1.28.19 Flashcards
When expressing an unmodified opinion, the auditor who evaluates the audit findings should determine whether
Uncorrected misstatements are material.
The evaluation of misstatements extends to (1) those identified during the audit and (2) those uncorrected. To evaluate misstatements accumulated during the audit, the auditor may classify them as (1) factual, (2) judgmental, and (3) projected. No doubt exists about factual misstatements. Judgmental misstatements result from management’s (1) unreasonable accounting estimates or (2) application of inappropriate accounting policies. Projected misstatements are the auditor’s best estimates of the misstatements in populations based on audit samples. Accordingly, when determining whether uncorrected misstatements are material, individually or combined with other misstatements, the auditor considers (1) uncorrected misstatements that are specifically identified and (2) undetected misstatements.
An entity’s financial statements were misstated over a period of years because large amounts of revenue were recorded in journal entries that involved debits and credits to an illogical combination of accounts. The auditor could most likely have been alerted to this fraud by
Scanning the general journal for unusual entries.
The general journal is a book of original entry used for transactions not suitable for recording in the special journals (sales, purchases, cash receipts, cash disbursements). Entries involving unusual combinations of accounts are more likely to appear in the general journal than in one of the special journals, which are designed to record large numbers of similar items. For example, credit sales (debit accounts receivable, credit sales) are entered in the sales journal.
Which of the following procedures would yield the most reliable evidence?
A recalculation of bad debt expense.
Subject to exceptions, the presumption is that the independent auditor’s direct personal knowledge, obtained through physical examination, observation, computation, and inspection, is more reliable than information obtained indirectly.
When numerous property and equipment transactions occur during the year, an auditor who assesses the risks of material misstatement at a low level usually performs
Tests of controls and limited tests of current-year property and equipment transactions.
The auditor usually performs tests of controls and substantive procedures (the combined audit approach). The auditor must make decisions about the nature, timing, and extent of substantive procedures that are most responsive to the assessment of the RMMs. These decisions are affected by whether the auditor has tested controls. Thus, the extent of relevant substantive procedures may be reduced when control is found to be effective.
The primary audit objective regarding the purchasing of materials by the client is to
Determine the reliability of financial reporting by the purchasing function.
The auditor should obtain an understanding of internal control. The purpose of internal control is to address business risks that threaten the achievement of the following entity objectives: (1) reliability of financial reporting, (2) effectiveness and efficiency of operations, and (3) compliance with laws and regulations (AU-C 315).
An auditor most likely requires an understanding of IT in an attest engagement to
Determine the effect of IT on the audit.
IT skills may be required to (1) determine the effect of IT on the audit, (2) understand IT controls, and (3) design and perform tests of IT controls and substantive procedures.
Auditors may use positive or negative forms of confirmation requests. An auditor most likely will use
The negative form for small balances.
Negative confirmation requests may be used to reduce audit risk to an acceptably low level when (1) the assessed risk of material misstatement is low, (2) a large number of small homogeneous balances is involved, (3) a very low exception rate is expected, (4) the auditor has no reason to believe that the recipients of the requests are unlikely to consider them, and (5) the auditor has obtained sufficient appropriate evidence about the effectiveness of relevant controls (AU-C 505). A combination of the two forms is often used.
At the completion of an audit, which of the following entities has ownership of the audit working papers?
The CPA that performed the audit.
Audit documentation is the property of the auditor, that is, the CPA firm that performed the audit. This right is explicitly recognized in some state statutes and the AICPA’s Code of Professional Conduct (Acts Discreditable Rule). The Code states that a member is not required to provide such information (working papers) to the client. But state or federal law or a contract may impose other requirements.
When an auditor increases the assessment of the risks of material misstatement because certain controls were determined to be ineffective, the auditor will most likely increase the
Extent of test of details.
An auditor should obtain an understanding of internal control to assess the RMMs. The greater (lower) the assessment of the RMMs, the lower (greater) the acceptable detection risk for a given level of audit risk. In turn, the acceptable audit risk affects substantive testing. For example, as the acceptable audit risk decreases, the auditor changes the nature, timing, or extent of substantive procedures to increase the reliability and relevance of the evidence they provide.
When obtaining an understanding of an entity’s internal control, an auditor should concentrate on their substance rather than their form because
Management may establish appropriate controls but not enforce compliance with them.
The auditor must concentrate on the substance rather than the form of controls because management may establish appropriate controls but not apply them. Whether controls have been implemented at a moment in time differs from their operating effectiveness over a period of time. Thus, operating effectiveness concerns not merely whether the entity is using controls but also how the controls (manual or automated) are applied, the consistency of their application, and by whom they are applied.
In developing an audit plan, an auditor should
Risk assessment procedures.
The audit plan is based on the overall audit strategy. It describes (1) the nature and extent of risk assessment procedures; (2) the nature, timing, and extent of further audit procedures at the assertion level; and (3) other procedures required by GAAS. Risk assessment procedures are performed to obtain an understanding of the entity and its environment (including its internal control). Their purpose is to identify and assess the risks of material misstatement (whether due to fraud or error) at the financial statement and relevant assertion levels.
When counting cash on hand, the auditor must exercise control over all cash and other negotiable assets to prevent
Substitution.
Simultaneous verification of cash and cash equivalents, such as negotiable securities, is common practice to avoid the possibility of conversion of negotiable assets to cash to conceal a cash shortage. The auditor should control and verify all liquid assets at one time.
An auditor of a manufacturer would most likely question whether a client has complied with laws or regulations if the client has
Failed to file a tax return.
Some examples of information raising questions about possible noncompliance are unauthorized or improperly recorded transactions, a governmental investigation, violations reported by regulators, large payments for unspecified services to consultants, excessive commissions or fees, unusual cash payments, unexplained payments to government officials or employees, and failure to file tax returns or pay governmental duties or similar fees.
When an auditor is to conduct an audit of a service organization, what considerations should the auditor make in the planning stages regarding internal controls of the organization?
The auditor should determine whether management has adequately described complementary user controls.
The service auditor should obtain an understanding of the service organization’s system, including controls within the scope of the engagement. Understanding controls at the service organization requires evaluating management’s description of the service organization’s system, including complementary user entity controls (AT-C 320).
The AICPA has issued additional guidance on service auditor reports. The term System and Organization Controls (SOC) report is used in this guidance. The reports obtained by the user auditor in an audit are called SOC 1 reports (type 1 or type 2). Service auditors also may prepare SOC 2 and SOC 3 reports to provide assurance on more than internal controls over financial reporting (e.g., security, availability, processing integrity, confidentiality, or privacy). SOC 2 reports are to be used by those identified in the report, and SOC 3 reports may be used by any user.
The auditor’s inventory observation test counts are traced to the client’s inventory listing to test for which of the following financial statement assertions?
Completeness.
Tracing the details of test counts to the final inventory schedule assures the auditor that items in the observed physical inventory are included in the inventory records.