Page 168 - CITP Review
P. 168

7.
                a.  Correct. A key factor in assessing deficiencies is to aggregate them. Any single
                    deficiency may (or may not) represent a significant impact on assurance of certain audit
                    objectives; however, if several control deficiencies of small risk are found, they should be
                    evaluated in the aggregate to determine whether they represent a significant deficiency
                    or a material weakness.

                b.  Incorrect. The auditor must evaluate the impact of all the deficiencies in the aggregate,
                    even if there is only a single control deficiency.
                c.  Incorrect. Although the auditor cannot assume controls are reliable because the
                    deficiencies noted were small, neither should they go to the opposite extreme and
                    assume the opinion must be qualified. The aggregate impact of the deficiencies on the
                    financial statements must be evaluated.

                d.  Incorrect. The auditor’s professional judgment must be exercised to determine the effect
                    of the deficiencies on the audit planning and the procedures employed to opine on the
                    financial statements taken as a whole.


            8.
                a.  Incorrect. Quality is an important factor in information assurance.
                b.  Correct. Relatability is not a factor in information assurance.
                c.  Incorrect. Timeliness is an important factor in information assurance.

                d.  Incorrect. Auditability is an important factor in information assurance.

            9.
                a.  Incorrect. Authorization says the person is authorized to access something. The seal is
                    about who the person is, not who is authorized to open the seal.
                b.  Correct. Authentication is a control that says the person is who they say they are. This
                    unique ring constitutes a control that identifies the sealed communication as coming
                    from the person it portends to be, that is, the royal person identified by the unique ring.
                c.  Incorrect. See the first two answer choices. It cannot be both.

                d.  Incorrect. Control data groups are controls involving independent persons who are
                    responsible for control over output such as printed checks. There is no independent
                    person responsible for the communication in this analogy.



















            © 2019 Association of International Certified Professional Accountants. All rights reserved.    Solutions 10
   163   164   165   166   167   168   169   170   171   172   173