Auditing and Payroll Cycle Quiz

Questions and Answers

Which of the following is NOT a consideration for auditors using the test data approach?

• Test data must be managed by the client's software team. (correct)
• Test data must be removed from the client's records.
• Test data must include all relevant conditions.
• The application programs tested must be identical to those used by the client.

What primary purpose does parallel simulation testing serve for auditors?

• To determine the effectiveness of manual controls.
• To evaluate the performance of automated controls. (correct)
• To replace the need for traditional audits.
• To analyze historical financial trends.

What is a significant advantage of using generalized audit software (GAS)?

• It can only be applied to a limited range of clients.
• It eliminates the need for any audit documentation.
• It improves audit speed and detail compared to manual procedures. (correct)
• It requires extensive IT training for auditors.

Which type of network is typically used to link equipment within a single company?

Local Area Network (LAN) (D)

Which issue may arise from a lack of centralized IT function when managing equipment in a network?

Equipment compatibility across the network may be compromised. (D)

What is a key distinguishing feature of the payroll and personnel cycle compared to other transaction cycles?

It has only one class of transactions. (D)

Why are payroll-related accounts typically smaller compared to the total amount of transactions in the payroll cycle?

Payroll transactions occur within short time frames, limiting their balances. (C)

What is the primary objective when auditing the payroll and personnel cycle?

To evaluate whether the account balances affected by the cycle are fairly stated. (C)

How does the effectiveness of internal controls in the payroll cycle compare to that in other cycles?

They tend to be more effective due to strict regulations. (D)

What factor contributes to potential employee morale problems in payroll processing?

Underpayment or non-payment of employee wages. (B)

Which statement accurately describes the accounting flow within the payroll and personnel cycle?

T accounts showcase the impact of payroll transactions only at year-end. (A)

What is the relationship between employee service receipt and payroll payment timing?

They typically occur within a short time frame. (C)

What is the primary concern when testing payroll liabilities with respect to accruals?

Verifying that there are no understated or omitted accruals (D)

Which of the following is NOT a benefit of integrating IT into accounting systems?

Complete elimination of all financial misstatements (C)

How does effective management of complex IT activities influence management's decisions?

It enables the use of higher-quality information for better decisions (B)

What can be a consequence if IT systems fail in an organization?

Inability to retrieve information leading to operational paralysis (D)

What objective relates to ensuring that payroll transactions are recorded at the correct amounts?

Accuracy (C)

Which of the following represents a risk specific to IT systems?

Loss of data due to hardware malfunctions (B)

What is a common misconception about the capabilities of IT systems in accounting?

They completely replace the need for any manual oversight (D)

Which of the following does NOT represent a balance-related audit objective in testing payroll liabilities?

Payroll tax forms are timely and accurately prepared (D)

What effect do automated controls in IT systems have on transaction processing?

They reduce human errors and inconsistencies (A)

What is the key purpose of separating IT duties within an organization?

To prevent the combination of custody, authorization, and record-keeping responsibilities (B)

Which two approaches are typically used for testing software in an organization?

Unit testing and Regression testing (B)

What is one of the critical components of a security plan for an organization?

Implementing a mix of physical and online security controls (D)

What should be included in backup and contingency planning?

Outsourcing to firms for secure data storage (A)

Why is involving both IT and non-IT personnel important during systems development?

To better meet information needs and design concerns (B)

What could be a consequence of not implementing physical controls over computers?

Increased likelihood of unauthorized access (D)

Which strategy is NOT recommended for managing power outages in an organization?

Ignoring the need for backup systems (D)

What aspect of systems development can lead to better user acceptance of software?

Involving key users in the development process (A)

Which of the following is NOT a reason to engage in extensive software testing?

To expedite the software release process (D)

What is an effective feature of a well-designed security plan?

Documentation of security protocols (D)

What is the primary focus of output controls in processing systems?

Detecting errors after processing is completed (C)

Which of the following is NOT a common method for detecting errors in output?

Conducting a system-wide performance review (A)

In smaller companies, which of the following is often true regarding the IT function?

User departments often take on the IT responsibilities (D)

Which testing approach uses auditors' custom test data to evaluate automated controls?

Test data approach (A)

What unique consideration arises from the use of computers in auditing non-complex IT environments?

Increased reliance on automated systems for accounting functions (D)

For effective error detection in the output phase, auditors should focus on:

Using their domain knowledge to review data reasonableness (A)

Which of the following describes the role of desktop and networked servers in non-complex IT environments?

They execute a wide range of accounting system functions (A)

What is the objective of the parallel simulation approach in audits?

To run a separate instance of the system for testing purposes (B)

What is the main challenge in auditing smaller companies compared to larger firms?

Less effective general controls in their IT systems (A)

Which aspect is crucial for auditors when assessing the effectiveness of automated controls during testing?

The accuracy of the expected output against actual results (D)

Flashcards

Payroll Cycle

A business process focusing on hiring, managing employee services, and paying them, including payroll taxes and benefits.

Payroll vs. Other Cycles

Payroll has one transaction class (employee services & payment), unlike other cycles (e.g., sales & collections) with multiple.

Payroll Transactions Significance

Payroll transactions usually outweigh related balance sheet accounts (like accrued payroll).

Internal Controls over Payroll

Strong internal controls exist for payroll, largely supported by federal and state regulations, even for small companies.

Audit Objective (Payroll)

To ensure the accuracy of payroll-related account balances under applicable accounting standards.

Typical Payroll Accounts

Accounts like accrued wages/salaries, withheld taxes and related forms, track the flow of payroll through the accounting system.

Payroll Cycle Endpoint

The cycle ends with payment to employees and institutions for taxes and benefits.

Separation of IT Duties

Dividing key IT responsibilities among different people to prevent fraud or misuse. This ensures no single person has complete control over critical processes.

IT Management

Overseeing the IT department, including its budget, personnel, and overall strategy.

Systems Development

Creating or acquiring software that meets the organization's needs, involving both IT and non-IT personnel.

Software Testing

Ensuring new software works as intended and is compatible with existing systems. This involves testing with realistic data.

Physical Security

Protecting IT equipment and data physically, using measures like locks, cameras, and access controls.

Online Security

Controlling access to software and data files electronically, preventing unauthorized changes or use.

Backup and Contingency Planning

Strategies to recover from unexpected events like power outages or disasters. This involves data backups and alternative plans.

Off-Site Storage

Storing crucial data and software in a separate location to protect it from disasters at the primary site.

Outsourcing Data Storage

Hiring specialists to store and secure important data, ensuring its safety and availability.

Key Users

People who will use the software regularly and provide valuable feedback during its design and development.

IT's Impact on Internal Control

Information technology can significantly enhance internal control by automating processes, reducing errors, and improving the quality and availability of information.

Computer Controls vs. Manual Controls

IT systems often replace manual controls, providing consistency and reducing the risk of human errors in transaction processing.

Higher-Quality Information through IT

Complex IT systems, due to their structure and requirements, often produce more reliable and timely information for management decision-making.

Risks Specific to IT Systems

While IT improves controls, it also introduces new risks like data breaches, system failures, and unauthorized access, which can significantly disrupt operations and lead to data errors.

Risks to Hardware and Data

IT systems are susceptible to physical damage to hardware, data loss, and unauthorized access, which can compromise data integrity and system functionality.

Risks of Processing Errors

Errors in IT systems can lead to inaccurate financial reporting and decision-making, impacting the company's overall performance.

Payroll Liabilities: Accuracy

Ensuring that payroll liabilities are recorded at the correct amounts in the trial balance, avoiding understatement or omission.

Payroll Liabilities: Cutoff

Verifying that all transactions within the payroll and personnel cycle are recorded in the correct accounting period (no deferrals or prepayments).

Payroll and Personnel Cycle: Major Liability Accounts

Accounts like accrued wages/salaries, withheld taxes, and related forms represent the financial flow within this cycle.

Network Environments

Computer networks connecting various devices like desktops, servers, and printers within and across geographic locations.

LAN & WAN

LANs are local area networks used within a single building or cluster, while WANs connect equipment across larger geographic areas.

Network Security Issues

Networks can be vulnerable due to incompatible security features, decentralized control, and potential compromises from connected devices.

Decentralized Network Control

Lack of centralized IT control can create security risks as different departments purchase and manage their own equipment and software.

Security Compatibility

Devices on a network might have incompatible security features, creating potential vulnerabilities.

General Controls

Controls that apply across multiple systems or processes, minimizing errors by establishing overall system reliability. They include controls related to systems development and security.

Application Processing Controls

Specific controls, often programmed into software, that prevent, detect, and correct errors within a particular application or process.

Output Controls

Controls focused on detecting errors after data processing is completed.

Reasonable Review

A key output control where someone knowledgeable assesses the output data for accuracy and plausibility.

Auditing Around the Computer

An audit approach used in smaller companies where general controls are less effective. It involves directly examining source documents and output, limiting reliance on computer systems.

Test Data Approach

An audit technique where prepared test data is processed through the client's system to assess the effectiveness of automated controls.

Parallel Simulation

An audit approach where the auditor develops a separate program that simulates the client's system to compare results and identify discrepancies.

Embedded Audit Module Approach

An audit technique where a special program is inserted into the client's application, allowing for continuous monitoring and data collection for audit purposes.

Reconciling Control Totals

A common output control technique that compares manual control totals with computer-generated totals to check for mismatches.

Comparing Transaction Output to Source Documents

An output control where a sample of transactions is compared to the original input documents to ensure accuracy and completeness.

Study Notes

Audit Practice and Procedures II - Week Seven

• Topic: Auditing Payroll and Personnel Cycle and IT Audit

• Subtopic: Recap of Last Class

  • Audit Sampling
  • Sample Risk
  • Statistical and Non-Statistical Sampling
  • Probabilistic versus Non-Probabilistic Sampling
  • Types of Sampling; Sample Decisions

• Subtopic: The payroll and personnel cycle

  • There is only one class of transactions for payroll, unlike other cycles which have multiple classes.
  • Payroll-related transactions are generally more significant than related balance sheet accounts.
  • Internal controls over payroll are effective, especially for small companies due to strict federal and state regulations.
  • Employee morale can be affected if employees are not paid or are underpaid.

• Subtopic: The payroll and personnel cycle

  • The cycle begins with hiring, ends with payment for services performed, and includes obtaining services, consistent with company objectives, and proper accounting for the services.
  • The overall objective of the audit is to determine if the account balances affected by the cycle are fairly stated according to applicable accounting standards.

• Subtopic: Accounts in the Payroll and Personnel Cycle

  • Typical accounts in the payroll and personnel cycle (as illustrated in Figure 20-1) include: cash in bank, accrued wages, salaries, bonuses, and commissions, earned wages, salaries, etc., withheld income taxes, and other deductions, and payroll tax expense.
  • Accounting information flows through these accounts.
  • Accrued wages and salaries are used at the end of an accounting period only.
  • Expenses are typically recorded when employees are paid, not when the labor is incurred.

• Subtopic: Classes of Transactions, Accounts, Business Functions, and Related Documents and Records for the Payroll and Personnel Cycle (Table 20-1)

  • Key accounts and transactions: Payroll cash, payroll expense accounts, payroll withholding accounts, payroll accrual accounts, Human Resources, Timekeeping, Payroll Preparation, Payment of payroll, Payroll tax returns and payment of taxes.
  • Related documents and records: Human resource records, deduction authorization form, rate authorization form, time record, job time ticket, payroll transaction file, payroll journal or listing, Payroll master file, Payroll direct deposit or check, payroll bank account reconciliation, W-2 form, and payroll tax returns.

• Subtopic: Business Function - Human Resources

  • The human resources department is an independent source for interviewing and hiring qualified personnel, as well as an independent verification source of wage information, including additions or changes in payroll and wages, and deductions.

• Subtopic: Business Function - Timekeeping and Payroll Preparation

  • Timekeeping and payroll preparation directly affects payroll expense for each period in the audit.
  • Adequate controls are needed to prevent misstatements in preparing time records, summarizing and calculating gross pay, deductions, net pay, and preparing payroll records.

• Subtopic: Business Function – Payment of Payroll

  • Payroll disbursement approval and distribution are critically important to prevent payroll theft, and payroll disbursement should be processed separately from other disbursements.
  • Payments should be issued in exchange for services performed and, typically, deposited directly into employees’ bank accounts. The amount paid should reflect gross pay less taxes and other deductions withheld.

• Subtopic: Business Function – Preparation of Payroll Tax Returns and Payment of Taxes

  • Federal and state payroll laws require timely preparation and submission of payroll tax returns using computerized payroll systems.
  • Thorough verification by a competent individual is necessary to prevent misstatements and potential tax penalties associated with payroll tax returns.

• Subtopic: Summary of Transaction-Related Audit Objectives, Key Controls, Tests of Controls, Tests of Transactions for payroll -Detailed table describing transaction-related audit objectives for recorded payroll payments, existing payroll transactions, accuracy of payroll transactions, payroll posting and summarization, payroll classification, timing of transactions and related controls as well as tests that can be performed.

• Subtopic: Methodology for Designing Tests of Controls and Substantive Tests of Transactions

  • Internal control for payroll is highly structured to minimize payroll fraud and employee issues like being underpaid.
  • All payroll transactions are usually uniform and uncomplicated.
  • Payroll transactions are subject to audit by federal and state governments for income tax withholding, social security, and unemployment taxes.

• Subtopic: Understand Internal Control-Payroll and Personnel Cycle

  • Internal controls for payroll and personnel vary. Auditors must identify deficiencies in controls.
  • Auditors must test controls they intend to rely on for reduced assessed control risk.
  • For reporting on the effectiveness of internal control over financial reporting, the auditor must understand the relevant controls and controls tests sufficient to form an opinion.

• Subtopic: Key controls for the payroll and personnel cycle

  • Adequate separation of duties: Payroll function should be independent of human resources to prevent overpayments or payments to nonexistent employees. Payroll and payroll disbursement should also be separate.
  • Proper authorization: Only human resources should be authorized to add/delete employees or change payroll rates/deductions; hours worked should be approved by supervisors, and done on an exception basis for overtime.
  • Adequate documents and records: Appropriate records vary based on the type of compensation system (hourly vs. piece rate).
  • Physical control over assets and records: Access to unsigned checks, payroll, and direct deposit systems should be restricted.
  • Independent checks on performance: Payroll computations should be independently verified, and unusual amounts or misstatements should be investigated.

• Subtopic: Inventory and Fraudulent Payroll Considerations

  • Auditors extend payroll audit procedures if payroll significantly affects inventory valuation, or when concerned about fraudulent payroll transactions (nonexistent employees or fraudulent hours).

• Subtopic: Analytical Procedures for the Payroll and Personnel Cycle (Table 20-3)

  • Details of analytical procedures for comparative payroll expense with previous years, direct/commission labor as a percentage of sales and sales with previous years, also includes tax expense as a percentage of salaries and wages compared to previous years, and comparison of accrued payroll taxes with previous years.
  • Detailed description of possible misstatements.

• Subtopic: Methodology for Designing Tests of Details of Balances

  • Auditors begin by analyzing control risk and substantive tests of transactions.
  • After these, they determine the likelihood of misstatement in accounts and perform tests of balance details. -Payroll liabilities are examined regarding accuracy-correct amounts and proper period recording (cutoff).

• Subtopic: Identifying Client Business Risks Affecting Payroll (Phase I) -Payroll risks are usually not significant unless it is complex compensation arrangements are involved. For example bonus/stock options.

• Subtopic: Setting Performance Materiality and Assessing Inherent Risk (Phase I)

• Payroll transactions are typically numerous and involve large amounts but not typically substantial for misstatement concern.

• Subtopic: Assessing Control Risk and Performing Related Tests (Phase I and II)

• Auditors must perform control and substantive tests to minimize payroll risks.

• Subtopic: Performing Analytical Procedures (Phase III)

• Analytical procedures are essential when investigating payroll for reasonableness and comparing current period to prior ones.

• Subtopic: Design and Perform Tests of Details of Balances for Liability and Expense Accounts. (Phase III)

• Auditors check that accrued payroll expenses, payroll-related liabilities, are accurately measured and recorded at the appropriate time. The two major focus point are Accuracy (stated at the correct amount) and cutoff (transactions at the proper period).

• Subtopic: Chapter 12 - The Impact of Information Technology on the Audit Process

• Subtopic: How Information Technologies Improve Internal Controls

• Computers replacing manual controls for cost effective processing.

• Consistent information processing reduces misstatements.

• Higher-quality information from IT helps managers for better decisions.

• Subtopic: Assessing Risks of Information Technology

• IT may affect the organization's overall control risk but reduce some manual system risks.

• Risks specific to IT include to hardware/data, reduced audit trails, need for IT experience and separation of IT duties.

• Subtopic: Risks to Hardware and Data

• Reliance on functioning hardware and software without proper physical protection.

• Potential for errors due to systematic (programmed) errors.

• Potential for unauthorized access due to external parties with remote access.

• Loss of data from central electronic data storage.

• Subtopic: Reduced Audit Trail

• Reduced visibility of audit trail reduces tracing accuracy, which can lead to potential issues.

• Reduced human involvement from IT systems.

• Lack of traditional authorization because of automated systems for instance order levels.

• Subtopic: Need for IT Experience and Separation of IT Duties

• IT systems reducing traditional separation of duties, such as authorization, record keeping, custody, require additional IT experience.

• Segregation of duties and qualified personnel for installation, maintenance, and usage are essential for effective control.

• Subtopic: Internal Controls Specific to Information Technology

• General controls apply to all aspects of IT systems to address risk, such as administration, separation of duties, developing, physical and online security, back up (contingency plans for unexpected problems).

• Application controls work at business process level for transactions, such as sales, and cash receipts, and need comprehensive evaluation.

• Subtopic: Categories of General and Application Controls (Table 12-1)

• Detailed table describing categories of general controls (IT administration, separation of duties, systems development, physical and online security, backup/contingency planning, hardware controls) and application controls (input controls, processing controls, output controls) including examples for each category.

• Subtopic: Separation of IT duties

• It is important to separate the functions of authorization, record keeping, and custody to prevent fraud, and theft.

• Examples include separating management, systems development, operations (computers-operations, librarian, network administrators), and data control. This is crucial for protecting assets.

• Subtopic: Systems Development

• Purchasing right software and in-house development, involving IT and non-IT personnel (including key users and auditors) are important to address needs, software design, and implementation concerns.

• Thoroughly testing the software with realistic data is crucial for compatibility with existing systems (hardware and/or software) and capacity to handle transaction volumes.

• Subtopic: Physical and Online Security

• Physical controls (like restricting access, and security, and online access controls) must be established for computers and data files to mitigate risks of unauthorized changes and improper data file use.

• Security plans must be documented and monitored.

• Subtopic: Backup and Contingency Planning

• Business functions using IT are vulnerable to significant disruptions from various incidents (power failure, fire, extreme heat, water damage, or even sabotage).

• Implementing backup plans for data loss, generating backups, using on-site generators, storing data offsite, outsourcing to secure storage firms are important to ensure continuity of operations.

• Subtopic: Hardware Controls

• Hardware controls built into computer equipment to help with detection of failures. Auditors must ensure that the client handles errors detected by the hardware controls appropriately.

• Subtopic: Application Controls

• Application controls are designed to help ensure software operates correctly by handling the six transaction related objectives in financial reporting.

• Subtopic: Input Controls

• Effective controls are necessary to assure correct data entry, authorization, and completeness. For example, proper preparation, management authorization, and competent personnel.

• Subtopic: Processing Controls

• Controls needed for processing transactions (validation, sequence, arithmetic accuracy, reasonableness tests).

• Examples of this include ensuring accurate calculations of gross pay and that withholdings are correctly computed and compared.

• Subtopic: Output Controls

• Reconciling computer generated output to manual totals, comparing processed units, comparing transaction output to input, and ensuring the proper timing of processing are crucial.

• Subtopic: Auditing in Less Complex IT Environments

• Small companies who use IT without dedicated IT personnel or who use periodic IT consultants rely heavily on desktop, or networked servers.

• Subtopic: Examples of Auditing Around and Through the Computer

• Table describing various examples of auditing techniques in scenarios such as accounts receivable, payroll or cash disbursement, when performing through and around the computer.

• Subtopic: Auditing in More Complex IT Environments

• Auditors have three main considerations using test data, and they include including relevant circumstances, consistency with client usage, and eliminating from records.

• Subtopic: Parallel Simulation

• Software controlled to replicate client's operations.

• Using same data files to validate automated controls and electronic account balances, often called parallel simulation testing.

• Subtopic: Generalized Audit Software

• Generalized audit software (GAS) is utilized specifically for auditing purposes in a parallel simulation testing.

• Advantages: Easy training for staff, flexibility in different clients and cases, faster audit tests than traditional methods. -Detailed table of generalized audit software uses.

• Subtopic: Issues for Database Management Systems

• Database management systems centralizing data and sharing amongst applications.

• Implementation of proper controls (access controls, back up systems) for security, accuracy and completeness of the data.

• Integrating ERP systems which allows data across many functions.

• Subtopic: Issues for e-Commerce Systems

• The use of e-commerce systems.

• Concerns about security (interception or sabotage)

• Firewalls/ encryption and digital signatures for mitigation of these exposures.

• Public and private key encryption to transmit and store information securely.

• Subtopic: Class Discussion

  • Focus is on issues surrounding outsourcing of IT services.

Description

Test your knowledge on auditing principles and the payroll cycle. This quiz covers various aspects of audit practices, including test data approaches, parallel simulations, and specific characteristics of payroll processing. Perfect for accounting and audit students or professionals looking to refresh their knowledge.