ReSA - THE REVIEW SCHOOL OF ACCOUNTANCY

CPA Review Batch 45  May 2023 CPA Licensure Examination AT-10

AUDITING (Auditing Theory) J. IRENEO  E. ARAÑAS  F. TUGAS  C. ALLAUIGAN

RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS

PSA 200
As the basis for the auditor’s opinion, PSAs require the auditor to obtain reasonable assurance about whether the
financial statements are free from material misstatement, whether due to fraud or error... It is obtained when the
auditor has obtained sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.

PSA 315 RISK ASSESSMENTS (RAP)

A. The auditor should:
a. Identify and assess the risks of material misstatement
i. at the financial statement level
ii. at the assertion level (classes of transactions, account balances, and disclosures)
b. secure enough evidence to support the risk assessment.
i. investigate on the intety of the company before acceptance of audit engagement
ii. consider the threats to independence and the fundamental principles of ethics
iii. understand the entity and its environment, relevant financial reporting framework and its
internal control

-Inquiries of management and others within the entity

-Analytical procedures
-Observation and inspection
-Discussion among engagement team members
-Other risk assessment procedures, including discussions with predecessor
auditor, evidence obtained during other procedures performed for the client
-*prior year working-papers
c. be most concerned about those business risks that may cause material misstatements.
d. use risk assessment to determine the nature, timing, and extent of further audit procedures to be
performed.

B. Documenting RAP
-discussion among the engagement team on the susceptibility of FS to material misstatement and the
significant decisions reached
-key elements of the understanding obtained regarding the entity’s environment, financial reporting
framework & internal control
-the sources of information from which the understanding was obtained and the risk assessment
procedures
-identified and assessed RMM at the financial statement level and at the assertion level
-the risks identified and related controls evaluated as a result of the RAP

PSA 330: RESPONSES TO ASSESSED RISK (RAR)

A. The auditor has a responsibility to design and implement responses to the RMM (IR, CR) identified and
assessed.
a. Overall responses
b. Responses Assessed Risks of Material Misstatement at the Assertion Level
B. The auditor should carefully plan to minimize the risk of failing to detect material misstatements at the
FS and assertion level (DR).
C. The auditor’s RAR should enable the gathering of Sufficient, Appropriate Evidence
D. RAR-Tests of Controls (TOC)
An audit procedure designed to evaluate the operating effectiveness of controls in preventing, or
detecting and correcting, material misstatements at the assertion level.
Auditors perform TOC to obtain sufficient appropriate audit evidence as to the operating effectiveness
of relevant controls
-when the auditor’s assessment of RMM at the assertion level includes an expectation that the
controls are operating effectively or
-when substantive procedures alone cannot provide sufficient appropriate audit evidence

Page 1 of 6 0915-2303213  www.resacpareview

ReSA – THE REVIEW SCHOOL OF ACCOUNTANCY
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS AT-10
Nature and Extent of Tests of Controls
a. How the controls were applied at relevant times during the period under audit.
b. The consistency with which they were applied.
c. By whom or by what means they were applied.
d. Determine whether the controls to be tested depend upon other controls.

Timing of Tests of Controls

-test controls for the particular time, or throughout the period, for which the auditor intends to rely
on those controls
a. audit evidence obtained during an interim period
b. audit evidence obtained in previous audits
- The auditor shall document the conclusions reached about relying on such controls that were
tested in a previous audit.

The auditor shall evaluate the operating effectiveness of relevant controls he intends to rely on.

E. RAR-Substantive Testing

An audit procedure designed to detect material misstatements at the assertion level. Substantive
procedures comprise:
i. Tests of details (of classes of transactions, account balances, and disclosures), and
ii. Substantive analytical procedures.

Irrespective of the assessed risks of material misstatement, the auditor shall design and perform
substantive procedures for each material class of transactions, account balance, and disclosure.
- Agreeing or reconciling the FS with the underlying accounting records; and
- Journal Entry Testing (JET)

Timing of Substantive Procedures

When substantive procedures are performed at an interim date, the auditor shall
cover the remaining period by performing:
-Substantive procedures, combined with tests of controls for the intervening period; or
-If the auditor determines that it is sufficient, further substantive procedures only, that provide
a reasonable basis for extending the audit conclusions from the interim date to the end period.

The auditor shall perform audit procedures to evaluate the overall presentation of the FS, including
the related disclosures.

F. Audit Documentation

a. The overall responses to address the assessed risks of material misstatement at the financial
statement level, and the nature, timing, and extent of the further audit procedures performed;
b. The linkage of those procedures with the assessed risks at the assertion level; and
c. The results of the audit procedures, including the conclusions where these are not otherwise
clear

Page 2 of 6 0915-2303213  www.resacpareview.com

ReSA – THE REVIEW SCHOOL OF ACCOUNTANCY
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS AT-10
MULTIPLE CHOICE QUESTIONS:
1. Risk assessment procedures include inquiries of management and others by the auditor. As part of these
procedures, the auditor should talk to
I. Head of internal auditor function
II. Board of directors
III. Management
IV. Members of the audit committee

A. I & II C. All of these

B. II, III & IV D. III only

2. Risk assessment procedures include

A. a required discussion among the staff members of the audit and the client regarding material
misstatements in the financial statement.
B. determination of the type of audit opinion to issue.
C. observation of the entity's operations.
D. assessing acceptable audit risk.

3. S1 Auditors are not allowed to make inquires of employees who are not considered management, such as
marketing or sales personnel.
S2 The performance of risk assessment procedures is designed to help the auditor obtain an understanding
of the entity.
A. True, true B. False, false C. True, false D. False, true

4. Evaluate the following statements:

I. The determination of significant risks, which arise on most audits, is a matter for the auditor’s professional
judgment.
II. Routine, non-complex transactions that are subject to systematic processing are less likely to give rise to
significant risks because they have lower inherent risks.
III. Significant risks are often derived from business risks that may result in a material misstatement.
A. Only statements I and II are true C. All statements are true
B. Only statement I is true. D. All statements are false

5. Which of the following factors is most likely to affect the extent of the documentation of the auditor's
understanding of a client's system of internal controls?
A. The industry and the business and regulatory environments in which the client operates
B. The relationship between management, the board of directors, and external stakeholders
C. The degree to which the auditor intends to use internal audit personnel to perform substantive tests
D. The degree to which information technology is used in the accounting function

6. What are the different levels of risk assessment?

A. “High” and “Low”. C. “Maximum” and “Minimum”.
B. “High” and “Less than High”. D. “Higher” and “Lower”.

7. The audit risk model is used primarily:

A. For planning purposes in determining how much evidence to accumulate.
B. While doing tests of controls.
C. To determine the type of opinion to express.
D. To evaluate the evidence which has been gathered.

8. Which of the following equations best describes the audit risk model?
A. AR = A + L + C C. AR = (IR x DR)/CR
B. AR = (IR x CR)/DR D. AR = IR x CR x DR

9. Inherent risk and control risk differ from detection risk in that inherent risk and control risk are
A. Elements of audit risk while detection risk is not.
B. Changed at the auditor’s discretion while detection risk is not.
C. Considered at the individual account-balance level while detection risk is not.
D. Functions of the client and its environment while detection risk is not.

Page 3 of 6 0915-2303213  www.resacpareview.com

ReSA – THE REVIEW SCHOOL OF ACCOUNTANCY
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS AT-10
10. Which of the following is not a consideration when the auditor is attempting to assess the inherent risk?
A. Nature of the client’s business.
B. Existence of related parties.
C. Frequency and intensity of top management review.
D. Susceptibility to defalcation.

11. Inherent risk is reduced when the likelihood of defalcations is low. This would be true for an account such as:
A. Property, plant and equipment. C. Cash.
B. Held for trading securities. D. Accounts receivable.

12. When the auditor assesses inherent risk, he considers among others the following factors, except:
A. Integrity of management. C. Unusual pressures on management.
B. Nature of the entity’s business. D. Results of interim tests.

13. Which of the following is an incorrect statement?

A. Detection risk is a function of effectiveness of an auditing procedure and its application.
B. Detection risk arises partly from uncertainties that exist when the auditor does not examine 100
percent of the population.
C. Detection risk arises partly because of other uncertainties that exist even if the auditor were to
examine 100 percent of the population.
D. Detection risk exists independently of the audit of the financial statements.

14. The acceptable level of detection risk (ADR) and the combined level of inherent risk (IR) and control risk (CR)
are ___________ related.
A. directly B. inversely C. proportionately D. not

15. The audit risk model consists of: AR = IR x CR x DR. The detection risk is the dependent variable. What is the
acceptable level of detection risk if the assessed level of inherent risk is HIGH and the control risk is MEDIUM?
A. Lowest B. Lower C. Medium D. Higher

16. Which of the following statements is correct concerning an auditor’s assessment of control risk?
A. Assessing control risk may be performed concurrently during an audit with obtaining an understanding
of the entity’s internal control.
B. Evidence about the operation of internal control in prior audits may not be considered during the
current year’s assessment of control risk.
C. The basis for an auditor’s conclusions about the assessed level of control risk need not be documented
unless control risk is assessed at the maximum level.
D. The lower the assessed level of control risk, the less assurance the evidence must provide that the
control procedures are operating effectively.

17. Which of the following pertains to detection risk?

A. An entity’s asset custodian and record-keeping function for cash are handled by one process owner.
B. An entity operates in a highly complex business environment.
C. An auditor uses substantive analytical procedures instead of test of balances.
D. None of the above.

18. Narratives, flowcharts, and internal control questionnaires are three commonly used methods of
A. Designing the audit manual and procedures.
B. Testing the internal control structure.
C. Documenting the study of internal controls.
D. Documenting the auditor’s understanding of client’s organizational structure.

19. S1 Flowcharts are harder to read and update than narratives.

S2 When documenting their understanding of a client's internal controls, auditors are required to use
narratives.
A. True, true B. False, false C. True, false D. False, true

20. When dealing with the documentation of internal control,

A. in a narrative, most questions simply require a "yes" or "no" response.
B. questionnaires offer useful checklists to remind the auditor of the many different types of internal
controls that should exist.
C. questionnaires and flowcharts should not be used together.
D. flowcharts fail to show the segregation of duties in the company.

Page 4 of 6 0915-2303213  www.resacpareview.com

ReSA – THE REVIEW SCHOOL OF ACCOUNTANCY
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS AT-10
21. When obtaining an understanding of the accounting and internal control system the auditor may trace a few
transactions through the accounting system. This technique is:
A. Reperformance C. Control test
B. Walk-through D. Validity test

22. An auditor with the CPA firm of Advanced and Mag-isip is working to understand a client’s inventory
procurement system. In hopes of assessing the control risk present in this system, the auditor is reviewing a
flowchart created by company employees. One symbol has a rectangle shape. What does that symbol
represent?
A. A document within the system
B. A decision made within the system
C. A process carried out within the system
D. The input of information within the system

23. After obtaining a sufficient understanding of internal control, the auditor:

A. Assesses the need to apply GAAS.
B. Determines the preliminary assessment of control risk.
C. Assesses detection risk to determine the acceptable level of inherent risk.
D. Determines the assessed levels of detection risk and inherent risk.

24. An auditor’s preliminary control risk assessment is at a HIGH level. Which of the following are possible reasons
for this preliminary assessment?
I. The entity’s internal control system is not effective
II. Evaluating the effectiveness of the entity’s internal control system would not be efficient.
A. I only B. II only C. Both I and II D. Neither I and II

25. Which of the following factors will result in control risk being assessed at a higher level?
A. Controls are well designed.
B. There is a lack of supervision of accounting personnel.
C. Accounting staff are well trained and educated.
D. The control environment is operating effectively

26. When control risk is assessed at less than high for all financial statements assertions, an auditor should
document the auditor’s
A B C D
• Understanding of the entity’s internal control structure Yes Yes No Yes
• Conclusion that control risk is less than high No Yes Yes Yes
• Basis for the conclusion that control risk is less than high Yes Yes No No

27. Overall responses to address the risks of material misstatement at the financial statement level include:
A. Emphasizing to the audit team the need to maintain professional skepticism in gathering and
evaluating audit evidence.
B. Assigning more experienced staff or those with special skills or using experts
C. Incorporating additional elements of unpredictability in the selection of further audit procedures.
D. All of the answers.

28. Tests of controls are used to test whether controls are:

A. Operating effectively.
B. Placed in operation or implemented.
C. Properly incorporated in the financial statements.
D. Properly documented by the client.

29. S1 Tests of controls are necessary if the auditor plans to use the primarily substantive approach.
S2 Tests of controls are necessary if the auditor plans to assess the level of control risk at a high level.
A. True, true B. False, false C. True, false D. False, true

30. If the auditor anticipates reliance on the client’s internal controls, the auditor would:
A. Test controls and use the results of testing as a basis for determining the nature, extent, and timing
of substantive tests.
B. No longer perform tests of controls and proceed immediately to substantive tests.
C. Perform tests of controls and increase the number of substantive tests.
D. Eliminate the need for the performance of substantive tests.

Page 5 of 6 0915-2303213  www.resacpareview.com

ReSA – THE REVIEW SCHOOL OF ACCOUNTANCY
RISK ASSESSMENT & RESPONSE TO ASSESSED RISKS AT-10
31. After considering a client’s internal control structure, an auditor has concluded that it is well-designed and is
functioning as intended. Under these circumstances, the auditor would most likely
A. Perform tests of control to the extent outlined in the audit program.
B. Determine the control procedures that should prevent or detect errors and irregularities.
C. Not increase the extent of predetermined substantive tests.
D. Determine whether transactions are recorded to permit preparation of financial statements in
conformity with generally accepted accounting principles.

32. When the auditor finds that there are missing controls in an area of the accounting system, the audit program
in that area would be modified in such a way as to:
A. increase the number of tests of controls.
B. increase the reliance on tests of controls.
C. cause the issuance of a qualified or adverse opinion.
D. eliminate the need for a test of controls.

33. Tests of controls may include the following, except:

A. Reperformance of internal control procedures.
B. Inquiries about and observation of, internal controls which leave no audit trail.
C. Analytical procedures involving comparison of operating expenses with budgeted amount.
D. Inspection of documentary support for transactions evidencing authorization.

34. Which of the following is a correct response of the auditor when he allows a lower acceptable level of detection
risk?
Nature of substantive tests Timing of substantive tests Extent of substantive tests
A. More extensive Year-end More effective
B. Less effective Interim Less extensive
C. More effective Year-end More extensive
D. More extensive Interim Less effective

35. Which of the following is not a step in an auditor’s assessment of control risk?
A. Evaluate the effectiveness of internal control with tests of controls.
B. Obtain an understanding of the entity’s information system and control environment.
C. Perform tests of details of transactions to detect material misstatements in the financial statements.
D. Consider whether controls can have a pervasive effect of financial statement assertions.

36. After obtaining an understanding of internal control and assessing the risk of material misstatement, an auditor
decided to perform tests of controls. The auditor most likely decided that
A. It would be efficient to perform tests of controls that would result in a reduction in planned substantive
tests.
B. Additional evidence to support a further reduction in the risk of material misstatement is not
available.
C. An increase in the assessed level of the risk of material misstatement is justified for certain financial
statement assertions.
D. There were many internal control weaknesses that could allow misstatements to enter the accounting
system.

37. If the auditor wants to perform more effective substantive tests, the auditor will perform:
A. More test of details (transactions and balances) and less analytical procedures
B. More analytical procedures and less test of details (transactions and balances)
C. Test of details and analytical procedures in equal proportion
D. Neither test of details nor analytical procedures

38. In the context of an audit of financial statements, substantive tests are audit procedures that:
A. may be eliminated under certain conditions.
B. may be either tests of transactions, tests of balances, or analytical tests.
C. are designed to discover significant subsequent events.
D. will increase proportionately with the auditor’s reliance on internal control.

- END -

Page 6 of 6 0915-2303213  www.resacpareview.com