ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Area II: Risk AssessmentRisk AssessmentIT ControlsAudit Strategy

CPA · Question 04 · Area II: Risk Assessment

An auditor is assessing control risk for a nonissuer's revenue cycle. The auditor identifies that the entity uses a complex IT system where sales orders are automatically processed, credit limits are checked via an algorithm, and invoices are generated without manual intervention. In this environment, which of the following strategies is MOST appropriate?

Answer options:

A.

Perform only substantive procedures because testing automated controls is too costly for a nonissuer.

B.

Test the design and operating effectiveness of the automated controls and/or IT general controls, as substantive procedures alone may not provide sufficient appropriate audit evidence.

C.

Rely on the service organization's SOC 1 Type 1 report to reduce control risk.

D.

Increase the sample size for confirmation of accounts receivable to compensate for the lack of control testing.

How to approach this question

Recognize the implications of a highly automated environment (IT-dependent). Recall that when substantive procedures alone are insufficient, tests of controls are mandatory.

Full Answer

B.Test the design and operating effectiveness of the automated controls and/or IT general controls, as substantive procedures alone may not provide sufficient appropriate audit evidence.✓ Correct
The auditor must test the operating effectiveness of the automated controls or general IT controls if they intend to rely on them, as substantive procedures alone may not be sufficient.
According to AU-C 330 and AU-C 315, when an entity conducts business using IT and no documentation of transactions is produced or maintained, other than through the IT system, substantive procedures alone cannot provide sufficient appropriate audit evidence. The auditor must test controls.

Common mistakes

Assuming substantive approach is always acceptable for nonissuers.
03All questions05

Practice the full CPA AUD Practice Exam 3

78 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01A CPA firm is performing an audit of a nonissuer in accordance with GAO Government Auditing Stand...HardQ02During the audit of an issuer, the engagement partner learns that the firm's tax partner, who pro...HardQ03An auditor is planning an audit of a nonissuer's financial statements. The auditor decides to use...MediumQ05During the audit of a manufacturing company's inventory, the auditor utilizes a variables samplin...HardQ06An auditor is performing a review engagement under SSARS (AR-C 90) for a nonissuer. The auditor b...Medium
View all 78 questions →