(13) Risk Assessment and Response to Assessed Risks

d. The auditor should obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach.

1. Which of the following is correct statement?

a. The auditor should use professional judgment to assess audit risk and to design audit procedures to ensure it is eliminated.
b. The auditor is an insurer, and his or her report constitutes a guarantee.
c. The subsequent discovery that a material misstatement exists in the financial statements is evidence of inadequate planning, performance, or judgment on the part of the auditor.
d. The auditor should obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach.

d. The risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated.

2. According to PSA 400 – Risk Assessments and Internal Control, audit risk means

a. The susceptibility of an account balance or class of transactions to misstatement that could be material, individually or when aggregated with misstatements in other balances or classes, assuming that there were no related internal controls.
b. The risk that a misstatement, that could occur in an account balance or class of transactions and that could be material, individually or when aggregated with misstatements in other balances or classes, will not be prevented or detected and corrected on a timely basis by the accounting and internal control systems.
c. The risk that an auditor's substantive procedures will not detect a misstatement that exists in an account balance or class of transactions that could be material, individually or when aggregated with misstatements in other balances or classes.
d. The risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated.

c. Exist independently of the financial statement audit.

3. Inherent risk and control risk differ from detection risk in that they

a. Arise from the misapplication of auditing procedures.
b. May be assessed in either quantitative or nonquantitative terms.
c. Exist independently of the financial statement audit.
d. Can be changed at the auditor's discretion.

d. Functions of the client and its environment while detection risk is not.

4. Inherent risk and control risk differ from detection risk in that inherent risk and control risk are

a. Elements of audit risk while detection risk is not.
b. Changed at the auditor's discretion while detection risk is not.
c. Considered at the individual account-balance level while detection risk is not.
d. Functions of the client and its environment while detection risk is not.

d. Detection risk exists independently of the audit of the financial statements.

5. Which of the following is an incorrect statement?

a. Detection risk is a function of the effectiveness of an auditing procedure and its application.
b. Detection risk arises partly from uncertainties that exists when the auditor does not examine 100 percent of the population.
c. Detection risk arises partly because of other uncertainties that exist even if the auditor were to examine 100 percent of the population.
d. Detection risk exists independently of the audit of the financial statements.

a. Detection risk cannot be changed at the auditor's discretion.

6. Which of the following is an incorrect statement?

a. Detection risk cannot be changed at the auditor's discretion.
b. If individual audit risk remains the same, detection risk bears an inverse relationship to inherent and control risks.
c. The greater the inherent and control risks the auditor believes exists, the less detection risk that can be accepted.
d. The auditor might make separate or combined assessments of inherent risk and control risk.

c. Because it affects the level of detection risk the auditor may accept.

7. Why would the auditor assess control risk?

a. Because it indicates where inherent risk may be the greatest.
b. Because it determines whether sampling risk is sufficiently low.
c. Because it affects the level of detection risk the auditor may accept.
d. Because it includes the aspects of nonsampling risk that are controllable.

b. Inverse

8. The relationship between acceptable level of detection risk and the combined level of inherent and control risk is

a. Direct
b. Inverse
c. Parallel
d. Independent

a. Highest

9. AR model: IR × CR × DR. If IR is High and CR is Low, what is the acceptable detection risk?

a. Highest
b. Medium
c. Lower
d. Higher

d. Decrease detection risk.

10. If control risk is increased, what must the auditor do to maintain the same audit risk level?

a. Decrease substantive testing.
b. Increase materiality levels.
c. Increase inherent risk.
d. Decrease detection risk.

a. Substantive tests should increase.

11. As acceptable detection risk decreases, the assurance from:

a. Substantive tests should increase.
b. Tests of controls should increase.
c. Substantive tests should decrease.
d. Tests of controls should decrease.

b. Nature changes from less to more effective

12. Which statement is true if control risk is assessed at maximum?

a. Nature changes from more to less effective
b. Nature changes from less to more effective
c. Timing changes from year-end to interim
d. Extent changes from larger to smaller sample

b. Qualified or disclaimer of opinion

13. If detection risk cannot be reduced to an acceptable level, the auditor should express:

a. Qualified or adverse opinion
b. Qualified or disclaimer of opinion
c. Unqualified with explanatory paragraph
d. Unqualified opinion

c. Collecting and evaluating evidence

14. Which is NOT a feature of risk-based auditing?

a. Identifying high-risk areas
b. Analysis of internal control
c. Collecting and evaluating evidence
d. Concentrating audit resources on high-risk areas

b. Retained earnings reduced by half due to dividend payout

15. Which is NOT a good indicator of financial failure?

a. Constant cash and working capital shortage
b. Retained earnings reduced by half due to dividend payout
c. Heavy reliance on short-term debt for long-term assets
d. Increasing net losses for several years

d. All of the above

16. PSA 315 requires:

a. Understanding the entity and its environment, including internal control
b. Discussion among the engagement team about risk of material misstatement
c. Identifying and assessing risks of material misstatement at FS and assertion levels
d. All of the above

d. This PSA discusses the auditor’s responsibility to determine overall responses and to design and perform further audit procedures whose nature, timing, and extent are responsive to the risk assessments.

17. Which of the following is incorrect regarding PSA 315?

a. The purpose of this PSA is to establish standards and to provide guidance on obtaining an understanding of the entity and its environment, including its internal control, and on assessing the risks of material misstatement in a financial statement audit.
b. This PSA requires the auditor to make risk assessments at the financial statement and assertion levels based on an appropriate understanding of the entity and its environment, including its internal control.
c. The requirements and guidance of this PSA are to be applied in conjunction with the requirements and guidance provided in other PSAs.
d. This PSA discusses the auditor’s responsibility to determine overall responses and to design and perform further audit procedures whose nature, timing, and extent are responsive to the risk assessments.

d. The depth of the overall understanding that is required by the auditor in performing the audit is equal to that possessed by management in managing the entity.

understanding of the entity and its environment?

a. Obtaining an understanding of the entity and its environment is an essential aspect of performing an audit in accordance with PSAs.
b. That understanding establishes a frame of reference within which the auditor plans the audit and exercises professional judgment about assessing risks of material misstatement of the financial statements and responding to those risks throughout the audit.
c. The auditor’s primary consideration is whether the understanding that has been obtained is sufficient to assess the risks of material misstatement of the financial statements and to design and perform further audit procedures.
d. The depth of the overall understanding that is required by the auditor in performing the audit is equal to that possessed by management in managing the entity.

a. Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and assertion levels.

19. The main purpose of risk assessment procedures is to

a. Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and assertion levels.
b. Test the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.
c. Detect material misstatements at the assertion level.
d. All of the above.

b. Inquiries of the entity’s external legal counsel or of valuation experts that the entity has used

20. The auditor should perform the following risk assessment procedures to obtain an understanding of the entity and its environment, except:

a. Inquiries of management and others within the entity.
b. Inquiries of the entity’s external legal counsel or of valuation experts that the entity has used.
c. Analytical procedures.
d. Observation and inspection.

b. Help the auditor understand the environment in which the financial statements are prepared.

21. Inquiries directed towards those charged with governance may most likely

a. Relate to their activities concerning the design and effectiveness of the entity’s internal control and whether management has satisfactorily responded to any findings from these activities.
b. Help the auditor understand the environment in which the financial statements are prepared.
c. Relate to changes in the entity’s marketing strategies, sales trends, or contractual arrangements with its customers.
d. Help the auditor in evaluating the appropriateness of the selection and application of certain accounting policies.

d. When such analytical procedures use data aggregated at a high level (which is often the situation), the results of those analytical procedures provide a clear-cut indication about whether a material misstatement may exist.

22. Which statement is incorrect regarding analytical procedures?

a. Analytical procedures may be helpful in identifying unusual transactions or events, and amounts, ratios, and trends that might indicate matters that have financial statement and audit implications.
b. In performing analytical procedures as risk assessment procedures, the auditor develops expectations about plausible relationships that are reasonably expected to exist.
c. When comparison of those expectations with recorded amounts or ratios developed from recorded amounts yields unusual or unexpected relationships, the auditor considers those results in identifying risks of material misstatement.
d. When such analytical procedures use data aggregated at a high level (which is often the situation), the results of those analytical procedures provide a clear-cut indication about whether a material misstatement may exist.

d. All the team members should have a comprehensive knowledge of all aspects of the audit

23. Which statement is incorrect regarding the discussion among the engagement team about the susceptibility of the entity’s financial statements to material misstatements?

a. The members of the engagement team should discuss the susceptibility of the entity’s financial statements to material misstatements.
b. The objective of this discussion is for members of the engagement team to gain a better understanding of the potential for material misstatements of the financial statements resulting from fraud or error in the specific areas assigned to them, and to understand how the results of the audit procedures that they perform may affect other aspects of the audit.
c. The discussion provides an opportunity for more experienced engagement team members, including the engagement partner, to share their insights based on their knowledge of the entity, and for the team members to exchange information about the business risks.
d. All the team members should have a comprehensive knowledge of all aspects of the audit

a. All of the above

24. The auditor’s understanding of the entity and its environment consists of an understanding of the following aspects:

I. Industry, regulatory, and other external factors, including the applicable financial reporting framework.
II. Nature of the entity, including the entity’s selection and application of accounting policies.
III. Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements.
IV. Measurement and review of the entity’s financial performance.
V. Internal control.

a. All of the above
b. I, II and III
c. I, II, III and IV
d. I, II, III and V

a. The entity’s operations, its ownership and governance, the types of investments that it is making and plans to make, the way that the entity is structured and how it is financed.

25. Nature of an entity refers to

a. The entity’s operations, its ownership and governance, the types of investments that it is making and plans to make, the way that the entity is structured and how it is financed.
b. The overall plans for the entity.
c. The operational approaches by which management intends to achieve its objectives.
d. The result of significant conditions, events, circumstances, actions or inactions that could adversely affect the entity’s ability to achieve its objectives and execute its strategies, or the setting of inappropriate objectives and strategies.

d. A business risk may have an immediate consequence for the risk of misstatement for classes of transactions, account balances, and disclosures at the assertion level or the financial statements as a whole.

26. Which statement is correct regarding business risks?

a. The risk of material misstatement of the financial statements is broader than business risk, though it includes the latter.
b. The auditor should identify or assess all business risks.
c. All business risks give rise to risks of material misstatement.
d. A business risk may have an immediate consequence for the risk of misstatement for classes of transactions, account balances, and disclosures at the assertion level or the financial statements as a whole.

c. The entity does not have the personnel or expertise to deal with the changes in the industry.

27. A potential business risk created by industry developments may most likely include

a. Increased product liability.
b. increased legal exposure
c. The entity does not have the personnel or expertise to deal with the changes in the industry.
d. Loss of financing due to the entity’s inability to meet financing requirements.

a. Operations in regions that are economically stable.

28. The following are examples of conditions and events that may indicate risks of material misstatement, except

a. Operations in regions that are economically stable.
b. Pending litigation and contingent liabilities.
c. Application of new accounting pronouncements.
d. Entities or business segments likely to be sold.

d. Constraints on the availability of capital and credit.

29. Which condition may most likely indicate risks of material misstatement?

a. Having personnel with appropriate accounting and financial reporting skills.
b. Accounting measurements that involve simple processes.
c. Significant amount of routine or systematic transactions.
d. Constraints on the availability of capital and credit.

c. Routine, non-complex transactions that are subject to systematic processing are more likely to give rise to significant risks because they have higher inherent risks.

30. Which statement is incorrect regarding significant risks that require special audit consideration?

a. The auditor should determine which of the risks identified are, in the auditor’s judgment, risks that require special audit consideration.
b. The auditor excludes the effect of identified controls related to the risk to determine whether the nature of the risk, the likely magnitude of the potential misstatement including the possibility that the risk may give rise to multiple misstatements, and the likelihood of the risk occurring are such that they require special audit consideration.
c. Routine, non-complex transactions that are subject to systematic processing are more likely to give rise to significant risks because they have higher inherent risks.
d. Significant risks are often derived from business risks that may result in a material misstatement.

a. I and II

31. Examples where substantive procedures alone may not provide sufficient audit evidence include:

1. Automated ordering and payment system with minimal documentation
   
   

2. Fully automated billing and revenue recording system via IT

a. I and II
b. I only
c. II only
d. Neither I nor II

d. All of the above.

32. PSA 330 requires the auditor to:

a. Determine overall responses to address risks of material misstatement at the financial statement level.
b. Design and perform further audit procedures, including tests of controls and substantive procedures responsive to assessed risks.
c. Evaluate whether risk assessments remain appropriate and whether sufficient audit evidence has been obtained.
d. All of the above.

d. Performing substantive procedures at an interim date instead of at period end.

33. Overall responses to financial statement level risks least likely include:

a. Emphasizing professional skepticism.
b. Assigning more experienced staff or experts.
c. Adding unpredictability in audit procedures.
d. Performing substantive procedures at an interim date instead of at period end.

c. Modify the nature of audit procedures to obtain more persuasive audit evidence.

34. Weaknesses in the control environment ordinarily will lead the auditor to:

a. Have more confidence in internal control and internal audit evidence.
b. Conduct procedures at interim rather than year-end.
c. Modify the nature of audit procedures to obtain more persuasive audit evidence.
d. Decrease the number of locations in audit scope.

a. The nature of the audit procedures.

35. The auditor should design and perform further audit procedures whose nature, timing, and extent are responsive to the assessed risks of material misstatement at the assertion level. Which of the following is the most important consideration in responding to the assessed risks?

a. The nature of the audit procedures.
b. The timing of the audit procedures.
c. The extent of the audit procedures.
d. All of these are equally important.

d. The auditor designs and performs substantive procedures for each material class of transactions, account balance, and disclosure only when the auditor uses the substantive approach.

36. The auditor’s assessment of the identified risks at the assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit procedures. Which of the following is incorrect?

a. The auditor may determine that only by performing tests of controls may the auditor achieve an effective response to the assessed risk of material misstatement for a particular assertion.
b. The auditor may determine that performing only substantive procedures is appropriate for specific assertions and, therefore, the auditor excludes the effect of controls from the relevant risk assessment.
c. The auditor needs to be satisfied that performing only substantive procedures for the relevant assertion would be effective in reducing the risk of material misstatement to an acceptably low level.
d. The auditor designs and performs substantive procedures for each material class of transactions, account balance, and disclosure only when the auditor uses the substantive approach.

c. The higher the auditor’s assessment of risk, the less reliable and relevant is the audit evidence sought by the auditor from substantive procedures.

37. Which statement is incorrect regarding the nature of further audit procedures?

a. The nature of further audit procedures refers to their purpose and their type.
b. Certain audit procedures may be more appropriate for some assertions than others.
c. The higher the auditor’s assessment of risk, the less reliable and relevant is the audit evidence sought by the auditor from substantive procedures.
d. The auditor is required to obtain audit evidence about the accuracy and completeness of information produced by the entity’s information system when that information is used in performing audit procedures.

d. All audit procedures can be performed prior to period end.

38. Which statement is incorrect regarding the timing of further audit procedures?

a. Timing refers to when audit procedures are performed or the period or date to which the audit evidence applies.
b. The auditor may perform tests of controls or substantive procedures at an interim date or at period end.
c. If the auditor performs procedures prior to period end, additional procedures are needed for the remaining period.
d. All audit procedures can be performed prior to period end.

c. The auditor ordinarily decreases the extent of audit procedures as the risk of material misstatement increases.

39. Which statement is incorrect regarding the extent of further audit procedures?

a. Extent includes the quantity of a specific audit procedure to be performed.
b. The extent is based on materiality, risk, and desired assurance.
c. The auditor ordinarily decreases the extent of audit procedures as the risk of material misstatement increases.
d. Increasing the extent is effective only if the procedure is relevant to the risk.

d. Testing operating effectiveness is the same as obtaining evidence that controls are implemented.

40. Which statement is incorrect regarding tests of controls?

a. Tests of controls are required under certain circumstances.
b. Tests of controls are required in IT environments with no manual documentation.
c. Tests of controls are performed only when controls are suitably designed.
d. Testing operating effectiveness is the same as obtaining evidence that controls are implemented.

c. The absence of misstatements detected by a substantive procedure provides audit evidence that controls related to the assertion being tested are effective.

41. Which statement is incorrect regarding the nature of tests of controls?

a. As assurance increases, the auditor seeks more reliable evidence.
b. Inquiry combined with inspection/reperformance is more reliable than inquiry alone.
c. The absence of misstatements detected by a substantive procedure provides audit evidence that controls related to the assertion being tested are effective.
d. Unidentified material misstatements usually indicate control weaknesses.

c. If the auditor plans to rely on controls that have not changed since they were last tested, the auditor should test the operating effectiveness of such controls at least once in every second audit.

42. Which statement is incorrect regarding the timing of tests of controls?

a. Audit evidence pertaining only to a point in time may be sufficient for the auditor’s purpose, for example, when testing controls over the entity’s physical inventory counting at the period end.
b. If the auditor plans to rely on controls that have changed since they were last tested, the auditor should test the operating effectiveness of such controls in the current audit.
c. If the auditor plans to rely on controls that have not changed since they were last tested, the auditor should test the operating effectiveness of such controls at least once in every second audit.
d. When there are a number of controls for which the auditor determines that it is appropriate to use audit evidence obtained in prior audits, the auditor should test the operating effectiveness of some controls each audit.

b. The more the auditor relies on the operating effectiveness of controls in the assessment of risk, the lesser is the extent of the auditor’s tests of controls.

43. Which statement is incorrect regarding the extent of tests of controls?

a. The auditor designs tests of controls to obtain sufficient appropriate audit evidence that controls operated effectively throughout the period of reliance.
b. The more the auditor relies on the operating effectiveness of controls in the assessment of risk, the lesser is the extent of the auditor’s tests of controls.
c. If the rate of expected deviation is too high, tests of controls may not be effective.
d. Because of the inherent consistency of IT processing, the auditor may not need to increase the extent of testing of an automated control.

b. The auditor always performs substantive procedures for each class of transactions, account balance, and disclosure.

44. Which statement is incorrect regarding substantive procedures?

a. Substantive procedures detect material misstatements and include tests of details and substantive analytical procedures.
b. The auditor always performs substantive procedures for each class of transactions, account balance, and disclosure.
c. Substantive procedures must be performed for significant risks.
d. Substantive procedures for significant risks are designed to obtain highly reliable evidence.

a. I and II

45. The auditor’s substantive procedures should include:

I. Agreeing financial statements to underlying accounting records
II. Examining journal entries and adjustments

a. I and II
b. I only
c. II only
d. Neither I nor II

c. Substantive procedures cannot be performed at an interim date.

46. Which statement is incorrect regarding nature, timing, and extent of substantive procedures?

a. Analytical procedures are suitable for predictable transactions.
b. Tests of details are appropriate for existence and valuation assertions.
c. Substantive procedures cannot be performed at an interim date.
d. Higher risk requires greater extent of procedures.

c. In developing an opinion, the auditor considers only audit evidence that corroborates the assertions.

47. Which statement is incorrect regarding evaluation of audit evidence?

a. Auditor evaluates whether risk assessments remain appropriate.
b. Audit evidence may require modification of planned procedures.
c. In developing an opinion, the auditor considers only audit evidence that corroborates the assertions.
d. Insufficient evidence leads to qualified opinion or disclaimer.