Area II: Risk Assessment

During the audit of a nonissuer, the auditor identifies a significant risk of fraud related to revenue recognition. The auditor decides to incorporate an element of unpredictability into the audit procedures. Which of the following procedures would BEST satisfy this objective?

During the planning phase of an audit of a manufacturing nonissuer, the auditor performs analytical procedures on the entity's gross margin. The auditor notes that the gross margin percentage has increased significantly from the prior year, while industry competitors have seen a decline due to rising raw material costs. Which of the following is the MOST likely audit risk indicated by this finding?

An auditor is testing the operating effectiveness of a user entity's internal controls. The user entity outsources its payroll processing to a service organization. The auditor obtains a SOC 1 Type 2 report from the service organization. The report identifies several exceptions in the testing of the service organization's controls. Which of the following factors is MOST important for the user auditor to consider in determining the effect of these exceptions on the user entity's audit?

An auditor is determining performance materiality for the audit of a nonissuer. The auditor has established materiality for the financial statements as a whole at $500,000. The entity operates in a high-risk industry and has a history of numerous audit adjustments. Which of the following represents the MOST appropriate judgment for setting performance materiality?

An auditor is planning the audit of a nonissuer's inventory. The entity has multiple warehouse locations. The auditor assesses the risk of material misstatement related to the existence of inventory as high due to weak internal controls. Which of the following audit procedures is MOST responsive to this assessed risk?

An auditor is using audit data analytics (ADA) to identify high-risk journal entries in the audit of a nonissuer. The auditor is specifically looking for entries that might indicate management override of controls. Which of the following characteristics would be MOST indicative of such entries?

An auditor is performing a single audit of a governmental entity under the Uniform Guidance. The auditor has determined that the entity is a low-risk auditee. Which of the following represents the minimum percentage of total federal awards expended that the auditor must test as major programs?

An auditor is auditing the financial statements of a nonissuer that uses a service organization for its investment transaction processing. The auditor is unable to obtain a SOC 1 Type 2 report and the user entity's controls over the investment activities are not sufficient to provide evidence. Which of the following is the auditor's MOST appropriate course of action?

An auditor is performing an integrated audit of an issuer. The auditor identifies a control deficiency: the person who authorizes purchases also has the ability to enter new vendors into the master file. No material misstatements were found in the financial statement audit. How should the auditor classify this deficiency?

An auditor is reviewing the work of a component auditor who audited a significant subsidiary of a nonissuer group financial statement audit. The group auditor decides to assume responsibility for the work of the component auditor. Which of the following reporting options is appropriate?

An auditor is auditing the fair value of a complex derivative instrument held by a nonissuer. The auditor engages an auditor's specialist to assist in evaluating the valuation model. Which of the following is the auditor's responsibility regarding the specialist's findings?

An auditor is considering the use of the internal audit function in the audit of a nonissuer. The auditor plans to use internal auditors to provide direct assistance in performing substantive tests of details. Which of the following is a requirement for this use?

An auditor is performing an audit of a nonissuer and identifies a related party transaction that was not previously disclosed to the auditor. Which of the following is the auditor's FIRST responsibility?

An auditor is testing the design effectiveness of a nonissuer's internal controls over cash disbursements. Which of the following procedures is MOST appropriate for this purpose?

An auditor is auditing the cash account of a nonissuer. The auditor suspects that the cashier is misappropriating cash receipts and covering the theft by lapping accounts receivable collections. Which of the following procedures would be MOST effective in detecting this fraud?

An auditor is auditing the opening balances of a new nonissuer client. The prior year financial statements were audited by a predecessor auditor who issued an unmodified opinion. Which of the following procedures is the auditor REQUIRED to perform regarding the opening balances?

An auditor is performing an audit of an issuer's internal control over financial reporting (ICFR). The auditor identifies a control deficiency. To determine if this deficiency is a material weakness, the auditor must evaluate:

An auditor is auditing the financial statements of a nonissuer. The auditor identifies a material misstatement in the financial statements. Management corrects the misstatement. What is the effect on the auditor's assessment of internal control?

An auditor is performing an audit of a nonissuer. The auditor decides to use the work of an internal auditor to assist in the audit of accounts receivable. Which of the following judgments must the external auditor make?

An auditor is auditing the financial statements of a nonissuer. The auditor identifies a risk of material misstatement due to fraud related to management override of controls. Which of the following procedures is REQUIRED to address this risk?

An auditor is auditing the financial statements of a nonissuer. The auditor uses a service organization for payroll. The auditor receives a SOC 1 Type 1 report. Which of the following is a limitation of this report?

An auditor is performing an audit of a nonissuer. The auditor identifies a significant risk related to the valuation of complex financial instruments. The auditor determines that substantive procedures alone cannot provide sufficient appropriate audit evidence. What should the auditor do?

An auditor is auditing the financial statements of a nonissuer. The auditor identifies a material misstatement in the inventory balance. Management adjusts the financial statements to correct the misstatement. The auditor is now evaluating the risk of material misstatement for the remaining account balances. How should this finding affect the audit?

An auditor is performing an audit of a nonissuer. The auditor assesses control risk at the maximum level for all assertions. Which of the following statements is TRUE?

An auditor is performing an audit of a nonissuer. The auditor is testing the allocation of the purchase price in a business combination. The auditor determines that the valuation of intangible assets requires specialized skills. The auditor decides to use an auditor's specialist. Which of the following is TRUE?

An auditor is planning an audit of a nonissuer's financial statements. The auditor decides to use the work of the entity's internal audit function to obtain audit evidence. Which of the following factors would LEAST likely influence the auditor's determination of the extent to which to use the internal auditors' work?

An auditor is assessing control risk for a nonissuer's revenue cycle. The auditor identifies that the entity uses a complex IT system where sales orders are automatically processed, credit limits are checked via an algorithm, and invoices are generated without manual intervention. In this environment, which of the following strategies is MOST appropriate?

Scenario: During the audit of a nonissuer, the auditor identifies a fraud risk related to management override of controls. To address this risk, the auditor plans to test journal entries.<br/><br/>Which of the following characteristics would MOST likely lead the auditor to select a specific journal entry for testing?

Scenario: An auditor is planning the audit of a nonissuer. The entity has a complex bonus structure for executives based on 'Adjusted EBITDA'. The auditor notes that 'Adjusted EBITDA' excludes 'non-recurring expenses', a definition that is subject to significant management judgment.<br/><br/>Which of the following is the MOST significant fraud risk associated with this scenario?

An auditor is performing a Single Audit under the Uniform Guidance (2 CFR 200). The auditor is determining major programs. The entity has two Type A programs and four Type B programs. One of the Type A programs is identified as 'low-risk'. Which of the following is TRUE regarding the auditor's testing requirements?

Which of the following procedures would an auditor LEAST likely perform during the planning stage of an audit?

Scenario: An auditor is engaged to audit the financial statements of a nonissuer. The entity uses a service organization for payroll processing. The auditor obtains a SOC 1 Type 2 report. The report states that 'Control X' at the service organization was not operating effectively during the period. Control X relates to the reconciliation of payroll tax withholdings.<br/><br/>What is the auditor's MOST appropriate response?

Scenario: An auditor is auditing the revenue cycle of a software company (Issuer). The company recognizes revenue from multi-year software licenses. The auditor identifies a risk that revenue might be recognized upfront rather than ratably over the license term. <br/><br/>Which of the following controls would BEST address this risk?

An auditor is reviewing the work of a component auditor in a group audit of a nonissuer. The group engagement partner decides to assume responsibility for the work of the component auditor. Which of the following is TRUE regarding the auditor's report?

Which of the following is a specific requirement for an audit of a defined contribution plan under ERISA (Employee Retirement Income Security Act)?

Scenario: An auditor is auditing the inventory of a jewelry manufacturer. The inventory consists of loose diamonds and gold bars. The auditor does not have the expertise to distinguish real diamonds from fakes. <br/><br/>What is the auditor's BEST course of action?

An auditor is testing the design effectiveness of a control. Which of the following procedures is MOST appropriate?

Which of the following is a component of the COSO Internal Control—Integrated Framework?

Which of the following is an example of an 'Inherent Risk' factor?

Scenario: An auditor is auditing the financial statements of a nonissuer. The auditor identifies a material related party transaction that was not authorized in accordance with the entity's policies. <br/><br/>What is the auditor's primary concern?

Which of the following is an objective of a 'walkthrough'?

Which of the following statements BEST describes the concept of 'Performance Materiality'?

An auditor is planning the audit of a nonissuer. Which of the following statements BEST describes the concept of 'performance materiality'?

In the context of the COSO Internal Control—Integrated Framework, which of the following principles is associated with the 'Control Environment' component?

An auditor is assessing the risk of material misstatement for a manufacturing client. The auditor notes that the industry is experiencing rapid technological obsolescence. This factor primarily increases which type of risk?

An auditor is performing analytical procedures during the planning stage of an audit. The auditor observes that the client's gross margin percentage has increased significantly from the prior year, while sales volume has remained flat. Which of the following is the MOST likely explanation for this trend that would indicate a risk of material misstatement due to fraud?

An auditor is understanding the internal control of a client that uses a service organization for payroll processing. The auditor obtains a SOC 1 Type 2 report. Which of the following is the auditor PRIMARILY looking for in this report to support a lower assessment of control risk?

During the audit of a nonissuer, the auditor identifies a risk of management override of controls. According to AU-C 240, which of the following procedures is REQUIRED to address this specific fraud risk?

An auditor is using Audit Data Analytics (ADA) to perform risk assessment procedures on the revenue cycle. The auditor creates a visualization plotting sales price per unit against quantity sold for all transactions. The auditor notices a cluster of transactions with high quantities and extremely low prices compared to the standard price list. What is the auditor's MOST appropriate next step?

In an audit of an issuer, the auditor is testing the design effectiveness of User Access Controls within the IT environment. Which of the following observations would represent the MOST significant deficiency in design?

An auditor is planning the audit of a nonissuer and intends to use the work of the client's internal audit function to assist in obtaining audit evidence. Under AU-C 610, which of the following tasks may the auditor assign to the internal auditors to perform under direct assistance?

An auditor is evaluating the sufficiency of evidence regarding the valuation of a complex financial instrument. The auditor decides to use the work of an auditor's specialist. Which of the following is NOT a requirement for the auditor regarding the specialist?

An auditor is reviewing the work of a component auditor in a group audit. The group auditor decides NOT to make reference to the component auditor in the audit report. Which of the following is the group auditor's responsibility?

An auditor is planning the audit of a nonissuer. The auditor intends to use the work of the client's internal audit function to assist in obtaining audit evidence. Which of the following factors would LEAST likely influence the auditor's determination of the extent to which the internal auditors' work can be used?

In an audit of an issuer, the auditor is assessing the control environment. Which of the following situations would most likely represent a significant deficiency or material weakness in the control environment?

An auditor is calculating materiality for a nonissuer client. The client has fluctuating net income over the past three years due to non-recurring gains and losses. Which of the following benchmarks would be MOST appropriate for determining overall materiality?

Which of the following scenarios most likely creates a 'presumption of fraud risk' in revenue recognition that the auditor must address?

An auditor is assessing the risk of material misstatement for a nonissuer's inventory. The company manufactures high-tech components that are subject to rapid obsolescence. Which assertion is MOST at risk?

During the planning phase of an audit, the auditor performs analytical procedures on the client's draft financial statements. The auditor observes that the gross margin percentage has increased significantly while sales volume has declined. Which of the following is a plausible explanation that would require further investigation?

An auditor is evaluating the design of an entity's internal controls over cash disbursements. Which of the following segregation of duties would BEST reduce the risk of misappropriation of assets?

An auditor is auditing a client that uses a service organization for payroll processing. The auditor obtains a SOC 1 Type 2 report. Which of the following is the auditor PRIMARILY interested in regarding this report?

An auditor is using audit data analytics (ADA) to identify high-risk transactions in the revenue cycle. The auditor visualizes the data and notices a cluster of sales transactions posted on Sundays, when the business is closed. This is an example of:

Which of the following IT general controls (ITGC) would be MOST effective in preventing unauthorized program changes from being moved into the production environment?

When auditing a nonissuer's compliance with laws and regulations, the auditor's responsibility differs based on the nature of the law. For laws that have a 'direct effect' on the determination of material amounts and disclosures in the financial statements (e.g., tax laws), the auditor must:

An auditor is testing the design effectiveness of a client's bank reconciliation control. Which of the following observations would indicate a design deficiency?

An auditor is evaluating the results of a test of controls. The auditor set the tolerable deviation rate at 7%. The sample deviation rate was 4%. The allowance for sampling risk was calculated as 4%. The auditor should:

Which of the following is an example of an 'inherent limitation' of internal control?

An auditor is auditing the financial statements of a group. The group engagement partner decides to assume responsibility for the work of a component auditor. In this case, the group engagement partner should:

An auditor is reviewing the work of a component auditor. The component auditor's findings indicate a material misstatement in the component's financial statements. The component is not material to the group financial statements. The auditor should:

Which of the following describes the 'completeness' assertion for inventory?