Was the engagement team's assessment of the evaluation of the design of the control appropriate (i.e., does the control identified by the team address the specific risk of material misstatement and associated assertion)?

Handout 1 ZOU Fencing Inc. Account Scoping and Risk Assessment Account Balance and Disclosure: Revenue Class of Transaction: Recording Sales Risk #1 Identification of risk of material misstatement All orders shipped are not recorded as revenue. Relevant assertion Completeness. Significant risk? Risk of material misstatement because of No. No. fraud? Control activity that addresses risk of material Control #1: Sales are automatically recorded and invoices are automatically generated upon the release of the order in the Warehouse K-Series System. Orders are not released until the goods have been confirmed for shipping misstatement in the system (which occurs when the goods are scanned as they are loaded in the shipping area). Does the control rely on information used in No. the control (or IUC)? If yes, list relevant information Will we obtain audit evidence of the accuracy N/A and completeness of information used in the control by testing controls? Is the control automated? Yes Relevant application system (if we are testing Warehouse K System, which is subject to IT controls performed by management and tested within the IT controls information used in the control through tests of workpaper. controls or the control is automated) On the basis of the following factors, we concluded that the control is appropriately designed to address the stated risk of material misstatement: 1. The control is the automation of the invoicing of goods shipped as the system will automatically record revenues when goods are shipped from the warehouse (revenue generating activity), thus resulting in no shipped goods going unrecorded in the system that appropriately addresses the related risk of material misstatement and assertion. Tests of controls: evaluation of design 2. Automated control prevents errors from occurring as opposed to identifying them once they have occurred (preventive control). 3. Control operates at the transaction level and, as such, is sufficiently precise to mitigate the risk. 4. Control is performed on a continual basis and thus addresses the risk directly and for the period under audit. 5. There are no historical issues with the operation of the control and the control has not been modified in the period under audit. Risk Associated with the Control Not Higher Interim Procedures (test as of 9/30): 1. As this is an automated control, we will perform a test of one and follow one transaction through the system to make sure the system is operating effectively. Tests of controls: planned operating 2. In addition, we will verify the understanding through testing of general IT controls; i.e., program change controls that there have been no changes to the control since the previous year. effectiveness testing Rollforward Procedures: 1. Make inquiries of the controller and the IT manger to determine if any events have occurred that might impact the design or operation of the control (e.g., changes, additional risks, operating deficiencies) after our interim tasting data If any significant channar arn noted ratact central