This question tests the auditor's understanding of tests of controls over the occurrence assertion for revenue transactions, as outlined in AU-C 330. The key fact is that the entity has a control requiring supervisor review of daily sales registers matched to shipping documents before invoice posting, and the auditor wants to test whether this control effectively prevents fictitious sales. Vouching recorded sales entries to approved shipping documents (Choice B) directly tests whether the control ensures sales are supported by actual shipments, which addresses the occurrence assertion. Analytical procedures (Choice A) are substantive procedures, not tests of controls, and cannot evaluate whether specific control activities operated effectively. Management representations (Choice C) provide limited evidence about control effectiveness and cannot replace the auditor's testing. Confirming receivables (Choice D) tests existence of receivables, not the operating effectiveness of controls over sales occurrence. When testing controls over transaction occurrence, the auditor should select a sample of recorded transactions and examine evidence that the control activity was performed.

This question addresses testing mitigating controls when segregation of duties deficiencies exist, as outlined in AU-C 265 and AU-C 330. The key fact is that one person can both set up vendors and process payments, creating fraud risk that management claims is mitigated by controller review of vendor changes. Testing monthly vendor change reports for evidence of controller review and investigation documentation (Choice A) evaluates whether the mitigating control operates effectively to detect unauthorized vendor additions. Assuming effectiveness based on position (Choice B) violates professional skepticism and testing requirements. Confirmations alone (Choice C) are substantive procedures that cannot evaluate control effectiveness and don't address the specific segregation risk. Issuing an adverse opinion (Choice D) is premature without first testing whether mitigating controls are effective, and applies only to integrated audits of issuers. When segregation of duties is lacking, the auditor must test whether compensating controls effectively mitigate the increased risk, requiring inspection of evidence that reviews occurred and exceptions were investigated.

This question addresses testing the operating effectiveness of a three-way match control and supervisory review, as required by AU-C 330 for controls the auditor intends to rely upon. The control involves matching vendor invoices to purchase orders and receiving reports, with supervisor review of exceptions, requiring the auditor to inspect evidence that these activities occurred. Inspecting a sample of recorded invoices for evidence of the three-way match and dated supervisor signatures (Choice A) provides direct evidence that the control operated as designed throughout the period. Recalculating balances (Choice B) is a substantive procedure that cannot evaluate control effectiveness. Assessing inherent risk as low (Choice C) violates professional standards because inherent risk assessment is independent of controls, and control testing cannot be reduced based on policies alone. Testing controls after report date (Choice D) is inappropriate because controls must be tested during the period under audit. The auditor must obtain evidence through inspection, observation, inquiry, and reperformance that controls operated effectively throughout the period of intended reliance.

This question addresses testing segregation of duties via system roles in an issuer's audit, per PCAOB AS 2201. The control prevents incompatible permissions. Choice A is appropriate by inspecting matrices and logs, aligning with AS 2201. Choice B tests invoices substantively per AS 2301, while Choice C limits to walkthroughs, insufficient for effectiveness per AS 2110. Choice D relies on policy, not evidence per AS 2201. A decision rule is to verify roles against actual access logs. This framework confirms effective segregation for risk mitigation.

This question evaluates testing review controls in disbursements for a nonissuer audit, per AU-C 330. The dual-signature policy includes CFO review of support for checks over $10,000. Choice A is correct by inspecting signatures and assessing review meaningfulness, aligning with AU-C 330. Choice B is a reconciliation test, not specific to the control per AU-C 330, while Choice C is confirmation, substantive per AU-C 505. Choice D limits to design, but operating effectiveness is required per AU-C 330. Auditors should evaluate the depth of reviews beyond signatures for effectiveness. A transferable framework is to test both execution and substance of approval controls.

This question addresses IT general controls over system access, which are critical when relying on system-generated reports for audit procedures per AU-C 315 and AU-C 330. The control involves quarterly user access reviews by IT, and the auditor needs evidence these reviews effectively maintain appropriate access restrictions. Inspecting quarterly review documentation for evidence of review, terminated user removal, and exception resolution (Choice A) directly tests whether the access control operated effectively throughout the period. Confirming receivables (Choice B) is a substantive procedure unrelated to IT access controls. Type 1 reports (Choice C) only describe controls at a point in time and provide no evidence of operating effectiveness throughout the period. Testing by inquiry only (Choice D) provides insufficient evidence for IT controls and the security concern is unfounded when properly coordinated. The auditor must inspect documentation showing that access reviews occurred, identified issues like terminated employees, and resulted in timely remediation to maintain system integrity.

This question tests understanding of monitoring controls over bank reconciliations, which are detective controls requiring evidence of both performance and review per AU-C 330. The control involves accounting manager preparation and controller review with investigation of items over $5,000, requiring the auditor to test both components. Inspecting reconciliations for timely preparation, documented review, and reperforming follow-up on large items (Choice A) provides evidence that the monitoring control operated effectively including the investigation component. Bank confirmations (Choice B) are substantive procedures that verify balances but cannot evaluate control effectiveness. Inquiry alone (Choice C) provides limited evidence and must be corroborated with inspection or reperformance for controls testing. Testing only at year-end (Choice D) is incorrect because monitoring controls can and should be tested throughout the period, with appropriate roll-forward procedures. The auditor must obtain evidence through inspection and reperformance that monitoring controls not only occurred but also identified and resolved exceptions appropriately.

This question addresses control environment assessment, specifically audit committee oversight as described in AU-C 315. The control environment sets the tone at the top and influences control consciousness throughout the organization, with audit committee oversight being a critical element. Having the CFO prepare, review, and approve audit committee minutes without committee review (Choice B) represents a significant weakness because it compromises the independence and effectiveness of audit committee oversight. Financial expertise and documented follow-up (Choice A) strengthen the control environment. Increased meeting frequency for acquisitions (Choice C) demonstrates responsive oversight. Reviewing uncorrected misstatements with qualitative discussions (Choice D) shows active engagement in financial reporting oversight. When the audit committee's independence is compromised by management controlling its documentation, the auditor cannot rely on this control environment element. The auditor should assess whether this weakness affects the ability to rely on other controls and may need to increase substantive procedures.

This question covers testing completeness controls in sales for a nonissuer audit, per AU-C 330. The daily review of unmatched shipments ensures invoicing. Choice A is appropriate by inspecting reports and tracing resolutions, aligning with AU-C 330. Choice B limits to year-end, ignoring period coverage per AU-C 330, while Choice C is substantive per AU-C 505. Choice D tests one day only, insufficient for the year. Auditors should sample across periods for ongoing controls. A decision rule is to trace exceptions to resolution for effectiveness.

This question addresses testing review controls over accounting estimates in an issuer's audit, per PCAOB AS 2201. The quarterly review of allowance assumptions is documented with conclusions. Choice A is appropriate by inspecting evaluations and follow-up, aligning with AS 2201. Choice B is substantive recalculation per AS 2501, while Choice C uses external evidence inappropriately. Choice D delays testing; controls must be tested during the audit per AS 2201. A framework is to assess the precision of assumption reviews against standards. This ensures estimates are reliable for financial reporting.