Question 1/16 What are the five components of internal control in the COSO internal control framework?

The COSO Internal Control - Integrated Framework consists of the following five components: 1) Control environment 2) Risk assessment 3) Control activities 4) Information and communication 5) Monitoring The control environment serves as the umbrella for the other four components. Without effective control environment, the other four are unlikely to result in effective internal control, regardles of their quality. (LO #10-3) Question 2 / 16 What are the five types of test auditors use to determine whether financial statements are fairly stated? Identify which tests are performed to reduce control risk and which tests are performed to reduce planned detection risk. Also, identify which test will be used by a public company auditor when auditing internal control over financial reporting. The five types of test auditors use to determine whether financail statements are fairly stated include the following: 1) Risk assessment procedures 2) Tests of controls 3) Substantive tests of transactions 4) Analytical procedures 5) Tests of details of balances While risk assessment procedures (procedures to gain an understanding of the entity and its environment, including internal control) help the financial statement auditor obtain information to make an initial assessment of control risk, tests of controls must be performed as support of an assessment of control risk that is below maximum. The purpose of the tests of controls is to obtain evidence regarding the effectiveness of controls, which may allow the auditor to assess control risk below maximum. If controls are found to be effective and functioning, the substantive evidence may be reduced. Substantive evidence is obtained to reduce detection risk. Substantive evidence includes evidence from subtantive test of transactions, analytical procedures, and test of details of balances. For audits of internal control over financial reporting, the auditor only performs the first two types of audit tests: procedures to obtain an understanding of internal control and test of controls. Because a public company auditor must issue a report on internal control over financial reporting, the extent of the auditor's tests of controls must be sufficient to issue an opinion about the operating effectiveness of those controls. That generally requires a significant amount of testing of controls over financial reporting. (LO #13-1) Question 3 / 16 Define each of the following terms: a) Acceptable risk of assessing control risk too low (ARACR) The risk the auditor is willing to take of accepting a control as effective or a rate of monetary misstatements as tolerable, when the true population exception rate is greater than the tolerable exception rate. b) Computed upper exception rate (CUER) The highest estimated exception rate in the population at a given ARACR. c) Estimated population exception rate (EPER) The exception rate the auditor expects to find in the population before testing begins. It is necessary to plan the appropriate sample size. d) Sample exception rate (SER) The actual rate of exception discovered in the sample. It is calculated by dividing the actual number of exceptions in the sample by the sample size. e) Tolerable exception rate (TER) The exception rate the auditor will permit in the population and still be willing to use the assessed control risk and/or the amount of monetary misstatements in the transactions established during planning. (LO #15-5) Question 4 / 16 What is the purpose of an engegement letter? What subjects should be covered in such a letter? SAS 108 requires the auditor to document their understanding of the terms of the engagement with the client in an engagement letter. The engagement letter should include the engagement's objectives, the responsibilities of the auditor and management, and the engagement's limitations. An engagement letter is an agreement between the CPA firm and the client concerning the conduct of the audit and related services. It should state what services will be provided, whether any restrictions will be imposed on the auditor's work, deadlines for completing the audit, and assistance to be provided by client personnel. The engagement letter may also include the auditor's fees. In addition, the engagement letter informs the client that the auditor cannot guarantee that all acts of fraud wil be discovered. (LO#8-2)

Question 5 / 16 What is the auditor's responsibility for obtaining an understanding of internal control? How does that responsibility differ for audits of public and non-public companies? The second GAAS field work standard states "The auditor must obtain a sufficient understanding of the entity and its environment, including its internal controls, to assess the risk of material misstatement of the financial statements whether due to error or fraud and to design the nature, timing, and extent of further audit procedures." The auditor obtains the understanding of internal control to assess control risk in every audit and that responsibility is the same for audits of both public and non-public companies. Auditors are primarily concerned about controls related to the reliability of financial reporting and controls over classes of tranactions. (LO #10-2, 10-4, 10-8) Question 6 / 16 List the most imprtant duties that should be segregated in the sales and collection cycle. Explain why it is desirable that each duty be segregated. The most important duties that should be segregated in the sales and collection cycle are: 1. Receiving orders for sales 2. Granting credit (credit approval) 3. Shipping goods 4. Maintaining inventory records 5. Billing customers and recording sales 6. Maintaining general accounting records 7. Maintaining detailed accounts receivable records 8. Processing cash receipts 9. Pursuing unpaid accounts Segregation of duties should be used extensively in the sales and collection cycle for two reasons. First, cash receipts are subject to easy manipulation. Second, the large number and nature of transactions within the cycle make the procedure of cross-checking, where one employee's duties automatically serve to verify the accuracy of another's, highly desirable. If the asset-handling activities (shipping goods and processing cash receipts) are combined with their respective accountability activities (maintaining inventory, accounts receivable, and general accounting records), a serious deficiency with respect to safeguarding those assets exists. It would be easy for an employee, by either omitting or adding an entry, to use the company's assets for his or her own purpose. If the credit granting function is combined with the sales function, there may be a tendency of sales staff to optimize volume even at the expense of high bad debt writeoffs. (LO #14-3) Question 7 / 16 What is the purpose of test of controls? Identify specific accounts on the financial statements that are affected by performing tests of controls for the acquisition and paymennt cycle. Tests of controls are audit procedures to test the operating effectiveness of control policies and procedures in support of a reduced assessed control risk. Tests of controls provide the primary basis for a public company auditor's report on internal controls over financial reporting. Specific accounts affected by performing tests of controls for the acquisition and payment cycle include the following: cash, accounts payable, purchases, purchase returns and allowances, purchase discounts, manufacturing expenses, selling expenses, prepaid insurance, leasehold improvements, and various administrative expenses. (LO #13-1)

Question 8 / 16 Define what is meant by a related party. What are the auditor's responsibilites for reated parties and related party transactions? A related party is defined in SAS45 (AU434) as an affiliated company, principal owner of the client company, or any other party with which the client deals where one of the parties can influence the management or operating policies of the other. Material related party transactions must be disclosed in the financial statements by management. Therefore, the auditor must identify related parties and make a reasonable effort to determine that all material related party transactions have been properly disclosed in the financial statements. (LO #8-3) Question 9 / 16 Section 404 of the Sarbanes-Okley Act requires management to issue a report on internal contol over financial reporting. identify the specific Section 404 reporting requirements for management. Section 404 requires management of all public companies to issue internal control report that includes the following: A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting. An assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the end of the company's fiscal year. (LO #10-2)

Question 10 / 16 Distinguish between the terms tolerable misstatement and preliminary judgmentabout materiality. How are they related to each other? A preliminary judgment about materiality is set for the financial statements as a whole. Tolerable misstatement is the maximum amount of misstatement that would be considered material for an individual account balance. The amount of tolerable misstatement for any given account is dependent upon the preliminary judgment about materiality. Ordinarily, tolerable misstatement for any given account would have to be lower than the preliminary judgment about materiality. In many cases, it will be considerably lower because of the possibility of misstatements in different acounts, that, in total, annot exceed the preliminary judgment about materiality. (LO #9-2, 9-3)

Question 11 / 16 Define the audit risk model and explain each term in the model. Also, describe which two factors of the model when combined reflet the risk of material misstatement. The audit risk model is as follows: AAR = IR X CR X PDR Where: AAR = Acceptable Audit Risk IR = Inherent Risk CR = Control Risk PDR = Planned Detection Risk Acceptable audit risk - A measure of how willing the auditor is to accept that the financial statements may be materially misstated after the audit is completed and an unqualified opinion has been issued. Planned detection risk - A measure of the risk that audit evidence for a segent will fail to detect misstatements exceeding a tolerable amount, should such misstatements exist. Inherent risk - A measure of the auditor's assessment of the likelihood that there are material misstatements in a segment before considering the effectiveness of internal control. Control risk - A measure of the auditor's assessment of the likelihood that misstatements exceeding a tolerable amount in a segment will not be prevented or detected by the client's internal controls. SAS107 (AU 312) notes that the combination of inherent risk and control risk reflect the risk of material misstatement. (LO #9-6) Question 12 / 16 What are the purposed of the preliminary analytical procedures? What types of comparisons are suseful when performing preliminary analytical procedures? Analytical procedures are performed during the planning phase of the engsagement to assist the auditor in determining the nature, extent, and timing of work to be performed. Preliminary analytical procedures also help the auditor identify accounts and classes of transactions where misstatements are likely. Comparisons that are useful when performing preliminary analytical procedures include: 1) Compare client and industry data 2) Compare client data with similar prior period date 3) Compare client data with client-determined expected results 4) Compare client data with auditor-determined expected results 5) Compare client data with expected results, using nonfinancial data. (LO #8-5, 8-6) Question 13 / 16 Explain the importance of proper credit approval for sales. What effect do adequate controls in the credit function have on the auditor's evidence accumulation? Proper credit approval for sales helps minimize the amount of bad debts and the collection effort for accounts receivable by requiring that each sale be evaluated for collection potential. Adequate controls in the credit function enable the auditor to place more reliance on the client's estimate of uncollectible accounts. Without these controls, the auditor would have to make his or her own credit checks on the customers in order to be convinced that the allowance for uncollectible accounts is reasonable. (LO #14-2) Question 14 / 16 List the transaction-related audit objectives for the verification of cash receipts. For each objective, state one internal control that the client can use to reduce the likelihood of misstatements. TRANSACTION-RELATED AUDIT OBJECTIVE & KEY INTERNAL CONTROLS

1. Recorded cash receipts are for funds actually received by the company (occurrence). Separation of duties between handling cash and record keeping. Independent reconciliation of bank accounts. 2. Cash received is recorded in the cash receipts journal (completeness). Separation of duties between handling cash and record keeping. Use of remittance advices or a prelisting of cash. Immediate endorsement of incoming checks. Internal verification of the recording of cash receipts. Regular monthly statements to customers. 3. Cash receipts are deposited and recorded at the amounts received (accuracy). Same as 2 above. Approval of cash discounts. Regular reconciliation of bank accounts. Batch totals are compared with computer summary reports. 4. Cash receipts are properly included in the accounts receivable master file and are correctly summarized (posting and summarization). Regular monthly statements to customers. Internal verification of accounts receivable master file contents. Comparison of accounts receivable master file or trial balance totals with general ledger balance. 5. Cash receipts transactions are properly classified (classification). Use of adequate chart of accounts. Internal review and verification. 6. Cash receipts are recorded on the correct dates (timing). Procedure requiring recording of cash receipts on a daily basis. Internal verification. (LO #14-5) Question 15 / 16 Define the meaning of the term materiality as it is used in account and auditing. What is the relationship between materiality and the phrase obtain reasonable assurance used in the auditor's report? Materiality s defined as: the magnitude of an omission or misstatement of accounting information that, in light of the surrounding circumstances, makes it probable that the judgement of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement. "Obtain reasonable assurance" as used in the adudit report, means that the auditor does not guarantee or insure the fair presentation of the financial statements. There is some risk that the financial statements contain a material misstatement. (LO #9-1) Question 16 / 16 Explain the major difference between satistical and nonstatistical sampling. What are the three main parts of statistical and nonstatistical methods? Statistical sampling is the use of mathematical measurement techniques to calculate formal statistical results. The auditor therefore quantifies sampling risk when statistical sampling is used. In non-statistical sampling, the auditor does not quantify sampling risk. Instead, conclusions are reached about populations on a more judgmental basis. For both statistical and non-statistical methods, the three main parts are: 1. Plan the sample 2. Select the sample and perform the tests 3. Evaluate the results (LO #15-2)