Accounting

Ch. 11: Learning Check 11-6 a. Three strategies for testing internal controls when information technology is used for significant accounting processing include: 1. testing user controls 2. testing computer application controls, computer general controls, and manual follow-up procedures 3. testing only computer general controls and manual follow-up procedures b. Two strategies that might be used to support a low control risk assessment include having the auditor test computer application controls using some form of computer-assisted audit techniques and computer general controls must also be tested. With having the auditor test computer application controls you can determine that the application control properly identifies exceptions. With having the general controls being tested it will provide assurance that application controls are properly designed and tested, and any changes are authorized. c. An audit strategy that might be used to assess control risk at a high level is the AICPA internal control audit guide. This strategy will not support a low control risk assessment because the information attained is from professional individuals exceptions about the control. The exceptions can offer information for the auditor and help in the development of the auditor’s conclusions. Ch. 11: Learning Check 11-8 The advantages of the computer-assisted audit technique known as parallel simulation include: - Because real data are used, the auditor can verify the transactions by tracing them to source documents and approvals - The size of the sample can be greatly expanded at relatively little additional cost - The auditor can run the test independently The disadvantages of the computer-assisted audit technique known as parallel simulation include having care taken to determine that the data selected for simulations are representative of actual client transactions and it is also possible that the client’s system may perform operations that are beyond the capacity of the auditor’s software. Ch. 11: Learning Check 11-9 a. Under the conventional test data approach, dummy transactions are prepared by the auditor and processed under auditor control by the client’s computer program. The test data consist of one transaction for each valid and invalid condition the auditor wishes to test. The integrated test facility approach requires the creation of a small subsystem (a minicompany) within the regular IT system. This may be accomplished by creating dummy master files or appending dummy master records to existing client files. Test data, specially coded to correspond to the dummy master files, are introduced into the system together with actual transactions. b. In lieu of traditional testing, the approaches that can be used in on-line entry/on-line processing systems include having the auditor arrange for continuous monitoring of the system. Under this technique, an audit routine is added to the client’s processing programs. Transactions entering the system are sampled at random intervals, and the output from the routine is used in testing the controls. Ch. 13: Learning Check 13-8 The steps involved in selecting and evaluating a nonstatistical or a statistical sample for tests of controls include: 1. Determine the test objectives. (Auditor estimates the rate of deviations from prescribed controls in the population) 2. Determine procedures to meet objectives. (Auditor evaluates individuals and observes people performing their duties) 3. Make a decision about the audit sampling technique. (Auditor determines the audit sampling technique) 4. Define the population and sampling unit. (Auditor assesses situations when controls should be performed and the way in which internal controls are performed) 5. Determine the sample size. (Auditor evaluates effects on sample size to help determine whether larger or smaller samples are needed) 6. Select a representative sample. (Auditor selects an unbiased representative sample) 7. Apply audit procedures. (Auditor applies procedures to determine control consistency) 8. Evaluate the sample results. (Auditor evaluation of quantitative and qualitative results) 9. Document conclusions. (Auditor documents the results of tests of controls)