To obtain evidential matter about control risk, an auditor ordinarily selects tests from a variety of techniques, including
A. Analysis.
B. Confirmation.
C. Reperformance.
D. Comparison. C. Reperformance.
Explanation - Procedures performed to evaluate control risk include inquiries of personnel; inspection of documents and records; observation of activities and operations; and reperformance of the control procedure. An auditor may decide to assess control risk at the maximum level for certain
assertions because the auditor believes
A. Sufficient evidential matter to support the assertions is likely to be available.
B. Evaluating the effectiveness of policies and procedures is inefficient.
C. More emphasis on tests of controls than substantive tests is warranted.
D. Considering the relationship of assertions to specific account balances is more efficient. B. Evaluating the effectiveness of policies and procedures is inefficient.
Explanation - Control risk may be assessed at the maximum level for certain assertions because the auditor believes that evaluating the effectiveness of the controls would be inefficient.
The auditor considers whether evidence is likely to be available and whether gathering that evidence would be efficient.
The cost of gathering the additional
evidence must be less than the benefit derived from being able to reduce substantive tests as a result. Assessing control risk at below the maximum level most likely would involve
A. Performing more extensive substantive tests with larger sample sizes than originally planned.
B. Reducing inherent risk for most of the assertions relevant to significant account
balances.
C. Changing the timing of substantive tests by omitting interim-date testing and performing the tests at year end.
D. Identifying specific internal control structure policies and procedures relevant to specific assertions. D. Identifying specific internal control structure policies and procedures relevant to specific
assertions.
Explanation - In order to assess control risk below maximum the auditor must collect evidence to support the reduction. Collecting such evidence involves identifying specific internal controls relevant to specific assertions and then performing tests of controls to evaluate the effectiveness of the controls. Which of the following most likely would not be
considered an inherent limitation of the potential effectiveness of an entity's internal control structure?
A. Incompatible duties.
B. Management override.
C. Mistakes in judgment.
D. Collusion among employees. A. Incompatible duties.
Explanation - A system of internal control can provide only reasonable assurance of achieving an
entity's control objectives because of inherent limitations. These include the fallibility of human judgment and performance and the possibility of collusion or management override. The answer which is NOT an inherent limitation is A, "incompatible duties." As a result of tests of controls, an auditor assesses control risk too high. This incorrect assessment most likely
occurred because
A. Control risk based on the auditor's sample is less than the true operating effectiveness of the client's control activity.
B. The auditor believes that the control activity relates to the client's assertions when, in fact, it does not.
C. The auditor believes that the control activity will reduce the extent of substantive testing when, in fact, it will not.
D. Control risk based on the auditor's sample is greater than the true operating effectiveness of the
client's control activity. D. Control risk based on the auditor's sample is greater than the true operating effectiveness of the client's control activity.
Explanation - When the auditor assesses control risk too high, it means that the auditor's sample indicates that the control is NOT working properly when it really is. Thus, control risk based
on the auditor's sample is higher than the true operating effectiveness of the control would warrant.
When is control risk assessed at the maximum level
(1) controls do not pertain to an assertion,
(2) controls that pertain
are unlikely to be effective, or
(3) evaluating the effectiveness of relevant controls would be inefficient.
An auditor uses the assessed level of control risk to:
A. Evaluate the effectiveness of the entity's internal control policies and procedures.
B. Identify transactions and account balances where inherent risk is at the maximum.
C. Indicate whether
materiality thresholds for planning and evaluation purposes are sufficiently high.
D. Determine the acceptable level of detection risk for financial statement assertions.
D. Determine the acceptable level of detection risk for financial statement assertions.
Explanation - The auditor assesses control risk (the risk that the internal control
structure will not prevent or detect a material misstatement) and inherent risk (the risk of a material misstatement occurring) in order to determine the acceptable level of detection risk.
Assertions Relating to Classes of Transactions - Occurrence