An auditor is testing a control that requires 'Quarterly access reviews'. The auditor selects a sample of one review from the year. Is this sample size appropriate?

Answer options:

Yes, for a Type II report, one item is sufficient if it passed.

No, for a quarterly control, the auditor should typically test 2 or all 4 occurrences.

Yes, if the control is automated.

No, the auditor must test at least 25 items.

How to approach this question

Recall sampling guidance for frequency: Annual (1), Quarterly (2), Monthly (2-5), Weekly (5-15), Daily (25-40).

Full Answer

B.No, for a quarterly control, the auditor should typically test 2 or all 4 occurrences.✓ Correct

For a control operating quarterly, AICPA guidance typically recommends testing 2 items (minimum) to 4 items (all) to obtain sufficient appropriate audit evidence of operating effectiveness.

Common mistakes

Applying the '25' rule (for daily controls) to quarterly controls.

Question 35 All questions Question 37

Practice the full CPA ISC Practice Exam

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...Hard Q02During a walkthrough of a client's change management process, the auditor notes that developers h...Hard Q03A service organization provides a real-time transaction processing platform. The service level ag...Hard Q04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...Hard Q05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard

View all 82 questions →