8-16 (Analytical procedures) In audit planning the audit of Circuits Technology, Inc. (CTI). CTI resells,
installs, and provides computer networking products (client software, gateway hardware and software,
and twinax hardware) to other businesses. Figure 8-14 provides some summary information from CTI’s
a. Calculate purchases, gross margin, inventory turn days, accounts receivable turn days, and accounts
payable turn days for the years ended 20x2, 20x3, 20x4, and 20x5.
b. Describe the trends identified by performing analytical procedures in the gross operating cycle, the
net operating cycle, and gross margin.
c. If tolerable misstatement is $45,000 for inventory, develop an expectation range for inventory turn
d. With respect to inventory, what might these trends indicate about the potential misstatement in
10-32 (Components of internal control) Internal controls can be categorized using the following framework.
1. Control environment
2. Risk assessment
3. Information and communication
4. Control activities
4.2. Segregation of duties
4.3. Information processing controls
4.3.1. Computer general controls
4.3.2. Computer application controls
4.3.3. Controls over the financial reporting process
4.4. Physical controls
4.5. Performance reviews
4.6. Controls over management discretion in financial reporting
6. Antifraud programs and controls
Following is a list of controls prescribed by Waterfront, Inc.
a. Management has established a code of conduct that includes rules regarding conflicts of interest for purchasing
b. Waterfront has established a disclosure committee to review the selection of new accounting policies.
c. Any computer program revision must be approved by user departments after testing the entire program with test
d. The managers of each of Waterfront’s manufacturing departments must review all expenditures charged to their
responsibility center weekly.
e. The CEO, CFO, and controller review the financial consequences of business risks annually to ensure that controls
are in place to address significant business risks.
f. Human resources focuses on ensuring that accounting personnel have adequate qualifications for work performed
in billing and accounts receivable.
g. Security software limits access to programs and data files, and keeps a log of programs and files that have been
accessed, which is then reviewed by the security manager daily.
h. A computer program prints a daily report of all shipments that have not yet been billed to customers.
I. The controller reviews sales and collections bimonthly.
j. The computer compares the information on the sales invoice with underlying shipping information.
k. Customer billing complaints are directed to internal audit for followup and resolution.
l. The documentary transaction trail for all credit sales is documented in company policy manuals.
m. A committee of the board of directors evaluates and monitors business risks.
n. Access to spreadsheets used in the financial reporting process is limited and spreadsheets are tested with test
data on a quarterly basis.
a. Indicate the category of internal control applicable to each procedure using the framework above.
b. Identify an assertion to which each procedure pertains (some procedures may have a pervasive impact on multiple
11-21 (Assessing control risk) An auditor is required to obtain a sufficient understanding of each of the components
of an entity’s system of internal control to plan the audit of the entity’s financial statements and to assess control risk
for the assertions embodied in the account balance, transaction class, and disclosure components of the financial
a. Explain the reasons an auditor may assess control risk at the maximum level for one or more assertions embodied
in an account balance.
b. What must an auditor do to support assessing control risk at less than the maximum level when the auditor has
determined that controls have been placed in operation?
c. What should an auditor consider when seeking a further reduction in the planned assessed level of control risk?
d. What are an auditor’s documentation requirements concerning an entity’s system of internal control and the
assessed level of control risk?