ReSA - THE REVIEW SCHOOL OF ACCOUNTANCY
CPA Review Batch 44  October 2022 CPA Licensure Examination
AUDITING (Auditing Theory)
AT-10
J. IRENEO  E. ARAÑAS  F. TUGAS  C. ALLAUIGAN
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS
PSA 200
As the basis for the auditor’s opinion, PSAs require the auditor to obtain reasonable assurance about
whether the financial statements as a whole are free from material misstatement, whether due to
fraud or error... It is obtained when the auditor has obtained sufficient appropriate audit evidence to
reduce audit risk to an acceptably low level.
PSA 315 RISK ASSESSMENTS (RAP)
A. The auditor should:
a. Identify and assess the risks of material misstatement
i.
at the financial statement level
ii.
at the assertion level (classes of transactions, account balances, and
disclosures)
b. secure enough evidence to support the risk assessment.
i.
investigate on the integrity of the company before acceptance of audit
engagement
ii.
consider the threats to independence and the fundamental principles of ethics
iii.
understand the nature of the entity (INOMA) including its internal control
-Inquiries of management and others within the entity
-Analytical procedures
-Observation and inspection
-Discussion among engagement team members
-Other risk assessment procedures, including discussions with predecessor
auditor, evidence obtained during other procedures performed for the client
-*prior year working-papers
c. be most concerned about those business risks that may cause material misstatements.
d. use risk assessment to determine the nature, timing, and extent of further audit
procedures to be performed.
B. Documenting RAP
-discussion among the engagement team on the susceptibility of FS to material
misstatement and the significant decisions reached
-key elements of the understanding obtained regarding the entity’s environment & internal
control
-the sources of information from which the understanding was obtained and the risk
assessment procedures
-identified and assessed RMM at the financial statement level and at the assertion level
-the risks identified and related controls evaluated as a result of the RAP
PSA 330 RESPONSES TO ASSESSED RISK (RAR)
A. The auditor has a responsibility to design and implement responses to the RMM (IR, CR)
identified and assessed.
a. Overall responses
b. Responses Assessed Risks of Material Misstatement at the Assertion Level
B. The auditor should carefully plan to minimize the risk of failing to detect material
misstatements at the FS and assertion level (DR).
C. The auditor’s RAR should enable the gathering of Sufficient, Appropriate Evidence
D. RAR-Tests of Controls (TOC)
An audit procedure designed to evaluate the operating effectiveness of controls in
preventing, or detecting and correcting, material misstatements at the assertion level.
Auditors perform TOC to obtain sufficient appropriate audit evidence as to the operating
effectiveness of relevant controls
-when the auditor’s assessment of RMM at the assertion level includes an
expectation that the controls are operating effectively or
-when substantive procedures alone cannot provide sufficient appropriate audit
evidence
of downloaded
6
0915-2303213  www.resacpareview
This studyPage
source1was
by 100000875416732 from CourseHero.com on 11-23-2023 21:38:51 GMT -06:00
https://www.coursehero.com/file/186221613/AT-10-Risk-Assessment-Response-to-Assessed-Riskspdf/
AT-10
ReSA – THE REVIEW SCHOOL OF ACCOUNTANCY
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS
Nature and Extent of Tests of Controls
a. How the controls were applied at relevant times during the period under audit.
b. The consistency with which they were applied.
c. By whom or by what means they were applied.
d. Determine whether the controls to be tested depend upon other controls.
Timing of Tests of Controls
-test controls for the particular time, or throughout the period, for which the auditor intends
to rely on those controls
a. audit evidence obtained during an interim period
b. audit evidence obtained in previous audits
- The auditor shall document the conclusions reached about relying on such controls
that were tested in a previous audit.
The auditor shall evaluate the operating effectiveness of relevant controls he intends to
rely on.
E. RAR-Substantive Testing
An audit procedure designed to detect material misstatements at the assertion level.
Substantive procedures comprise:
i.
Tests of details (of classes of transactions, account balances, and disclosures), and
ii.
Substantive analytical procedures.
Irrespective of the assessed risks of material misstatement, the auditor shall design and
perform substantive procedures for each material class of transactions, account balance,
and disclosure.
- Agreeing or reconciling the FS with the underlying accounting records; and
- Journal Entry Testing (JET)
Timing of Substantive Procedures
When substantive procedures are performed at an interim date, the auditor shall
cover the remaining period by performing:
-Substantive procedures, combined with tests of controls for the intervening period;
or
-If the auditor determines that it is sufficient, further substantive procedures only,
that provide a reasonable basis for extending the audit conclusions from the interim
date to the period end.
The auditor shall perform audit procedures to evaluate whether the overall presentation of
the FS, including the related disclosures.
F. Audit Documentation
a. The overall responses to address the assessed risks of material misstatement at the
financial statement level, and the nature, timing, and extent of the further audit
procedures performed;
b. The linkage of those procedures with the assessed risks at the assertion level; and
c. The results of the audit procedures, including the conclusions where these are not
otherwise clear
This study source was downloaded by 100000875416732 from CourseHero.com on 11-23-2023 21:38:51 GMT -06:00
Page 2 of 6
0915-2303213  www.resacpareview.com
https://www.coursehero.com/file/186221613/AT-10-Risk-Assessment-Response-to-Assessed-Riskspdf/
AT-10
ReSA – THE REVIEW SCHOOL OF ACCOUNTANCY
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS
1. Risk
part
I.
II.
III.
IV.
assessment procedures include inquiries of management and others by the auditor. As
of these procedures, the auditor should talk to
Head of internal auditor function
Board of directors
Management
Members of the audit committee
A. I & II
B. II, III & IV
C. All of these
D. III only
2. Risk assessment procedures include
A. a required discussion among the staff members of the audit and the client regarding
material misstatements in the financial statement.
B. determination of the type of audit opinion to issue.
C. observation of the entity's operations.
D. assessing acceptable audit risk.
3. S1 Auditors are not allowed to make inquires of employees who are not considered
management, such as marketing or sales personnel.
S2 The performance of risk assessment procedures is designed to help the auditor obtain an
understanding of the entity.
A. True, true
B. False, false
C. True, false
D. False, true
4. Which of the following factors is most likely to affect the extent of the documentation of the
auditor's understanding of a client's system of internal controls?
A. The industry and the business and regulatory environments in which the client operates
B. The relationship between management, the board of directors, and external
stakeholders
C. The degree to which the auditor intends to use internal audit personnel to perform
substantive tests
D. The degree to which information technology is used in the accounting function
5. Evaluate the following statements:
I.
The determination of significant risks, which arise on most audits, is a matter for the
auditor’s professional judgment.
II. Routine, non-complex transactions that are subject to systematic processing are less
likely to give rise to significant risks because they have lower inherent risks.
III. Significant risks are often derived from business risks that may result in a material
misstatement.
A.
B.
C.
D.
Only statements I and II are true
Only statement I is true.
All statements are true
All statements are false
6. Narratives, flowcharts, and internal control questionnaires are three commonly used methods
of
A. Designing the audit manual and procedures.
B. Testing the internal control structure.
C. Documenting the study of internal controls.
D. Documenting the auditor’s understanding of client’s organizational structure.
7. S1 Flowcharts are harder to read and update than narratives.
S2 When documenting their understanding of a client's internal controls, auditors are required
to use narratives.
A. True, true
B. False, false
C. True, false
D. False, true
8. When dealing with the documentation of internal control,
A. in a narrative, most questions simply require a "yes" or "no" response.
B. questionnaires offer useful checklists to remind the auditor of the many different types
of internal controls that should exist.
C. questionnaires and flowcharts should not be used together.
D. flowcharts fail to show the segregation of duties in the company.
This study source was downloaded by 100000875416732 from CourseHero.com on 11-23-2023 21:38:51 GMT -06:00
Page 3 of 6
0915-2303213  www.resacpareview.com
https://www.coursehero.com/file/186221613/AT-10-Risk-Assessment-Response-to-Assessed-Riskspdf/
AT-10
ReSA – THE REVIEW SCHOOL OF ACCOUNTANCY
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS
9. When obtaining an understanding of the accounting and internal control system the auditor
may trace a few transactions through the accounting system. This technique is:
A. Reperformance
C. Control test
B. Walk-through
D. Validity test
10. An auditor with the CPA firm of Advanced and Mag-isip is working to understand a client’s
inventory procurement system. In hopes of assessing the control risk present in this system,
the auditor is reviewing a flowchart created by company employees. One symbol has a
rectangle shape. What does that symbol represent?
A. A document within the system
B. A decision made within the system
C. A process carried out within the system
D. The input of information within the system
11. After
A.
B.
C.
D.
obtaining a sufficient understanding of internal control, the auditor:
Assesses the need to apply GAAS.
Determines the preliminary assessment of control risk.
Assesses detection risk to determine the acceptable level of inherent risk.
Determines the assessed levels of detection risk and inherent risk.
12. What
A.
B.
C.
D.
are the different levels of risk assessment?
“High” and “Low”.
“High” and “Less than High”.
“Maximum” and “Minimum”.
“Higher” and “Lower”.
13. An auditor’s preliminary control risk assessment is at a HIGH level. Which of the following are
possible reasons for this preliminary assessment?
I.
The entity’s internal control system is not effective
II. Evaluating the effectiveness of the entity’s internal control system would not be
efficient.
A. I only
B. II only
C. Both I and II
D. Neither I and II
14. When control risk is assessed at less than high for all financial statements assertions, an
auditor should document the auditor’s
A
B
C
D
• Understanding of the entity’s internal control structure
Yes
Yes
No
Yes
• Conclusion that control risk is less than high
No
Yes
Yes
Yes
• Basis for the conclusion that control risk is less than high
Yes
Yes
No
No
15. Overall responses to address the risks of material misstatement at the financial statement
level include:
A. Emphasizing to the audit team the need to maintain professional skepticism in
gathering and evaluating audit evidence.
B. Assigning more experienced staff or those with special skills or using experts
C. Incorporating additional elements of unpredictability in the selection of further audit
procedures.
D. All of the answers.
16. Tests
A.
B.
C.
D.
of controls are used to test whether controls are:
Operating effectively.
Placed in operation or implemented.
Properly incorporated in the financial statements.
Properly documented by the client.
17. S1 Tests of controls are necessary if the auditor plans to use the primarily substantive
approach.
S2 Tests of controls are necessary if the auditor plans to assess the level of control risk at a
highlevel.
A. True, true
B. False, false
C. True, false
D. False, true
18. If the auditor anticipates reliance on the client’s internal controls, the auditor would:
A. Test controls and use the results of testing as a basis for determining the nature,
extent and timing of substantive tests.
B. No longer perform tests of controls and proceed immediately to substantive tests.
C. Perform tests of controls and increase the amount of substantive tests.
D. Eliminate the need for performance of substantive tests.
This study source was downloaded by 100000875416732 from CourseHero.com on 11-23-2023 21:38:51 GMT -06:00
Page 4 of 6
0915-2303213  www.resacpareview.com
https://www.coursehero.com/file/186221613/AT-10-Risk-Assessment-Response-to-Assessed-Riskspdf/
AT-10
ReSA – THE REVIEW SCHOOL OF ACCOUNTANCY
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS
19. After
A.
B.
C.
D.
documenting internal control in an audit engagement, the auditor may perform tests on:
Those controls in which deficiencies or weaknesses were identified.
Those controls that have a material effect on the balances in the financial statements.
Those controls that were reviewed (selected on a random basis).
Those controls that the auditor plans to rely on.
20. Tests
A.
B.
C.
of controls may include the following, except:
Reperformance of internal control procedures.
Inquiries about, and observation of, internal controls which leave no audit trail.
Analytical procedures involving comparison of operating expenses with budgeted
amount.
D. Inspection of documentary support for transactions evidencing authorization.
21. After considering a client’s internal control structure, an auditor has concluded that it is well
designed and is functioning as intended. Under these circumstances the auditor would most
likely
A. Perform tests of control to the extent outlined in the audit program.
B. Determine the control procedures that should prevent or detect errors and
irregularities.
C. Not increase the extent of predetermined substantive tests.
D. Determine whether transactions are recorded to permit preparation of financial
statements in conformity with generally accepted accounting principles.
22. Which of the following is a correct response of the auditor when he allows a lower acceptable
level of detection risk?
Nature of substantive tests Timing of substantive tests Extent of substantive tests
A.
More extensive
Year-end
More effective
B.
Less effective
Interim
Less extensive
C.
More effective
Year-end
More extensive
D.
More extensive
Interim
Less effective
23. If the
A.
B.
C.
D.
auditor wants to perform more effective substantive tests, the auditor will perform:
More test of details (transactions and balances) and less analytical procedures
More analytical procedures and less test of details (transactions and balances)
Test of details and analytical procedures in equal proportion
Neither test of details nor analytical procedures
24. The audit risk model is used primarily:
A. For planning purposes in determining how much evidence to accumulate.
B. While doing tests of controls.
C. To determine the type of opinion to express.
D. To evaluate the evidence which has been gathered.
25. Which of the following equations best describes the audit risk model?
A. AR = A + L + C
C. AR = (IR x DR)/CR
B. AR = (IR x CR)/DR
D. AR = IR x CR x DR
26. Inherent risk and control risk differ from detection risk in that inherent risk and control risk
are
A. Elements of audit risk while detection risk is not.
B. Changed at the auditor’s discretion while detection risk is not.
C. Considered at the individual account-balance level while detection risk is not.
D. Functions of the client and its environment while detection risk is not.
27. Which of the following is not a consideration when the auditor is attempting to assess the
inherent risk?
A. Nature of the client’s business.
B. Existence of related parties.
C. Frequency and intensity of top management review.
D. Susceptibility to defalcation.
28. Inherent risk is reduced when the likelihood of defalcations is low. This would be true for an
account such as:
A. Property, plant and equipment.
C. Cash.
B. Held for trading securities.
D. Accounts receivable.
This study source was downloaded by 100000875416732 from CourseHero.com on 11-23-2023 21:38:51 GMT -06:00
Page 5 of 6
0915-2303213  www.resacpareview.com
https://www.coursehero.com/file/186221613/AT-10-Risk-Assessment-Response-to-Assessed-Riskspdf/
AT-10
ReSA – THE REVIEW SCHOOL OF ACCOUNTANCY
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS
29. When the auditor assesses inherent risk, he considers among others the following factors,
except:
A. Integrity of management.
C. Unusual pressures on management.
B. Nature of the entity’s business.
D. Results of interim tests.
30. Which of the following is an incorrect statement?
A. Detection risk is a function of effectiveness of an auditing procedure and its application.
B. Detection risk arises partly from uncertainties that exist when the auditor does not
examine 100 percent of the population.
C. Detection risk arises partly because of other uncertainties that exist even if the auditor
were to examine 100 percent of the population.
D. Detection risk exists independently of the audit of the financial statements.
31. The acceptable level of detection risk (ADR) and the combined level of inherent risk (IR) and
control risk (CR) are ___________ related.
A. directly
B. inversely
C. proportionately
D. not
32. The audit risk model consists of:AR = IR x CR x DR. The detection risk is the dependent
variable. What is the acceptable level of detection risk if the assessed level of inherent risk is
HIGH and the control risk is MEDIUM?
A. Lowest
B. Lower
C. Medium
D. Higher
33. Which of the following pertains to detection risk?
A. An entity’s asset custodian and record-keeping function for cash are handled by one
process owner.
B. An entity operates in a highly complex business environment.
C. An auditor uses substantive analytical procedures instead of test of balances.
D. None of the above.
34. Which of the following statements is correct concerning an auditor’s assessment of control
risk?
A. Assessing control risk may be performed concurrently during an audit with obtaining
an understanding of the entity’s internal control.
B. Evidence about the operation of internal control in prior audits may not be considered
during the current year’s assessment of control risk.
C. The basis for an auditor’s conclusions about the assessed level of control risk need not
be documented unless control risk is assessed at the maximum level.
D. The lower the assessed level of control risk, the less assurance the evidence must
provide that the control procedures are operating effectively.
35. Which of the following is not a step in an auditor’s assessment of control risk?
A. Evaluate the effectiveness of internal control with tests of controls.
B. Obtain an understanding of the entity’s information system and control environment.
C. Perform tests of details of transactions to detect material misstatements in the financial
statements.
D. Consider whether controls can have a pervasive effect of financial statement
assertions.
36. After obtaining an understanding of internal control and assessing the risk of material
misstatement, an auditor decided to perform tests of controls. The auditor most likely decided
that
A. It would be efficient to perform tests of controls that would result in a reduction in
planned substantive tests.
B. Additional evidence to support a further reduction in the risk of material misstatement
is not available.
C. An increase in the assessed level of the risk of material misstatement is justified for
certain financial statement assertions.
D. There were many internal control weaknesses that could allow misstatements to enter
the accounting system.
- END -
This study source was downloaded by 100000875416732 from CourseHero.com on 11-23-2023 21:38:51 GMT -06:00
Page 6 of 6
0915-2303213  www.resacpareview.com
https://www.coursehero.com/file/186221613/AT-10-Risk-Assessment-Response-to-Assessed-Riskspdf/
Powered by TCPDF (www.tcpdf.org)