Question

In: Accounting

Information Produced by the Entity Example 3 – Audit procedures to address audit risks related to...

Information Produced by the Entity

Example 3 – Audit procedures to address audit risks related to IPE from a transaction process

Complete the following table, indicating the audit procedure that would be performed to address the identified risk.

Risk 1: The IT application is not processing data correctly (incomplete or inaccurate).

Information about ABC’s shipments is input manually into the IT application by the shipping clerk. The risk is that the shipping clerk mistypes the quantity shipped.

Audit procedure to address the risk:

Risk 2: The IT application is not collecting data correctly for output (incomplete or inaccurate).

The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts. The risks include that the data extracted includes paid invoices, does not include all unpaid invoices (e.g., excludes the unpaid invoices for one line of business) or includes all unpaid invoices but excludes unmatched credit notes.

Audit procedure to address the risk:

Risk 3: The IT application is not computing or categorizing data correctly for output (inaccurate).

The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts. The risk includes that the invoices may be aged differently than expected or the aging columns may not be totaled accurately (e.g., the aging column content may be different than expected because the user expects aging of the invoice date but the IT application ages according to the due date, or the user expects the total to be the sum of the numbers in the column but the IT application obtains the total number from a summary data table rather than creating the sum of the details displayed).

Audit procedure to address the risk:

Risk 4: The output from the IT application into the EUC tool is modified or lost in the transfer to the tool (incomplete or inaccurate).

The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts that was exported from the accounts payable application into Excel. The risk is that the data did not transfer correctly, including such issues as larger numbers being truncated when exported or lines of information being dropped in the transfer.

Audit procedure to address the risk:

Risk 5: The output from the IT application into the EUC tool or the output from the EUC tool is incomplete (data is missing) or inaccurate (data has been added, changed, computed or categorized incorrectly).

The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts that was exported from the accounts payable application into Excel. The risk is that fictitious unpaid invoices are inserted into the spreadsheet or formulas intended to calculate a provision for old, unpaid amounts are incorrect.

Audit procedure to address the risk:

Information Produced by the Entity (IPE)

Example 4 – Examples of IPE from an IT process

Complete the following table, indicating whether the item is an example of IPE from an IT process and explain why or why not.

Item

IPE?

Why or why not?

An Excel log of actions by programmers who have access to production programs that comprise IT applications

An email exchange evidencing approval for a program change

A report of IT system settings of a particular financial reporting system

A listing of all program changes made during a given period of the year, from which the auditor plans to select a sample for testing

  

Information Produced by the Entity

Example 5 – Audit risks associated with IPE from an IT process

Complete the following table, indicating which risk (by number and description) is associated with each processing error.

Processing error

Risk number

Risk description

The quarterly user access review is initiated by the business analyst, who generates a report from the IT application and exports it into Excel. The Excel spreadsheet then separates the listing into five different reports based on the user’s business unit (BU). In categorizing the user by BU, Excel excludes all new employees from the listing and, thus, those individuals are not subject to the review by the respective BU director.

You have requested a system-generated listing of PeopleSoft users with a create date from 1/1/2XX2 through 6/30/2XX2. The company runs a report, but mistakenly inputs the end date as 6/1/2XX2.

You have requested a system-generated listing of production directories and files for a UNIX server that supports an in-scope application. The client exports the results of the query to an Excel file. The client uses Excel 2003 and, because there is a limit of 65,000 rows, all remaining rows are dropped in the transfer process.

Solutions

Expert Solution

Risk 1: The IT application is not processing data correctly (incomplete or inaccurate).

Information about ABC’s shipments is input manually into the IT application by the shipping clerk. The risk is that the shipping clerk mistypes the quantity shipped.

Audit procedure to address the risk: Verify if there is any record maintained immediately after the shipment is ready with the details of shipment to be dispatched. Cross verify that register with the Issue register maintained by the shipping clerk.

Verify the sales orders to be serviced in a particular month to get an estimate of quantity to be shipped. Cross verify the quantity in sales orders and quantity in Issue registers. Note cases of difference in quantities but the sales order has been closed. If the sales order is short closed, there are no issues. If it is not short closed, then it gives the picture of errors made by shipping clerk in recording the details.

Risk 2: The IT application is not collecting data correctly for output (incomplete or inaccurate).

The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts. The risks include that the data extracted includes paid invoices, does not include all unpaid invoices (e.g., excludes the unpaid invoices for one line of business) or includes all unpaid invoices but excludes unmatched credit notes.

Audit procedure to address the risk: Obtain Balance Confirmations from the customers and cross verify the same with the outstanding balances in the client’s records. Note any differences, and request for a detailed ledger from the client. Reconcile the company’s details with the customers’ details. In that way, any errors in recording the receivables can be found out.

Risk 3: The IT application is not computing or categorizing data correctly for output (inaccurate).

The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts. The risk includes that the invoices may be aged differently than expected or the aging columns may not be totaled accurately (e.g., the aging column content may be different than expected because the user expects aging of the invoice date but the IT application ages according to the due date, or the user expects the total to be the sum of the numbers in the column but the IT application obtains the total number from a summary data table rather than creating the sum of the details displayed).

Audit procedure to address the risk: Audit procedure of ‘Recalculation’ can be used in this scenario. The auditor can obtain the details of accounts receivables and perform ageing analysis of the same.

Risk 4: The output from the IT application into the EUC tool is modified or lost in the transfer to the tool (incomplete or inaccurate).

The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts that was exported from the accounts payable application into Excel. The risk is that the data did not transfer correctly, including such issues as larger numbers being truncated when exported or lines of information being dropped in the transfer.

Audit procedure to address the risk: After export from the application to excel, cross verify the total number of line items, quantities and total amounts. Through this, the auditor can find if any data is exported incorrectly.

Risk 5: The output from the IT application into the EUC tool or the output from the EUC tool is incomplete (data is missing) or inaccurate (data has been added, changed, computed or categorized incorrectly).

The auditor obtains from the accounts receivable clerk an aged customer list of unpaid amounts that was exported from the accounts payable application into Excel. The risk is that fictitious unpaid invoices are inserted into the spreadsheet or formulas intended to calculate a provision for old, unpaid amounts are incorrect.

Audit procedure to address the risk: The auditor can obtain balance confirmations from the parties and cross check the balances to find out if there are any fictitious payments. Provision calculations can be re-performed to identify any errors.

Information Produced by the Entity (IPE)

Example 4 – Examples of IPE from an IT process

Complete the following table, indicating whether the item is an example of IPE from an IT process and explain why or why not.

Item

IPE?

Why or why not?

An Excel log of actions by programmers who have access to production programs that comprise IT applications

Yes

This log of actions helps the auditor in identifying any changes made in the programs. It serves as an evidence to the fact that changes have or have not been made to the programs. It helps, identify the changes, and further, obtaining the details of reviews and approvals for those changes.

An email exchange evidencing approval for a program change

Yes

An email between the authorized personnel as per the Authority matrix serves as an evidence for approvals through mails.

A report of IT system settings of a particular financial reporting system

Yes

It serves as an evidence for all the system settings. For example, if there are an approval processes embedded in the system, this report serves as an evidence of implementation of Authority matrix in the system.

A listing of all program changes made during a given period of the year, from which the auditor plans to select a sample for testing

Yes

This log of actions helps the auditor in identifying any changes made in the programs. It serves as an evidence to the fact that changes have or have not been made to the programs. It helps, identify the changes, and further, obtaining the details of reviews and approvals for those changes.

Information Produced by the Entity

Example 5 – Audit risks associated with IPE from an IT process

Complete the following table, indicating which risk (by number and description) is associated with each processing error.

Processing error

Risk number

Risk description

The quarterly user access review is initiated by the business analyst, who generates a report from the IT application and exports it into Excel. The Excel spreadsheet then separates the listing into five different reports based on the user’s business unit (BU). In categorizing the user by BU, Excel excludes all new employees from the listing and, thus, those individuals are not subject to the review by the respective BU director.

Risk 5

The output from the IT application into the EUC tool or the output from the EUC tool is incomplete (data is missing) or inaccurate (data has been added, changed, computed or categorized incorrectly).

You have requested a system-generated listing of PeopleSoft users with a create date from 1/1/2XX2 through 6/30/2XX2. The company runs a report, but mistakenly inputs the end date as 6/1/2XX2.

Risk 1

The IT application is not processing data correctly (incomplete or inaccurate).

You have requested a system-generated listing of production directories and files for a UNIX server that supports an in-scope application. The client exports the results of the query to an Excel file. The client uses Excel 2003 and, because there is a limit of 65,000 rows, all remaining rows are dropped in the transfer process.

Risk 4

The output from the IT application into the EUC tool is modified or lost in the transfer to the tool (incomplete or inaccurate


Related Solutions

what are some audit strategies or procedures to address the risks of material misstatement regarding expenses...
what are some audit strategies or procedures to address the risks of material misstatement regarding expenses and overstated revenue
AU-C 500 Audit Evidence, in the AICPA auditing standards refers to information produced by the entity....
AU-C 500 Audit Evidence, in the AICPA auditing standards refers to information produced by the entity. What must the auditor do to evaluate whether information provided by the client is sufficiently reliable? Provides some specific steps the auditor should do with respect to information supplied by the client.
Discuss the risks, benefits, and audit issues related to IT outsourcing
Discuss the risks, benefits, and audit issues related to IT outsourcing
You are auditing and testing the audit-related objective of Completeness. Which of the following audit procedures...
You are auditing and testing the audit-related objective of Completeness. Which of the following audit procedures is most likely to achieve your objective: A.Inspection of supporting vendor invoices. B. Physical examination of assets from the fixed asset ledger. C.Inspection of vendor invoices for closely related accounts such as repairs and maintenance. D. Independent confirmation of current year additions.
Audit Risk Model- Example 1 You are assigned to conduct the audit procedures for the inventory...
Audit Risk Model- Example 1 You are assigned to conduct the audit procedures for the inventory account at Tech Toys, a public company in the technology industry that sells the latest technology for fitness watches. Inventory obsolescence and the product’s susceptibility to theft is a business risk that management has identified for its inventory.  As part of your procedures you have to evaluate the overall risk assessment for the inventory account using the audit risk model.  Your team has decided that the...
Audit Risk Model- Example 1 You are assigned to conduct the audit procedures for the inventory...
Audit Risk Model- Example 1 You are assigned to conduct the audit procedures for the inventory account at Tech Toys, a public company in the technology industry that sells the latest technology for fitness watches. Inventory obsolescence and the product’s susceptibility to theft is a business risk that management has identified for its inventory.  As part of your procedures you have to evaluate the overall risk assessment for the inventory account using the audit risk model.  Your team has decided that the...
PART III. (20 percent) – The following audit procedures are taken from an audit program. Example:...
PART III. (20 percent) – The following audit procedures are taken from an audit program. Example: Compare dates of receiving reports and vendors’ invoices with dates in the acquisitions journal. 1. Foot the outstanding checklist and deposits in transit. 2. Examine printouts of transactions rejected by the computer as having non-existent employee numbers. 3. Inquire about consignment or customer inventory included on client’s premises. 4. Compare pay rates with union contract, approval by board of directors, or other sources. 5....
QUESTION 4 An Engagement supervisor has asked the audit senior to perform the following procedures related...
QUESTION 4 An Engagement supervisor has asked the audit senior to perform the following procedures related to an engagement. For each procedure listed, identify the financial statement assertion being tested by selecting the appropriate option from the list provided. Each item is used only once.       -       A.       B.       C.       D.       E.       F.       G.       H.    Trace beginning balances for inventory to prior...
Performance of an analytical procedure requires use of information produced by the entity being audited (IPE).
Performance of an analytical procedure requires use of information produced by the entity being audited (IPE).Required: a. Whenever an auditor uses IPE in an audit procedure, the auditor must ensure that the information is reliable. According to auditing standards, when using IPE as audit evidence, what procedures should the auditor evaluate to determine whether the information is sufficient and appropriate for purposes of the audit? (You may select more than one answer. Single click the box with the question mark...
You are completing analytical procedures (ratios) for the audit of sales and accounts receivable. Identify 3...
You are completing analytical procedures (ratios) for the audit of sales and accounts receivable. Identify 3 ratios and their trend (increased/decreased) which may indicate that net sales and/or net accounts receivable may be overstated. Explain. Item Ratio Increased/decreased - Explain 1 2 3 What are the effects of overstating ending inventory on Cost of Sales, and Profit (understate/overstate)?  Explain. Effect on Cost of Sales Effect on Profit
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT