Audit Process: Building and Executing Test Plans

Questions and Answers

In which phase of the audit process model does the 'Testing and evidence' activity primarily occur?

• Phase II - Planning
• Phase III - Testing and evidence (correct)
• Phase I - Client acceptance
• Phase IV - Evaluation and Judgement

An auditor is only required to evaluate the design of controls but is not required to ensure their implementation.

False (B)

What should an auditor do if deviations are detected during tests of controls?

evaluate the severity of the deficiencies and their effect on the assessment of control risk (CR)

The rate of control failures the auditor expects, based on past experience or knowledge of the client, is known as the ______.

expected rate of deviation (ERD)

Match each audit procedure with its description:

Inquiry = Asking management/staff about control procedures Observation = Watching a control process in action Inspection = Reviewing documents related to controls Reperformance = Independently executing a control to test its effectiveness

Which of the following is true regarding the relationship between reliance on controls and audit evidence?

The greater the reliance, the more persuasive the evidence needed. (B)

The absence of detected misstatements by substantive procedures always means the tested controls are effective.

False (B)

What does a 'higher expected deviation rate' typically imply for the auditor's sample size in control testing?

the auditor needs to test more samples

If the 'detected rate of deviation' exceeds the 'tolerable rate,' the auditor may need to perform more ______ instead of relying on controls.

substantive procedures

Which technique involves watching a control process in action?

Observation (D)

The Tolerable Deviation Rate (TDR) is set after testing begins based on the outcome of the tests.

False (B)

What is the main objective of performing 'tests of controls'?

to assess whether controls are operating effectively

A material misstatement detected by the auditor's procedures is a strong indicator of the existence of a significant ______ in internal control.

deficiency

An auditor evaluates the design of controls as adequate. What is the next step?

Test the operating effectiveness of the controls. (A)

Relying on controls over purchases eliminates the need for any substantive testing on those purchases.

False (B)

What does DRD stand for and what does it represent?

detected rate of deviation; the actual rate of control failures found during audit testing

Evaluating the effectiveness of controls recognizes that some ______ in the controls may occur due to various factors.

deviations

Which audit technique involves reviewing documents to determine that transactions are being authorized?

Inspection (D)

If substantive procedures alone are considered inadequate an auditor can not assume that the controls are operating effectively.

True (A)

What is the auditor trying to indicate by making assumption that 'controls are operating effectively'?

low CR [control risk]

Flashcards

Phase III of Audit

Phase of the audit process focused on gathering evidence to support the auditor's opinion.

Design of Controls.

The auditor assesses the system of internal controls and confirms that they have been put in place by the company.

Test Operating Effectiveness

After determining the design of the controls is adequate, the auditor must this of revelant controls.

Reliance on controls

An auditors opinion is impacted by the effectiveness of a company's controls, so need more persuasive audit evidence.

Tests of Controls

Techniques employed to determine if controls are working effectively.

Expected Rate of Deviation (ERD)

Rate of control failures the auditor anticipates, based on past knowledge or risk assessment.

Detected Rate of Deviation (DRD)

The actual rate of control failures discovered during testing.

Tolerable Deviation Rate (TDR)

The maximum failure rate the auditor can accept without concluding the control is ineffective.

Inquiry (Tests of Controls)

Asking management or staff about control procedures to evaluate effectiveness.

Observation (Tests of Controls)

Watching a control process in action, like an inventory count.

Inspection (Tests of Controls)

Reviewing documents related to controls, such as transaction authorizations.

Reperformance (Tests of Controls)

Independently re-executing a control to test its effectiveness.

Study Notes

• Chapter 9, Part 1 focuses on Building and Executing the Test Plan
• Phase III of the Audit Process Model deals with testing and obtaining evidence.
• Auditors must evaluate the design of controls and whether these have been implemented.
• If the design of controls is considered adequate, the auditor needs to assess the operating effectiveness, or implementation, of relevant internal controls through tests.
• If the auditor assumes controls operate effectively, it results in low CR (Control Risk)
• Substantive procedures, on their own, may prove inadequate.

Tests of Control

• The greater reliance placed on a control's effectiveness necessitates more persuasive audit evidence.
• Reliance on controls over purchases, like authorization, custody, and recording, also requires substantive testing on purchases.
• When assessing operating effectiveness, misstatements found by substantive procedures suggest that controls are not working effectively.
• The absence of misstatements doesn't automatically imply the tested controls are effective.
• A material misstatement found by the auditor is a strong sign of a significant deficiency in internal control.
• Assessing the effectiveness of controls acknowledges that some deviations may occur due to personnel changes, seasonal shifts, or human error.
• Upon detecting deviations, auditors must assess the deficiency's severity and its impact on the control risk assessment.
• Auditors could revise CR (Control Risk) and adjust planned substantive procedures based on increased detection risk (DR).

Expected Rate of Deviation (ERD)

• Represents the rate of control failures the auditor anticipates based on experience, client knowledge, or risk assessment.
• It is determined before testing to aid in planning the sample size for control testing.
• A higher expected deviation rate necessitates testing more samples for a reliable conclusion.

Detected Rate of Deviation (DRD)

• Represents the actual rate of control failures discovered during audit testing
• It is calculated following control tests on a sample of transactions.
• If the detected rate exceeds the tolerable rate, auditors might need to increase substantive procedures, instead of relying on controls.

Tolerable Deviation Rate (TDR)

• The maximum control failure rate acceptable before concluding the control is ineffective.
• Set before testing based on the importance of the control.
• If the detected deviation rate exceeds this, the auditor can't rely on the control and must perform more substantive procedures.

Techniques to Assess if controls are Operating Effectively

• Inquiry: Asking management/staff about control procedures.
• Observation: Watching a control process in action, like inventory counts.
• Inspection: Reviewing documents related to controls, for example, authorization of transactions.
• Reperformance: Independently executing a control to assess its effectiveness.