The difference between assessing control risk for IT control activities versus assessing control risk for manual control activities is best described as follows: Multiple Choice О in a manual environment it is important for the auditor to gain an understanding of the internal control activity before assessing control risk. О in an IT environment, it is not important to gain an understanding of the internal control activity before assessing control risk. О In an IT environment, it is likely that control risk will be assessed as low on largely all audit engagements. О the assessment process that needs to be undertaken for IT controls is essentially the same as would be taken for manual controls.

The difference between assessing control risk for IT control activities versus assessing control risk for manual control activities is best described as follows: Multiple Choice О in a manual environment it is important for the auditor to gain an understanding of the internal control activity before assessing control risk. О in an IT environment, it is not important to gain an understanding of the internal control activity before assessing control risk. О In an IT environment, it is likely that control risk will be assessed as low on largely all audit engagements. О the assessment process that needs to be undertaken for IT controls is essentially the same as would be taken for manual controls.

Auditing: A Risk Based-Approach (MindTap Course List)

11th Edition

ISBN:9781337619455

Author:Karla M Johnstone, Audrey A. Gramling, Larry E. Rittenberg

Publisher:Karla M Johnstone, Audrey A. Gramling, Larry E. Rittenberg

Chapter8: Specialized Audit Tools: Attributes Sampling, Monetary Unit Sampling, And Data Analytics Tools

Section: Chapter Questions

Problem 8CYBK

See similar textbooks

Similar questions

If control risk is assessed at the maximum, the auditor is required to obtain knowledge about the: Design of Control Policies and Procedures Yes O No OYes O No Whether Control Policies and Procedures Have been Implemented No Yes Yes No
A reliance strategy is chosen when the auditor: Multiple Choice Plans on conducting tests of controls. Has set the control risk at a high level. Has set the control risk at a lower level. Has not conducted a detailed understanding and documentation of internal control.
Assuming a lack of internal control in a client's system, the risk of material misstatement is known as? O Inherent risk Client risk O Detection risk O Audit risk
When is the timing of substantive procedures most flexible? detection risk is assessed as low O there is a lack of an effective control environment O controls have been tested and are determined to be ineffective O controls have been tested and are determined to be effective
Study and Evaluation of Management Control. The study and evaluation of management risk mitigation control is not easy. First, auditors must determine the risks and the controls subject to audit. Then they must find a standard by which performance of the control can be evaluated. Next they must specify procedures to obtain the evidence on which an evaluationcan be based. Insofar as possible, the standards and related evidence must be quantified. The following description gives certain information (in italics) that internal auditors would know about or be able to determine on their own. Fulfilling the requirement thus amounts to taking some information from the scenario and figuring out other things by using accountants’ and auditors’ common sense.The ScenarioAce Corporation ships building materials to more than a thousand wholesale and retail customers in a five-state region. The company’s normal credit terms are net/30 days, and no cash discounts are offered. Fred Clark is the chief…
A related party transaction is a transfer of resources, services, or obligations between related parties when no consideration is involved. The auditor assesses control risk as high or at the maximum level when the internal controls of the client have not been effectively designed or have not operated effectively. Group of answer choices False, False True, False True, True False, True
If the auditor is unable to rely on the IT general controls or application controls of a client, they will assess audit risk as high. control risk as low. O inherent risk as high. O control risk as high.
An auditor’s preliminary control risk assessment is at a high level. Which of the following are possible reasons for this preliminary assessment? The entity’s internal control system is not effective. Evaluating the effectiveness of the entity’s control system would not be efficient. Group of answer choices A. I only B. Neither I and II C. Both I and II D. II only
After obtaining an understanding of an entitiy's internal control, an auditor may assess control risk at the maximum level for some assertions because he A. performs tests of controls to restrict detection risk to an acceptable level. B. identifies internal control policies and procedures that are likely to prevent material misstatements. C. believes the internal control policies and procedures are unlikely to be effective. D. determines that the pertinent internal control components are not well documented.
Place the auditor's activities to assess control risk in the proper order: Group of answer choices Walkthrough, flowchart, tests of controls Flowchart, significant deficiency, audit committee Flowchart, walkthrough, tests of controls Walkthrough, narrative, tests of controls
An auditor's preliminary control risk assessment is at a high level. Which of the following are possible reasons for this preliminary assessment? 1. The entity's internal control system is not effective. 2. Evaluating the effectiveness of the entity's control system would not be efficient. Choices: a. I only b. II only c. Both I and II d. Neither I and II
Why are weaknesses (lack of desired control procedures) not tested for compliance? Describe how weaknesses may not be detected during the review phase but discovered during the test of controls audit.