AT.

M-1405
RISK ASSESSMENT AND RESPONSES TO RISK

1. These are the procedures performed by an auditor to obtain an understanding of the entity
and its environment, including the entity’s internal control, to identify and assess the risks
of material misstatement.
a. Risk assessment procedures
b. Further audit procedures
c. Substantive test
d. Test of Controls

2. Per PSA 315: A risk resulting from significant conditions, events, circumstances, actions
or inactions that could adversely affect an entity’s ability to achieve its objectives and
execute its strategies, or from the setting of inappropriate objectives and strategies.
a. Business risk
b. Significant risk
c. Audit risk
d. Information risk

3. Per PSA 315: An identified and assessed risk of material misstatement that, in the
auditor’s judgment, requires special consideration.
a. Inherent risk
b. Significant risk
c. Audit risk
d. Control risk

4. The risk of material misstatement is a function of

a. Inherent and control risk
b. Inherent and detection risk
c. Control and detection risk
d. Inherent, control and detection risk

5. The auditor shall perform risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at the
a. Financial statement level
b. Assertion level
c. Financial statement and assertion levels
d. Account balance level

6. These are representations by management, explicit or otherwise, that are embodied in the
financial statements
 a. Assumptions
b. Assertions
c. Statements
d. Assurances

7. An example of assertion made by management in an entity’s financial statements

a. The financial statements were prepared in an unbiased manner
b. Reported inventory balances reflect all related transactions for the period
c. Reported accounts receivable do not include any uncollectible accounts
d. The scope of the auditor’s investigation was not limited ion any way by
management

8. Not a required risk assessment procedure

a. Inquiries of management
b. Analytical procedures
c. Reperformance
d. Inspection

9. A required risk assessment procedure

a. Reperformance
b. Observation
c. Recalculation
d. Confirmation

10. Statement 1: Risk assessment procedures themselves provide sufficient appropriate

evidence on which to base the audit opinion.
Statement 2: Further audit procedures consist of substantive test and test of control.
a. True True
b. True False
c. False True
d. False False

11. Before performing a fieldwork, a CPA who does not have expertise in the industry in
which the client operates needs to
a. Reduce audit risk by initially setting decreased materiality level
b. Increase substantive procedure to cover up the lack of expertise
c. Involve experts in the field where the auditor lacks expertise
d. Obtain general knowledge of entity’s business
12. An auditor understands a client’s business primarily to
a. Assess the level of control risk
b. Identify transactions that may impact the financial statements
 c. Develop an questioning attitude during the audit
d. Make suggestions on how to improve internal control

13. Least likely relevant to an auditor in performing risk assessment procedures

a. Discussion with people within the entity
b. Industry-related publications
c. Tour of the entity’s facilities
d. Walk-through procedures

14. Per Glossary: Involves tracing a few transactions through the financial reporting system
a. Substantive test
b. Test of Control
c. Walk-through test
d. Direct test

15. To acquire an understanding of a continuing client’s business in planning an audit, an

auditor would most likely will
a. Re-evaluate the client’s internal control system
b. Review prior year working papers
c. Read specialized industry journals
d. Perform substantive tests
16. Choose the correct statement.
a. Compared to the management, the auditor is required to have more knowledge of
the entity’s business
b. Initial knowledge about the entity’s industry must be acquired after the
engagement acceptance to determine whether the auditor has the knowledge to
perform the audit
c. Knowledge about the client’s business must be acquired at the start of the
engagement following acceptance
d. The auditor need not perform risk assessment procedures for continuing
engagements

17. A process designed, implemented and maintained by those charged with governance,
management and other personnel to provide reasonable assurance about the achievement
of an entity’s objectives with regard to
 Reliability of financial reporting
 Effectiveness and efficiency of operations
 Compliance with applicable laws and regulations
a. Control procedures
b. Risk assessment
 c. Planning
d. Internal control

18. Not a component of internal control

a. Control activities
b. Control environment
c. Physical controls
d. Risk assessment

19. Not a component of internal control

a. Entity’s risk assessment process
b. Information system
c. Segregation of duties
d. Monitoring

20. Process by which management identifies business risks relevant to financial reporting
objectives, estimates the significance of those risks, assess the likelihood of their
occurrence and decide actions to address those risks is called
a. Risk assessment procedures
b. Entity’s risk assessment process
c. Internal control
d. Strategic business planning

21. Does not properly describe control environment

a. It includes attitudes, awareness, and actions of management and those charged
with governance concerning the entity’s internal control and its importance in the
entity
b. It sets the tone of an organization, influencing the control consciousness of its
people
c. It is the foundation for effective internal control, providing discipline and
structure
d. It refers to the policies and procedures that help ensure that management
directives are carried out

22. Not a factor explicitly considered in understanding the control environment

a. Organizational structure
b. Personnel policies and procedures
c. Assignment of responsibility and authority
d. Performance reviews

23. Not a factor explicitly considered in understanding the control environment

 a. Commitment to competence
b. Active participation of those charged with governance (BOD)
c. Management philosophy and operating style
d. Information processing

24. Management philosophy and operating style most likely would have a significant
influence on an entity’s control environment when
a. The internal auditor reports directly to the management
b. Management is dominated by one individual
c. Accurate management job descriptions delineate specific duties
d. The audit committee actively oversees the financial reporting process

25. Not a specific control procedure (activity)

a. Performance reviews
b. Information processing
c. Monitoring
d. Physical controls

26. Proper segregation of functional responsibilities calls for separation of the functions of
a. Authorization, execution, and payment
b. Authorization, recording, and custody
c. Custody, execution, and reporting
d. Authorization, payment, and recording

27. An entity’s ongoing monitoring activities rather than a separate evaluation often include
a. Periodic audits by the audit committee
b. Reviewing the purchasing function
c. The audit of the annual financial statements
d. Control risk assessment in conjunction with the quarterly reviews

28. Least likely considered an inherent limitation of the potential effectiveness of an entity’s
internal control
a. Incompatible duties
b. Management override
c. Mistakes in judgment
d. Collusion among employfeesn

29. A compensating control for small entities

a. Appointment of the external auditor by the audit committee
b. Active participation of the owner-manager in the business operations
c. Strict segregation of the authorization, recording and custodianship functions
 d. Monthly financial statement audit

30. When considering internal control, an auditor should be aware of the concept of
reasonable assurance, which recognizes that
a. Internal control may be ineffective due to mistakes in judgment and personal
carelessness
b. Adequate safeguards over access to assets and records should permit a entity to
maintain proper accountability
c. Establishing and maintaining internal control is an important responsibility of
management
d. The cost of the entity’s internal control should not exceed the benefits derived

31. Control risk should be assessed in terms of

a. Specific controls
b. Type if potential fraud
c. Financial statement sasertions
d. Control environment factors
32. In obtaining an understanding of an entity’s internal control, an auditor is required to
obtain knowledge about the
1. Operating effectiveness of controls
2. Design of controls
3. Implementation of controls
a. 1 and 2 only
b. 2 and 3 only
c. 1 and 3 only
d. 1, 2 and 3

33. In obtaining an understanding of an entity’s internal control relevant to audit planning, an

auditor is required to obtain knowledge about its
a. Design of controls pertaining to internal control components
b. Effectiveness of controls that have been placed in operation
c. Consistency with which controls are currently being applied
d. Controls related to each principal transaction class and account balance

34. Not required of the auditor to perform while obtaining understanding of internal control
a. Perform procedures to understand the design of internal control
b. Understand the internal control and the information system
c. Determine whether the control activities relevant to audit planning has been
placed in operation
d. Search for significant deficiencies and in the operation of the internal control
35. Which one of the following procedures most likely would provide an auditor with
evidence about whether an entity’s internal control activities are suitably designed to
prevent or detect material misstatements?
a. Performing analytical procedures using data aggregated at a high level
b. Vouching a sample of transactions directly related to the activities
c. Reperforming the activities for a sample of transactions
d. Observing the entity’s personnel applying the activities

36. An auditor assesses control riodk because it

a. Is relevant to the auditor’s understanding of the control environment
b. Provides assurance that the auditor’s materiality levels are appropriate
c. Indicates to the auditor where inherent risk may be the greatest
d. Affects the level of detection risk that the auditor may accept

37. When combined assessed level of inherent and control risk is low/less than high/below
maximum, which is correct?
a. Test of controls is not required
b. More substantive procedures are performed
c. Detection risk is increased
d. Basis for assessment need not be documented
e.
38. Required to be documented when control risk is high
1. The understanding of the design and implementation of internal
control
2. The conclusion that control risk is high (the assessment)
3. The basis of the assessment
a. 1 and 2 only
b. 2 and 3 only
c. 1 and 3 only
d. 1, 2 and 3

39. When assessing control risk below the maximum level, an auditor is required to
document the auditor’s
1. Understanding if the entity’s control environment
2. Basis for concluding that control risk is below maximum level
a. 1 only
b. 2 only
c. Both 1 and 2
d. Neither 1 nor 2

40. Assessing control risk at below maximum level most likely would involve
 a. Performing more extensive substantive tests with larger sample sizes than
originally planned
b. Reducing inherent risk for most of the assertions relevant to account balances
c. Changing the timing of substantive tests by omitting interim-date testing and
performing the test at year end
d. Identifying specific controls relevant to specific assertions

41. After assessing control risk at below the maximum level, an auditor desires to seek a
further reduction in the assessed level of control risk. At this time, the auditor would
consider whether
a. It would be efficient to obtain an understanding of the entity’s informarion system
b. The entity’s controls have been placed in operation
c. The entity’s controls pertain to any financial statement assertions
d. Additional audit evidence sufficient to support a further reduction is likely to be
available

42. Not a step in an auditor’s assessment of control risk

a. Evaluate the effectiveness of internal control with tests of control
b. Obtain an understanding of the entity’s information system and control
environment
c. Perform tests of details of transaction to detect material misstatements in the
financial statements
d. Consider whether controls can have a pervasive effect in the financial statements

43. May not be required on a financial statement audit

a. Risk assessment procedures
b. Tests of controls
c. Substantive procedures
d. Analytical procedures

44. How frequently must an auditor test operating effectiveness of controls that appear to
function as they have in past years and on which the auditor wishes to rely in the currebt
year
a. Monthly
b. Each audit
c. At least every second audit
d. At least every third audit

45. Further audit procedures consist

1. risk assessment procedures
2. Test of controls
 3. Substantive procedures
a. 1 and 2 only
b. 2 and 3 only
c. 1 and 3 only
d. 1, 2 and 3

46. Procedures designed to detect material misstatements in the financial statements

a. Risk assessment procedures
b. Tests of controls
c. Substantive procedures
d. Analytical procedures

47. Not a substantive procedure

a. Understanding of the entity
b. Test of derails of balances
c. Test of details of transactions
d. Analytical procedures

48. Most important in determining further audit procedures (FAP)

a. Nature of FAP-test of control or substantive test
b. Extent of FAP-more or less audit procedures
c. Timing of FAP-interim or year-end performance of audit procedures
d. All are equally important

49. When an auditor increases an assessed level of control risk because certain control
activities were determined to be ineffective, the auditor would most likely increase the
a. Extent of test of controls
b. Level of detection risk
c. Extent of test of details
d. Level of inherent risk

50. An auditor may compensate for a weakness in internal control by increasing the
a. Level of detection risk
b. Extent of test of controls
c. Preliminary judgment about audit risk
d. Extent of analytical procedure

51. Regardless of the assessed level of control risk, an auditor would perform some
a. Test of control to determine the effectiveness of internal control policies
b. Analytical procedures to verify the design of internal control
c. Substantive tests to restrict detection risk for significant transaction classes
 d. Dual-purpose test to evaluate both the risk of monetary misstatement and
preliminary control risk

52. The objective of test of details of transactions performed as tests of control is to

a. Monitor the design and use of entity documents such as pre-numbered shipping
forms
b. Determine whether controls have been placed in operation
c. Detect material misstatements in the account balances of the financial statements
d. Evaluate whether controls operated effectively