Professional Skepticism And Judgment
Help Questions
CPA Auditing and Attestation (AUD) › Professional Skepticism And Judgment
A nonissuer manufacturing company is undergoing a financial statement audit under AICPA standards. Management provided an accounts receivable confirmation response in a PDF forwarded from the controller’s email, and the auditor notes the customer’s domain in the PDF footer does not match the customer’s known website; management explains the customer “recently changed domains.” Based on the evidence, what is the auditor's best course of action?
Discontinue confirmations because AICPA standards allow confirmations only when internal control is ineffective, and instead perform only analytical procedures on receivables.
Treat the response as potentially unreliable and obtain the confirmation directly from the customer using auditor-controlled contact information and alternative procedures as needed.
Accept the confirmation as reliable because it appears to be from an external party and management provided a reasonable explanation.
Rely on management’s representation regarding the domain change and increase sample sizes in other audit areas instead of re-performing confirmation procedures.
Explanation
This question tests the auditor's professional skepticism in evaluating the reliability of confirmation evidence under AICPA standards. Key facts include the confirmation being forwarded from management's email, a mismatched domain, and management's explanation of a recent domain change, which raises concerns about authenticity and potential interception. Treating the response as potentially unreliable and obtaining confirmation directly from the customer using auditor-controlled contact information complies with AU-C Section 505, which emphasizes maintaining control over the confirmation process to ensure reliability. Accepting the confirmation as reliable overlooks red flags and violates skepticism requirements, while relying on management's representation or discontinuing confirmations ignores the need for corroborative evidence under AU-C Section 330. Increasing sample sizes elsewhere or limiting to analytical procedures does not address the specific reliability issue and contravenes standards requiring appropriate responses to risks. Auditors should always verify suspicious evidence independently to maintain objectivity. Professional judgment involves assessing the source and nature of evidence for potential bias or manipulation.
A nonissuer technology startup is undergoing a review engagement under AICPA standards. Management reports a significant increase in deferred revenue, but refuses to provide customer contracts, stating they are “confidential,” and instead offers a summary spreadsheet. Based on the evidence, what is the accountant's best course of action?
Perform additional review procedures by requesting access to contracts (or redacted versions), and if management refuses and the matter is material, consider withdrawing from the engagement.
Convert the engagement to a compilation without changing the report because confidentiality restrictions apply equally to all engagements.
Accept the summary spreadsheet because reviews do not require obtaining corroborating evidence beyond inquiry and analytics.
Issue a review report with an adverse conclusion due to the limitation on access to contracts.
Explanation
This question tests responses to evidence limitations in review engagements under AICPA standards. Key facts involve refused access to contracts for deferred revenue, with only a summary provided, restricting procedures. Requesting access and considering withdrawal if material complies with AR-C Section 90 for review evidence. Accepting without corroboration or issuing adverse/ converting engagements ignores AR-C Section 80's requirements. Reviews require inquiry and analytics but escalation for anomalies. Framework: Escalate when access denies sufficient evidence. Principle: Skepticism demands corroboration beyond summaries in limited assurance.
An issuer medical device company is audited under PCAOB standards. The auditor plans to rely on a third-party valuation specialist’s report for stock-based compensation, but the report was commissioned by management, includes a limitation of liability to management only, and uses inputs inconsistent with observable market volatility. What should the auditor consider when evaluating evidence reliability?
Assess the specialist’s competence and objectivity, evaluate the methods and significant assumptions (including inconsistencies with market data), and obtain sufficient appropriate evidence beyond management’s commissioned report as necessary.
Ignore the report and automatically qualify the opinion because any limitation of liability makes the evidence unusable without exception.
Accept the report because PCAOB standards require auditors to use management’s specialists without modification.
The report is fully reliable because it was prepared by a specialist, so the auditor should not challenge the assumptions.
Explanation
This question assesses the auditor's judgment in evaluating the reliability of evidence from a management's specialist under PCAOB standards for an issuer. Critical elements include the specialist's report being commissioned by management, containing a liability limitation, and using assumptions inconsistent with market data for stock-based compensation valuation. Assessing the specialist's competence and objectivity, evaluating methods and assumptions for inconsistencies, and obtaining additional evidence as needed adheres to PCAOB AS 1210, which requires auditors to test the specialist's work and ensure its appropriateness for audit purposes. Accepting the report without challenge or because it was prepared by a specialist, as in choices A and C, is incorrect as AS 1105 mandates auditors to evaluate evidence reliability independently, not defer entirely to management. Ignoring the report and qualifying the opinion outright, per choice D, overstates the impact without first applying evaluative procedures under AS 2501. Auditors should apply a risk-based framework by scrutinizing specialist inputs against external data to form an independent conclusion. This principle reinforces that professional skepticism extends to all sources of evidence, promoting corroboration to achieve reasonable assurance.
A nonissuer distributor is undergoing an audit under AICPA standards and uses an ERP system to generate the inventory valuation report. The auditor learns the report is exported to Excel and manually edited by the inventory manager to “fix item descriptions” before being provided to the audit team. What should the auditor consider when evaluating evidence reliability?
AICPA standards require the auditor to accept client-prepared schedules if management certifies them in writing.
Because the edits relate to descriptions, the auditor should ignore them and reduce substantive inventory testing.
The report is reliable because it originated from the ERP system, regardless of subsequent edits.
Manual edits may impair completeness and accuracy; the auditor should obtain the report directly from the system, understand and test controls over report generation and changes, or reconcile to system data.
Explanation
This question probes evaluation of evidence reliability from manually edited reports under AICPA standards. Key facts include ERP-generated inventory reports edited in Excel for descriptions, potentially affecting completeness and accuracy. Obtaining reports directly and testing controls complies with AU-C Section 500, ensuring reliable audit evidence. Accepting as reliable regardless of edits or ignoring due to descriptions overlooks manipulation risks in AU-C Section 330, while mandatory acceptance of certified schedules is not per standards. Edits warrant scrutiny, not reduced testing. Framework: Verify data integrity from source to mitigate alteration risks. Principle: Judgment assesses evidence nature for bias, prioritizing unmanipulated sources.
A nonissuer manufacturer is undergoing an audit under AICPA standards. The auditor notes that the purchasing manager can both add new vendors and approve invoices in the system, and the vendor master file includes several new vendors with P.O. boxes and no tax identification documentation. What factor should most influence the auditor's judgment about further procedures?
The heightened fraud risk from vendor master file access and approval rights, requiring expanded procedures such as vendor existence validation and testing for related parties and duplicate payments.
Whether the total payments to new vendors are below the clearly trivial threshold, because clearly trivial items can be ignored even if controls are weak.
The fact that vendor setup is an operational process, which is outside the scope of the financial statement audit.
Whether management has an ethics policy, because an ethics policy alone mitigates the need for additional audit work.
Explanation
This question assesses factors influencing procedures amid fraud risks from control weaknesses under AICPA standards. Key facts involve the purchasing manager's dual roles and undocumented new vendors, elevating fraud potential. Heightened risk requiring expanded validation complies with AU-C Section 240 for fraud-responsive procedures. Focusing on triviality or ethics policies alone ignores AU-C Section 315's risk assessment, while excluding operational processes contravenes audit scope in AU-C Section 200. Controls do not mitigate without testing. Framework: Amplify procedures proportional to identified risks. Principle: Skepticism prioritizes corroboration in deficient control environments.
An issuer financial services entity is audited under PCAOB standards. The auditor obtains a SOC 1 Type 2 report for a service organization that processes loan payments, but the report period ends three months before the client’s year-end and notes several exceptions in access provisioning controls. Based on the evidence, what is the auditor's best course of action?
Evaluate the gap period and exceptions, perform procedures to address the period not covered (e.g., bridge letter and additional testing), and assess the effect on planned reliance and substantive procedures.
Disregard the SOC report because PCAOB standards prohibit using service auditor reports for issuer audits.
Request management to provide a written representation that service organization controls were effective through year-end and treat that as sufficient evidence.
Rely fully on the SOC report because it is issued by an independent service auditor and therefore eliminates the need for further procedures.
Explanation
This question tests judgment in using SOC reports with limitations in integrated audits under PCAOB standards. Key facts are the SOC 1 Type 2 report's gap period and control exceptions for a service organization processing loans, impacting reliance. Evaluating gaps and performing bridge procedures complies with AS 2601, addressing coverage deficiencies. Full reliance without procedures or disregarding the report ignores AS 2201's requirements, while representations alone are insufficient per AS 2805. PCAOB permits SOC use with evaluation. Framework: Bridge coverage gaps with targeted testing for ongoing effectiveness. Principle: Skepticism requires corroborating external reports against entity risks.
A nonissuer wholesaler is undergoing an audit under AICPA standards. The auditor plans to use a system-generated sales report for cut-off testing, but learns that IT implemented a patch two weeks before year-end and there is no evidence of user acceptance testing; several sales invoices around year-end have missing shipping numbers. Which audit procedure demonstrates appropriate skepticism regarding data integrity?
Obtain the report directly from the system, test report logic and key IT general controls around the patch, and reconcile report totals to the general ledger before selecting items for cut-off testing.
Rely on management’s assurance that the patch did not affect reporting and reduce sample sizes to offset the additional work.
Use only prior-year cut-off results as evidence that the current-year system data is complete and accurate.
Proceed with cut-off testing using the sales report as planned because system reports are presumed accurate unless errors are proven.
Explanation
This question evaluates skepticism regarding data integrity for audit procedures under AICPA standards. Key facts include an untested system patch before year-end and missing data in sales reports, questioning completeness. Obtaining reports directly and testing controls complies with AU-C Section 500 for reliable evidence. Proceeding without verification or relying on assurances/ prior results ignores AU-C Section 330's integrity needs. Reduced samples do not offset risks. Framework: Validate data sources before substantive use. Principle: Judgment assesses IT impacts on evidence quality.
A nonissuer healthcare clinic is undergoing an audit under AICPA standards. The auditor identifies a deficiency where billing staff can both adjust patient receivables and process refunds, and several large refunds were processed in the last week of the year; management states the refunds were “cleanup items.” What factor should most influence the auditor's judgment about evidence sufficiency for the refund transactions?
The ability to rely on the clinic’s internal audit function to test refunds, because AICPA standards require reliance when internal audit exists.
The increased risk of misstatement from inadequate segregation of duties and the need for more persuasive evidence (e.g., supporting documentation and independent authorization).
Whether the refund amounts are individually below performance materiality, since small items do not require further audit work.
Management’s assertion that the refunds are routine, because inquiry is sufficient when controls are documented.
Explanation
This question assesses professional judgment in evaluating evidence sufficiency amid control deficiencies under AICPA standards. Key facts involve inadequate segregation of duties allowing billing staff to adjust receivables and process refunds, with large year-end refunds labeled as routine by management, heightening misstatement risks. Focusing on increased risk and needing persuasive evidence like documentation complies with AU-C Section 315, emphasizing risk assessment and response. Considering individual amounts below materiality or relying on management's assertion ignores aggregation risks and AU-C Section 500's corroboration needs, while mandatory reliance on internal audit is not required by standards. Inquiry alone is insufficient for high-risk areas per AU-C Section 330. Framework: Escalate procedures based on control weaknesses to ensure reliable evidence. Principle: Professional skepticism demands substantiation beyond assertions in deficient environments.
An issuer consumer products company is audited under PCAOB standards. During inventory observation, management instructs warehouse staff to move certain slow-moving items to a separate area after the auditor arrives, stating they are “returns not owned,” yet the items are recorded in the perpetual inventory system. How should the auditor respond to identified fraud risks?
Rely solely on the perpetual inventory records because PCAOB standards prioritize system data over physical observation.
Accept management’s explanation because warehouse operations are complex and the items were segregated in the auditor’s presence.
Exclude the segregated items from testing because they were physically separated and therefore not part of inventory.
Treat the behavior as a red flag, expand observation and test ownership and cut-off for the segregated items, and evaluate whether management is attempting to conceal obsolete or non-owned inventory.
Explanation
This question addresses fraud risk responses during inventory observation under PCAOB standards. Key facts involve management moving items post-arrival, claiming non-ownership despite records, suggesting concealment. Treating as a red flag and expanding tests complies with AS 2401 for fraud procedures. Accepting explanations or excluding items ignores AS 2310's observation requirements, while prioritizing system data over physical contravenes standards. PCAOB emphasizes corroboration. Framework: Investigate anomalies with ownership verification. Principle: Skepticism probes management actions for misstatement indicators.
A nonissuer auto dealership is undergoing an audit under AICPA standards. The auditor notices repeated round-dollar wire transfers to a new finance company near year-end recorded as reductions of floorplan payable; management provides a single-page “statement” from the finance company with no contact information. How should the auditor respond to identified fraud risks?
Accept the statement because it is from an external party and supports the recorded reduction of the payable.
Rely on management’s representation letter because confirmations are not required for liabilities under AICPA standards.
Perform fraud-responsive procedures such as independently confirming the floorplan balance with the finance company using auditor-obtained contact details and testing the wire transfers to bank records and subsequent settlement.
Treat the transfers as immaterial because they are round-dollar amounts and therefore likely routine.
Explanation
This question addresses fraud risks from unusual transactions under AICPA standards. Key facts include round-dollar transfers reducing payables with minimal support, indicating potential kiting. Performing independent confirmations and testing complies with AU-C Section 240 for fraud responses. Accepting as external or immaterial ignores AU-C Section 500's sufficiency, while relying on representations is inadequate per AU-C Section 580. Confirmations are encouraged. Framework: Verify suspicious transactions externally. Principle: Skepticism investigates red flags thoroughly.