A2 Flashcards
CPA started an FS Audit ..client requested CPA to change to a review because of scope limitation… CPA RVW should include?
Statement that review is substantially less in scope than an audit
MNGMT disregard of its responsibility to maintain an adequate IC environment… should auditor accept the new engagement?
NO!
IC environment is the foundation or all other components
What date defines the date after which existing documentation must not be deleted, and additions to the documentation file must be documented as such?
Document Completion date (not report release date).
Non-issuer changes from Audit to a review… should the report be modified?
NO, if acct agrees w/change acct should issue a rvw report without mentioning a change in engagement.
which of the following inquiries is required before accepting new audit engagement:
1) regarding MGMT integrity
2)matters that may affect the conduct of the audit
3)Understanding prospective client’s business and industry which it operates
1) regarding MGMT integrity
all the others will be AFTER engagement acceptance
Evaluating the adequacy of evidence gathered concerning unusual balances is an example of procedures used in Planning Analytics or Final Review Stage Analytics?
Final Review Stage Analytics
Enhancing the auditor’s understanding of clients business is an example of procedures used in Planning Analytics or Final Review Stage Analytics?
Planning Analytics
Proper segregation of duties reduces the opportunities of any individual to…
Record & conceal fraudulent transaction in the normal course of business
An entity’s control environment includes participation of…
TCWG, MNGMT philosophy, and the organizational structure
Do analytical procedures generally help an auditor to develop their preliminary judgement about materiality? YES/NO
NO
Analytical procedures performed during planning often use data aggregated at HL
In designing a written audit plan, an auditor should establish specific audit objectives related primarily to the:
Financial statement assertions
Audit engagement personnel requirements considered in planning:
1) engagement size & complexity
2) Personnel availability
3) Special expertise required
4) Timing of work performed
5) Continuity and periodic rotation
6) Opportunities for on-the-job-training.
Analytical procedures used in planning an audit should focus on….
Enhancing the auditor’s understanding of client’s business
Manual controls would most likely be suitable than automated controls for….
Large, unusual, or nonrecurring transactions.
Automated controls would be more suitable to…
1) High-volume transactions w/additional calcs
2) Require High degree of accuracy
3) Situations w/ routine errors.
FS Assertions
R&O- rights & obligations
V&A- valuation & allocation
P&C- presentation & classification
Quality Control Standards = 6 interrelated elements of quality control HELP ME =
Human resource
E engagement client acceptance/continuance
L leadership
P performance engagement
M monitoring
E ethical requirements
Auditors primary consideration in evaluation controls is whether specific controls
Affect FS Assertions
Example of strong control environment
MNGMT adheres to IC policies
This is evidence of a strong tone at the TOP
Public (PCAOB) deadline for completion of audit documentation
45 days after report release date
Private (SAS) deadline for completion of audit documentation
60 days after report release date
Best type of control that described procedures to ensure appropriate system software acquisition
General
Not application - no se refire a app aplications es individual transaction no me deje ir por APP mas bien general es proper operation del systema
Proper segregation of duties reduces the opportunities to allow persons to be in position to both
Perpetrate and conceal errors and Fraud.
Auditors usually communicate to MNGMT
Arrangements involving a predecessor auditor
Ordinary request of success or to predecessor document review
Contingencies & Internal Control
When companies use information technologies (IT) EXTENSIVELY
Auditor uses generalized audit software to extract evidence from client database
Inherent limitation to IC
Fact that the controls can be circumvented (find a way around)
by management override
what will the auditor consider in evaluating Control environment
MNGMT’s operating style
Auditor must assess the competency of both the
IC & specialist
Cost-benefit relationship is
a primary criterion that should be considered in designing IC
Analytical rvw of long term debt relates to what assertion
Completeness of recorded investment income
Before accepting an audit engagement, a successor auditor should make specific inquiries of the predecessor auditor regarding:
Disagreements the predecessor had with the client concerning auditing procedures and accounting principles &
predecessor’s understanding as to the reasons for the change in auditors.
PREGUNTAR AL PREDECESOR
pq CHANGE de auditor y que DISAGREEMENTS hubo
engagement letter most likely would include a statement regarding:
Management’s responsibility to provide certain written representations to the auditor.
engagement letter should include the identification of the…
applicable financial reporting framework to be used for the report.
CPA firm’s quality control system EXAMPLE for quality control policies and procedures?
policies and procedures for human resources (I.E. assigning personnel to engagements)
Nature and extent of a CPA firm’s quality control policies and procedures depend on:
> size
the degree of operating autonomy allowed its personnel and its practice offices
the nature of its practice
its organization
appropriate cost-benefit considerations.
IF quality ((EQR) control review is required…What should an audit engagement partner do?
Refrain from issuing the audit report until after the quality control review has been completed.
predecessor/successor communications BEFORE & AFTER because
Before: auditor to obtain information that may affect his or her decision (si algo sale successor can decline)
After: successor may wish to review the predecessor’s audit documentation
At a minimum, an understanding with a client should include:
The objectives and limitations of the engagement, as well as the responsibilities of management and of the auditor.
Quality control policies and procedures Should provide the CPA firm with reasonable assurance that:
The likelihood of associating with clients whose management lacks integrity is minimized.
An auditor’s engagement letter most likely would include:
Management’s acknowledgment of its responsibility for maintaining effective internal control.
Sufficient and appropriate documentation should include…
evidence that the audit working papers have been reviewed.
Working papers should include …
the procedures that are applied and the conclusions reached in an audit engagement.
What is the primary purpose of audit documentation?
To support the basis for the auditor’s report and to provide evidence that the audit was conducted in accordance with generally accepted auditing standards (GAAS).
risk assessment should consider…
the nature
size, and
complexity of the entity being audited.
PCAOB standards document completion date is ?
45 days from the report release date (@ least)
PCAOB Document retention consist of ____ years.
7 years
Non issuers (SAS Rules) Document retention consist of ____ years.
5 years
Actions taken after the documentation completion date include:
> Make any additions to audit documentation before the end of the specified retention period.
> Make any changes to audit documentation before the end of the specified retention period.
> Make any amendments to audit documentation before the end of the specified retention period.
BUT NEVER DELETIONS
Maximum number of days in which a NON-ISSUER auditor should complete the assembly of the final audit file following the report release date
60 DAYS after the report release date.
Example of NOT required documentation in an audit in accordance with generally accepted auditing standards
A narrative description of the internal control system.
BECAUSE: While the auditor should also document this understanding, there is NO requirement as to the SPECIFIC TYPE of documentation to be used.
Audit documentation requirements say that….
The auditor should document findings that could result in a modification of the auditor’s report.
Audit documentation should:
Show that the accounting records agree or reconcile with the financial statements
If management refuses to make the revision to the revenue included in management’s report on operations, the auditor….
the auditor may withdraw from the engagement.
At a minimum, an understanding with a client should include:
The objectives and limitations of the engagement, as well as the responsibilities of management and of the auditor.
OJO: The understanding (STAGE) typically does not include specific audit procedures.
not a required part of the understanding between the client and the auditor?
Management may choose not to correct internal control deficiencies due to cost-benefit considerations, and this is not part of the understanding between the auditor and the client.
True FACT regarding internal control objectives of information systems is…
A secure system may have inherent risks due to management’s analysis of trade-offs identified by cost-benefit studies.
In other words, one of the limitations of even a well-designed internal control system is management’s ability to override those controls. One reason management may override them is that the benefit of doing so exceeds the cost, which represents an inherent risk of even the strongest systems.
Illustration or the information and communication principles
Management is using the exception report (information) to support the control of monitoring overtime costs Variance analysis specifically supports internal control, not simply internal communications generally.
Which is an example of OBTAIN & USE INFO.
(COSO) The monitoring component involves
ongoing and/or separate evaluations, which can consist of oversight, reviews, or inspections.
COSO Control activities
selecting and developing control activities and technology controls and then the deployment of policies and procedures.
COSO Information and communication
Includes obtaining, using, and communicating information within an organization and with external parties.
COSO Risk assessment
Includes specifying objectives and identifying and analyzing risks, including potential fraud risks.
COSO Monitoring activities
involves ongoing and/or separate evaluations, which can consist of oversight, reviews, or inspections.
Auditor most likely consider in evaluating the control environment of an audit client BY …
looking AT Management’s operating style.
The management’s philosophy and operating style include the management’s approach to taking and managing business risks, attitudes and actions toward financial reporting, and attitudes toward information processing and accounting functions and personnel.
Which of the following components of internal control would be considered the foundation for the other components?
Control environment sets the overall tone of the organization and is considered the foundation for the other components of internal control.
Which of the following components (elements) of an entity’s system of internal control includes the development of personnel manuals documenting employee promotion and training policies?
The control environment element of an entity’s system of internal control relates to the tone of the organization, which includes human resource policies and practices.
An entity’s risk assessment differs from an auditor’s assessment of audit risk.
The entity is concerned with managing risks that affect entity objectives (financial reporting, operations, and compliance) whereas the auditor is concerned with the risk that material misstatements could occur in the financial statements.
Risk assessment component of internal control?
An auditor evaluates an entity’s risk assessment to understand how management addresses risks relevant to financial reporting.
COSO : What is MONITORING
Monitoring is the process of assessing the quality of internal control performance over time and taking necessary corrective actions.
As such, Eliminating a control that is not operating effectively would not be an appropriate corrective action.
What is a management control that most likely could improve management’s ability to supervise company activities effectively?
The use of budgets and forecasts to identify variances improves managers’ ability to supervise company activities. Variances from budgets serve as signals to managers that a potential problem exists.
Proper segregation of duties reduces the opportunities to allow any employee to be in a position to both:
to both perpetrate and conceal errors or fraud.
I.E.-record and conceal fraudulent transactions in the normal course of assigned tasks.
COSO: Monitoring component of internal control include:
> Assessing the quality of control performance over time.
Improving controls that are not operating effectively.
Assessing information derived from external parties (such as customer complaints and regulator comments) may be useful in identifying problems with the internal control structure..
COSO: Control Environment is:
Control environment component of the Internal Control framework represents the processes, structures, and standards that provide the foundation for the establishment of an entity’s internal control system. Baseline expectations for employee performance are included in the accountability principle within the control environment.
Quality control system is a
control environment element of an entity’s system of internal control relates to ….
he tone of the organization, which includes human resource policies and practices.
MNGMT OVERSHIGHT =
Monitoring Activity
COSO: Control environment INCLUDES:
human resource policies and practices.
An auditor would most likely be concerned with controls that provide reasonable assurance about the:
Entity’s ability to process and summarize financial data.
As part of the information and communication component of the Integrated Framework, a company must:
Ensure that external auditors are aware of significant internal control issues.
OJO: Communicate internal control deficiencies is a monitoring component (no me deje llevar pq dice communicate CD’s)
An auditor’s engagement letter most likely would include a statement regarding:
The inherent limitations of an audit.
OJO: The assessment of risk of material misstatement is not included in the engagement letter. RMM is part of the planning process that occurs after engagement acceptance.
during PLANNING PHASE…
the auditors would obtain knowledge of the client’s business and industry, perform risk assessment procedures, develop an audit strategy, and develop an audit plan
In developing an overall audit strategy, an auditor should consider:
Preliminary evaluations of materiality, audit risk (NOT RMM), and controls.
ALSO scope of the audit & outline reporting objectives.
dissenting auditor does not agree with the conclusion reached by the remaining audit team members on a key client accounting issue. he/she should:
> consult with the engagement partner
disassociate from the resolution.
document their dissociation from the final accounting issue resolution.
NEVER-> accept the audit engagement team’s conclusion despite continued reservation on this accounting issue after an oral discussion with the audit supervisor
As part of obtaining an understanding of the client’s operations and business
An auditor would review the client’s accounting policies and procedures
During the planning stage of an audit, the auditor should …
make a preliminary assessment of materiality.
Audit strategy outlines
The scope of the engagement, objectives, timing of the audit, required communications, and other factors that determine the focus of the audit.
An auditor plans to apply substantive tests to the details of asset and liability accounts as of an interim date rather than as of the balance sheet date. The auditor should be aware that this practice:
Potentially increases the risk that errors that exist at the balance sheet date will not be detected.
Which type of audit procedures would an auditor use to test a client’s financial statement assertions at the account, transaction, or disclosure level?
Substantive procedures and test of controls.
Initial audit plan
may need to be modified due to a response to changing conditions or the results of audit procedures already performed.
COSO Cube
The COSO Cube links all five components with all three objectives categories and all levels of the organizational structure; everything is interrelated, which is illustrated by the cube itself.
TYPES of
financial statement assertion include:
- Completeness
- Cutoff
- Valuation, allocation, and accuracy
- Existence and occurrence
- Rights and obligations
- Understandability of presentation and classification
Independent auditor share with IA…
independent auditors may not share any responsibility involving judgments, including the assessment of inherent and control risk.
The work of internal auditors may affect the independent auditor’s:
I. Procedures performed in obtaining an understanding of the system of internal control.
II. Procedures performed in assessing the risk of material misstatement.
III. Substantive procedures performed in gathering direct evidence.
GAAS defines a specialist as a …
person or firm with special skills in a field other than accounting or auditing (e.g., actuaries, appraisers, attorneys, or engineers).
OJO: CPA internal specialist in TAX does not count as specialist.
Example of Management specialist
The actuary would be considered a management specialist as he or she does not provide audit or accounting work but is a specialist employed by the company to assist in technical matters related to the preparation of the financial statements.
auditor’s use of the work of a specialist considerations
The work of a specialist who is related to the client may be acceptable under certain circumstances.
If the specialist is related to the client, the auditor should consider performing additional procedures with respect to the specialist’s assumptions, methods, or findings to determine that the findings are not unreasonable, or should engage another specialist for that purpose.
IN OTHER WORDS: Should assess the risk that the actuary’s objectivity might be impaired.
If an auditor decides to mention the auditor’s external specialist in the report …
The report must indicate that the reference to the auditor’s specialist does not reduce the auditor’s responsibility for the audit opinion.
When an audit specialist is used for a client audit and the auditor provides an unmodified opinion in the audit report, …`
then no reference to the work of the specialist should be made in the report.
An auditor is(required OR not required) to recalculate the balances calculated by a management’s specialist?
not required
If information is prepared using the work of a management’s specialist, the auditor should evaluate:.
the competence, capabilities, and objectivity of the specialist. Therefore, the auditor would first evaluate the nature and level of expertise of the actuary
MATERIALITY is
> materiality levels are generally considered in terms of the SMALLEST level of misstatement that could be material to any one of the financial statements.
> Both quantitative and qualitative factors are considered.
> The auditor uses his or her professional judgment when assessing materiality
Materiality is NOT
materiality for the financial statements as a whole in terms of the LARGERS aggregate level of misstatements that could be material to any one of the financial statements.
OJO = MATERIALITY IS TH SMALLES -OJO
Rx Materiality for high likelihood of Uncorrected/undetected misstatements- High risk always go for:
lower range of materiality is used when there is a high likelihood of uncorrected and undetected misstatements,
Reevaluation of Materiality (issuer )
If new information becomes available that could require a reevaluation of the quantitative level of materiality applied during an audit of an issuer, then the auditor should raise or lower the materiality level as appropriate to the situation.
Component materiality
Should be lower than the materiality for the group financial statements.
This will reduce the risk that the aggregate of undetected misstatements in the group financial statements
Inherent risk and control risk differ from detection risk in the sense that:
they exist independently of the audit of financial statements, whereas detection risk is related to the auditor’s procedures and can be changed at the auditor’s sole discretion.
What is the relation between RMM & Detection Risk?
Detection risk is inversely related to the risk of material misstatement. Therefore, an increase in the risk of material misstatement would cause a decrease in allowable detection risk.
EXAMPLE of Judgmental misstatement is =
Differences between management and the auditor’s judgment regarding estimates is an example of a type of judgmental misstatement.
JUDGEMENTAL error is NOT
resulted from a CLERICAL error /processing the data
In assessing the risk related to material misstatements in an entity’s financial statements, the auditor would consider the following situations:
situations that threaten financial stability or profitability,
since such situations might provide an incentive to fraudulently misstate the financial statements.
Inherent risk is …
the susceptibility that an error or omission will occur in a financial statement due to a factor other than a failure of control.
(I.E. Technological developments that may render inventory obsolete.)
As the acceptable level of detection risk decreases, the assurance provided from substantive tests should increase. Consequently, the auditor should do one or more of the following:
1) change the nature of substantive tests from a less effective to a more effective procedure,
2) change the timing of the substantive tests, such as performing them at year-end rather than at an interim date, or
3) change the extent of substantive tests, such as using a larger sample size.
REDUCTION in Control Risk =
A lower substantive testing sample size
RMM includes both Inherent Risk & Control Risk.
If both are high that means RMM is high and auditor needs to?
minimize detection risk by performing more reliable auditing procedures, such as confirmation of the terms of large complex sale.
Detection risk increases when
Auditor performs substantive analytical audit procedures for financial statement accounts at an interim date.
(RMM (inherent & control risk) baja = Detection suba = samples @ interim (no tanto riesgo)
Substantive Procedures are=
always necessary for all relevant assertions related to significant transaction classes.
Control risk is…?
The risk that a material misstatement that could occur in an assertion within MD&A will not be prevented or detected on a timely basis.
According to COSO, management oversight is an example of ?
MONITORING ACTIVITY
Detection risk differs from both control risk and inherent risk in that detection risk
an be changed at the auditor’s discretion,
whereas control risk and inherent risk exist independently of the financial statement audit, and cannot be changed by the auditor.
In assessing the objectivity of internal auditors, the independent CPA who is auditing the entity’s financial statements considers
> Information obtained from previous experience,
from discussions with management,
from external quality reviews (if performed),
and from professional internal auditing standards (such as those developed by The Institute of Internal Auditors).
To detect material misstatements, the auditor should?
Use substantive procedures
Substantive procedures include test of details and analytical procedures.
FRAUDULET IDICATIVE
Management is interested in maintaining the entity’s earnings trend by using aggressive accounting practices
The risk that an auditor of a nonissuer will fail to detect a material misstatement in the financial statements is usually greatest in which of the following situations?
Management fraud
(goes back to MNGMT Override )
RED FLAG OF FRAUD:
Missing or unavailable documents or electronic evidence may be indicative of an intentional material misstatement in the entity’s financial statements (fraud).
i.e.=Supporting accounting records and files that should be readily available are not produced promptly when requested.
missing audit documentation(client misplaced) auditor should:
approach lost documentation with a heightened risk that fraud may have occurred (e.g., the client intentionally destroyed the documentation).
PRIMARY Responsibility of an audit is not a Supervisor responsibility it is a…
The engagement partner (not the audit supervisor) has the primary responsibility for the client audit.
Which of the following controls is least likely to be relevant to a financial statement audit?
Procedures that prevent the excess use of materials in production.
OJO: acordarme que production no tiene tanta relevancia con FS
