ANSWER FROM ANSWER KEY
11-6. a.
Three strategies that the auditor might use when testing a system of internal
controls that use information technology include:
1. Assessing control risk based on user controls.
2. Planning for a low control risk assessment based on application controls.
3. Planning for a high control risk assessment based on general controls and
manual follow-up.
b.
The auditor might assess control risk as low based on two of the three above
strategies, assuming that the evidence shows that the controls are effectively
designed and placed in operation. First the auditor can assess control risk as low
based on user controls, such as effective performance reviews by management.
Second, the auditor can assess control risk as low based on effective computer
application controls. This strategic also involved effective manual follow-up of
exceptions noted by application controls.
c.
The auditor can assess control risk as high based on evidence obtained about both
computer controls and manual follow-up procedures. The auditor may be able to
develop implications about the effective operation of application controls based
on inspection of exception reports and inquiries of those who follow-up on
exception reports. However, the auditor must perform direct tests of application
controls in order to assess control risk below a high level.
11-8. The advantages of parallel simulation include the following:
 Because real data are used, the auditor can verify the transactions by tracing them to
source documents and approvals.
 The size of the sample can be greatly expanded at relatively little additional cost.
 The auditor can independently run the test.
The disadvantages include the fact that the auditor may need special training to
understand the client’s program and develop a program that simulates the client’s
program. The auditor must also take care to determine that the data selected for
simulations are representative of actual client transactions.
13-8.
1.
Step
Determine the objectives of the test of controls
2.
Determine procedures to evaluate internal controls
3.
Make a decision about the audit sampling technique.
4.
Define the population and sampling unit.
Professional Judgment
Determine audit objectives and how the objectives of the
test relate to financial statement assertions.
The determination of procedures is a matter of
professional judgment that provides evidence about the
effective design and operation of internal controls.
The choice of using statistical or nonstatistical sampling
is a matter of professional judgment.
The population depends on the control being tested. In
many cases, there may be several ways to identify
5.
Use professional judgment to determine sample
size.
6.
Select a representative sample.
7.
Apply audit procedure.
8.
Evaluate the sample results.
9.
Document conclusions
different sampling units for the same control (e.g., each
report or each item on a report).
Sample size is a function of a variety of factors. The
auditor uses professional judgment to make a decision
about each judgment that influences sample size. If the
auditor uses nonstatistical sampling the auditor also uses
professional judgment to determine the sample size
used.
The auditor uses professional judgment in determining
the technique used to select a representative sample from
the population.
In step 2 the auditor used professional judgment to
determine the procedures to be performed. Now the
auditor uses judgment to apply those procedures to each
sampling unit. Judgment is necessary to determine if
evidence supports a control deviation or whether the
control functioned effectively.
The auditor uses professional judgment to sum the
sample results and project the sample results on the
population, particularly in a nonstatistical sample.
Professional judgment is an integral part of documenting
the audit conclusions about effective operation of a
control based on sample results.