9.2 Flashcards
In obtaining an understanding of an issuer’s internal control, an auditor does all the following except
Send confirmations to customers.
Confirmations to customers are substantive procedures used to test the existence assertion. They are not useful in obtaining an understanding of controls.
An auditor is conducting an integrated audit of internal control with the audit of a nonissuer’s financial statements. In applying the top-down approach, the auditor first
Focuses on entity-level controls and then significant classes of transactions, account balances, and disclosures.
The top-down approach to evaluating internal control begins at the financial statement level by understanding overall risks, focusing on entity-level controls, and then working down to significant classes of transactions, account balances, and disclosures. Examples of entity-level controls are controls (1) related to the control environment, (2) over management override, (3) to monitor results of operations, (4) over the period-end financial reporting process, and (5) to monitor other controls.
The activities of the user entity and the service organization have a high degree of interaction. The user auditor
Need not test the service organization’s internal control if the user entity has effective controls related to service organization processing.
The significance of controls at the service organization depends on the degree of interaction between its activities and those of the user entity. The degree of interaction is the extent to which the user entity can, and chooses to, implement effective controls over service organization processing. In these circumstances, the user auditor may be able to obtain an understanding from the user entity of the service organization’s services that suffices to assess the RMMs. Accordingly, the user auditor need not obtain a type 1 or type 2 report.
Which of the following statements is true about an auditor’s communication with those charged with governance?
This communication should include management changes in the application of significant accounting policies.
The auditor should communicate to those charged with governance, among other things, management’s selection of and changes in significant accounting policies or their application. The auditor also should determine that those charged with governance are informed about the methods used to account for significant unusual transactions and the effects of significant accounting policies in controversial or emerging areas (AU-C 260).
During the planning phase of an audit, an auditor is identifying matters for communication to those charged with governance. The auditor most likely would ask management whether
There were changes in the application of significant accounting policies.
The auditor should determine that those charged with governance are informed about the initial selection of and changes in significant accounting policies or their application. Moreover, the auditor should discuss the quality of the auditee’s accounting principles as applied in its financial reports (AU-C 260).
In the audit, the auditor reports on the effectiveness of an entity’s internal control over financial reporting. Which of the following is not a condition of that engagement?
Management provides assurance that limitations inherent to internal control have been eliminated.
By their nature, limitations inherent to internal control cannot be eliminated. Thus, management is not expected to provide such assurance.
A secondary result of the auditor’s understanding of internal control for a nonissuer is that the understanding may
Bring to the auditor’s attention possible control conditions required to be communicated to the client.
The auditor is not required to search for significant deficiencies or material weaknesses in internal control. However, the auditor may identify these conditions during the audit. Significant deficiencies and material weaknesses should be communicated in writing to management and to those charged with governance (AU-C 265).
Management of an issuer subject to SEC requirements requests the auditor to report on whether a previously reported material weakness in internal control continues to exist. The request comes 3 months after the annual audited financial statements and report on internal control were released.
The auditor may accept the engagement if management provides a statement that the identified material weakness no longer exists.
PCAOB AS 6115 applies to engagements solely to report on whether a previously reported material weakness continues to exist. Such an engagement is voluntary and may be performed as of any reasonable date selected by management. To perform such an engagement, the auditor should receive a written report from management that the identified material weakness no longer exists as of the date specified. The auditor then applies appropriate procedures to assess whether remediation has been accomplished.
Which of the following matters is an auditor required to communicate to those charged with governance?
Adjustments that were suggested by the auditor and recorded by management that have a significant effect on the entity’s financial reporting process.
Certain matters should be communicated to those charged with governance (e.g., the audit committee) if all such individuals are not involved in management. These matters include material, corrected misstatements that were brought to the attention of management as a result of audit procedures (AU-C 260).
The Sarbanes-Oxley Act of 2002 (SOX) requires management of issuers to do all of the following except
Provide a statement that the board approves changes in internal control procedures.
SOX imposes many requirements on management, boards of directors, and auditors. Section 404 applies to internal controls and reports on them. Section 404 requires management to establish and document internal control procedures and to include in their annual reports a report on the entity’s internal control over financial reporting. The report is to include (1) a statement of management’s responsibility for internal control, (2) management’s assessment of the effectiveness of internal control as of the end of the most recent fiscal year, and (3) identification of the framework used to evaluate the effectiveness of internal control (such as the COSO report). Because of this requirement, PCAOB AS 2201 states that audit opinions are to be expressed on the effectiveness of those controls and on the financial statements. Section 301 addresses activities of the board but does not require the board to approve changes in controls.
Which of the following circumstances would be inappropriate for the auditor to communicate to those charged with governance?
No significant deficiencies in internal control exist that would affect the financial statements.
An auditor may issue a written communication stating that no material weaknesses were identified if the auditor complies with the applicable requirements for such communications. But a written communication stating that no significant deficiencies were identified is prohibited. It might be misunderstood or misused (AU-C 265).
An auditor is auditing a mutual fund company that uses a transfer agent to handle accounting for shareholders. Which of the following actions by the auditor would be most efficient for obtaining information about the transfer agent’s internal controls?
Review reports on the suitability of design and operating effectiveness of controls produced by the agent’s own auditor.
The mutual fund auditor can use the service auditor’s report to gain an understanding of the controls and to assess the risk of material misstatement at the transfer agent.
Which of the following is a true statement concerning an engagement to examine the effectiveness of an entity’s internal control over financial reporting?
The management evaluates the effectiveness of internal control.
As part of engagement performance for both AU-C 940 and AS 2201, the auditor should obtain from management a written assessment about internal control effectiveness.
In communicating with those charged with governance, the auditor must decide whether to communicate with the audit committee or the client’s entire board of directors. Which of the following considerations will be least relevant to this decision?
Management’s preference.
Before communicating with a subgroup (e.g., an audit committee) of those charged with governance, the auditor may consider such matters as (1) the responsibilities of the subgroup and the governing body, (2) the nature of the matter, (3) legal or regulatory requirements, (4) whether the subgroup can (a) act on the information and (b) provide further information and explanations the auditor may need, and (5) whether the auditor is aware of potential conflicts of interest between the subgroup and other members of the governing body. However, management’s preference is irrelevant. The auditor’s professional judgment, authoritative guidance, and legal requirements determine the matters communicated.
In an audit engagement, should an auditor communicate the following matters to those charged with governance?
Auditor’s judgement’s about the quality of the client’s accounting principles:
Issues discussed with management prior to the Auditor’s retention:
Yes
Yes
The matters to be discussed with those charged with governance include the quality of the accounting principles used by management. Management is normally a participant in the discussion. Matters covered may include the auditor’s views on the entity’s significant accounting practices, e.g., policies, estimates, and disclosures. Furthermore, in any audit engagement, the auditor and those charged with governance should discuss any major issues discussed with management in connection with the initial or recurring retention of the auditors, for example, issues concerning the application of accounting principles and auditing standards.
