Question

Control 7:

If a company’s control risk is initially assessed as low, the auditor needs to gather evidence on the operating effectiveness of the controls. For the following control activity listed, do the following two tasks:

a. Describe the test of control that the auditor would use to determine the operating effectiveness of the control.

b. Briefly describe how substantive tests of account balances should be modified if the auditor finds that the control is not working as planned. In doing so, indicate (a) what misstatement could occur because of the control deficiency, and (b) how the auditor’s substantive tests should be expanded to test for the potential misstatement.

Control Activity:

7. The only individuals who have access to the payroll master file are the payroll department head and the payroll clerk responsible for maintaining the payroll file. Access to the file is controlled by computer passwords.

Task A)

Task B)

Answer 1

Answer -

. Control Activity	(A) Test of Control	(B) Modification of Audit Procedures if Control is not Effective
The only individuals who have access to the payroll master file are the payroll department head and the payroll clerk responsible for maintaining the payroll file. Access to the file is controlled by computer passwords.	1). Auditors could try and see if the computer password is easy to decipher. 2). They could somehow ask around to see if any of the people that know the password have ever leaked out the password.	a). If the password was easy to decipher then confidential payroll information would be vulnerable and people could change their rate of pay and/or hours they worked in order to get more money. b). The auditor could ask with each individual if they know the passwords or the auditor could review all computer history to see if anyone was into the payroll department information.