

1,200 x P4 = P4,800

7. = 3.5%

Audited Value 47,520

Book Value 48,000

490,000 x 0.99 = 485,100

490,000 – 485,100 = P4,900

P480

120

P 17,500

P500,000

Page 52: Chapter 11 to 29 Aud

11-52 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-52

P450,000 x 3.5% = P157,500

III. Comprehensive Cases

Case 1. a. Alpha risk is the risk of rejecting a population that is essentially correct.

Beta risk is the risk of accepting a population that is materially incorrect.

Alpha risk affects audit efficiency because overauditing results from

incorrectly rejecting a population. Beta risk impacts audit effectiveness

because underauditng results from incorrectly accepting a population.

Collectively, alpha and beta risk comprise sampling risk, defined as the

probability that the auditor will draw erroneous conclusions about a

population.

b. Attention to, and quantification of, alpha and beta risk assist the auditor in

applying an audit risk approach to substantive testing. During the audit

planning stage, the auditor identifies areas of high audit risk and sets

detection (beta) risk low for these areas. The result is that more substantive

testing is devoted to the high risk areas relative to the lower risk areas. This

approach enhances both audit efficiency and audit effectiveness.

c. Because it is closely related to the basis for the auditor’s opinion, alpha risk

is usually set equal to overall audit risk. Beta risk is set on the basis of the

auditor’s evaluation of inherent risk and control risk. The greater these risk

factors, as determined by the auditor during the audit planning stages, the

lower the beta risk set by the auditor. The lower the acceptable beta risk,

the larger the sample sizes for substantive testing purposes. Alpha and beta

risk, therefore, provide the necessary link between audit risk analysis and

substantive audit testing.

Case 2. a. (1) Mean-per-unit estimates the total value of a population by (1) using the

sample mean as an estimate of the true population mean, and (2)

extending this estimated population mean by the number of items in the

population. The computations are as follows:

(1) Estimated population mean =

P582,000 / 200 lots = P2,910 per lot

(2) Estimated total value =

P2,910 per lot x 2,000 lots = P5,820,000

(2) Ratio estimation estimates total population value by (1) using the ratio

of the sample audited values to book values as an estimate of the ratio

of population audited value to book value, and (2) applying the

Page 53: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-53

18-53

estimated ratio to the population book value. The computations are as

follows:

(1) Estimated ratio of audited to book value =

P582,000 / P600,000 = 97%

(2) Estimated total value =

97% x P5,900,000 = P5,723,000

(3) Difference estimation estimates total population values by (1) using the

average difference between the audited and book values of sample

items as an estimate of the average difference for all population items,

(2) extending the estimated average difference by the number of items

in the population, and (3) using the resulting estimate of the total

difference between audited and book value to compute the estimated

total value. The computations are as follows:

(1) Estimated average difference in audit and book values:

(P582,000 - P600,000) / 200 lots = - P90 per lot

(2) Estimated total difference =

- P90 per lot x 2,000 lots = - P180,000

(3) Estimated total value =

P5,900,000 - P180,000 = P5,720,000

b. The sample contains an element of sampling error with respect to the

average peso value of production lots. The mean book value of the

population is P2,950 (P5,900,000 / 2,000 lots), while the mean book value

in the sample is P3,000 (P600,000 / 200 lots). Mean-per-unit estimation

uses the mean value of the sample as the basis for estimating total value.

Thus, if the sample contains a disproportionate number of higher (or lower)

priced items, this sampling error will affect the estimate of the total

population value.

The estimate of total value developed in ratio estimation is based upon the

ratio of audited values to book values, rather than upon mean peso value. If

this ratio has no tendency to vary with the peso value of the lot, the estimate

of total value is not affected by the mean value of items in the sample.

However, sampling error may still be present if the sample lots are not

Page 54: Chapter 11 to 29 Aud

11-54 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-54

representative of the population with respect to the ratio of audited values

to book values.

Case 3. The auditors would project the misstatement found in the sample to the

population using either the ratio or difference approach. The ratio approach

would result in a projected misstatement of P65,500. This may be computed by

first calculating the ratio of the audited to book value as 1.0131 [P23,100 /

P22,800 (since there is a net understatement of P300, the audited value is

P23,100)] and estimating the audited value of the population as:

1.0131 x P5,000,000 = P5,065,500 (rounded)

The projected misstatement is thus P65,500 under the ratio method.

The difference approach results in an average difference of P1.50 (P300 net

difference divided by 200 items). Multiplying by the 100,000 invoices indicates

a projected misstatement of P62,400 (P1.50 x 41,600).

Case 4. The audit risk (ultimate risk) of material misstatement in the financial statements

(AR) is the product of:

(1) Inherent risk (IR), the risk of material misstatement in an assertion,

assuming there were no related internal controls.

(2) Control risks (CR), the risk of material misstatement occurring in an

assertion, and not being prevented or detected on a timely basis by the

internal control structure.

(3) Detection risk (DR), the risk that the auditors’ procedures will lead them to

conclude an assertion is not materially misstated, when in fact such

misstatement does exist.

In equation form, this relationship is expressed as follows:

AR = IR x CR x DR

This equation may be restated to solve for the allowable detection risk as

follows:

DR = AR / (CR x IR)

Using the risk levels set forth in the problem, the allowable risk of reliance upon

substantive tests is computed as illustrated below:

DR = .02 / (.2 x .5) = .20

Page 55: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-55

18-55

Thus the risk of incorrect acceptance should be limited to 20 percent if the

auditors are to achieve their objective of holding audit risk to 2 percent.

Case 5. a. (1) Required sample size is calculated as follows:

Sample size =

Sample size = = 69

Note: The reliability factor is from the zero misstatements row of the

PPS sampling table given in the case.

(2) The sampling interval is calculated simply by dividing the book value

of receivables by the sample size, as follows:

Sampling interval = Recorded receivables / Sample size

= P500,000 / 69 = P7,246

b. The results may be evaluated as follows:

(1) Projected misstatement =

Book

Value

Audited

Value

Misstatement

Tainting

%

Sampling

Interval

Projected

Misstatement

P 50 P 47 P 3 6% P7,246 P 435

800 760 40 5% 7,246 362

8,500 8,100 400 NA NA 400

P1,197

(2) Basic precision = Reliability factor x Sampling interval

= 3.0 x P7,246 = P21,738

(3) Incremental allowance =

Reliability

Factor

Increment

(Increment – 1)

Projected

Misstatement

Incremental

Allowance

Recorded amount of population

x Reliability factor

Tolerable misstatement –

(Expected misstatement x Expansion factor)

P500,000 x 3

P25,000 – (P2,000 x 1.6)

Page 56: Chapter 11 to 29 Aud

11-56 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-56

3.00

4.75 1.75 .75 P435 P326

6.30 1.55 .55 362 199

P525

(4) Upper limit on misstatement = P1,197 + P21,738 + P525

= P23,460

NOTES:

Projected misstatement

(a) Tainting percentages are calculated as the difference between book

and audited value divided by book value (e.g., (P50 – P47) / P50 =

6%).

(b) No tainting percentage is calculated for items in excess of the

sample interval and the actual misstatement is extended to

projected misstatement (as for the third error).

Basic precision is always the reliability factor for zero misstatements

multiplied times the sampling interval.

Incremental allowance

(a) Reliability factors are read from the PPS sampling table given in

the case, starting at zero misstatements.

(b) “Increment – 1” is the difference in the two adjacent reliability

factors minus 1 (e.g., 4.75 – 3.00 – 1.00 = .75).

(c) Misstatements in excess of the sampling interval are not

considered in the incremental allowance. This is because the

nature of the process requires that all items in excess of the

sampling interval be included in the sample – therefore no

allowance for items not in the sample is necessary.

c. The results obtained in part b would indicate that the auditors may accept

the population as not containing a tolerable misstatement at the 5 percent

level of risk of incorrect acceptance. The auditors would also consider the

results obtained in conjunction with other audit tests.

Case 6. a. The advantages of probability-proportional-to-size (PPS) sampling over

classical variables sampling are as follows:

PPS sampling is generally easier to use than classical variables

sampling.

Page 57: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-57

18-57

The size of a PPS sample is not based on the estimated variation of

audited amounts.

PPS sampling automatically results in a stratified sample.

Individually significant items are automatically identified.

If no misstatements are expected, PPS sampling will usually result

in a smaller sample size than classical variables sampling.

A PPS sample can be easily designed and sample selection can

begin before the complete population is available.

b. Sampling interval = Recorded receivables / Sample size

= P300,000 / 60 = P5,000

c. Projected misstatement =

Book

Value

Audited

Value

Misstatement

Tainting

%

Sampling

Interval

Projected

Misstatement

P 400 P 320 P 80 20% P1,000 P 200

500 0 500 100% 1,000 1,000

3,000 2,500 NA NA NA 500

P1,700

CHAPTER 20

THE COMPUTER ENVIRONMENT

I. Review Questions

1. In a batch processing system, documents evidencing transactions and events are

gathered and processed by groups. The day’s sales invoices, for example, may

be converted to machine-readable form and processed the next morning. In a

real time system, transactions are input into the system and processed as they

occur. A branch sale, for example, may be input into the system via a terminal

at a remote location. The computer checks for product availability, customer

authenticity, customer credit approval, and shipping terms; and if all conditions

are met, the sale is processed immediately and the sales invoice and shipping

order are produced.

2. In a real-time system, much of the data are stored internally and

documentation is often not as extensive as in a batch system. Retrieval

Page 58: Chapter 11 to 29 Aud

11-58 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-58

and audit of transaction data, therefore, are often more difficult in a real-

time system. Also, controls are more likely to be programmed in real-

time systems, and for this reason, are more difficult to test.

3. Inasmuch as computer processing requires increased dependence on the

computer systems and software for the accuracy and completeness of

processing, documentation assumes major significance relative to effective

control. Documentation facilitates reviewing and updating systems and

programs as the environment changes; and it also minimizes the probability of

unauthorized system and program changes which could result in loss of control

and decreased reliability of financial data.

4. In a batch system, files are stored off-line for the most part, and access control

assumes the form of safeguarding the programs, transaction files, and

master files by assigning responsibility for the files to a librarian and

instituting a formal checkout system. Only those persons authorized to

process transactions (computer operators) are permitted access to

transaction and master files; and programmers are permitted access to

programs only for testing and “debugging” purposes. In an on-line, real-

time system, transactions and master files are stored internally, often in a

system of integrated data bases. Access control in this type of data

environment assumes the form of controlling access to data bases and fixing

of responsibility for the data base components. Assigning a password to an

individual who is responsible for the data base component accessible by that

password, canceling passwords of former employees, and frequent changing

of existing employees’ passwords are examples of access controls in a real-

time system.

5. Recording forms and transaction logs assure consistency and completeness of

data inputs. The form or log should include codes describing such transaction

components as employee number, customer number, vendor number,

department number, stock number, purchased part number, or job number. The

form should also provide for quantities, prices, dates, and usually a short

narrative description of products, parts, materials, or services for purchase and

sales transactions.

6. A transaction file is the batch of entered data that has been converted into

machine-readable form. A transaction file may contain payroll information for a

specific period of time. It is similar to a journal in a manually prepared system.

A master file contains updated information through a particular time period. It

is similar to a ledger in a manual system.

7. Small businesses have found that microcomputers or personal computer systems

are cost effective for processing accounting data. In small businesses, one

Page 59: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-59

18-59

would expect to find microcomputers (or personal computers) using

commercially available software.

8. In the computerized system, documents to support a transaction may not be

maintained in readable form, requiring associated performance of controls.

However, the computerized system will enable processing of transactions to be

done more consistently, duties to be consolidated, and reports to be generated

more easily.

II. Multiple Choice Questions

1. d 5. c 9. c 13. c 17. c

2. c 6. c 10. c 14. d 18. a

3. a 7. c 11. d 15. a 19. b

4. a 8. b 12. c 16. a 20. a

III. Comprehensive Cases

An auditor should have the following concerns about the Box system:

Does the system have any flaws or incompatibilities? (No one appears to

have tested the software or found out about others’ satisfaction with it.)

The computer sits out in the open. (Anyone could have access to and

damage the hardware.)

Anyone could come up with the password by guessing.

The backup disks are not stored in a safe place.

Was the conversion appropriately executed, with no data lost or added?

CHAPTER 21

INTERNAL CONTROL IN THE COMPUTER INFORMATION SYSTEM

I. Review Questions

1. The proper installation of IT can lead to internal control enhancements by

replacing manually-performed controls with computer-performed controls. IT-

based accounting systems have the ability to handle tremendous volumes of

complex business transactions cost effectively. Computer-performed controls

Page 60: Chapter 11 to 29 Aud

11-60 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-60

can reduce the potential for human error by replacing manual controls with

programmed controls that apply checks and balances to each transaction

processed. The systematic nature of IT offers greater potential to reduce the risk

of material misstatements resulting from random, human errors in processing.

The use of IT based accounting systems also offers the potential for improved

management decisions by providing more and higher quality information on a

more timely basis than traditional manual systems. IT-based systems are usually

administered effectively because the complexity requires effective organization,

procedures, and documentation. That in turn enhances internal control.

2. When entities rely heavily on IT systems to process financial information, there

are new risks specific to IT environments that must be considered. Key risks

include the following:

Reliance on the functioning capabilities of hardware and software. The

risk of system crashes due to hardware or software failures must be

evaluated when entities rely on IT to produce financial statement

information.

Visibility of audit trail. The use of IT often converts the traditional paper

trail to an electronic audit trail, eliminating source documents and paper-

based journal and records.

Reduced human involvement. The replacement of traditional manual

processes with computer-performed processes reduces opportunities for

employees to recognize misstatements resulting from transactions that

might have appeared unusual to experienced employees.

Systematic versus random errors. Due to the uniformity of processing

performed by IT based systems, errors in computer software can result in

incorrect processing for all transactions processed. This increases the risk

of many significant misstatements.

Unauthorized access. The centralized storage of key records and files in

electronic form increases the potential for unauthorized on-line access from

remote locations.

Loss of data. The centralized storage of data in electronic form increases

the risk of data loss in the event the data file is altered or destroyed.

Reduced segregation of duties. The installation of IT-based accounting

systems centralizes many of the traditionally segregated manual tasks into

one IT function.

Lack of traditional authorization. IT-based systems can be programmed to

initiate certain types of transactions automatically without obtaining

traditional manual approvals.

Need for IT experience. As companies rely to a greater extent on IT-based

systems, the need for personnel trained in IT systems increases in order to

install, maintain, and use systems.

Page 61: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-61

18-61

3. General controls relate to all aspects of the IT function. They have a global

impact on all software applications. Examples of general controls include

controls related to the administration of the IT function; software acquisition and

maintenance; physical and on-line security over access to hardware, software,

and related backup; back-up planning in the event of unexpected emergencies;

and hardware controls. Application controls apply to the processing of

individual transactions. An example of an application control is a programmed

control that verifies that all time cards submitted are for valid employee ID

numbers included in the employee master file.

4. The most significant separation of duties unique to computer systems are those

performed by the systems analyst, programmer, computer operator, and data

base administrator. The idea is that anyone who designs a processing system

should not also do the technical work, and anyone who performs either of these

tasks should not also be the computer operator when real data is processed.

5. Typical duties of personnel:

a. Systems analysis: Personnel will design and direct the development of new

applications.

b. Programming: Other personnel will actually do the programming dictated by

the system design.

c. Operating: Other people will operate the computer during processing runs, so

that programmers and analysts cannot interfere with the programs designed

and executed, even if they produce errors.

d. Converting data: Since this is the place where misstatements and errors can be

made – the interface between the hardcopy data and the machine-readable

transformation, people unconnected with the computer system itself do the

data conversion.

e. Library-keeping: Persons need to control others’ access to system and program

software so it will be used by authorized personnel for authorized purposes.

f. Controlling: Errors always occur, and people not otherwise connected with the

computer system should be the ones to compare input control information

with output information, provide for correction of errors not involving

system failures, and distribute output to the people authorized to receive it.

6. Documentation differs significantly as to inclusion of program flowcharts,

program listings, and technical operating instructions. File security and

retention differs because of the relatively delicate form of the magnetic media

requiring fireproof vault storage, insulation from other magnetic fields,

safeguards from accidental writing on data files, and so forth.

7. Auditors review documentation to gain an understanding of the system and to

determine whether the documentation itself is adequate for helping manage and

control the computer processing.

Page 62: Chapter 11 to 29 Aud

11-62 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-62

8. Responsibilities of the database administrator (DBA) function are:

Design the content and organization of the database, including logical

data relationships, physical storage strategy and access strategy.

Protect the database and its software, including control over access to

and use of the data and DBMS and provisions for backup and recovery

in the case of errors or destruction of the database.

Monitor the performance of the DBMS and improve efficiency.

Communicate with the database users, arbitrate disputes over data

ownership and usage, educate users about the DBMS and consult users

when problems arise.

Provide standards for data definition and usage and documentation of

the database and its software.

9. Five things a person must have access to in order to facilitate computer fraud

are:

a. The computer itself.

b. Data files.

c. Computer programs.

d. System information (documentation).

e. Time and opportunity to convert assets to personal use.

10. Because many companies that operate in a network environment decentralize

their network servers across the organization, there is an increased risk for a lack

of security and lack of overall management of the network operations. The

decentralization may lead to a lack of standardized equipment and procedures.

In many instances responsibility for purchasing equipment and software,

maintenance, administration, and physical security, often resides with key user

groups rather than with features, including segregation of duties, typically

available in traditionally centralized environments because of the ready access to

software and data by multiple users.

II. Multiple Choice Questions

1. c 7. b 13. c 19. c 25. b

2. a 8. b 14. c 20. c 26. c

3. d 9. c 15. c 21. a 27. c

4. b 10. a 16. a 22 c 28. d

5. d 11. b 17. b 23. b 29. b

6. d 12. a 18. a 24. c 30. d

III. Comprehensive Cases

Page 63: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-63

18-63

Case 1. Does access to on-line files require specific passwords to be entered to identify

and validate the terminal user?

POSSIBLE ERRORS OR IRREGULARITIES – unauthorized access may be obtained to

processing programs or accounting data resulting in the loss of assets or other

company resources.

Are control totals established by the user prior to submitting data for

processing?

POSSIBLE ERRORS OR IRREGULARITIES – sales transactions may be lost in data

conversion or processing, or errors made in data conversion or processing.

Are input totals reconciled to output control totals?

POSSIBLE ERRORS AND IRREGULARITIES – (same as above). Control totals are

useless unless reconciled to equivalent controls created during processing.

Case 2. a. 1. Input control objectives

Transactions have been recorded properly (neither double-counted

nor omitted – that is, control over validity and completeness)

Transactions are transmitted from recording point to processing

point

Transactions are in acceptable form

2. Processing control objectives

Loss or nonprocessing of data is detected

Arithmetic functions are performed accurately

Transactions are posted properly

Errors detected in the processing of data are controlled until

corrected and processed

3. Output control objectives

Processed data are reported correctly and without unauthorized

alteration

Output is required by the user

Output is distributed only to persons authorized to receive it

b. 1. Control procedures – input source data

Registration at point of entry

Sequential numbering

Grouping (batching) with control totals

Key verification

Programmed edits

Edits for completeness and reasonableness

Checklists to ensure input arrived and on time

2. Control procedures – processing controls

Page 64: Chapter 11 to 29 Aud

11-64 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-64

Prevention of loss or nonprocessing of data (e.g., control totals)

Performance of arithmetic functions

Assurance of proper posting (sample test of postings)

Correction of errors

Exclusion of unauthorized persons from operating areas (e.g.,

programmers)

3. Control procedures – output controls

Review performed by originating area of the reports and other

output data

Sampling and testing of individual transactions

Use of control totals obtained independently from prior processing

or original source data

Distribution lists used to route output only to authorized persons

Making inquiries as to whether the output is desired by the

recipient

Case 3. a. The primary internal control objectives in separating the programming and

operating functions are achieved by preventing operator access to the

computer or to input or to output documents, and by preventing operator

access to operating programs and operating program documentation, or by

preventing operators from writing or changing programs.

Programmers should not be allowed in the computer room during

production processing. They should submit their tests to be scheduled and

run by the operators as any other job.

Operators should not be allowed to interfere with the running of any

program. If an application fails, the operators should not be allowed to

attempt to fix the programs. The failed application should be returned to

the programmers for correction.

b. Compensating controls usually refer to controls in user departments

(departments other than computer data processing). In a small computer

installation where there are few employees, segregation of the programming

and operating functions may not be possible (as in a microcomputer or

minicomputer environment). An auditor may find compensating controls in

the user department such as: (1) manual control totals compared to

computer output totals and (2) careful inspection of all output. Such

compensating controls in a simple processing system could provide

reasonable assurance that all transactions were processed, processing was

proper and no unauthorized transactions were processed.

An auditor may find the following compensating controls that are

particularly important when the programming and operating functions are

not separate:

Page 65: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-65

18-65

1. Joint operation by two or more operators.

2. Rotation of computer duties.

3. Comparison of computer times to an average or norm.

4. Investigation of all excess computer time (errors).

5. Adequate supervision of all computer operations.

6. Periodic comparison of a program code value to a control value.

7. Required vacations for all employees.

Case 4. a. Input editing is the process of including, in EDP systems, programmed

routines for computer checking as to validity and accuracy of input. Types

of input editing controls are: tests for valid codes; tests for reasonableness;

completeness tests; check digits; and tests for consistency of data entered in

numeric and alphabetic fields.

b. Examples of payroll input editing controls are:

Test for validity of employee number;

Test for proper pay rate;

Test for reasonableness of hours worked.

Examples of sales input editing controls are:

Test for validity of customer number;

Test for credit approval;

Credit limit test;

Sales price list.

c. As EDP system complexity increases, documentation, as well as manual

checking decreases. To provide reasonable assurance as to completeness,

existence, and accuracy of processed transactions under these

circumstances, input editing becomes increasingly necessary.

Case 5. a. Most commonly associated with supervisory programs contained in on-line

real-time systems, design phase auditing involves the auditor in system

design. The goal is to ensure inclusion of controls that will detect

exceptions or unusual conditions and record and log information about the

initiating transactions. Once the necessary controls have been designed and

incorporated into the system, frequent visits by the auditor to the client’s

premises are necessary to determine that the controls are functioning

properly.

b. Some individuals and groups have suggested that independence may be

impaired, given auditor monitoring and reviewing a system which he/she

has helped to design. The AICPA has taken the position that making

control recommendations during system design is no different from auditor

recommendations for control improvements after the fact and documented

in the management letter.

Page 66: Chapter 11 to 29 Aud

11-66 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-66

c. In some complex EDP systems, a computer audit specialist may be needed

to assist in designing the necessary controls, as well as monitoring and

reviewing the control functions. A computer audit specialist is an

employee of the CPA firm who, typically, will have served on the audit

staff for a period of time, followed by specialized training in computer

system design and control, and EDP auditing.

d. The auditor may rely on the computer audit specialist to whatever degree

considered necessary to assure proper control installation and

implementation. The in-charge field auditor must keep in mind, however,

that use of a computer audit specialist does not compensate for the field

auditor’s lack of understanding of the internal control, including the EDP

applications.

CHAPTER 22

AUDITING IN A COMPUTER INFORMATION SYSTEMS (CIS) ENVIRONMENT

I. Review Questions

1. Additional planning items that should be considered when computer processing

is involved are:

The extent to which the computer is used in each significant accounting

application.

The complexity of the computer operations used by the entity,

including the use of an outside service center.

The organizational structure of the computer processing activities.

The availability of data.

The computer-assisted audit techniques to increase the efficiency of

audit procedures.

The need for specialized skills.

2. Understanding the control environment is a part of the preliminary phase of

control risk assessment. Computer use in data processing affects this

understanding in each of the parts of the control environment as follows:

The organizational structure – should include an understanding of the

organization of the computer function. Auditors should obtain and evaluate: (a)

a description of the computer resources and (b) a description of the

organizational structure of computer operations.

Page 67: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-67

18-67

Methods used to communicate responsibility and authority – should include the

methods related to computer processing. Auditors should obtain information

about the existence of: (a) accounting and other policy manuals including

computer operations and user manual and (b) formal job descriptions for

computer department personnel. Further, auditors should gain an understanding

of: (a) how the client’s computer resources are managed, (b) how priorities for

resources are determined and (c) if user departments have a clear understanding

of how they are to comply with computer related standards and procedures.

Methods used by management to supervise the system – should include

procedures management uses to supervise the computer operations. Items that

are of interest to the auditors include: (a) the existence of systems design and

documentation standards and the extent to which they are used, (b) the existence

and quality of procedures for systems and program modification, systems

acceptance approval and output modification, (c) the procedures limiting access

to authorized information, (d) the availability of financial and other reports and

(e) the existence of an internal audit function.

3. The “audit trail” is the source documents, journal postings and ledger account

postings maintained by a client in order to keep books. These are a “trail” of the

bookkeeping (transaction data processing) that the auditor can follow forward

with a tracing procedure or back ward with a vouching procedure.

In a manual system this “trail” is usually visible to the eye with posting

references in the journal and ledger and hard-copy documents in files. But in a

computer system, the posting references may not exist, and the “records must be

read using the computer rather than the naked eye.” Most systems still have

hard-copy papers for basic documentation, but in some advanced systems even

these might be absent.

4. The audit trail (sometimes called “management trail” as it is used more in daily

operations than by auditors) is composed of all manual and computer records

that allow one to follow the sequence of processing on (or because of) a

transaction.

The audit trail in advanced systems may not be in a human-readable form and

may exist for only a fraction of a second.

The first control implication is that concern for an audit trail needs to be

recognized at the time a system is designed. Techniques such as integrated test

facility, audit files and extended records must be specified to the systems

designer. The second control implication is that if the audit trail exists only

momentarily in the form of transaction logs or master records before destructive

update, the external auditor must review and evaluate the transaction flow at

various times throughout the processing period. Alternatively, the external

Page 68: Chapter 11 to 29 Aud

11-68 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-68

auditor can rely more extensively on the internal auditor to monitor the audit

trail.

5. Major characteristics:

1. Staff and location of the computer – operated by small staff located within the

user department and without physical security.

2. Programs – supplied by computer manufacturers or software houses.

3. Processing mode – interactive data entry by users with most of the master file

accessible for inquiry and direct update.

Control Problems:

1. Lack of segregation of duties.

2. Lack of controls on the operating system and application programs.

3. Unlimited access to data files and programs.

4. No record of usage.

5. No backup of essential files.

6. No audit trail of processing.

7. No authorization or record of program changes.

6. Auditing through the computer refers to making use of the computer itself to test

the operative effectiveness of application controls in the program actually used

to process accounting data. Thus the term refers only to the proper study and

evaluation of internal control. Auditing with the computer refers both to the

study of internal control (the same as “auditing through”) and to the use of the

computer to perform audit tasks.

7. Both are audit procedures that use the computer to test controls that are included

in a computer program. The basic difference is that the test data procedure

utilizes the client’s program with auditor-created transactions, while parallel

simulation utilizes an auditor-created program with actual client transactions. In

the test data procedure the results from the client program are compared to the

auditor’s predetermined results to determine whether the controls work as

described. In the parallel simulation procedures the results from the auditor

program are compared to the results from the client program to determine

whether the controls work as described.

8. The test data technique utilizes simulated transactions created by the auditor,

processed by actual programs but at a time completely separate from the

processing of actual, live transactions. The integrated test facility technique is

an extension of the test data technique, but the simulated transactions are

intermingled with the real transactions and run on the actual programs

processing actual data.

Page 69: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-69

18-69

9. User identification numbers and passwords prevent unauthorized access to

accounting records and application programs. The transaction log does not

prevent unauthorized access but may be reviewed to detect unauthorized access.

Even then, responsibility could not be traced to a particular individual without

user identification numbers and passwords. The transaction log is more

important to establish the audit trail than to detect unauthorized access.

10. Generalized audit software is a set of preprogrammed editing, operating, and

output routines that can be called into use with a simple, limited set of

programming instructions by an auditor who has one or two weeks intensive

training.

11.

Phases Noncomputer auditor involvement

1. Define the audit objectively 1. Primary responsibility

2. Feasibility 2. Evaluate alternatives

3. Planning 3. Review with computer auditor

4. Application design 4. none

5. Coding 5. none

6. Testing 6. Review final test results, compare to plan

7. Processing 7. Actual computer processing – none

Use of results – depends on application

8. Evaluation 8. Full responsibility

12. Automated microcomputer work paper software generally consists of trial

balance and adjustment worksheets, working paper (lead schedule) forms, easy

facilities for adjusting journal entries, and electronic spreadsheets for various

analyses.

13. A microcomputerized electronic spreadsheet can be used instead of paper and

pencil to create the form of a bank reconciliation, with space provided for text

lists of outstanding items (using the label input capability), and math formulas

inserted for accurate arithmetic in the reconciliation. Printing such a

reconciliation is easy (and much prettier than most accountants’ handwriting!).

14. With either data base or spreadsheet software packages, macros (sets of

instructions) can be developed for retrieving data from the working trial balance

and converting this data into classified financial statements. If one or more

subsidiaries are to be included, the consolidated process can also be automated

by the inclusion of special modules designed for that purpose. The standard

audit report, as well as recurring footnotes, can be included in the data base, and

modified to fit the circumstances of the current year’s audit results.

Page 70: Chapter 11 to 29 Aud

11-70 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-70

15. Relational data base packages have all the advantages of spreadsheets, and, in

addition, have the capacity to store and handle larger quantities of data. They

are especially useful in manipulating large data bases, such as customer accounts

receivable, plant assets, and inventories.

II. Multiple Choice Questions

1. a 5. d 9. b 13. c 17. b

2. c 6. d 10. d 14. a 18. c

3. c 7. c 11. b 15. d 19. d

4. d 8. b 12. b 16. b

III. Comprehensive Cases

Case 1. a. Auditing “around” the computer generally refers to examinations of

transactions in which a representative sample of transactions is traced from

the original source documents, perhaps through existing intermediate

records in hard copy, to output reports or records, or from reports back to

source documents. Little or no attempt is made to audit the computer

program or procedures employed by the computer to process the data. This

audit approach is based on the premise that the method of processing data is

irrelevant as long as the results can be traced back to the input of data and

the input can be validated. If the sample of transactions has been handled

correctly, then the system outputs can be considered to be correct within a

satisfactory degree of confidence.

b. The CPA would decide to audit “through” the computer instead of “around”

the computer (1) when the computer applications become complex or (2)

when audit trails become partly obscured and external evidence is not

available.

Auditing “around” the computer would be inappropriate and inefficient in

the examination of transactions when the major portion of the internal

control system is embodied in the computer system and when accounting

information is intermixed with operation information in a computer

program that is too complex to permit the ready identification of data inputs

and outputs. Auditing “around” the computer will also be ineffective if the

sample of transactions selected for auditing does not cover unusual

transactions that require special treatment.

c. (1) “Test data” is usually a set of data in the form of punched cards or

magnetic tape representing a full range of simulated transactions, some of

Page 71: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-71

18-71

which may be erroneous, to test the effectiveness of the programmed

controls and to ascertain how transactions would be handled (accepted or

rejected) and if accepted, the effect they would have on the accumulated

accounting data.

(2) The auditor may use test data to gain a better understanding of what the

data processing system does, and to check its conformity to desired

objectives. Test data may be used to test the accuracy of programming

by comparing computer results with results predetermined manually.

Test data may also be used to determine whether errors can occur

without observation and thus test the system’s ability to detect

noncompliance with prescribed procedures and methods.

Assurance is provided by the fact that if one transaction of a given type

passes a test, then all transactions containing the identical test

characteristics will – if the appropriate control features are functioning

– pass the same test. Accordingly, the volume of test transactions of a

given type is not important.

d. In addition to actually observing the processing of data by the client, the

CPA can satisfy himself that the computer program tapes presented to him

are actually being used by the client to process its accounting data by

requesting the program of a surprise basis from a computer librarian and

using it to process test data.

The CPA may also request, on a surprise basis, that the program be left in

the computer at the completion of processing data so that he can use the

program to process his test data. This procedure may reveal computer

operation intervention. If, so, ensures that a current version of the program

is being audited, an important procedure in computer installations newly

installed and undergoing many program changes. To gain further assurance

about this matter, the CPA should inquire into the client’s procedures and

controls for making program changes and erasing superseded program

tapes, and should examine log tapes where available.

Case 2. a. Document retention

IMPACT ON THE INTERNAL CONTROL SYSTEM: In on-line real time

systems and EDI systems, the audit trail is frequently modified in the form

of reduced documentation. To compensate, internal controls should provide

for adequate input editing, as well as some form of transaction log as

documentation at the input stage.

IMPACT ON THE INDEPENDENT AUDIT: In examining internal

control, under these circumstances, the auditor must rely more on

observation, inquiry, and reprocessing of transactions for control testing

purposes, and less on document testing. If documents are retained for only

Page 72: Chapter 11 to 29 Aud

11-72 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-72

a short period, the auditor should also consider the feasibility of frequent

visits for both substantive and control testing purposes.

b. Uniformity of processing

IMPACT ON THE INTERNAL CONTROL SYSTEM: The impact of this

internal control characteristic is to generally strengthen control by

increasing the consistency of processing. Once the proper controls are

installed and tested, processing consistency increases the accuracy of

transaction processing over that which exists in manual systems.

IMPACT ON THE INDEPENDENT AUDIT: The auditor must emphasize

control study and testing at the point of transaction input and processing to

determine that the necessary controls exist and are functioning. Upon

determining that the necessary input and processing controls are in place

and functioning properly, the auditor may elect to perform little or no

document testing.

c. Concentration of functions

IMPACT ON THE INTERNAL CONTROL SYSTEM: In manual systems,

separation of functional responsibilities provides a double-check for the

purpose of enhancing processing accuracy. In EDP accounting systems,

consistency of processing removes the need for double-check.

IMPACT ON THE INDEPENDENT AUDIT: The auditor must determine

that the necessary input editing controls are in place and functioning to

ensure that transactions are accurately introduced into the processing

stream. Moreover, to ensure checks and balances within the electronic data

processing function, the auditor should study the organizational structure of

the EDP group to ascertain proper separation among the following

functions:

Systems analysis and design

Program design, development, and testing

Computer operations involving data processing

Distribution of EDP output and reprocessing of errors

d. Access to data bases

IMPACT ON THE INTERNAL CONTROL SYSTEM: The greater the

number of input terminals providing access to data bases, and the more

integrated the data base, the greater the danger of unauthorized access. To

protect the data bases under these circumstances, the internal control

policies and procedures should provide for effective control over

identification codes and passwords permitting access to data bases; and the

control policies should also fix responsibility in designated individuals for

specified elements of data bases.

Page 73: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-73

18-73

In batch systems, access to magnetic tape and disk files and programs

should be secured by assigning responsibility over these files to one or more

individuals designated as “librarians,” and instituting a formal “checkout”

system for releasing and reacquiring files and programs.

IMPACT ON THE INDEPENDENT AUDIT: The auditor should

determine that proper control over I.D. codes and passwords exists, that

codes and passwords are changed frequently and voided upon termination

of employment, and that responsibility for elements of data bases has been

appropriately fixed.

In batch systems, the auditors should determine that tape and disk files and

programs stored off-line are properly secured.

Case 3. a. Test data approach: The auditor prepares simulated input data (both valid

and invalid transactions) that are processed, under the auditor’s control, by

the client’s processing system.

Advantage: A good way of testing existing controls for proper functioning.

Disadvantage: Difficulty in designing comprehensive test data; Difficulty

in ascertaining whether the programs tested are the same programs used by

the client in processing actual transactions and events during the year.

ITF approach: The auditor creates a fictitious entity within the client’s

actual data files, and processes simulated data during live processing by

client. The auditor then compares the results of processing with anticipated

results.

Advantage: Greater assurance that programs tested are programs used by

the client (the approach can be applied at different points in time during the

year).

Disadvantage: Difficult to remove test data from the system without

harming client’s files.

Tagging and tracing: This is a technique whereby an identifier or “tag” is

affixed to a transaction record; and the tag triggers “snapshots” during the

processing of transactions. Following the tagged transactions through the

system permits the auditor to evaluate the logic of the processing steps and

the adequacy of programmed controls.

Advantage: The use of actual data eliminates the need for removing data

from the client’s processing system.

Page 74: Chapter 11 to 29 Aud

11-74 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-74

Disadvantage: The auditor analyzes the transactions only after processing

is completed.

SCARF: A systems control audit review file is an audit log used to collect

information for subsequent analysis and review. An imbedded audit

module monitors selected transactions as they pass by specific processing

points. The module then captures the input data so that relevant

information, accessible only by the auditor, is displayed at key points in the

processing system.

Advantage: Utilizes real- rather than simulated-transaction data, and does

not require reversing the entries.

Disadvantage: Does not necessarily capture erroneous data.

Surprise audit: The auditor, on an unannounced basis, requests copies of

client’s programs, and compares them with auditor’s copy of authorized

versions.

Advantage: Assists the auditor in determining whether client personnel are

using authorized versions of programs in processing data.

Disadvantage: Auditor may not always be notified by the client when

program changes are made, thus making the comparison irrelevant.

b. Inasmuch as each of the above alternatives have distinct advantages and

disadvantages, a combination approach overcomes the disadvantages

resulting from using a single approach. Using ITF, for example on a few

simulated transactions, while applying the tagging and tracing or SCARF

approach for numerous actual transactions, provides effective testing of

control procedures for error prevention and detection, without requiring the

reversal of a large number of simulated transactions from the client’s

system.

c. In auditing around the computer, the auditor predetermines the processing

results (output) of selected input data, and compares the predetermined

results with actual computer output. The advantage of this approach is its

ease of application; a significant disadvantage is that the auditor gains no

understanding of how the computer processes data, nor of the controls

which have been incorporated into the computer programs.

In auditing through the computer, the auditor actually tests the programmed

controls used in processing specific applications. Such techniques as design

phase auditing, ITF, tagging and tracing, SCARF, test data, and surprise

audit are examples of auditing through the computer.

Page 75: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-75

18-75

d. Parallel simulation is an automated version of auditing around the computer

in that the auditor creates a set of application programs that simulate the

processing system, and compares output from the real and simulated

systems. Comparison of input with output ignores the essential

characteristics of the processing system and assumes that if the outputs are

identical, the system is processing transactions accurately.

The auditor might elect to use parallel simulation in combination with

design phase auditing. Design phase auditing ensures that the necessary

controls are installed during system design. By permitting the auditor to

test large volumes of transactions, parallel simulation helps to confirm

whether these controls are working.

Case 4. (a) Test decks, also called “test data,” are sets of computer input data which

reflect a variety of auditor-identified transactions for verification through

actual computer processing to detect invalid processing of results (i.e.,

existing programs run test data). Ideal test data should present the

application under examination with every possible combination of

transactions, master file situations, and processing logic which could be

encountered during actual comprehensive processing. Test data are usually

processed separately from actual data using copies of master files. Test

decks are most feasible when the variety of transactions processing and

controls is relatively limited (i.e., fairly simple files).

Uses include checking and verifying: (1) input transaction validation

routines, error detection, and application system controls, (2) processing

logic, and controls associated with creation and maintenance of master files,

(3) computational routines such as interest and asset depreciation, and (4)

incorporation of program changes.

(b) Parallel simulation consists of the preparation of a separate computer

application that performs the same functions as those used by the actual

application programs. The simulation programs read the same input data as

the application programs, use the same files, and attempt to produce the

same results (e.g., real data run through test programs). These simulated

results are matched with those from the live programs, providing a means

for testing through comparison.

Uses include all those cited for test decks.

(c) The integrated test facility approach permits the introduction of auditor-

selected test data into a computer system with actual or “live” data and then

traces the flow of transactions through the various system processing

Page 76: Chapter 11 to 29 Aud

11-76 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-76

functions for comparison to predetermined actual results. An ITF involves

the creation or establishment of a “dummy” entity (e.g., a branch or

division) to receive the results of the test processing. Therefore,

transactions are processed against the test entity together with actual

transactions. Test data must be removed from the entity’s records upon

completion of the test. Uses are identical to the test deck technique.

(d) Tagging and tracing and SCARF are forms of transaction tracking provided

only for auditor selected computer inputs carrying a special code. If the

capability is provided in the application system in advance, the attachment

of a code to any input transaction can be made to generate a printed

transaction trail for that item following each step of the application

processing.

Uses include: (1) determining the impact of specific transactions on master

records or calculations in high volume systems, (2) “flagging” unusual or

abnormal transactions, and (3) “debugging” application programs.

Case 5. In an audit of a computer-based system, adequate training and experience must

be directly related to EDP. In particular, the auditor should be knowledgeable of

what computer systems do, how to test the operations of an EDP system, and

how to use EDP-unique documentation.

The training and proficiency standard contributes to satisfaction of the

independence standard by enabling the auditor to make his own decisions and

judgments. Otherwise, he might tend to subordinate his judgment to other

persons, possibly to client personnel. When the auditor lacks training and

proficiency, it is virtually impossible to maintain an operational independence

over audit decisions. An independence of mental attitude is futile if actual

decisions are subordinated to others.

The exercise of due audit care requires a critical review at every level of audit

supervision of the work done and the decisions made by auditors. Lacking the

requisite skills and lacking independent decisions, the due care expected of an

auditor at operational, supervisor, and review levels cannot be delivered.

The Philippine Standards on Auditing require adequate planning and supervision

of assistants. Training and proficiency in computer systems auditing is

necessary in order to plan access to computerized records, programs, and to

obtain machine time for conducting audit procedures. The planning should

provide for an early examination of the computer system so that further

procedures involving non-computer control and accounting features may be

planned should they depend upon computer control procedures.

Page 77: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-77

18-77

Training and proficiency are very important for being able to obtain an

understanding of the internal control structure in a computer system. Client

personnel will expect audit personnel to be capable of working with a computer

system.

The Philippine Standards on Auditing also require the auditor to obtain

sufficient competent evidential matter to provide a basis for an opinion on

financial statements. Documentary evidence relating to a computer system

includes program flow charts, logic diagrams, and decision tables that are not

normally used in non-computer systems. Since these types of documentation are

a part of the evidence, they must be understood by the auditor, and

understanding of them comes through training and proficiency in their use.

CHAPTER 23

TESTS OF CONTROLS

I. Review Questions

1. Directly. Higher levels of control risk induce auditors to audit larger samples of

receivables, with confirmation date closer to the fiscal year end date. As for

nature of the procedures: higher levels of control risk induce auditors to use

positive confirmations instead of negative confirmations, and to consider

vouching subsequent payments by the customers.

2. A “walk through” is the process of following a transaction from its initiation

(customer order in the Revenue Cycle) through all the various processing steps

until it is recorded in the formal accounting records (accounts receivable and

sales). Usually samples of all documents are collected (sales order, sales

invoices, sales return slip, credit memo, shipping document, remittance advice

and daily remittance report) and notes are made of procedures each person

performs.

The purpose of the “walk through” is to obtain an understanding of the

transaction flow, the control procedures and populations of documents that may

be utilized in test of controls auditing.

3. The review (obtaining an understanding) of the control structure is primarily a

process of identifying control procedures (strengths) and lack of controls

(weaknesses) which will affect subsequent substantive procedures.

4. The internal auditors should, through periodic checks, ensure that the control

account is periodically reconciled to the customer subsidiary accounts, bank

Page 78: Chapter 11 to 29 Aud

11-78 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-78

statements are reconciled and that all prenumbered documents, especially

invoices, have all numbers accounted for. Some internal auditors also confirm

accounts receivable. Internal auditors also might review and evaluate customer

complaints for signs of weaknesses in the procedures leading to errors in

accounts receivable.

5. The features of a cash receipts internal control system which would be expected

to prevent an employee from absconding with company funds and covering with

funds from the employee pension fund is the prohibition against one employee

having custody of company funds and noncompany funds. The auditor can

detect such transfers by controlling and counting both funds simultaneously.

To prevent the cash receipts journal and recorded cash sales from reflecting

more than the amount shown on the daily deposit slip, the internal control

system should provide that receipts be recorded daily and intact. A careful bank

reconciliation by an independent person could detect such errors.

6. The evaluation after the review phase was to determine which controls appeared

adequate as a basis for justifying a low control risk assessment. The final

assessment after test of controls auditing is to determine if the controls are

actually operating as well as they appeared to be.

7. The objectives of internal control relate to transactions, and by category are:

validity, completeness, authorization, accuracy, classification, accounting and

proper period. The objectives expensed in general terms and specific terms

applied to cash receipts are as follows:

General Objective

Example of Cash Receipts

Specific Objective

1. Recorded transactions are valid

and documented.

1. Recorded cash receipts are

supported by remittance advices.

2. All valid transactions are recorded

and none omitted.

2. All cash receipts are entered in the

daily remittance list, deposited

intact and recorded in the accounts

receivable control account.

3. Transactions are authorized by

company policy.

3. Cash receipts for transactions other

than merchandise sales (scrap

sales, sales of fixed assets) are

properly authorized.

4. Transaction peso amounts are

properly calculated.

4. Cash receipts are compared to

invoice terms to determine proper

cash discounts.

5. Transactions are properly

classified in the accounts.

5. Cash receipts for nonmerchandise

sales are posted to proper accounts.

Page 79: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-79

18-79

6. Transaction accounting is

complete.

6. All cash receipts for credit sales are

posted to customer individual

accounts.

7. Transactions are accounted in the

proper period.

7. Cash receipts are deposited daily

intact and recorded as of date

received.

8. If the credit limits are set and entered incorrectly, the credit approval process

will be systematically deficient.

9. The functions which should be separated to maintain internal control in a

purchasing system include (1) custody of the goods (receiving and stores

departments), (2) authority to initiate a transaction (purchasing department) and

(3) bookkeeping (accounts payable department, inventory record-keeping

department).

10. The “walk through” of a purchase transaction would begin with the preparation

of the requisition by the Stores department, through the bidding process and

preparation of the purchase order by the purchasing agent, to receipt of vendor’s

invoices and receiving report by the purchasing agent and finally to accounts

payable voucher preparation. Procedures would be observed and notations

made on document samples of procedures followed.

Documents are collected to note where documentary evidence exists or control

procedures being followed. The following documents would be collected:

requisition, purchase order, receiving report and voucher. The “walk through”

and sample documents would assist the auditor in understanding the flow of

transactions.

11. a. Blank vouchers kept in secure location available only to authorized

personnel.

b. Blank supporting documents (invoices, receiving reports, requisitions,

purchase orders) kept in secure locations available only to authorized

personnel.

c. Supporting documents canceled by Cash Disbursement function when

checks are prepared.

d. Separation of duties of preparers of supporting documents, preparation of

vouchers, check preparation, and check signing.

e. Vouchers and other supporting documents reviewed by check signers.

f. Checks mailed directly by signer and not returned to accounts payable.

12. Authorization for vouchers payable recording mainly consist of an approved

purchase order, a receiving report, and an accurate vendor invoice. Auditors

should look for purchase approval signatures, receiving approval signatures, and

Page 80: Chapter 11 to 29 Aud

11-80 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-80

approval of the vendor invoice – checks by client for proper quantity, price, and

discount.

13. The point of this quotation is to generate discussion on the source of errors and

therefore the controls necessary when an accounting process is computerized.

Discussion items might include the following:

1. People have bad days and make mistakes; computers do not have bad days.

2. Murphy’s Law – If it is possible to make an error, someone will find a way

to do it.

3. People initiate the transactions and will make errors.

4. All controls should be considered together (manual and computer).

Excellent computer controls cannot be relied upon if the related manual

controls are weak.

5. In computer systems, it is extremely important to establish extensive input

validation controls to prevent people errors from getting into the processing

(GIGO – garbage in, garbage out).

6. People can prevent a good computer system from working well if they are

not convinced it is in their best interests.

7. People will rarely question computer printed output, even though it may not

be correct.

8. Most computer controls are to prevent, detect, or correct errors made by

people.

14. The purpose of the auditor’s search for unrecorded liabilities is to gather

evidence as to whether the liability assertion is true. The same concern exists in

the internal control objective “all valid transactions are recorded and none are

omitted.” From an evidence gathering perspective, it is much more difficult to

gather evidence on unrecorded transactions than to gather evidence that recorded

transactions (and account balances) are proper.

The search for unrecorded liabilities includes procedures in other audit areas

such as questions on bank and insurance confirmations and vouching the source

of funds for asset additions. Specific audit procedures in the search for

unrecorded liabilities include:

1. Obtain vendor’s invoices (or accounts payable vouchers) recorded for

several days after the balance sheet date to determine if the liability relates

to the balance sheet period under audit.

2. Scan cash disbursements for several days subsequent to year-end and vouch

to support to determine if cutoff was proper. Scan all cash disbursements

until the end of field work for unusual amounts and payees to determine if

amounts paid represent liabilities of the balance sheet period.

3. Examine BIR tax reports and correspondence and the audit reports of tax

authorities and trace additional tax assessments to the accounts.

4. Confirmation of accounts payable.

Page 81: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-81

18-81

5. Use analytical procedures such as trend comparisons of accounts payable to

sales, sales taxes to sales, payroll taxes to gross payroll and interest expense

to average notes payable.

15. A “walk through” involves following a transaction from initiation through the

various steps until the transaction is recorded in the formal accounting records.

In the conversion cycle, the following would constitute a complete “walk

through:”

Step Documents Collected Controls Noted

Prepare production

orders

Production Order (P.O.) Support for P.O.

Prepare bill of materials

and manpower needs

Bill of materials (B.M.)

Manpower needs (M.N.)

Separation planning

from production.

Assign job order and

foreman

Note separation

production supervisor

from foreman duties.

Job tickets and material

requisitions prepared

Job tickets (JT)

Material requisition (MR)

Production foreman

duties separated from

authorization.

Raw material records

updated, issue slips

prepared

Issue slip (IS) Materials not issued

without MR. IS

prepared for all materials

released.

Observe time entered

and foreman approval on

JT

Approval by foreman of

hours.

Direct labor report

prepared

Labor report (LR) Job tickets support L.R.

Observe timekeeping,

compare job tickets to

clock cards

Reconciliation hours per

clock cards to hours per

J.T.

Material used report

prepared

Material used report

(MUR)

Issue slips and

requisitions support

MUR.

Observe matching issue

slips and material used

report

Records from sources

reconciled.

Observe matching job

time tickets (or labor

distribution) to labor

report

Records from separate

sources reconciled.

Page 82: Chapter 11 to 29 Aud

11-82 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-82

Enter costs in job cost

sheets

Job cost sheets (JCS) Support for all entries in

JCS.

Summary entry

prepared.

Summary entry form Job cost sheets support

summary entries.

Trace summary entry to

General Ledger posting

Separation of duties; cost

accounting and general

ledger.

Preparation of

completion report

Report of units

completed (RUC)

Independent report of

production completed.

Observe units compared

to RUC, post finished

records

Independent check of

RUC.

Products received report

prepared

Products received report

(PRR)

Independent records of

units put into finished

goods inventory.

Observe comparison

RUC and PRR

Records from separate

sources reconciled.

Job sheets closed out,

summary entry prepared

Summary entry form Closed job sheets, RUC

and PRR support

summary entries.

Trace summary entry to

General Ledger posting

Separation of duties; cost

accounting and general

ledger.

16. Weaknesses (lack of control where auditors believe one is necessary) are not

audited because auditors do not rely upon weaknesses to prevent, detect or

correct material errors. Auditors must consider the financial impact of

weaknesses on financial statements and plan substantive tests accordingly.

A control strength may be identified in interviews during the review phase (or in

preparing the flowcharts or questionnaires), but during test of controls auditing,

found to be nonexistent or operating ineffectively. For example, in the

conversion cycle the production management may state that foremen approve

workers’ job time tickets. However, when a sample of job time tickets are

examined by auditors for evidence of approval, none is found. Thus, a weakness

is not found until the control is tested. Therefore, control risk should not be

assessed low until evidence is gathered that the control is operating effectively.

17. The purpose of this review question is to foster discussion toward what

information an independent auditor needs to know. Items relevant to the

quotation might include:

Page 83: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-83

18-83

1. Reference to the standard regarding “adequate technical training and proficiency

as an auditor.”

2. Reference to the standard regarding “due professional care.”

3. Obviously, the auditor must be knowledgeable about cost accounting to

audit a manufacturing company.

4. In a manufacturing company, the inventories most likely will be a major

asset which will require substantial audit work.

5. A proficient auditor must be knowledgeable in all phases of the business,

including production, marketing, finance as well as accounting data

processing.

18. The surprise observation enables the auditor to see how the distribution system

really works and increases his chances of detecting fraud. Such an observation

involves taking control of paychecks, then accompanying a client representative

as the distribution takes place. The auditor checks to see that each employee is

identified and that only one check is given to each individual. Unclaimed

checks are controlled and examined to detect any fictitious persons on the

payroll.

19. A “walk through” of a personnel and payroll transaction would include

discussions with each person handling personnel and payroll records. The

following illustrates the steps and documents collected.

Steps Document(s) Collected

Hiring – personnel dept. Authorization to hire and rate assignment

Deductions – personnel

dept.

Personnel forms, employee authorization for

deductions

Timekeeping Clock card

Shops Job time ticket

Cost distribution Labor distribution sheet

Accounts payable Payroll voucher

Cash disbursement Payroll checks

If the payroll is processed by computer, the clock cards and job time tickets

would be traced to batch control in the timekeeping and production departments,

to data preparation (keying to machine sensible form), to edit and validation

error reports and other computer output indicating control and finally to

computer prepared checks, labor distribution reports and summary general

ledger entries.

II. Multiple Choice Questions

1. c 5. a 9. d 13. b 17. d

2. c 6. c 10. b 14. a 18. d

3. b 7. c 11. a 15. c 19. c

Page 84: Chapter 11 to 29 Aud

11-84 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-84

4. c 8. b 12. a 16. d 20. b

III. Comprehensive Cases

Case 1. 1. Controlled access to blank sales invoices.

a. Observation. Visit the storage location yourself and see if unauthorized

persons could obtain blank sales invoices. Pick some up yourself to see

what happens.

b. Someone could pick up a blank and make out a fictitious sale.

However, getting it recorded would be difficult because of the other

controls such as matching with a copy from the shipping department.

(Thus a control access deficiency may be compensated by other control

procedures.)

2. Sales invoices check for accuracy.

a. Vouching and Recalculation. Select a sample of recorded sales

invoices and vouch quantities thereon to bills of lading, vouch prices to

price lists, and recalculate the math.

b. Errors on the invoice could cause lost billings and lost revenue or

overcharges to customers which are not collectible (thus overstating

sales and accounts receivable).

3. Duties of accounts receivable bookkeeper.

a. Observation and Inquiry. Look to see who is performing bookkeeping

and cash functions. Determine who is assigned to each function by

reading organization charts. Ask other employees.

b. The bookkeeper might be able to steal cash and manipulate the

accounting records to give the customer credit and hide the theft.

(Debit a customer’s payment to Returns and Allowances instead of to

cash, or just charge the control total improperly).

4. Customer accounts regularly balanced with the control account.

a. Recalculation. Review the client’s working paper showing the

balancing/reconciliation. Do the balancing yourself.

b. Accounting entries could be made inaccurately or incompletely and the

control account may be overstated or understated.

Case 2. The discussion could take several directions, including some or all of the

following:

1. Material Weakness. The facts seem to suggest “a condition in which

specific control features (few or none are described) or the degree of

compliance with them do not reduce to a relatively low level the risk that

errors or irregularities in amounts that could be material to the financial

statements may occur and not be detected within a timely period by

Page 85: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-85

18-85

employees in the normal course of performing their assigned functions.”

Castro has authority and influence over too many interrelated activities.

Nothing he does seems to be subject to review or supervision. He even is

able to exclude the internal auditor.

An identification of the potential irregularities will illustrate the misdeeds

he can perpetrate almost single-handedly.

2. Potential irregularities include:

a. Castro can collude with customers to rig low bids and take kickbacks,

thereby depriving the company of legitimate revenue.

b. Castro can direct purchases to favored suppliers, pay unnecessarily

high prices and take kickbacks. He might even set up a controlled

dummy company to sell overpriced materials to the company. No

competitive bidding control prevents these activities.

c. Castro, through the control of physical inventory, can (i) remove

materials for himself, and (ii) manipulate the inventory accounts to

conceal shortages.

d. Castro can order truck shipping services for his own purposes and

cause the charges to be paid by the company.

e. Castro can manipulate the customer billing (similar to a above) to

deprive the company of legitimate revenue while taking an

unauthorized commission or kickback.

3. Almost every desirable characteristic of good internal control has been

circumvented:

a. Segregation of Functional Responsibilities. Castro has authorization

and custodial responsibilities.

b. Authorization, Supervision. Castro is apparently subject to no

supervision or review. The accounting staff is probably powerless to

challenge transactions because of Samuel’s apparent approval of

Castro’s powers.

c. Controlled Access. The whole situation gives Castro access to

necessary papers, records, and assets to carry out his one-man show.

d. Periodic Comparison. No one else apparently has any access to the

materials inventory in order to conduct an actual count for comparison

to the book value (recorded accountability) of the inventory.

Case 3. The purpose of this question is to get the student to consider where the functions

that are considered incompatible in a manual system occur in a computer

system.

The functions should be separated in a manual or computer accounting system

such that different people authorize the sales transactions, record the

Page 86: Chapter 11 to 29 Aud

11-86 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-86

transactions, have custody to the assets (inventory) and reconcile the books to

the assets.

Different people should: indicate the sales order source document (authorize),

prepare the computer program (authorize and record), operate the computer

(record), have custody of inventory and correct errors (reconciliation).

Case 4. If the credit limits are set and entered incorrectly, the credit approval process

will be systematically deficient.

Case 5. Memorandum

TO: Board of Directors, The Potter Art League FROM: (Student’s name) DATE: SUBJECT: Control weaknesses related to Cash Admission Fees You requested a report which identifies the weaknesses in the existing system of cash

admission fees and my recommendations. Below are the weaknesses that exist and my recommendations for procedures that overcome these weaknesses. I will be pleased to discuss these at the next board meeting and offer further explanations that may be necessary.

Weakness: There is no segregation of duties between persons responsible for collecting

admission fees and persons responsible for authorizing admission.

Recommendation: One clerk (hereafter referred to as the collection clerk) should collect admission fees and issue prenumbered tickets. The other clerk (hereafter referred to as the admission clerk) should authorize admission upon receipt of the ticket or proof of membership.

Weakness: An independent count of paying patrons is not made.

Recommendation: The admission clerk should retain a portion of the prenumbered admission ticket (admission ticket stub).

Weakness: There is no proof of accuracy of amounts collected by the clerks.

Recommendation: Admission ticket stubs should be reconciled with cash collected by the treasurer daily.

Weakness: Cash receipts are not promptly prepared.

Recommendation: The cash collections should be recorded by the collection clerk daily on a permanent record that will serve as the first record of accountability.

Page 87: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-87

18-87

Weakness: Cash receipts are not promptly deposited. Cash should not be left undeposited

for a week.

Recommendation: Cash should be deposited at least once each day. Weakness: There is no proof of accuracy of amounts deposited.

Recommendation: Authenticated deposit slips should be compared with daily cash collection records. Discrepancies should be promptly investigated and resolved. In addition, the treasurer should establish a policy that includes an analytical review of cash collections.

Weakness: There is no record of the internal accountability of cash.

Recommendation: The treasurer should issue a signed receipt of all proceeds received from the collection clerk. These receipts should be maintained and should be periodically checked against cash collection and deposit records.

Case 6. a. The purposes of these audit procedures are:

1. To substantiate the validity of the asset “cash” in the balance sheet, as it

may substantially consist of “cash in transit” from several sales

divisions.

2. To determine proper cash “cutoff”, i.e., to detect any unintentional

errors overstating or understating cash between the current and the

following accounting period.

3. To disclose “kiting” (if any), e.g., perpetrated by the home office

cashier in collusion with one or more sales divisions employees.

b. Audit Program for Sales Divisions – Audit Steps

1. Prepare a schedule of transfer payments made by the branch for a

period covering two weeks prior and two weeks after the end of the

fiscal period showing:

Check number

Date of entry in cash disbursements book

Amount of check

Date of perforation by paying bank

Transfer checks outstanding at the date of cutoff

Transfer checks outstanding at the date of reconciliation.

2. Compare dates of issue on canceled checks and of entries.

3. Trace and compare dates of perforation and dates of payment on the

bank statement and the “cutoff” statement.

4. Compare dates of issue of checks to date of perforation looking for:

a. unusual delays in payment

b. discrepancy in accounting periods for the two dates.

Page 88: Chapter 11 to 29 Aud

11-88 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-88

5. Scan cancelled checks and cash disbursements records during the year

for:

a. names of payees,

b. consecutive numbers of checks to determine whether any payments

other than regular transfers to main office were made from this

account.

6. Reconcile individually several transfers during the year to

corresponding collections presumed to be transferred as of each

individual date.

7. Reconcile total collections for the year to total transfers.

Case 7. 1. a. Recorded payroll transactions are valid (no fictitious employees).

b. Paychecks might be delayed and terminated workers might continue to

be “paid” (with theft of check by someone else) if payroll is not

promptly notified of new hires and terminations.

2. a. Recorded payroll deductions are valid.

b. Incorrect amounts might be deducted from pay.

3. a. Recorded payroll transactions are valid and authorized.

b. If payroll department personnel were also responsible for time records,

they would have effective control over transaction authorization (i.e.,

hours worked approval) and could overpay themselves or friends.

4. a. Payroll and labor cost transactions are complete.

b. Cost accounting records might contain more or fewer pesos than

actually paid (per payroll data). Simple errors in cost analyses might

occur.

CHAPTER 24

SUBSTANTIVE TESTS OF TRANSACTIONS AND BALANCES

I. Review Questions

1. The cutoff bank statement is a bank statement sent by the bank directly to the

auditor, and it is usually for a fifteen or twenty day period following the

Page 89: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-89

18-89

reconciliation date. The basic use of the statement by the auditor is to determine

whether outstanding checks were actually mailed before the reconciliation date.

2. All cash funds (and negotiable investment stock and bond certificates) should be

counted at the same time (simultaneously) so that money (or securities) cannot

be shifted from one location to another to conceal a shortage. If simultaneous

count cannot be made, as each fund (or each negotiable asset) is counted, it

should be locked and sealed until all are counted.

3. Kiting is the practice of recording a deposit of an interbank transfer in one

period, but delaying the recording of the disbursement until the next period –

thus double counting the amount of the transfer. It is used to cover up a cash

shortage. Auditors schedule all bank transfers around the year-end and examine

the dates deposited and disbursed per books and the dates deposited and

disbursed per bank. Thus, the auditors can determine if both sides of the

transfers are recorded in the same period and the proper period.

4. A “positive” confirmation is a request for a response from an independent party

who the auditor has reason to expect is able to reply. A “negative” confirmation

is a request for a response from the independent party only if the information is

disputed. Negative confirmations should also be sent only if the recipient can be

expected to detect error and reply accordingly.

5. Generally, vouching of documentation underlying receivables balances is

deferred until after confirmation. Then vouching is performed in regard to

accounts for which confirmations were mailed but no replies received.

Additionally, vouching may be used to gather evidence about account

discrepancies and disputes indicated on confirmation responses.

6. Sales cutoff is audited by selecting sales invoices, shipping documents, and

contracts created in the period (usually 10 days to two weeks) before and after

the fiscal year-end. The transactions are traced to the sales and receivables

accounts to prove whether they were recorded in the proper period. Similarly,

recorded sales in this period may be vouched to underlying documents to

determine whether recording was in the proper period.

7. Refer to pages 458 to 460; 824 to 825; 827 to 828.

8. To prevent embezzlement through creation of fictitious credit memos, the

internal control system should provide that all credit memos be prenumbered,

controlled, and approved by a party independent of the preparer. Additionally,

credit memos should be approved only with proper supporting documentation,

e.g., a receiving report or correspondence.

Page 90: Chapter 11 to 29 Aud

11-90 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-90

9. Auditors get in the most trouble by missing overstated assets and understated

liabilities. Therefore, they need to audit for the existence of assets and the

completeness of liabilities.

10. Notes payable audit evidence obtained from a standard bank confirmation used

in the audit cash. Sales tax liability derived partially from the audit of sales

revenue (also commissions payable and excise taxes payable). Income tax

liability is derived from the net income number (audit of all revenue and

expense accounts).

11. The types of fraud and material misstatement with respect to cash disbursements

include:

1. The sending of checks to a fictitious person or company to accomplices outside

(coupled with internal record alterations).

2. The increasing (altering) of amounts payable to outside accomplices.

3. The intercepting of payments to a bank (coupled with internal record

alterations).

4. The drawing of checks payable to cash or bearer for one’s own use.

The procedures auditors use most frequently to detect cash disbursement embezzlement

schemes include:

1. A proof of cash – a recalculation – which reconciles cash receipts and

disbursements per the bank statement with receipts and disbursements

recorded in the accounts. The auditor will satisfy himself as to the propriety

of all checks payable to “cash” or bearer, NSF checks, and checks drawn to

officers and other employees.

2. The confirmation with all bank creditors of amounts owed, terms and

activity during the period.

3. The auditor’s test of purchase transactions – vouching, tracing and

recalculation in regard to purchase orders, supplier invoices, cash

disbursement journal and voucher register.

4. The auditor’s obtaining satisfaction of the proper separation of functions:

To establish that a proper separation exist, the auditor will not only examine

internal records purporting a proper separation, he will also examine

documents for compliance and observe personally the flow of operations

and activities.

12. The characteristics that the auditor is looking for in his review of the client’s

inventory-taking instructions include:

1. Names of client personnel responsible for the count.

2. Dates and times of inventory-taking.

3. Names of client personnel who will participate in the inventory-taking.

Page 91: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-91

18-91

4. Detail instructions for recording accurate descriptions of inventory items,

for count and double-count, and for measuring or translating physical

quantities.

5. Detail instructions for making notes of obsolete or worn items.

6. Detail instructions for the use of tags, punched cards, count sheets, or other

media devices, and for their collection and control.

7. Plans for shutting down plant operations or for taking inventory after store

closing hours, and plans for having goods in proper places.

8. Plans for counting or controlling movement of goods in receiving and

shipping areas if those operations are not shut down during the count.

9. Detail instructions for compiling the count media (e.g., tags and punched

cards) into final inventory listings or summaries.

10. Detail instructions for pricing the inventory items.

11. Detail instructions for review and approval of the inventory count, notations

of obsolescence, or other matters by supervisory personnel.

13. As is true in other areas of a financial audit, verbal inquiry is a valuable tool for

obtaining preliminary evidence in the audit of inventory and cost of sales. For

example, the auditor can gain information such as the locations of inventory,

dates for the physical count, inventory held by consignees and public

warehouses, the cost-flow assumption used to price cost of goods sold and

inventories, and the pledging of inventory as collateral on loans.

In addition to providing preliminary evidence, verbal inquiry frequently

provides information about the status and value of slow-moving inventory,

apparently worn, damaged or obsolete inventory, and the existence of large

inventory stockpiles.

14. Cost of goods sold is generally audited through a combination of limited

vouching and extensive analytical procedures.

Inventory balances are generally audited through heavy reliance on observation,

vouching and recalculation, with much less emphasis on analytical procedures.

15. The auditor can obtain preliminary evidence through physically observing plant

facilities and making verbal inquiries; for example, evidence can be obtained

regarding the quantity and size of assets, their location and apparent physical

condition, the activity surrounding them, and ownership of the facilities.

Further preliminary evidence of existence may be gained by a review of internal

management reports. Examples of such reports include capital expenditure

proposals, capital budgets, construction cost or acquisition cost postanalysis,

maintenance and repair reports, reports of sales or retirements, and insurance

and property tax analyses.

Page 92: Chapter 11 to 29 Aud

11-92 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-92

The preliminary evidence should be corroborated by auditor tracing to the

detailed records to ascertain that existing assets are recorded. Further, new asset

acquisitions should be traced to directors’ authorizations for expenditures and to

the capital budget.

16. To obtain relevant audit data about investment securities, auditors’ procedures

include:

1. Inspecting the securities in the presence of a responsible client officer.

2. Personally examining the securities while other negotiable fund sources are

sealed off or are being examined simultaneously.

3. Obtaining a written statement from the client’s representative that the

securities were returned intact.

4. Obtaining the information by confirmation from an independent party (e.g.,

trustee) who holds the securities.

17. Investment cost can be vouched to brokers’ advices, monthly statements and

canceled checks. The auditors can similarly vouch the price of securities sold

and investment income to this documentary evidence and then trace amounts to

income, gain and loss, and cash accounts.

18. If investments are sold at substantial losses early in the period following year-

end, there is evidence that the securities were overvalued at the balance sheet

date. Accordingly, the auditor will consider whether such securities should be

written down in the financial statements of the period under audit.

19. The long-term liabilities (and fixed assets and owners’ equity) are characterized

by a few large transactions, unlike the current assets and liabilities which have

numerous small transactions. Except for the initial year of an audit, the entire

balance is not verified each year. Only the changes in the account that occurred

in the current period need to be audited. The results of the audit of prior year’s

changes are recorded in “carry-forward” working papers for these accounts.

20. By vouching open purchase orders, inquiry of purchase personnel, and

confirmation with suppliers, the auditor is seeking to learn of commitments to

purchase inventories at fixed prices. If the client faces significant losses on

fixed-price purchase commitments, appropriate provision for the losses should

be made in the period’s financial statements.

21. “Off-balance sheet information” refers to information that relates to obligations

and commitments assumed by the clients that do not appear on the balance sheet

as current or long-term liabilities. Such information should be disclosed by the

client in the footnotes to the financial statements. Therefore, the auditors must

be alert to these items and gather evidence that will allow the auditors to

determine if the footnote disclosure is adequate. Such information includes:

Page 93: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-93

18-93

leases, endorsements on discounted notes or others’ obligations, guarantees,

repurchase or remarketing agreements, commitments to purchase at fixed prices,

commitments to sell at fixed prices, legal judgment, litigation, pending

litigation.

22. The following matters are usually covered during the conference with the client

at audit completion:

a. Proposed audit adjustments;

b. Material internal financial control weaknesses;

c. Recommended footnote disclosures;

d. Type of audit report to be rendered.

II. Multiple Choice Questions

1. b 5. c 9. b 13. c 17. d

2. b 6. c 10. c & d 14. d 18. a

3. d 7. c 11. b 15. d 19. a

4. d 8. b 12. b 16. c 20. c

III. Comprehensive Cases

Case 1. a. The CPA’s test of the sales cutoff at June 30 should include the following

steps:

1. Determine what JETO’s cutoff policy is, review the policy for

reasonableness, and compare it to the prior year for consistency.

2. Select a sample of sales invoices (including the last serial invoice

number) from those recorded in the last few days of June and the first

few days of July.

3. Trace these sales invoices to shipping documents and determine that

sales have been recorded in the proper period in accordance with

company cutoff policy.

4. Determine that the cost of goods sold has been recorded in the period of

sale.

5. Select a sample of shipping documents for the same period and trace

these to the sales invoice. Determine that the sale and the cost of goods

sold have been recorded in the proper period.

6. Review the cutoff for sales returns and allowances, determine that it

has been based upon a consistent policy and that there have not been

abnormal sales returns and allowances in July; this might indicate

either an overstatement of sales during the audit period or the need for a

valuation account at June 30 to provide for future returns and

allowances.

Page 94: Chapter 11 to 29 Aud

11-94 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-94

b. (1) The CPA will use the July 10 cutoff bank statement in his review of the

June 30 bank reconciliation to determine whether:

(a) The opening balance on the cutoff bank statement agrees with the

“balance per bank” on the June 30 reconciliation.

(b) The June 30 bank reconciliation includes those canceled checks

that were returned with the cutoff bank statement and are dated or

bear bank endorsements prior to July 1.

(c) Deposits in transit cleared within a reasonable time.

(d) Interbank transfers have been considered properly in determining

the June 30 adjusted bank balance.

(e) Other reconciling items which had not cleared the bank at June 30

(such as bank errors) clear during the cutoff period.

(2) The CPA may obtain other audit information by:

(a) Investigating unusual entries on the cutoff bank statement.

(b) Examining canceled checks, particularly noting unusual payees or

endorsements.

(c) Reviewing other documentation supporting the cutoff bank

statement.

Case 2. The procedure followed appears to be appropriate except that the examination of

detail transactions for three months might be considered to be excessive in view

of the exceptionally good internal control. A lighter test of such transactions,

designed to test the effectiveness of the control procedures, might be devised.

The procedures followed should be supplemented by the following:

1. Review the company’s method of sales cutoff at year-end and test billings

and shipments (including returns) for an adequate period before and after

year-end to establish that cut-off procedures have been adhered to.

2. Examine collections in early part of subsequent period to determine if a

substantial portion of the receivables has been collected.

3. Examine agreements entered into with the distributors. If price protection

clauses are included, review the current price position and distributor

inventory positions to determine whether a reserve for such protection is

needed.

4. When a company deals with a limited number of customers, it is dependent

upon the continued solvency of all such customers.

5. Obtain a representation letter from appropriate company officials covering

the receivables.

Case 3. 1. a. Notes payable are authorized according to company policy (proper

authorization).

Page 95: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-95

18-95

b. For each note outstanding or paid during the year, vouch to written

authorizing document.

c. Funds might be borrowed in the company’s name without the

knowledge of responsible officers.

2. a. Recorded notes payable are valid and documented (separation of

duties).

b. Observe the client personnel record-keeping duties.

c. Someone might intercept a check made out to a bank and convert

company funds to his or her own use. Notes payable records could be

falsified for a short time to hide the theft.

3. a. Valid liabilities are recorded and none omitted (sound error checking

practices).

b. Observe client personnel making comparisons. Review correcting

journal entries that result from the comparison.

c. Purchases or other liabilities may fail to be recorded and the error not

detected by any other means.

4. a. Recorded liabilities and cash disbursements valid and documented

(sound record keeping).

b. Inspect notes to see if they are marked “paid.”

c. Notes may get “paid” a second time if put back through the cash

disbursements system (intentionally or inadvertently).

Case 4. a. The fact that the client made a journal entry to record vendors’ invoices

which were received late should simplify the CPA’s audit for unrecorded

liabilities and reduce the possibility of a need for a further adjustment, but

the CPA’s audit is nevertheless required. If the client has not journalized

late invoices, the CPA is compelled in his testing to substantiate what will

ultimately be recorded as an adjusting entry. In this examination the CPA

should audit entries in the 2004 voucher register to ascertain that all items

which according to dates of receiving reports or vendors’ invoices were

applicable to 2004 have been included in the journal entry recorded by the

client.

b. No. The CPA should obtain a letter in which responsible executives of the

client’s organization represent that to the best of their knowledge all

liabilities have been organized. However, this is done as a normal audit

procedure to afford additional assurance to the CPA and it does not relieve

him of the responsibility for doing his own audit work.

c. Whenever a CPA is justified in relying on work done by an internal auditor,

he should curtail (but not eliminate) his own audit work. In this case, the

CPA should have ascertained early in his examination that Ozone’s internal

Page 96: Chapter 11 to 29 Aud

11-96 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-96

auditor is qualified by being both technically competent and reasonably

independent. Once satisfied as to these points, the CPA should discuss the

nature and scope of the internal audit program with the internal auditor and

review his working papers in order that the CPA may properly coordinate

his own program with that of the internal auditor. If the Ozone internal

auditor is qualified and has made tests for unrecorded liabilities, the CPA

may limit his work in this audit area.

d. In addition to the 2005 voucher register, the CPA should consider the

following sources for possible unrecorded liabilities:

1. Unentered vendors’ invoice file.

2. Status of tax returns for prior years still open.

3. Discussions with employees.

4. Representations from management.

5. Comparison of account balances with preceding year.

6. Examination of individual accounts during the year.

7. Existing contracts and agreements.

8. Minutes.

9. Attorney’s bills and letter of representation.

10. Status of renegotiable business.

11. Correspondence with principal suppliers.

12. Audit testing of cutoff date for reciprocal accounts, e.g., inventory and

fixed assets.

Case 5. a. Lourdes should find in the audit working papers a planning memo

describing the client’s inventory-taking plan and notes about the auditor’s

first-hand observation of the instructions being given to counters, along

with a memo about the auditors’ observation of the counting. This memo

should tell about supervision of the audit staff, and the working papers (test

counts) should show the review signatures of the supervising auditors.

b. Working papers should document performance of these substantive

procedures for the existence and completeness assertions:

1. Conduct an observation of the company’s physical inventory count.

2. Scan the inventory compilation for items added from sources other than

the physical inventory count. . .

3. At year end, obtain the number of the last shipping and receiving

documents . . . Use these to scan the sales, inventory/cost of sales, and

accounts payable entries for proper cutoff.

4. Confirm or inspect inventories held in public warehouses.

Case 6. The three categories of major losses or manipulations in the area of investments

are: theft of diversion of funds, manipulation of accounting, and business

Page 97: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-97

18-97

espionage. Business espionage is generally outside the sphere of independent

auditors’ interest.

Case 7. a. The objectives (specific assertions) for the audit of non-current investment

securities are to obtain evidence regarding the:

Existence of the investment securities at the balance sheet date.

Ownership of the investment securities.

Cost and carrying value of the investment securities.

Proper presentation and disclosure of the investment securities in

the financial statement.

Proper recognition of interest income.

Proper recognition of investment gains and losses.

b. The following audit procedures should be undertaken with respect to the

audit of Tess’ investment securities:

Inspect and count securities in the company’s safe and safe deposit

box.

Examine brokers’ statements to obtain assurance that all

transactions were recorded.

Examine documents in support of purchases and sales of

investment securities.

Inspect the minutes of the board of directors meetings.

Review the audited financial statements of the (25 percent)

investee.

Verify the equity method of accounting was used for carrying

value of the investment in Dee Industrial.

Obtain a client representation letter that confirms the client’s

representations concerning the noncurrent investment securities.

Verify the calculation of interest income.

Review the propriety of the presentation and disclosure of the

securities in the financial statements.

Make certain that the client representation letter includes the

proper assertions concerning accounts payable.

Investigate and resolve confirmation exceptions and other matters

requiring follow-up.

Case 8. a. The audit objectives in the examination of long-term debt are to determine

that:

1. All liabilities were properly recorded.

2. Items recorded as liabilities are bona fide obligations.

3. Interest expense and/or amortization was properly computed and

recorded.

4. The client is not in violation of restrictions or requirements imposed on

it by the terms of the loan agreement.

Page 98: Chapter 11 to 29 Aud

11-98 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-98

5. Satisfactory authority existed to enter into long-term obligation

agreements.

6. All long-term obligations are properly classified in the balance sheet.

7. Assets pledged as security are adequately disclosed.

b. The following procedures should be included in an audit program for the

examination of the long-term note between Odette and First National Bank:

1. Confirm the loan and terms of the agreement with the bank.

2. Review the agreement between Odette and the bank to determine that:

a. The debt is long-term (by reference to dates).

b. Provisions of the agreement have not been violated, e.g., that

Odette is complying with any restrictions on the payment of

dividends, on the amount of working capital to be maintained, or

on the uses to which the funds may be employed and is

maintaining the plant pledged as security for the loan.

c. The agreement was signed by person(s) having authority.

3. Trace the receipt of funds into the bank account and cash receipts book.

4. Check the computation of interest expense for the period May 1 to June

30, and trace the recording of the expense and the accrual on the books.

5. Determine that authority to borrow was granted and is recorded in the

board of directors’ minutes.

CHAPTER 25

AUDITING FAIR VALUE MEASUREMENTS AND DISCLOSURES

I. Review Questions

1. Refer to page 856, paragraph 1 of the textbook.

2. Refer to page 854, paragraph 4 of the textbook.

3. Refer to page 856, paragraph 1 of the textbook.

4. Refer to page 857, paragraph 3 of the textbook.

Page 99: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-99

18-99

5. Refer to pages 858 to 872 of the textbook.

6. Refer to page 861, no. 5 of the textbook.

7. Refer to page 863, no. 8 of the textbook.

8. Refer to page 864, no. 9, 3rd

paragraph of the textbook.

9. Refer to pages 865 to 866 of the textbook.

II. Multiple Choice Questions

1. b

2. b

3. d

4. d

5. c

CHAPTER 26

USING THE WORK OF OTHERS

I. Review Questions

1. An auditor who reports on the financial statements of a combined entity when he

or she audited the major part of the combined entity is the principal auditor.

Auditing standards identify procedures to be followed by a principal auditor.

To be able to serve as auditor of a combined entity, an auditor must determine

that he or she is able to be the principal auditor based on the materiality of

the portion of the financial statements that he or she has examined, his or

her knowledge of the overall financial statements, and the importance of the

components he or she has audited.

2. The principal auditors must perform one or more of the following procedures:

Visit the auditor.

Review the audit programs.

Review audit work papers.

Perform additional audit procedures.

3. Refer to page 879.

Page 100: Chapter 11 to 29 Aud

11-100 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-100

4. Refer to pages 879 to 880.

5. While the external auditor has sole responsibility for the audit opinion expressed

and for determining the nature, timing, and extent of external audit procedures,

certain parts of internal auditing work may be useful to the external auditor.

The external auditor should obtain a sufficient understanding of internal audit

activities to assist in planning the audit and developing an effective audit

approach.

Effective internal auditing will often allow a modification in the nature and

timing, and a reduction in the extent of procedures performed by the external

auditor but cannot eliminate them entirely. In some cases, however, having

considered the activities of internal auditing, the external auditor may decide

that internal auditing will have no effect on external audit procedures.

The external auditor’s preliminary assessment of the internal audit function will

influence the external auditor’s judgment about the use which may be made of

internal auditing in modifying the nature, timing and extent of external audit

procedures.

II. Multiple Choice Questions

1. c 3. d 5. b

2. b 4. b 6. c

III. Comprehensive Cases

a. Tan should ask San Nicolas to authorize Andres to respond fully to her inquiries.

If San Nicolas refuses or limits the responses, Tan should request San

Nicolas to explain the reasons. After obtaining the explanation, Tan should

consider whether to continue pursuing the engagement.

b. Tan will have to (1) obtain additional information about the client and

possibly about the industry, which Andres would have obtained in prior

years, (2) make a more detailed evaluation of whether to accept this

client, (3) obtain information about the client’s internal control, which

Andres would have obtained in prior years, and (4) obtain evidence about

beginning balance sheet balances, which Andres would have obtained in

prior years.

CHAPTER 28

THE AUDITOR’S REPORT ON FINANCIAL STATEMENTS

Page 101: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-101

18-101

I. Review Questions

1. Scope paragraph

(a) The objects of the audit are the financial statements – balance sheet(s), income

statement(s), and cash flow statement(s), and related footnote disclosure,

not the “books and records.”

(b) The description of the audit means:

(1) the auditors were trained and proficient.

(2) the auditors were independent.

(3) due professional care was exercised.

(4) the work was planned and supervised.

(5) internal controls was properly studied and evaluated.

(6) sufficient competent evidential matter was obtained.

(7) the GAAS reporting standards were followed.

* Professional judgment was exercised in performing the tests and choosing the

procedures to perform in the circumstances.

2. Report and the evidence dimension

Fully sufficient

competent

evidence

Isolated

evidence

deficiency

Pervasive lack

of evidence

Unqualified opinion X

Adverse opinion X

Opinion qualified for a

departure from SFAS

X

Paragraph for

inconsistent GAAP

application

X

Paragraph for an

uncertainty

X

Disclaimer of opinion X

3. Major reasons for departure from the standard unqualified report

1. Disagreement with management regarding the acceptability of the accounting

policies selected, the method of their application or the adequacy of

financial statement disclosure.

2. Limitation on scope of the audit (resulting in a lack of evidence).

Page 102: Chapter 11 to 29 Aud

11-102 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-102

3. Using extra paragraph(s) to emphasize significant matters.

4. Different opinion on prior year comparative statements.

5. Relying on the work and reports of other independent auditors.

6. Required supplementary data omitted or departs from guidelines.

7. “Other information” inconsistent with financial statements or contains

material misstatement of fact.

8. Auditor is not independent.

4. Students may identify more than one description of the “most important”

distinction between an opinion and a disclaimer. All the following are valid,

although (a) is intended to be the “Most Important:”

a. An opinion (unqualified, qualified or adverse) is an explicit statement of the

auditor’s conclusion(s), while a disclaimer is an (empty) assertion of “no

conclusion.”

b. An (unqualified) opinion is the highest level of assurance, while a

disclaimer is the lowest level (no assurance).

c. An opinion requires evidence as a basis, while a disclaimer results from

lack of evidence.

d. Auditors must be independent to give an opinion, while a disclaimer can

result from a CPA’s lack of independence.

5. A material scope restriction occurs when the auditor is unable to gather

sufficient competent evidence to support an unqualified opinion on the financial

statements. Scope restrictions may be client-imposed or they may result from

other circumstances, e.g., appointment of the auditor after the client’s physical

inventory has been taken. A material scope restriction need not result in a

modification of the auditor’s opinion provided the auditor can obtain satisfaction

by alternate means.

6. A principal auditor is one who has examined the major portion of the combined

entity.

7. When financial statements of the prior year are presented together with those of

the current year, a continuing auditor must report on both years. In “updating”

the prior year’s report, the auditor must decide whether to restate the report in its

same form or modify it to reflect current information not available at the date of

issuance of the prior report.

8. A continuing auditor can update a previously-issued report by obtaining and

evaluating information during the current engagement. Thus, an updated report

is a previously-issued report that has been reevaluated in light of current

information and evidence. (The updated report itself may be a compilation

report, a review report, or an audit report).

Page 103: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-103

18-103

The reevaluation may cause the updated version to be different from the report

previously issued (for example, a new reason to write a qualification may be

found).

An updated report carries a current date, not the date of the previous report.

A predecessor auditor usually does not have the current information necessary

to update a report.

Either a continuing auditor or a predecessor auditor can reissue previously-

reissued report. The process does not contemplate consideration of information

and evidence obtained during a current engagement. Thus, a reissued report is a

current release of a previously-issued report without benefit of any additional

examination or review of the subject financial statements. The report date

should be the date of the end of field work for the original issue of the report.

9. A principal auditor is the one who (a) audits a material portion of a reporting

entity’s assets, liabilities, revenues and expenses (usually over 50 percent) and

(b) knows enough about the whole entity to sign the audit report.

10. The principal auditor’s reference in his report to another auditor is not a

qualification in scope. The reference only shows the divided responsibility for

the audit work.

11. When an auditor is not independent with respect to a client, a disclaimer of

opinion must be rendered. The disclaimer must be issued because the

statements cannot be audited in accordance with generally accepted auditing

standards. (An accountant, not an auditor, is the person associated with

compiled and reviewed financial statements. An accountant can give a

compilation – disclaimer – report on compiled unaudited financial statements).

12. When the “going concern assumption” is in doubt, auditors have serious

reservations about the recoverability and amounts of reported assets and the

amount and classification of reported liabilities. These opinions may be used,

depending on the circumstances:

a. Standard unqualified report with an uncertainty notice paragraph calling

attention to the going concern problem.

b. Disclaimer of opinion to express unwillingness to give an opinion on the

presentation.

c. Opinion qualified or adverse for departure from GAAP if all appropriate

disclosures are not made.

13. According to PSA 700,

Page 104: Chapter 11 to 29 Aud

11-104 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-104

“In certain circumstances, an auditor’s report may be modified by adding an

emphasis of matter paragraph to highlight a matter affecting the financial

statements which is included in a note to the financial statements that more

extensively discusses the matter. The addition of such an emphasis of matter

paragraph does not affect the auditor’s opinion. The paragraph would preferably

be included after the opinion paragraph and would ordinarily refer to the fact

that the auditor’s opinion is not qualified in this respect.

The auditor should modify the auditor’s report by adding a paragraph to

highlight a material matter regarding a going concern problem.

The auditor should consider modifying the auditor’s report by adding a

paragraph if there is a significant uncertainty (other than a going concern

problem), the resolution of which is dependent upon future events and which

may affect the financial statements. An uncertainty is a matter whose outcome

depends on future actions or events not under the direct control of the entity but

that may affect the financial statements.”

14. Whether to divide responsibility or accept full responsibility is a function of:

a. Relationship of the principal auditor to the other auditors; and

b. Materiality of the component(s) examined by other auditors.

15. The auditor may decide to disclaim an opinion when confronted by a material

scope limitation that precludes gathering sufficient evidence to support an

opinion as to overall fairness of financial presentation. The auditor may also

disclaim an opinion if his/her name is associated with financial statements for

which an audit was not intended (e.g., compilations and reviews), or if the

auditor is not independent.

16. Two conditions are necessary for an unqualified opinion:

a. No material scope restrictions have prevented the auditor from collecting

sufficient, competent evidence; and

b. The financial statements, including footnote disclosures, contain no material

departures from GAAP.

17. An auditor may agree with a departure from a designated principle only when, in

his/her judgment, application of the designated principle would make the

financial statements materially misleading.

18. The audit opinion does not extend to the other information, and therefore, the

opinion is not affected by omission or inconsistency or incorrect supplemental

information.

Page 105: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-105

18-105

19. The auditor must evaluate, on every audit, the ability of the entity to meet its

obligations on a continuing basis during a reasonable period (usually 12 months)

following the balance sheet date. Although the auditor is not required to apply

additional procedures in making the initial evaluation, if he/she has substantial

doubt as to ability of the client to continue, added procedures may have to be

applied to resolve the issues.

20. The auditor should add an explanatory paragraph regarding a material

uncertainty, provided the outcome of the events surrounding the uncertainty

cannot be reasonably estimated by management. If the probability of an

unfavorable outcome is remote, the explanatory paragraph is not needed. If a

material loss is probable, but is not susceptible to reasonable measurement, and

is properly footnoted, the auditor should add an explanatory paragraph directing

the reader’s attention to the footnote.

The greater the materiality, and the higher the probability of loss, the more

inclined will be the auditor to add the explanatory paragraph.

21. Upon learning of a change in accounting principle, the auditor should first

determine the materiality and appropriateness of the change. If material and the

auditor agree with the client’s justification for the change, an explanatory

paragraph should be added following the opinion paragraph. The paragraph will

refer to the footnote describing the change. If the change is not properly

accounted for or is inadequately disclosed, the auditor should consider issuing a

qualified or adverse opinion.

II. Multiple Choice Questions

1. c 11. c 21. c 31. b

2. d 12. b 22. c 32. c

3. a 13. d 23. a 33. b

4. c 14. a 24. d 34. c

5. c 15. b 25. c 35. d

6. c 16. d 26. a 36. b

7. c 17. d 27. a 37. d

8. a 18. a 28. c 38. a

9. d 19. b 29. c 39. d

10. c 20. c 30. b 40. b

III. Comprehensive Cases

Case 1. You must determine whether an unqualified opinion satisfies the GAAS

reporting standard, in particular:

Page 106: Chapter 11 to 29 Aud

11-106 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-106

a. Determine whether the financial statements are presented in conformity

with GAAP.

1. Read the footnote description of accounting policies.

2. Use a GAAP checklist.

3. Review the working papers for any indication of accounting policies

not described in the footnote or ones apparently not in conformity with

GAAP.

4. Determine if:

(i) The accounting principles are generally acceptable, having

authoritative support.

(ii) The accounting principles are appropriate in the circumstances.

(iii) The financial statements are informative.

(iv) The information is reasonably summarized.

(v) Material adjustments have not been waived without good reasons.

b. Determine whether any accounting changes have been made and whether

accounting principles have been applied consistently.

c. Determine whether the footnote disclosures are adequate to inform users of

any material information evident in the working papers.

Case 2. 1. The auditor is reporting to the body that has engaged the auditing services.

While the report may be read and used by others who are indirect

beneficiaries of the audit, current custom is not to address the report to the

unknown class of users.

2. The scope paragraph should specifically identify the audited statements by

name so that there can be no mistake about the subject of the report. The

alternative language is not as precise.

3. The standard language effectively bases the audit on an extensive body of

written auditing standards that are known to others and can be cited in case

of controversy. The alternative language, on the other hand, seems to break

loose from profession-wide quality norms and make the audit quality

depend more on “the circumstances,” which introduces an element of

mystery and lack of definition into the report.

4. The alternative wording is similar to the typical British audit report, and

they seem to be able to live with it, but American auditors believe that

“opinion” connotes belief or judgment stronger than impression but less

strong than positive knowledge. American auditors do not wish to appear to

Page 107: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-107

18-107

have full, positive knowledge about the statements on the grounds that it’s

not feasible to know all there is to know about the financial statements.

Also, the standard language leans heavily on GAAP as the criteria for fair

presentation whereas the alternative language contains no reference to

authoritative accounting criteria.

Case 3. 1. Title. The report needs a title referring to Rose as the independent auditor

or independent accountant.

2. Notice of audit. The report does not give the proper declaration of an audit

of the financial statements, especially the part about “in accordance with

your instructions,” which suggest that Rose surrendered some audit

independence. The reference to a “complete audit” is ill advised because it

suggests a 100% investigation, which is contradicted by the sentence about

“tests of the sales records.”

3. Responsibilities. The report says nothing about the auditor’s responsibility

for the audit report.

4. Opinion. The opinion sentence should not be modified with the phrase

“with the explanation given above.”

5. Opinion. The opinion sentence should not mention “minor errors we

consider immaterial,” but it should contain the phrase “presents fairly in all

material respects.”

6. Opinion/Identification of Financial Statements. The opinion should not

include reference to cash flows because the introductory paragraph did not

state that the cash flow statement was audited. This may be a deficiency in

the identification of the financial statements that were actually audited.

7. Opinion. The opinion paragraph refers improperly to ASC

pronouncements. It should refer to “generally accepted accounting

principles.”

8. Date. The date accompanying Rose’s signature should be September 23 –

the day the field work was completed – not the company’s fiscal year-end

date.

9. Other. The commentary on the economy and the strike are not generally

appropriate for an audit report. Even if the auditor wanted to draw attention

to these matters, their relevance for understanding the financial statements

and their manner of expression are both questionable.

10. Other. The negative assurance (concerning the recording of sales) is not

permitted in audit reports.

Case 4.

Independent Auditor’s Report

To the shareholders and board of directors of Various Fabrics, Inc.:

Page 108: Chapter 11 to 29 Aud

11-108 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-108

We have audited the accompanying balance sheets of Various Fabrics, Inc. as of January 31, 2004 and 2003 and the related statements of income, retained earnings, and cash flows for the years then ended. These financial statements are the responsibility of the company’s management. Our responsibility is to express an opinion on these financial statements based on our audits.

We conducted our audits in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.

In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of Various Fabrics, Inc. as of January 31, 2004 and 2003 and the results of its operations and its cash flows for the years then ended in conformity with generally accepted accounting principles.

Aya de Jesus, CPA

March 2, 2004

Case 5. 1. F, L 5. B, I

2. B, I 6. B, I

3. B, Q 7. E, J

4. A, J

Case 6. A. 1, 7c.

B. 2, 7a.

C. 4.

D. 1.

E. 6.

F. 5.

G. 2 (Note: The change in principle should be described in the descriptive

paragraph following the scope paragraph.)

H. 3, 7c.

I. 2, 7b.

J. 3, 7d.

K. 6. (given the materiality of property, plant, and equipment)

L. 1, 7e.

M. 1, 7b and 7e.

CHAPTER 29

PROCEDURES AND REPORTS ON SPECIAL PURPOSE

Page 109: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-109

18-109

AUDIT ENGAGEMENTS

I. Review Questions

1. The report simply states: “The financial statements are not intended to be

presented in conformity with generally accepted accounting principles.” The

opinion expression thereafter refers to a description of the comprehensive basis

used.

Non-GAAP accounting bases include:

1. Statutory or regulatory accounting requirements

2. Tax basis accounting

3. Cash and modified cash bases

4. General price level-adjusted statements

5. Any other basis having “substantial support” (Auditing standards do not

explain how non-GAAP accounting can have “substantial support.” In

practice, accountants will report on any reasonable accounting basis, which

explains why reports exist on diverse types of current value financial

statements.)

2. The following are four comprehensive bases of accounting other than GAAP:

1. A basis of accounting to comply with the requirements of a governmental

regulatory agency (for example, insurance companies use a basis of

accounting pursuant to the rules of the insurance commission)

2. A basis of accounting used to file an income tax return

3. The cash receipts and disbursements basis of accounting (cash basis) and

modifications to the cash basis, such as recording depreciation on fixed

assets or accruing income tax.

4. A definite set of criteria having substantial support that is applied to all

material items in the financial statements, such as the price-level basis of

accounting.

3. A CPA may be asked to report on the application of GAAP by another auditor’s

client who disagrees with the auditor’s view of proper accounting for the

transaction. Auditing standards apply when a CPA in public practice, either in

connection with a proposal to obtain a new client or otherwise, provides oral or

written advice on the application of accounting principles to a specific

transaction or the type of opinion that may be rendered on an entity’s financial

Page 110: Chapter 11 to 29 Aud

11-110 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-110

statements. In forming a judgment, the CPA should perform the following

procedures:

Obtain an understanding of the form and substance of the

transaction(s).

Review applicable GAAP.

If appropriate, consult with other professionals or experts.

If appropriate, perform research or other procedures to ascertain and

consider the existence of creditable precedents or analogies.

The reporting CPA is required to consult with an entity’s continuing

CPA to ascertain all the relevant facts. The continuing CPA can

provide information about the form and substance of the transaction,

how management has applied accounting principles to similar

transactions, and whether the method of accounting recommended by

the continuing CPA is disputed by management.

4. The following difficulties might arise:

Prior-year statements were unaudited: The auditor should label the prior-year

columns “Unaudited” and modify the report by adding a paragraph that

disclaims an opinion on the statements.

Audited by another auditor:

Alternative 1: Predecessor auditor reissues report.

Alternative 2: If predecessor’s report is not presented, the auditor

indicates in the introductory paragraph (1) that the financial statements

of the prior period were audited by another auditor (but does not name

the predecessor auditor), (2) the date of the report, (3) the type of report

issued by the predecessor auditor, and (4) if the report was not a

standard unqualified report, the substantive reasons therefor. When

the predecessor auditor’s report is not presented, the audit report would

have an added sentence at the end of the first paragraph, and the

opinion paragraph would refer only to the current-year statements.

Different reports on comparative statements: An auditor may issue modified

reports on either of the financial statements reported on comparatively. In this

situation, the auditor must exercise care to relate the opinion to the appropriate

year’s financial statements.

II. Multiple Choice Questions

Page 111: Chapter 11 to 29 Aud

A Risk-based Audit Approach – Part II 11-111

18-111

1. b 5. b 9. a 13. d 17. b

2. a 6. a 10. a 14. a 18. c

3. c 7. a 11. d 15. a 19. b

4. a 8. a 12. d 16. a 20. a

III. Comprehensive Cases

Case 1. To the Board of Directors of Neiny Ltd.:

We have reviewed the accompanying balance sheet of Neiny Ltd. as of December 31, 2004, and the related statements of income, retained earnings, and cash flows for the year then ended, in accordance with standards established by the Auditing Standards and Practices Council. All information included in these financial statements is the representation of the management of Neiny Ltd.

A review consists principally of inquiries of company personnel and analytical procedures applied to financial data. It is substantially less in scope than an examination in accordance with generally accepted auditing standards, the objective of which is the expression of an opinion regarding the financial statements taken as a whole. Accordingly, we do not express such an opinion.

Based on our review, we are not aware of any material modifications that should be made to the accompanying 2004 financial statements in order for them to be in conformity with generally accepted accounting principles.

The financial statements for the year ended December 31, 2003, were audited by us, and we expressed an unqualified opinion on them in our report dated February 27, 2004, but we have not performed any auditing procedures since that date.

Modelle & Co. March 3, 2006

Case 2. a. The assertions that are incorrect and should otherwise be deleted are the

following:

1. Report should be addressed to Ms. Clean Corporation’s Board of

Directors.

2. Delete the entire paragraph describing the scope except for the

reference to cash in banks and accounts receivable.

3. Delete the opinion rendered on cash in banks and accounts receivable.

4. Delete the recommendation to acquire Ajacks.

b. The assertions that are missing and should be inserted are the following:

1. Date of the report.

2. Statement limiting the distribution of the report to Ms. Clean’s

management.

3. Description of the procedures performed.

Page 112: Chapter 11 to 29 Aud

11-112 Solutions Manual - Principles of Auditing and Other Assurance

Services

18-112

4. Statement that the agreed-upon procedures applied are not adequate to

constitute a GAAS audit.

5. Description of the accountant’s findings.

6. Disclaimer of an opinion concerning cash in banks and accounts

receivable.

7. Statement limiting the report only to cash in banks and accounts

receivable and indicating that the report does not extend to the

financials taken as a whole.

Case 3. Independent Auditor’s Report

[Addressee]

We have audited the statement of assets, liabilities, and capital (income tax [cash] basis) of Vanda & Corona, a partnership, as of December 31, 2004, and the related statements of revenue and expenses (income tax [cash] basis) and statement of changes in partners’ capital accounts (income tax [cash] basis) for the year then ended. These financial statements are the responsibility of the company’s management. Our responsibility is to express an opinion on these financial statements based on our audits.

We conducted our audits in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.

As described in Note X, the partnership’s policy is to prepare its financial statements on the accounting basis used for income tax purposes; consequently, certain revenue and related assets are recognized when received rather than when earned, and certain expenses are recognized when paid rather than when the obligation is incurred. Accordingly, the accompanying financial statements are not intended to present financial position and results of operations in conformity with generally accepted accounting principles.

In addition, the company is involved in continuing litigation relating to patent infringement. The amount of damages resulting from this litigation, if any, cannot be determined at this time.

In our opinion, the financial statements referred to above present fairly the assets, liabilities, and capital of the Vanda & Corona partnership as of December 31, 2004, and its revenue and expenses and changes in its partners’ capital accounts for the year then ended, on the income tax (cash) basis of accounting as described in Note X, which basis has been applied in a manner consistent with that of the preceding year.

[Sterling & Co.] [Date]