1.7.18 Flashcards
Disclosure of possible fraud to parties other than the client’s senior management and those charged with governance ordinarily is not part of an auditor’s responsibility. However, to which of the following outside parties may a duty to disclose possible fraud exist?
I. To the SEC when the client reports an auditor change
II. To a successor auditor when the successor makes appropriate inquiries
III. To a government funding agency from which the client receives financial assistance
I, II, & III.
A duty of disclosure to parties other than the client is imposed by a subpoena. It also may exist when the entity reports an auditor change to the SEC on Form 8-K. For example, the auditor may have withdrawn because the client failed to take appropriate remedial action, and the failure may be a “reportable event” or the source of a “disagreement.” These requirements also apply to reports on material noncompliance with laws and regulations that may be mandated by the Securities Exchange Act of 1934. Under AU-C 210, a predecessor auditor should respond promptly and fully, except in unusual circumstances, to inquiries by the auditor if the prospective client gives its specific permission. Under Government Auditing Standards, an auditor may have a duty to report fraud directly if it involves assistance received from a governmental agency. For example, when management has not taken remedial action, and the auditee does not report the fraud as soon as practicable to the entity that provided the assistance, the auditor must report the matter to that entity.
Which of the following is an inherent limitation of internal control?
Collusion.
Two or more people may collude, or management may override internal control.
Which of the following factors would most likely cause an auditor not to accept a new audit engagement?
Concluding that the entity’s management probably lacks integrity.
CPA firms should have policies and procedures to determine whether to accept or continue a client or to perform a specific engagement. The firm’s policies and procedures should provide reasonable assurance that it (1) has considered the integrity of the client and the risks involved, (2) is competent, (3) has the necessary capabilities and resources, and (4) is able to comply with applicable requirements (QC 10).
Manual controls would most likely be more suitable than automated controls for which of the following?
Large, unusual, or nonrecurring transactions.
Manual controls may be more suitable where judgment and discretion are required, such as (1) for large, unusual, or nonrecurring transactions; (2) for circumstances where misstatements are difficult to define, anticipate, or predict; (3) in changing circumstances that require a control response outside the scope of an existing automated control; and (4) in monitoring the effectiveness of automated controls.
As the acceptable level of detection risk decreases, an auditor may change the
Nature of substantive procedures from a less effective to a more effective procedure.
For a given audit risk, the acceptable detection risk is inversely related to the assessed risks of material misstatement. As the RMMs increase, the acceptable detection risk decreases, and the auditor requires more persuasive audit evidence. The auditor may (1) change the types of audit procedures and their combination, e.g., confirming the terms of a contract as well as inspecting it; (2) change the timing of substantive procedures, such as from an interim date to year end; or (3) change the extent of testing, such as by using a larger sample (AU-C 330 and AS 2301).
In which of the following circumstances would a covered member’s independence be impaired with respect to a nonissuer client?
The member owns municipal utility bonds issued by a client, and the bonds are not material to the member’s wealth.
Independence is impaired if a covered member has a direct financial interest in a client, e.g., ownership of equity, debt securities (such as bonds issued by an attest client), or other investments in a client. A direct financial interest impairs independence even if it is not material to the member’s wealth.
To obtain an understanding of a continuing client in planning an audit, an auditor most likely would
Read internal audit reports.
The auditor performs risk assessment procedures to obtain the understanding of the entity and its environment, including its internal control. These include, for example, reading (1) internal audit reports, (2) interim statements, (3) quarterly reports, and (4) minutes of board meetings.
It is important for the auditor to consider the competence of the audit client’s employees, because their competence bears directly and importantly upon the
Achievement of the objectives of internal control.
The control environment is the foundation of internal control. A commitment to competence is one of the factors in the control environment.
Which of the following represents an example of an inherent limitation of internal controls?
The CEO can override a control and request a check with no purchase order.
Inherent limitations may exist and should be considered by the auditor. Human judgment can be faulty, controls can be circumvented by collusion, and management may inappropriately override controls. Thus, the CEO’s requesting a check with no purchase order is possible because of an inherent limitation. It is an override of the internal control by management.
In performing interviews and examining documents related to preliminary work in a financial statement audit of a nonissuer, an auditor identifies a business risk associated with plans for a new product line. What should the auditor do as a result?
Analyze the newly identified risk in conjunction with other known business risks and consider whether there is an immediate consequence for the risk of material misstatement at various levels of the audit.
A business risk results from (1) significant factors that could adversely affect an entity’s ability to achieve its objectives and execute its strategies or (2) setting inappropriate objectives and strategies. The auditor should obtain an understanding of the entity’s objectives and strategies and the related business risks that may result in risks of material misstatement. For example, business risks may result from developing new products that may fail. The auditor considers the possible immediate consequence for the risk of material misstatement and whether the same risk has a longer term consequence given the entity’s circumstances.
An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts
Provide a visual depiction of clients’ activities.
Systems flowcharts provide a visual representation of a series of sequential processes, that is, of a flow of documents, data, and operations. In many instances, a flowchart is preferable to a questionnaire because a picture is usually more easily comprehended.
Which of the following is a false statement about the relationship of financial statement assertions and audit procedures?
The relationship between financial statement assertions and audit procedures should be one-to-one.
Some auditing procedures may relate to more than one assertion. But a combination of auditing procedures may be needed to test a single relevant assertion because audit evidence from different sources or of a different nature may be relevant to the same assertion. For example, when relating controls to assertions, the auditor may determine that multiple controls are needed to address a risk and the related assertion.
Able Co. uses an online sales order processing system to process its sales transactions. Able’s sales data are electronically sorted and subjected to edit checks. A direct output of the edit checks most likely would be a
File of all rejected sales transactions.
Edit checks test transactions prior to processing. Rejected transactions should be recorded in a file for evaluation, correction, and resubmission. Edit checks are applied to the sales transactions to test for completeness, reasonableness, validity, and other related issues prior to acceptance. A report of missing invoices, a printout of all user code numbers and passwords, and a list of all voided shipping documents are unlikely to be direct outputs of the edit routine.
Three conditions are generally present in the client’s organization when fraud occurs. Those conditions include each of the following except a(n)
Professional skepticism about the likelihood of fraud.
The auditor, not the client, should conduct the audit with professional skepticism. Professional skepticism is an “attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and critical assessment of audit evidence” (AU-C 200).
In an audit of financial statements in accordance with generally accepted auditing standards, an auditor should
Document the auditor’s understanding of the entity’s internal control.
The auditor should document (1) the understanding of the entity and its environment and the components of internal control, (2) the sources of information regarding the understanding, and (3) the risk assessment procedures performed. The form and extent of the documentation are influenced by the nature and complexity of the entity’s controls (AU-C 315).