What is a requirement of management of a public company relating to internal control? accept responsibility for the effectiveness of internal control
For purposes of an audit of internal control performed under PCAOB standards, a significant deficiency is a control deficiency that: must be communicated to those responsible for oversight of the company's financial reporting
For purposes of an audit of internal control performed under PCAOB standards, what has at least a reasonable possibility of resulting in a material misstatement? material weakness
A procedure that involves tracing a transaction from its origination through the company's information systems is referred to as walkthrough
when performing an audit of internal control for a public company, an auditor will consider what type of controls? preventive and detective
Ordinarily the work of internal auditors and others is used primarily in low risk areas
A control that reduces the risk than an existing or potential control weakness will result in a failure to meet a control objective is referred to as a compensating control
when performing an integrated audit under requirements of the PCAOB, what is correct relating to reporting on internal control and the financial statements? either separate reports or a combined report may be issued
An uncorrected material weakness in internal control is most likely to result in what type of opinion? adverse
A material weakness correctly shortly after year end but prior to issuance of the financial statements is most likely to result in what type of opinion? adverse
Section 404a requires that each annual report filed with the SEC include an internal control report prepared by management
Management must acknowledge its responsibility for establishing and maintaining adequate internal control
Management must prove an assessment of internal control effectiveness as of the end of the most recent year
Section 404b requires the CPA firm to audit internal control and express an opinion on the effectiveness of internal control
The Dodd-Frank Act, passed July 21, 2010 exempts small public companies less than 75 mill in market from having to obtain an audit report on the effectiveness of internal control over financial reporting
Management's internal control report must state that it is management's responsibility to establish and maintain adequate internal control
Management's internal control report must identify management's framework for evaluating internal control
Management's internal control report must include management's assessment of the effectiveness of the company's internal control over financial reporting as of the most recent fiscal period, including a statement about if it is effective
Management's internal control report must include a statement that the company's auditors have issued an attestation report on management's assessment
The company must assess and evaluate internal control itself which do not include the CPA firm auditing its internal control system
Management's framework used for evaluating internal control is generally the: Internal Control Integrated Framework created by COSO
Management's assessment and evaluation process consists of: establishing or identifying controls and testing their design and operating effectiveness
control deficiency when the design or operation of a control does not allow management or employees in the normal course of performing their functions to prevent or detect misstatements
significant deficiency a control deficiency or combination of control deficiencies that is less severe than a material weakness
material weakness there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected
you own Wobble Inc., which manufactures wooden tables. You need to hire an accountant to prepare your MONTHLY financial statements. The service most likely to be appropriate for you is: a compilation
What is most likely to be a greater concern on the audit of personal financial statements than on an audit of a corporation? completeness
a compilation report is NOT required when compiled financial statements are expected to be used by: management only
What should NOT be included in an accountant's standard report based on the compilation of a client's financial statements? The accountant expresses only limited assurance on the financial statements
What is most likely to be used in a review engagement? comparison of the total of the current year equipment to the prior year total
What represents the highest to lowest level of assurance provided by auditors in the performance of engagements? audit, review, compilation
What type of assurance is provided by an auditor in conjunction with a review? limited
What is NOT a special purpose financial reporting framework? GAAP basis
Independence is required in which types of CPA engagements? review
A comfort letter is typically sent to whom and for what reason? The underwriters of a company's securities to assist them in their reasonable investigation of a registration statement.
Audit reports on financial statements prepared following what basis are most likely to include a restriction on use? contractual basis
Review of financial statements of public companies must follow PCAOB standard
public companies are required to have quarterly financial statements reviewed and filed with Form 10Q to the SEC
The review of public companies has to be done every quarter by the auditor that audits financial statements
A review provides a lower level of assurance than an audit
A review consists of obtaining an understanding of the client's business and internal control, performing review procedures, and communicating results through a review report
Review procedures consists of inquiries and analytical procedures
Auditor generally concludes that we are not aware of any material modifications that should be made to the financial statements for them to conform with GAAP
In the review of a public company the auditor must be independent
In the review of a public company the auditor must disclaim an opinion
The audit firm that performs a review of the public company must perform the annual audit
Accounting and review services for nonpublic entities consists of compilation and review engagements
Guidance for performing review and compilation services of nonpublic companies Statements on Standards for Accounting and Review Services
nature of review engagements for nonpublic companies auditor provides limited assurance that no material modifications should be made to the financial statements for them to conform to GAAP.
review procedures of review engagements for nonpublic companies perform analytical procedures, made inquiries of mgmt, obtain letter of rep from mgmt, perform other procedures considered necessary
accountant must be independent to issue a review report for nonpublic company
The review report of a nonpublic company must include a disclaimer of opinion
departures from GAAP must be disclosed in report
importance of engagement letter so that client understands its not an audit
each page of financial statement includes a caption: "see accountant's review report"
engagement letters are required for public and nonpublic
Nature of compilation engagements involves the preparation of financial statements from the accounting records and other representations of the client
The accountant does not have to be independent to perform compilation but if not they must state so in the last paragraph of the report
The compilation report must include a disclaimer of opinion or any other form of assurance
Compilation engagement is the lowest level of service recommended to be provided for a client
Each page of financial statements include a caption for compilation reports stating: "see accountant's compilation report"
accountants reports on comparative statements should update report on prior year review report if also reviewed
If a lower level service performed on different comparative statements, should reissue report on prior year's financial statements or include a reference to prior year's report in current year's report
Independence is required in these types of reports audit and SSARS review
Report provides reasonable assurance in these types of reports audits
Report provides negative (limited) assurance in these types of reports SSARS review
Consists primarily of inquiries and analytical procedures in these types of reports SSARS review
these reports are only performed on financial statements of nonpublic companies SSARS review and compilation
these types of reports state that mgmt is responsible for the preparation and fair presentation of the financial statements audit, SSARS review, and compilation
these reports provide no explicit assurance compilations
these reports require performance of analytical procedures audits and SSARS review
these reports state that financial statements were prepared on a basis consistent with the preceding year none
these reports require a report modification for substantial doubt about going concern status or uncertainties audits
these reports require a report modification for departures from GAAP audits, SSARS review, compilations
these reports require a report modification for lack of consistency audits
these reports require an understanding of internal control audits
lack of independence is permitted in this kind of report compilation
must have understanding of accounting principles used in client's industry for these types of reports audits, SSARS reviews, compilations
these reports may result in a qualified or adverse opinion audit
must corroborate management's response to inquiries for this report audit
When an accountant is not independent with respect to an entity, what type of compilation reports may be issued? a compilation report with special wording that notes the accountant's lack of independence may be issued
What representation does an accountant make implicitly when issuing the standard report for the compilation of a nonissuer's financial statements the accountant is independent with respect to the entity
An accountant's compilation report should be dated as of the date of completion of the compilation
What should not be included in an accountant's standard report based upon the compilation of an entity's financial statements? a statement that the accountant does not express an opinion but provides only limited assurance on the statements.
Each page of the financial statements compiled and reported on by an accountant should include a reference such as: see accountant's compilation report
An accountant's standard report on a review of the financial statements of a nonissuer should state that the accountant is not aware of any material modifications that should be made to the financial statements for them to conform with GAAP
What is never included in an accountants report based upon a review of the financial statements of a nonissuer? a statement that the review was in accordance with GAAS
Each page of a nonissuer's financial statements reviewed by an accountant should include the following reference: see independent accountant's review report
The objective of a review interim financial information of an issuer is to provide an accountant with a basis for reporting whether material modifications should be made to conform with GAAP
Auditors of issuers are often requested to report on interim financial statements. A review of interim financial information consists primarily of: inquiries and analytical procedures
a modification of the accountant's report on a review of interim financial info of an issuer is necessitated by what? inadequate disclosure
What types of services may be performed by CPAs with respect to the financial statements of nonpublic companies? may perform a compilation, a review, or an audit
How does a review of the financial statements of a nonpublic company differ from an audit? a review does not involve a consideration of internal control, tests of the accounting records, or obtaining corroborating evidence, which are performed in an audit
What is not typically performed when the auditors are performing a review of client financial statements? Confirmation of accounts receivable
What must be obtained in a review of a nonpublic company? engagement letter and representation letter
A CPA who is not independent may perform what services for a nonpublic company? compilation
When performing a review of a nonpublic company, what is least likely to be included in auditor inquiries of management members with responsibility for financial and accounting matters? communications with related parties
The proper report by an auditor relating to summarized financial statements includes: an opinion on whether the summarized information is fairly stated in all material respects in relation to the basic financial statements
concerning interim quarterly financial statements, management of public companies: must engage CPAs to review the statements
A proper compilation report on financial that omit note disclosures: indicates that management has omitted such information
What forms of accountant associations always leads to a report intended solely for certain specified parties? agreed upon procedures
What assertion is generally most difficult to attest to with respect to personal financial reporting framework? the cash basis of accounting
In which report should a CPA not express negative (limited) assurance? a standard compilation report on financial statements for a nonpublic entity
Comfort letters to underwriters are normally signed by the: independent auditor
source required for an annual review of the financial statements of a nonpublic company Accounting and Review Services Committee Statements on Standards for Accounting and Review Services
a quarterly review of the financial statements of a nonpublic company that has an annual audit auditing standards board statements on auditing standards
a quarterly review of the financial statements of a public company PCAOB auditing standards
an audit of the financial statements of a nonpublic company auditing standards board statements on auditing standards
a compilation on the financial statements of a nonpublic company accounting and review services committee statements on standards for accounting and review services
a quarterly review on the financial statements of a nonpublic company that annually has a review of its financial statements. accounting and review services committee statements on standards for accounting and review services
a letter to an underwriter of a public company PCAOB auditing standards
a report on summary financial statements of a nonpublic company auditing standards board statements on auditing standards
an audit of a public company PCAOB auditing standards
Institution of Internal Auditing founded in 1941 and is the primary organization supporting the field of internal auditing
IIA administers the Certified Internal Auditor Program
Foreign Corrupt Practices Act of 1977 requires public companies to establish and maintain effective internal control, responsible for helping companies comply with these acts and make sure effective, public companies comply with monitoring component of IC
1987 Report of the National Commission on Fraudulent Financial Reporting provided recommendations about preventing fraudulent financial reporting, suggested that public companies establish an internal auditing function, objectively positioning IC within org and establishing effective reporting relationship b/w director & AC
Report of the Blue Ribbon Committee on Audit Effectiveness of 1998 stated that appropriate oversight of the financial integrity and accountability of public companies should be viewed as 3 legged stool- one leg of which is mgmt and internal audit
Passage of the Sarbanes Oxely Act of 2002 prohibits CPA firms from providing internal and external services for SEC clients, external may use work of internal, internal used to help document and test controls to support mgmt assertion a/b effectiveness of IC over financial reporting
Internal auditing an independent, objective assurance and consulting activity designed to add value and improve an org's operations, helps org by evaluating and improving the effectiveness of risk mgmt, control, and governance processes
operational auditing evaluates performance as measured by mgmt objectives. focuses on efficiency, effectiveness, and economy of operations
Internal auditors are employees of the organization and thus cannot have perceived independence of external auditor
Internal auditors must maintain an impartial, objective attitude and avoid conditions that threaten carrying out work in an unbiased manner
External auditor must be independent in fact and appearance
responsibility of internal auditors to detect fraud have sufficient knowledge of fraud to be able to identify indicators that fraud may have been committed, be alert to opportunities such as control weaknesses, that could allow fraud.
responsibility of external auditors to detect fraud to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatements, assess risk of material misstatement that may be caused by fraud, professional skepticism and due care
Scope of activities of an internal auditing program reviewing and evaluating all types of internal controls, evaluating the organizations risk assessment processes, making recommendations regarding the org's system of governance, and performing other assurance and consulting services
What have been the principal factors responsible for the rapid expansion of internal audit programs within companies? operational controls became more important, and the scope of the internal auditor's work expanded to include evaluating and testing financial and operational controls
When the internal auditing department has sufficient organizational status, the director reports to a level of management that would not inappropriately influence the scope of the internal auditor's work on their reported findings
requirements for becoming a CIA have a bachelor's degree, completion of 4 part exam, 2 years work experience in internal auditing, then continuing education
In a financial statement audit, the auditors obtain sufficient competent evidential matter to express an opinion on the org's financial position, results of operations, and cash flows
Operational audits focus on efficiency, effectiveness, and economy of an org or of a segment of the org
Benefits of an internal audit department's program to educate auditees and other parties about the nature and purpose of internal auditing obtain more cooperation, ensure consideration and implementation of their recommendations, obtain support of top mgmt, gain acceptance by external auditors, work effectively w/ audit committee
Financial auditing involves tests of the accuracy and reliability of financial info
Operational auditing includes evaluating the effectiveness, efficiency, and economy of an org
Compliance auditing involves testing for an organization's compliance with various laws and regulations
Internal auditing can best be described as: a control function
The independence of the internal auditing department will most likely be assured if it reports to the audit committee of the BOD
When performing an operational audit, the purpose of a preliminary survey is to: Identify areas that should be included in the audit program
Operational auditing is primarily oriented toward: future improvements to accomplish the goals of mgmt
The organization that administers the CIA program is the: The Institute of Internal Auditors
The proper organization role of internal auditing is to: serve as an independent objective assurance and consulting activity that adds value to operations
Internal auditing is a dynamic profession. What best describes the scope of internal auditing as it has developed to date? Internal auditing has evolved to evaluating all risk mgmt, control, and governance processes
A major reason for establishing an internal audit activity is to: Evaluate and improve the effectiveness of control processes
An audit committee of an organization is being established. What is most likely a responsibility of the committee with regard to the internal audit activity? Approval of the selection and dismissal of the chief audit executive
Independence of the internal auditors would be least likely if internal auditors reported to the: controller
In performing an operational audit, internal auditors are most likely to focus upon these attributes operations of the business, including efficiency, effectiveness, internal control, and others
The primary difference between an operational audit and a compliance audit is what? an operational audit focuses on business efficiencies and effectiveness, while a compliance audit focuses on whether laws and other requirements are being followed
The enactment of large federal government financial programs increased the demand for what type of audit? compliance
What is the final step that should be undertaken in an operational audit? follow up procedures to determine if recommendations have been implemented
Which standards of professional practice for internal auditors does not have a similar standard in the GAAS for independent auditors? scope of work
What is not a report that external auditors would issue with respect of an audit based upon Governmental Auditing Standards? an operational report
Which report is most likely to result from an audit in conformity with government auditing standards? internal control over financial reporting
batch processing input data are gathered and processed periodically in discrete groups
online capabilities users have direct access to data stored in the system
database system separate application files are replaced with integrated databases that are shared by many users and application programs
computer networks the electronic transmission of info between computers
end user computing the user departments are responsible for the development and execution of certain computer applications
General control activities in an EDP environment apply to all computer applications. include: developing or customizing new programs and systems, changing existing programs and systems, access to programs and data, computer operations
application control activities relate to only a specific application such as prep of payroll, consist of programmed control activities and manual follow up activities
programmed control activities are concerned with input controls and processing controls
manual follow up activities consists of review and analysis of outputs that have been generated in the form of exception reports
hash total total of one field of info for all items in a batch, used in the same manner as a control total
testing general control activities inquiries of personnel, review documentation of changes, observe seg of duties, test operation controls
general control activities is used to describe controls that apply to all or many IT systems in an organization
General control activities include controls over the: development of programs and systems, controls over changes to programs and systems, controls over computer operations, and controls over access to programs and data
Application control activities are controls that apply to specific computer accounting tasks such as the updating of accounts receivable
Application control activities includes: programmed controls embedded in computer programs and manual follow up activities consisting of follow up procedures on computer exception reports
Record counts totals that indicate the number of documents or transactions processed, compared with totals determined before processing
Purpose of record count control is to compare the computer developed totals with the predetermined totals to detect the loss or omission of transactions or records during processing
Limit test control compares the result of computer processing against a min or max amount
validity test involves comparison of data against a master file or table for accuracy
The purpose of validity tests is to determine that only legitimate data is processed
Hash totals are sums of data that would not ordinarily be added, added before processing for later comparison with total of the same items accumulated by the computer
purpose of the hash total control is to provide assurance that all and only authorized records were processed
Advantage of using an integrated test facility allows continuous testing of the system, test data processed with actual data ensuring that the programs tested are the same as those actually used to process transactions
Disadvantage of ITF possibility that personnel may manipulate real data using the test system, risk that the client's real financial records may be contaminated with the test data
What controls should the company maintain to ensure the accuracy of processing done by a service center? should establish controls to test the accuracy of the center's activities, developed for input transactions and later reconciled to the center's output, test a sample of the computations performed by the service center's computer
How do auditors assess internal control over applications processed for an audit client by a service center? visit the center to consider the center's internal control
What is a service auditors report on the processing of transactions by a service organization? service centers engage their own auditors to review their processing controls and provide a report for the users of a center and users' auditors. these reports are known as service auditors' reports
What two types of reports are provided by service auditors? may provide a report on management's description and design of its controls (Type 1) or that plus operating effectiveness (Type 2)
How do user auditors use each type of report? Type 1 proves an understanding of the prescribed controls at the service center, provides no basis for reliance on service center controls. type 2 provide basis to reduce assessments of control risk
LAN is the abbreviation for local area network
End user computing is most likely to occur on what type of computer? personal computer
When erroneous data are detected by computer program controls, data may be excluded from processing and printed on an exception report. The exception report should probably be reviewed and followed up by the: Supervisor of IT operations
An accounts payable program posted a payable to a vendor not included in the online vendor master file. A control which would prevent this error is a: validity check
When an online real time IT processing system is in use, internal control can be strengthened by: making a validity check of an identification number before a user can obtain access to the computer files
The auditors would most likely be concerned with what control in a distributed data processing system? access controls
The auditors would be least likely to use software to: assess computer control risk
Auditors often make use of computer programs that perform routine processing functions such as sorting and merging. These programs are made available by IT companies and other and are referred to as: utility programs
What is least likely to be considered by the auditors considering engagement of an info technology specialist on an audit? number of financial institutions at which the client has accounts
What is an advantage of generalized audit software package? They can be used for audits of clients that use differing computing equipment and file formats
The increased presence of user operated computers in the workplace has resulted in an increasing number of persons having access to the system. A control that is often used to prevent unauthorized access to sensitive programs is: user identification passwords
An auditor will use the computer test data method in order to gain assurances with respect to the: controls contained within a program
Auditing by manually testing the input and output of a computer system auditing around the computer
Dummy transactions developed by the auditor and processed by the client's computer programs, generally for a batch processing system test data
Fictitious and real transactions are processed together without the client's operating personnel knowing the testing process integrated test facility
may include a simulated division or subsidiary in the accounting system with the purpose of running fictitious transactions through it integrated test facility
the auditors use generalized audit software to perform processing functions essentially equivalent to those of the client's programs parallel simulation
The operational responsibility for the accuracy and completeness of computer based info should be placed on which group? users
The purpose of input controls is to ensure the completeness, accuracy, and validity of input
When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an error report. This error report should be reviewed and followed up by the: data control group
The major purpose of the auditor's study and evaluation of the company's computer processing operations is to: evaluate the reliability and integrity of financial information
For audit reliance to be placed on the results of processing in an application system, the auditor should be reasonably satisfied that the system is functioning properly
Tests of controls in an advanced computer system: can be performed using actual transactions or simulated transactions
After gaining an understanding of a client's cpu processing internal control, a financial statement auditor may decide not to test the effectiveness of the cpu processing control procedures. What is not a valid reason to omit this? The controls appear effective enough to support a reduced level of control risk
Auditing through the computer is required when: processing is primarily online and updating is real time
when an auditor tests a computerized accounting system, what is true of the test data approach? Test data are processed by the client's computer programs under the auditor's control
Parallel simulation is an appropriate audit approach for: calculating amount for declining balance depreciation charges
An auditor is least likely to use computer software to assess computer control risk
A primary advantage of using generalized audit software packages in auditing the financial statements of a client that uses a computer system is that the auditor may: access info stored on computer files without a complete understanding of the client's hardware and software features.
Limitation on the use of generalized audit software can only be used on hardware with compatible operating system
Auditors often make use of computer programs that perform routine processing functions, such as sorting and merging. These programs are made available by computer companies and others and are specifically referred to as: utility programs
Application control objectives do not normally include assurance that review and approval procedures for new systems are set by policy and adhered to
Many customers, managers, employees, and suppliers have blamed computers for making errors. In reality, computers make very few mechanical errors. The most likely source of errors in a fully operational computer based system is: input
a company's labor distribution report requires extensive corrections each month because of labor hours charged to inactive jobs. What data processing input controls appears to be missing? validity test
One of the greatest difficulties in auditing a computerized accounting system is: data can be erased from the computer with no visible evidence
How have electronic data interchange systems affected audits? auditors often need to plan ahead to capture information about selected transactions over the EDI
Since the computer can do many jobs simultaneously, segregation is not as defined as it is in a manual system. How can a computer system be modified to compensate for the lack of segregation of duties? Strong controls should be built into both the computer software and hardware to limit access and manipulation.
One key control in the organization of the information systems department is the: separation of systems development group and the operations group
When would an auditor typically not perform additional tests of a computer systems controls? when controls appear to be weak
When would auditing around the computer be appropriate? When controls over the computer system are non existent
What would not be an appropriate procedure for testing the general control activities of an info system? testing for the serial sequence of source documents
If an auditor is using test data in a client's computer system to test the integrity of the systems output, what type of controls is the auditor testing? application controls
What is not a function of generalized audit software? to keep an independent log of access to the computer application software
Sampling process of obtaining info about an entire population or universe by only examining part of it
purpose of sampling to estimate characteristic of group w/o complete examination of all items constituting the group
non statistical sampling use of samples are chosen w/o regard for the statistical requirements that govern the sample size and the method of selection, used when statistical will not satisfy
major limitation of non statistical sampling provides no mathematical basis for projecting sample results to the entire population
statistical sampling a technique or methodology for determining sample size, selecting items to be tested, and of evaluating the results of the test on the basis of mathematical laws of probability
advantages of using statistical sampling can evaluate results mathematically and using probabilities, design more efficient samples and avoid overauditing or underauditing, able to demonstrate mathematically that sampling procedures were justifiable
areas requiring the auditor to make judgment decisions defining population, characteristics to be tested, and exceptions, appropriate statistical techniques for drawing a random sample, required precision and reliability level
precision the allowable margin of sample error, allowance for sampling risk, range set by + or - limits from the sample results within which the true characteristics lie
reliability risk of sampling, expresses the proportion of cases in which the actual value will be somewhere within stated precision limits
tolerable rate max rate of deviation from prescribed internal control structure that auditor would be willing to accept w/o altering planned assessed level
tolerable misstatement when planning a sample for a substantive test, how much monetary misstatement may exist in the account balance without causing financial statements to be misstated
interpret sample results requires decisions as to whether the client's figures are to be accepted, rejected, or whether additional sampling is necessary
an unbiased sample must be obtained before statistical sampling can be used to evaluate and interpret the results of sample data
unrestricted random sampling selection of a sample from a population of items in such a manner that each item in the population has an equal chance of being chosen for examination
systemic selection sample items are selected according to some predetermined fixed interval, 1st is selected at random thus establishing the sequential pattern
stratified selection population is divided into classes or strata which are more homogeneous than the population as a whole
sample plan characteristics used to estimate the frequency or rate of occurrence of an attribute in a pop. concerned with the question of "how many", primarily use to test controls,
factors used to determine sample size population size, planned risk of incorrect rejection, estimated variability, planned allowance for sampling risks
sample size formula ((pop size * incorrect rejection coefficient * estimated standard deviation)/planned allowance for sampling risk)^2
tolerable deviation rate estimated deviation rate + upper precision
discovery sampling a form of attribute sampling designed to locate at least one critical deviation or exception in the population, used when estimate of occurrence rate is near 0%
classical variable sampling characteristics used to provide the auditor with an estimate of numerical quantity such as the dollar amount of an account balance or the estimated error amount in an account balance, concerned w/ question of how much, used to perform substantive procedures
mean per unit estimation used to estimate the mean audited value of the items in a population by determining the mean audited value of the items in a sample
the estimated audit value of the population equals the average audited value of the sample multiplied by the number of items in the population
ratio estimation used to estimate the projected amount of error in account balance or the audited value of the account, used when the size of misstatements is nearly proportional to the book values of the items
projected misstatement of population ratio estimation formula (sample net misstatement/book value of sample) * population book value
audited value of population formula book value of population + or - PM(projected misstatement) (+ if book value is understated, - if BV is overstated)
difference estimation used to estimate the average difference between the audited value and the book value of item in a population, most appropriate when the size of misstatement is nearly proportional to the book value of the items
projected misstatement of population difference estimation formula (sample net misstatement/sample items) * pop items
probability proportional to size sampling characteristics used for performing substantive tests of account balances, each $ is viewed as sample unit, permits auditor to state that the $ amt of error in the acct does not exceed a certain amt, amt of error cannot be more than BV
PPS is primarily used to audit for overstatement
advantages of PPS generally easier to use than classical variables sampling, size of the sample is not based on the estimated variation of audited amounts, automatically results in a stratified sample
If no errors are expected, PPS sampling will usually result in a smaller sample size than classical variable samples
dual purpose test test has 2 purposes: to determine the effectiveness of internal control and to determine if material error exists
nonsampling risks risks due to factors not relating to sampling, failure to recognize errors in a doc or trans or failure to apply appropriate audit procedures
sampling risks risk that sample results may not represent population
sample efficiency risk of underreliance on internal control and risk of incorrect rejection of the account or population
sample effectiveness risk of overreliance on internal control and the risk of incorrect acceptance of the account or population
variable sampling concerned with how much or dollar amounts
attribute sampling concerned with how many or tests of controls
precision allowance for sampling risk, allowable margin of sampling error
confidence or reliability risk of sampling
risk of incorrect acceptance sample effectiveness, falsely accept the population which might lead to an incorrect opinion
risk of incorrect injection incorrectly reject the population, too much testing
sampling risk sample may not be representative of the population
nonsampling risk risk not associated with sampling, more about judgement
systematic selection population items do not need to be numbered
stratification used to control variability, relates materiality to selection process
dollar unit sampling used to audit for overstatement, used to project max amt of error in an acct balance
difference estimation used when the size of the misstatement is independent of the book value
ratio estimation used when size of misstatement is nearly proportional to the book value
discovery sampling used to locate one example of a critical deviation
What are the 3 major factors that determine the sample size for an attributes sampling plan? the risks of assessing control risk too low,the tolerable deviation rate, the expected population deviation rate
What is a dual purpose test? one which tests and internal control procedure and substantiates the dollar amount of an account balance
advantages of applying statistical sampling techniques to audit testing designing efficient samples, measuring the sufficiency of the evidence obtained, objectively evaluating sample results
Identifying the controls to be tested involves consideration of the types of misstatements that might occur, identifying the controls that should prevent these misstatements, and deciding whether consideration of these controls to reduce the auditors assessment of control risk
Defining a deviation all exception included in the definition of deviation must be similar in their potential audit significance
determining the max tolerable deviation rate involves judgement because deviations do not necessarily correspond directly with misstatements in the financial statements
What is an element of sampling risk? concluding that no material misstatement exists in a materially misstated population based on taking a sample that includes no misstatement
In assessing sampling risk, the risk of incorrect rejection and the risk of assessing control risk too high relate to the: efficiency of the audit
What statistical sampling technique is least desirable for use by the auditors? block selection
The auditor's primary objective in selecting a sample of items from an audit population is to obtain: a representative sample
discovery sampling is particularly effective when: the auditors are looking for critical deviations that are not expected to be frequent in number
The auditors are using unstratified mean per unit sampling to audit accounts receivable as they did in the prior year. What changes in characteristics would result in a larger samp size than prior year? larger variance in the dollar value of accounts
What sampling techniques is generally used for tests of controls? attribute sampling
What is accurate regarding tolerable misstatement? tolerable misstatement is directly related to materiality.
Circumstance where it is least likely that tests of controls will be performed the expected deviation rate exceeds the tolerable deviation rate
An auditor needs to estimate the average highway weight of tractor trailer trucks using a state's highway system. What estimation method is most appropriate? mean per unit
mean per unit formula mean audited value * total number of accounts
AU 350, Audit Sampling, identifies 2 general approaches to audit sampling. They are: statistical and nonstatistical
In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the: population
An advantage of statistical sampling over nonstatisitcal sampling is that statistical sampling helps an auditor to: measure the sufficiency of the evidential matter obtained
When planning a sample for a substantive test of details, an auditor should consider tolerable misstatement for the sample. This consideration should: be related to preliminary judgments about materiality levels
As lower acceptable levels of both audit risk and materiality are established, the auditor should plan more work on individual accounts to find smaller misstatements
The measure of variability of a statistical sample that serves as an estimate of the population variability is the standard deviation
While performing a substantive test of details during an audit, the auditor determined that the sample results supported the conclusion that the recorded account balance was materially misstated. It was in fact not. This situation illustrates the risk of: incorrect rejection
Sampling method that is used to estimate a numerical measurement of a population such as a dollar value? variables sampling
The appropriate sampling plan to use to identify at least one deviation, assuming some number of such deviations exist in a population and then to discontinue sampling when one irregularity is observed is: discovery sampling
In performing tests of controls over authorization of cash disbursements what statistical sampling method is most appropriate? attribute
Which audit tests will an auditor most likely use attribute sampling? inspecting employee time cards for proper approval by supervisors
In evaluating an attribute sample, the estimated range that is expected to contain the population characteristics is the precision
Monetary unit sampling is most useful when the auditor has a probability proportional to its monetary value of being selected

