ACT 441 EXAM 2 QUESTIONS AND VERIFIED
ANSWERS
What is the decision rule for supporting reliance on controls in attribute sampling? -
Answers - CUDR (Computed Upper Deviation Rate) ≤ TDR (Tolerable Deviation Rate).
What is the decision rule for determining if an account balance is not materially
misstated in MUS? - Answers - UML (Upper Misstatement Limit) ≤ Tolerable
Misstatement.
How does an increase in Control Risk (CR) affect the acceptable Detection Risk (DR)
and substantive testing? - Answers - If CR increases, acceptable DR decreases, which
leads to an increase in substantive testing.
What are the three components of the Audit Risk Model (AR)? - Answers - AR = IR
(Inherent Risk) × CR (Control Risk) × DR (Detection Risk).
What are the five components of COSO? - Answers - Control environment, Risk
assessment, Control activities, Information & communication, and Monitoring activities.
What are the three incompatible duties that should be segregated (CAR)? - Answers -
Custody, Authorization, and Recording.
What is the difference between design effectiveness and operating effectiveness? -
Answers - Design effectiveness evaluates if the control would work if used correctly;
operating effectiveness evaluates if the control actually works in practice.
What is the primary difference between a reliance strategy and a substantive strategy? -
Answers - A reliance strategy assesses CR below maximum and tests controls; a
substantive strategy assesses CR at maximum and relies on substantive procedures.
What is the difference between a SOC 1 Type 1 and Type 2 report? - Answers - Type 1
covers the suitability of the design of controls; Type 2 covers both the design and the
operating effectiveness of those controls.
What is a material weakness in ICFR? - Answers - A deficiency where there is a
reasonable possibility of a material misstatement; it results in an adverse ICFR opinion.
How is the sampling interval calculated in monetary-unit sampling? - Answers -
Sampling interval = Population ÷ Sample size.
How is the tainting factor calculated? - Answers - Tainting factor = Misstatement ÷ Book
value.
, How is projected misstatement calculated in MUS? - Answers - Projected misstatement
= Tainting factor × Sampling interval.
What is the difference between vouching and tracing? - Answers - Vouching goes from
the financial records back to source documents (testing existence); tracing goes from
source documents forward to the financial records (testing completeness).
What are the inherent limitations of internal control? - Answers - Management override,
bypassing controls, collusion, errors/mistakes, and limited personnel/weak segregation
of duties.
What is the purpose of a walkthrough in an audit? - Answers - To trace a transaction
from origination through the information system until it is reflected in the financial
reports.
What does SOX 302 require of the CEO and CFO? - Answers - To certify financial
statements, take responsibility for establishing/maintaining internal controls, and
disclose significant deficiencies or fraud to the auditor and audit committee.
What is the difference between a control deficiency and a significant deficiency? -
Answers - A control deficiency is a failure to prevent/detect misstatements timely; a
significant deficiency is less severe than a material weakness but important enough to
report to the audit committee.
What is the primary focus of a SOC 2 report? - Answers - Trust Services Criteria:
security, availability, processing integrity, confidentiality, and privacy.
What is the best exam habit for distinguishing between Chapter 8 and Chapter 9
questions? - Answers - Separate control-testing questions (Chapter 8) from balance-
testing questions (Chapter 9).
What is an example of a preventive control? - Answers - Requiring two people to open
the mail.
Are confirmation and analytical procedures considered primary tests of controls? -
Answers - No, they are not the test-of-controls procedures emphasized for evaluating
operating effectiveness.
What does CUDR equal in the context of attribute sampling? - Answers - CUDR = SDR
(Sample Deviation Rate) + Allowance for sampling risk.
What is the difference between floor-to-sheet and sheet-to-floor testing? - Answers -
Floor-to-sheet tests completeness (checking physical assets to records); sheet-to-floor
tests existence (checking records to physical assets).
ANSWERS
What is the decision rule for supporting reliance on controls in attribute sampling? -
Answers - CUDR (Computed Upper Deviation Rate) ≤ TDR (Tolerable Deviation Rate).
What is the decision rule for determining if an account balance is not materially
misstated in MUS? - Answers - UML (Upper Misstatement Limit) ≤ Tolerable
Misstatement.
How does an increase in Control Risk (CR) affect the acceptable Detection Risk (DR)
and substantive testing? - Answers - If CR increases, acceptable DR decreases, which
leads to an increase in substantive testing.
What are the three components of the Audit Risk Model (AR)? - Answers - AR = IR
(Inherent Risk) × CR (Control Risk) × DR (Detection Risk).
What are the five components of COSO? - Answers - Control environment, Risk
assessment, Control activities, Information & communication, and Monitoring activities.
What are the three incompatible duties that should be segregated (CAR)? - Answers -
Custody, Authorization, and Recording.
What is the difference between design effectiveness and operating effectiveness? -
Answers - Design effectiveness evaluates if the control would work if used correctly;
operating effectiveness evaluates if the control actually works in practice.
What is the primary difference between a reliance strategy and a substantive strategy? -
Answers - A reliance strategy assesses CR below maximum and tests controls; a
substantive strategy assesses CR at maximum and relies on substantive procedures.
What is the difference between a SOC 1 Type 1 and Type 2 report? - Answers - Type 1
covers the suitability of the design of controls; Type 2 covers both the design and the
operating effectiveness of those controls.
What is a material weakness in ICFR? - Answers - A deficiency where there is a
reasonable possibility of a material misstatement; it results in an adverse ICFR opinion.
How is the sampling interval calculated in monetary-unit sampling? - Answers -
Sampling interval = Population ÷ Sample size.
How is the tainting factor calculated? - Answers - Tainting factor = Misstatement ÷ Book
value.
, How is projected misstatement calculated in MUS? - Answers - Projected misstatement
= Tainting factor × Sampling interval.
What is the difference between vouching and tracing? - Answers - Vouching goes from
the financial records back to source documents (testing existence); tracing goes from
source documents forward to the financial records (testing completeness).
What are the inherent limitations of internal control? - Answers - Management override,
bypassing controls, collusion, errors/mistakes, and limited personnel/weak segregation
of duties.
What is the purpose of a walkthrough in an audit? - Answers - To trace a transaction
from origination through the information system until it is reflected in the financial
reports.
What does SOX 302 require of the CEO and CFO? - Answers - To certify financial
statements, take responsibility for establishing/maintaining internal controls, and
disclose significant deficiencies or fraud to the auditor and audit committee.
What is the difference between a control deficiency and a significant deficiency? -
Answers - A control deficiency is a failure to prevent/detect misstatements timely; a
significant deficiency is less severe than a material weakness but important enough to
report to the audit committee.
What is the primary focus of a SOC 2 report? - Answers - Trust Services Criteria:
security, availability, processing integrity, confidentiality, and privacy.
What is the best exam habit for distinguishing between Chapter 8 and Chapter 9
questions? - Answers - Separate control-testing questions (Chapter 8) from balance-
testing questions (Chapter 9).
What is an example of a preventive control? - Answers - Requiring two people to open
the mail.
Are confirmation and analytical procedures considered primary tests of controls? -
Answers - No, they are not the test-of-controls procedures emphasized for evaluating
operating effectiveness.
What does CUDR equal in the context of attribute sampling? - Answers - CUDR = SDR
(Sample Deviation Rate) + Allowance for sampling risk.
What is the difference between floor-to-sheet and sheet-to-floor testing? - Answers -
Floor-to-sheet tests completeness (checking physical assets to records); sheet-to-floor
tests existence (checking records to physical assets).
