Planned Audit Response
Help Questions
CPA Auditing and Attestation (AUD) › Planned Audit Response
In an audit of an issuer under PCAOB standards, the auditor identifies that management’s control for reviewing monthly account reconciliations is performed, but documentation of the review is inconsistent and often added weeks later. The reconciliations cover several significant accounts, including accrued expenses and prepaid assets, and there were multiple post-close adjustments in prior periods. The auditor is considering whether to rely on the control to reduce substantive testing. How should the auditor respond to the control deficiency identified?
Perform substantive tests only and skip any control evaluation because integrated audits do not require testing controls when substantive procedures are planned.
Apply AICPA nonissuer guidance and communicate the issue only to management, because issuer ICFR communications are not required if the audit opinion is unmodified.
Test the control by inspecting a sample of reconciliations for evidence of timely, independent review (including dates and reviewer sign-off), corroborate through inquiry and observation where needed, and if review is not timely/documented, increase substantive procedures on the affected accounts and evaluate the severity of the deficiency for ICFR reporting.
Rely on the control because the reconciliations exist, and documentation timing does not affect operating effectiveness under PCAOB standards.
Explanation
This question tests evaluation of control deficiencies in account reconciliation processes during a PCAOB integrated audit. The scenario identifies untimely and inconsistently documented review of reconciliations covering significant accounts, with a history of post-close adjustments indicating the control's importance. AS 2201 requires controls to operate effectively throughout the period, and untimely review undermines control effectiveness. Option C correctly prescribes testing for timely, independent review with proper documentation, increasing substantive procedures if deficient, and evaluating the deficiency for ICFR reporting. Option A incorrectly dismisses timing as irrelevant to effectiveness; Option B misunderstands integrated audit requirements; Option D misapplies standards regarding ICFR communication requirements. The transferable principle is that control effectiveness requires both performance and timely review—delayed documentation suggests either untimely review or backdating, both of which prevent control reliance and require expanded substantive procedures with deficiency evaluation.
In an integrated audit of an issuer under PCAOB standards, the auditor plans to use data analytics to test revenue occurrence. The auditor obtains a complete population of sales invoices and identifies a cluster of invoices recorded on the last two days of the year with shipping dates after year-end and with manual changes to shipping terms. Revenue is material, and prior-year cut-off errors were identified. Which substantive procedure would be most effective given the assessed risk?
Select invoices from the identified cluster and vouch to underlying shipping documents (e.g., bills of lading) and customer acknowledgments to verify shipment occurred before year-end and terms support revenue recognition; expand testing if exceptions are found.
Perform the cut-off test only at interim because year-end testing is unnecessary when analytics have been performed on the full population.
Test the design of controls over shipping terms changes and, if designed well, eliminate detailed cut-off testing.
Use a materiality threshold equal to total revenue times 5% and test only invoices above that threshold because smaller invoices cannot cause a material misstatement.
Explanation
This question evaluates the auditor's use of data analytics to identify and respond to revenue cutoff risks in a PCAOB integrated audit. The scenario presents data analytics findings showing year-end invoices with post-year-end shipping and manual term changes, combined with prior cutoff errors, indicating high risk of premature revenue recognition. AS 2301 requires substantive procedures for significant risks, and data analytics findings must be investigated through detailed testing. Option A correctly prescribes vouching the identified population to shipping documents and customer acknowledgments to verify proper cutoff and revenue recognition criteria. Option B inappropriately substitutes control testing for required substantive procedures; Option C misunderstands the relationship between interim and year-end testing; Option D misapplies materiality to population testing. The key principle is that data analytics identifies risk populations requiring targeted substantive procedures, not elimination of detailed testing, especially for cutoff where timing is critical.
In an audit of a nonissuer under AICPA auditing standards, the auditor assesses a high risk of material misstatement for inventory valuation due to volatile commodity prices and a history of slow-moving items. The client’s perpetual records are unreliable, and management performed a year-end reserve calculation using a new spreadsheet model that lacks documented review. Overall materiality is $900,000, and inventory is $6.5 million. Which substantive procedure would be most effective given the assessed risk?
Perform tests of controls over the spreadsheet model’s change management and rely on those controls to reduce substantive testing.
Limit testing to items with recorded value above $900,000 because amounts below overall materiality are not subject to substantive testing.
Select a sample of inventory items and recalculate lower of cost or net realizable value using recent sales prices/subsequent sales, aged inventory reports, and current replacement costs; also develop an independent expectation of the reserve and compare to management’s estimate.
Obtain management representations that the reserve is adequate and reduce further audit work because the reserve is an estimate.
Explanation
This question assesses the auditor's substantive response to high risk of material misstatement in inventory valuation under AICPA auditing standards. The scenario presents multiple risk factors: volatile commodity prices, history of slow-moving items, unreliable perpetual records, and a new unreviewed spreadsheet model for reserve calculations, with inventory at $6.5 million against $900,000 materiality. AU-C 330 requires the auditor to design substantive procedures responsive to assessed risks, and for significant risks, substantive procedures alone must be performed. Option C correctly prescribes recalculating lower of cost or net realizable value using external evidence (recent sales prices, subsequent sales, replacement costs) and developing an independent expectation of the reserve. Option A inappropriately attempts to rely on controls over a new, unreviewed model; Option B improperly relies solely on management representations for a significant estimate; Option D misapplies materiality by limiting testing to individual items above overall materiality. The transferable principle is that high-risk estimates require independent recalculation using external evidence, not reliance on management's models or representations alone.
In an integrated audit of a public company issuer (PCAOB), the auditor is testing controls over journal entries. The company uses a manual spreadsheet to upload consolidation entries, and there is no independent review of the spreadsheet logic or the upload file before posting. Several large, top-side entries were posted late on the last day of the year to increase earnings, and the CFO has significant influence over the close process. Which testing procedure should the auditor implement?
Apply AICPA nonissuer standards and limit testing to inquiry and observation because PCAOB integrated audit requirements do not apply to issuers.
Perform a test of controls by selecting a sample of consolidation uploads and inspecting evidence of independent review and approval prior to posting; additionally, test IT access and change controls over the upload process and increase substantive journal entry testing focused on late, unusual entries.
Test the control only in the following year because late-year entries occur at year-end and cannot be tested until after the audit report is issued.
Perform only substantive analytics on the income statement because journal entry testing is required only when fraud has been confirmed.
Explanation
This question addresses testing controls over financial reporting period-end processes in a PCAOB integrated audit, specifically focusing on journal entry controls. The scenario presents manual consolidation entries via spreadsheet without independent review, late earnings-increasing entries, and CFO influence over the close process, indicating significant fraud risk. AS 2201 and AS 2401 require specific procedures for journal entry testing, especially for manual, period-end entries affecting earnings. Option A correctly prescribes testing both the review control and IT access/change controls, plus expanded substantive journal entry testing focused on unusual entries. Option B incorrectly limits procedures to analytics; Option C misapplies standards (PCAOB standards do apply to issuers); Option D misunderstands timing requirements for year-end entry testing. The critical framework is that manual period-end processes with fraud indicators require both control and substantive testing, with particular focus on IT controls preventing unauthorized changes and detailed testing of unusual entries.
In an audit of a nonissuer, the auditor learns that the controller both sets up new vendors and approves electronic payments in the banking portal due to staffing shortages. The entity has experienced rapid growth, and there were several round-dollar payments to new vendors near year-end that management described as “expedited.” Materiality is low because the entity is close to a debt covenant. How should the auditor respond to the control deficiency identified?
Rely on the compensating control that the controller is experienced and conclude the deficiency is inconsequential without additional work.
Apply PCAOB integrated-audit requirements and issue an adverse opinion on internal control over financial reporting based solely on the segregation-of-duties issue.
Perform a walkthrough only and, if the process appears reasonable, reduce detailed testing because the control deficiency relates to operations rather than financial reporting.
Increase substantive procedures over cash disbursements by testing a sample of new vendors for existence and inspecting supporting invoices and receiving documentation, and communicate the significant deficiency to those charged with governance.
Explanation
This question evaluates the auditor's response to control deficiencies in a nonissuer audit under AICPA AU-C standards, emphasizing segregation of duties and communication. The scenario highlights the controller's dual roles in vendor setup and payment approval, rapid growth with round-dollar payments, and low materiality due to debt covenants. Increasing substantive procedures over disbursements and communicating the significant deficiency follows AU-C 265, requiring evaluation and reporting of deficiencies, and AU-C 330 for expanded testing when controls are weak. Option B is wrong as relying on the controller's experience does not compensate for segregation issues per AU-C 315, potentially understating risks. Option C incorrectly limits to a walkthrough, ignoring AU-C 265's distinction between operational and financial reporting deficiencies, while Option D misapplies PCAOB standards to a nonissuer and overstates the deficiency's impact without full evaluation. A transferable framework involves classifying deficiencies by severity and linking them to adjusted substantive procedures. Auditors can use a decision tree to assess if deficiencies are significant or material, guiding communication and testing extent.
During an integrated audit of a public company issuer under PCAOB standards, the auditor notes that the company implemented a new revenue system midyear and, for the first two months after implementation, sales managers could manually override the system’s price and discount fields without documented approval. Revenue is quantitatively material and management’s incentives are tied to quarterly revenue targets, and the auditor has identified several large quarter-end sales with unusually high discounts. How should the auditor respond to the control deficiency identified?
Test the operating effectiveness of the override-approval control by selecting a sample of override transactions from the affected period, inspecting evidence of independent approval, and reperformance of the system’s approval workflow; if failures are found, expand substantive tests of revenue (especially quarter-end) and evaluate whether the deficiency is a material weakness.
Rely on substantive analytical procedures over revenue trends because the control exception is limited to two months and does not affect year-end balances.
Treat the issue as a significant deficiency only and communicate it to management in a management letter after the audit report is issued, without modifying planned procedures.
Apply AICPA guidance for nonissuers and perform only inquiry of management about whether overrides were appropriate, because PCAOB testing is not required when IT is involved.
Explanation
This question tests the auditor's response to control deficiencies in an integrated audit under PCAOB standards, specifically AS 2201. The scenario presents a revenue system implementation with a two-month period where manual overrides lacked documented approval, combined with material revenue, management incentives tied to revenue targets, and evidence of unusual quarter-end discounts. Under PCAOB standards, when a control deficiency is identified in a material account with fraud risk indicators, the auditor must test the operating effectiveness of compensating controls and expand substantive procedures if the deficiency is not mitigated. Option B correctly requires testing the override-approval control through inspection and reperformance, expanding substantive tests if failures are found, and evaluating whether the deficiency constitutes a material weakness. Option A incorrectly relies solely on analytical procedures without addressing the control deficiency; Option C improperly defers communication and fails to modify procedures; Option D incorrectly applies nonissuer standards to an issuer audit. The key framework is that control deficiencies in areas with fraud risk require both control testing of compensating controls and expanded substantive procedures, with immediate evaluation of the deficiency's severity for ICFR reporting.
During planning for an audit of a public company issuer (PCAOB), the auditor identifies an unusual transaction: near year-end, the company sold a portfolio of customer receivables to a related party with an agreement to repurchase any accounts that become more than 60 days past due. Management recorded the transaction as a true sale and recognized a gain that is material to net income. There is also pressure to meet analyst earnings expectations. Based on the provided information, which audit procedure is most suitable?
Apply AICPA guidance for nonissuers and treat the related-party nature as immaterial if the gain is less than 5% of total assets.
Inspect the transfer and repurchase agreements, evaluate whether control is surrendered under the applicable accounting framework, confirm key terms with the related party, and test subsequent collections/repurchases to assess whether sale accounting and the recorded gain are appropriate.
Perform a test of controls over the revenue cycle because receivables originate from sales, and conclude the gain is reasonable if revenue controls are effective.
Rely primarily on management’s memo supporting sale accounting because the transaction is nonrecurring and management is responsible for GAAP conclusions.
Explanation
This question addresses auditing complex related-party transactions with revenue recognition implications under PCAOB standards. The scenario presents a year-end receivables sale to a related party with repurchase obligations for past-due accounts, recorded as a true sale with material gain recognition, under earnings pressure. AS 2410 (Related Parties) and AS 2401 (Fraud Considerations) require heightened scrutiny of related-party transactions near period-end that affect earnings. Option B correctly requires inspecting agreements, evaluating control surrender under the applicable framework (likely ASC 860), confirming terms with the related party, and testing subsequent activity to assess sale accounting appropriateness. Option A incorrectly focuses on general revenue controls rather than the specific transaction; Option C improperly relies on management's accounting conclusions; Option D misapplies materiality to related-party transactions. The transferable framework is that related-party transactions with earnings impact require detailed substantive testing of legal form, economic substance, and subsequent activity to validate accounting treatment.
During an issuer audit, the auditor finds that management’s key control over revenue includes a quarterly reconciliation between the billing system and the general ledger. However, the reconciliation is performed only at quarter-end, and the fourth-quarter reconciliation was not completed before year-end close due to system downtime. Revenue is material and subject to fraud risk. How should the auditor respond to the control deficiency identified?
Apply AICPA nonissuer standards and treat the missed reconciliation as a minor operational issue not affecting financial reporting.
Perform additional substantive procedures for revenue (including detailed testing of billing-to-GL completeness and cut-off) for the fourth quarter and evaluate whether the failure to perform the control affects the ICFR opinion.
Rely on the control based on prior quarters’ performance and reduce fourth-quarter substantive testing.
Wait until after issuing the audit report to test whether the reconciliation was eventually completed and then decide if revenue was fairly stated.
Explanation
This question evaluates control failures in an issuer audit under PCAOB AS 2201, impacting revenue. Missed Q4 reconciliation, system downtime, material revenue with fraud risk are key. Increasing Q4 substantives and evaluating ICFR follows AS 2201's deviation response. Option B relies improperly, per AS 2201. Option C misapplies AICPA, while Option D delays retrospectively. Framework: Adjust for period-specific failures. Strategy: Enhance cut-off tests on control gaps.
During an integrated audit of an issuer, the auditor identifies that the company’s control over management review of monthly financial results consists of a meeting with no documented follow-up on unusual fluctuations. This year, “other income” increased significantly due to one-time vendor rebates that were booked based on emails rather than executed agreements. Other income is material to earnings. Which testing procedure should the auditor implement?
Test the management review control only at interim because monthly controls do not require year-end coverage.
Apply AICPA nonissuer standards and treat the control as effective if management can explain the fluctuations during inquiry.
Rely on the existence of meetings as sufficient evidence that the control operated effectively and reduce substantive testing.
Test the management review control by inspecting evidence of the review and follow-up on significant variances and, due to weak documentation, perform substantive testing of the vendor rebates by inspecting executed agreements, recalculating amounts, and confirming key terms with vendors if necessary.
Explanation
This question evaluates management review controls in an integrated audit under PCAOB AS 2201, with weak documentation. No follow-up, rebate increases via emails, material income are key. Testing review evidence and substantively confirming rebates follows AS 2201's operating effectiveness. Option B relies on meetings insufficiently, per AS 2201. Option C misapplies AICPA, while Option D limits timing. Framework: Require variance resolution documentation. Strategy: Combine control tests with agreement inspections.
During an issuer audit, management asserts that a decline in deferred revenue is due to a shift toward monthly subscriptions. The auditor notes, however, that several large annual contracts were signed in the last month of the year and cash was collected upfront, but deferred revenue did not increase. Materiality is moderate, and revenue is a presumed fraud risk. Which substantive procedure would be most effective given the assessed risk?
Select a sample of late-year customer contracts and vouch cash receipts and contract terms to the recorded revenue and deferred revenue balances, including testing whether performance obligations were satisfied and whether amounts collected upfront were deferred appropriately.
Confirm only the year-end cash balance because cash was collected upfront and therefore revenue recognition is not at risk.
Increase tolerable misstatement for deferred revenue because it is a liability and less likely to be misstated intentionally.
Test only the design of controls over subscription billing and omit substantive testing because the company is an issuer.
Explanation
This question tests deferred revenue in an issuer audit under PCAOB AS 2301, with recognition risks. Decline despite upfront cash, large late contracts, moderate materiality, fraud presumption are key. Vouching contracts and terms follows AS 2810's cut-off emphasis. Option B focuses on cash mistakenly, per AS 2301. Option C limits to design, ignoring substantives, while Option D misadjusts misstatement. Framework: Verify performance obligations in subscriptions. Strategy: Sample late-period deals for deferral accuracy.