A2 Audit Flashcards
M1- Quality Control
AICPA Code of professional Conduct requires firms providing auditing, attestation, and accounting and review services to adopt a system of quality of control. Statement on Quality Control Standards (SQCS) are issued by the Auditing Standards Board to provide guidance with respect to quality control. There six interrelated elements of QC called HELPME 1. Human Resources: the firm should establish and policy and procedure (p&p) designed to provide it with reasonable assurance that it has sufficient; -competent personnel how do you know that you have competent staff ; annual performance reviews -personnel with the capabilities to do the work -commitment to ethical principles The firm must have personnel with these qualification to perform engagements in accordance to profession standards GAAS or PCAOB and applicable legal and regulatory requirements. As well as issuing reports that are appropriate for the circumstances ( what is the opinion) In addition all person must undergo background checks, all professional will participate in goal setting&annual evaluation by the manager. will be evaluate on goals agreed upon and demonstrate the skills,behavior and adherence to the firms values. 2. Engagement/client acceptance and continuance: the firm should establish p&p for the acceptance of continuance of client relationships and specific engagement designed to provide the firm with REASONABLE ASSURANCE THAT: -undertake or continue relationship with clients only when firm is competent to perform the work and capable and as the resources to perform the engagement. -can comply wit legal and ethical requirements -has considered the integrity of the client and believes the client does not lack integrity. Do an evaluation of client and business with background check, newspaper articles, industry information, networking,credit check, continual assessment of client annually and risk assessment. Make sure that our firm gets the okay from upper management before moving forward with the relationship. then find how much work you can and can not do. 3. Leadership responsibility: establish p&p designed to promote an internal culture based on recognition that quality is essential in performing engagements. The CEO, managing partners or equivalent will assume the ultimate responsibility to create p&p for the firms systems of QC and communicate via webcast , memo, adverting, email blast. will hire a Chief compliance officer (CCO) who is responsible for the entire audit practice and QC system. CCO will be supported by a manager of audit quality, who is responsible for developing, communicating, and supporting QC system, updating the Audit QC handbook via showing documentation and disseminate infor via web training or email 4. Performance of the engagement: establish p&p designed to provide the firm with REASONABLE ASSURANCE that firm can perform the engagement in accordance with profession standards via GAAS or PCAOB and applicable legal and regulatory requirements and issue reports that are appropriate in the circumstances via unmodified, qualified, adverse, disclaimer opinions Firm personnel must understand AICPA and firm rules on confidential client information and workpaper on an annually base if personnel is involved in audit and are unable to resolve and issue, they must know to involve or elevate via chain command to CCO or CEO, Chairman or managing partner. 5. Monitoring: firm should establish a monitoring process designed to provide it with reasonable assurance that the p&p relating to the system of QC are relevant, adequate and operating effectively. This will be done through : peer review, internal review, where you can select 5% of engagements for internal review and see if it is in compliance with P&P and other standard. When there are findings, firm will provide the proper training, guidance for the audit improvement 6. Ethical requirements: firm establish p&p designed to provide reasonable assurance that the firm and its personnel comply with relevant ethical requirement for independence All personnel will complete forms related to independence via disclosing all potential conflict of interest, personal investments, loans, immediate family members employment.
Elements of QC
- Personnel will receive an annual evaluation = Human resources 2. At least annual, all firm personnel (that are subject to independence requirements) will confirm independents in writing= Ethical requirements 3. A peer review or internal review will be conducted at least once every three years= monitoring 4. All new hire must undergo a background check= human resources 5. Audit partner will review the financial statements and credit rating of new client= engagement/client acceptance and continuance. 6. Engagement documents will be filed with doc control and doc control will release doc to approved personnel due to confidentiality of information= performance of engagement. 7. Chair, CEO or managing partner leads will create a video on importance of QC.= leadership responsibility
M1: MCQs: what is not true about the relationship between QC standard and GAAS professional standards
A firm failure to establish or comply with QC standards implies that the firm also failed to follow GAAS professional standards not true even though you fail to follow qc you can still have follow GAAs standards. However, you must have qc to be in compliance with GAAS.
Does the nature and extent to which a firm QC p&p depend on : size, nature of practice and cost-benefit consideration
yes; due operations and autonomy ( lee way) given to personnel and its nature of what is practice specialize in and how the cost benefit would be to do QC.
Is assigning personnel to engagement and/or complying with laws and engagement in the consideration with establishing qc
QC is established through HELPME The H is human resources; one the the area is assigning qualified and vetted personnel to engagements. Where as complying with law and reg is not a qc. it falls under Code of Professional Conduct, Do not get confused with the E engagment where you perform engagement under laws and regulations.
M2 Documentation
Document ; supports auditors opinion and not clients f/s. Documention = working papers or workpapers (wp) Exam trick: wp belong to auditors. auditors may not disclose wp without -clients permission - court order. -investigation by state board - by cpa firm attorney if client is suing cpa firm wp shows; evidence on the basis on auditors report and conclusion on achievement of overall objective and evidence that an audit was conducted in accordance to GAAS and applicable legal and regulatory requirements
Audit requirements:
overall requirement on wp: indicates accounting records = f/s audit documentation should: -plan, conduct and supervise the audit -reconcile with f/s to be in compliance with standards -accumulated evidence showing procedures performed , evidence examine and conclusion reached - use in qc review and inspections for internal and peer reviews - be a record of matter of continuing significance to future audits of same entity -assist with predessor audit documentation -used with experience auditor who was not involved to review and understand audit performed with 1. nature, extent and timely of audit 2. results of procedures performed 3. significant findings or issues arising during the audit 4. conclusion reached 5. show who performed the work and date completed 6 show who 1st reviewed the work and date of reviewed 7. abstract or copies of significant contracts or agreements. 8. documented findings 9. did auditor address any inconsistent information 10. justification of departures 11. performance and review of additional audit procedures or new conclusions after the date of the auditor reports.
Retention and completion of wp
Reporting release date on which the auditor grants client permission to use report. Document (wp) retention: SAS non issuer must retain wp 5 yrs and documention completion of audit 60 days to maker changes PCAOB: retain 7yrs due to criminal procedures and 45 documents can be revised after an adult report Nature and extent of audit documentation; the objective of detailed substantive testing is to detect material misstatements.specify quantity, type and content of audit doc. are based on auditors judgement in determining nature and extent of documentation for a specific area. the auditor should consider: - size and complexity of co. -nature of specific audit procedures -risk of material misstatement -significance of evidence -nature and extent of any exceptions id. -need to document conclusion may not be obvious -extent to which judgement was required performing work and evaluating results
Special Con contents of Wp
Permanent files; carryfwd from yr ot yr Current files include; audit plan f/s and audit reprt working tb je’s and reclass je’s letter of confirmation and rep letteri/s summary of findings Test of control; 1. controls= design i/c and effects on i/c 2. substantive: test of $ balances : cash, a/r, inventory
Significants audit findings
audit docs should include significants audit findings, action taken, and conclusion reached. - related to the selection of application and accounting principles and consistency or reason for switch from lifo to fifo. -matters that give rise to significant risks -material misstatements in f/s -cause of significant difficulty -modification of auditors opinion or the inclusion of EOM in audit report or om
Other documentation requirements
auditor often use tickmarks or symbols, indicating the work that has been performed checks : agree to ye bank bal ^= agree to deposit ticket foot : to agree to deposit ticket total a sign to agree to voucher register x: agreed to cahs balance in g/l
practice sim m1 how to crosst foot fixed asset and dep balances for accuracy
Try to match beg bal + addition - disposal = ending bal (BADE) to exhibits. The audit objective would be to test the accuracy of the FA and depr balance the testing approach; would be to select all items in population for footing.
M2 mCQ; what is of the following statements is most accurate regarding audit documentation; 1. auditor should document findings that could mod. the audit report. 2. oral explanation serve as sufficient support if explanation is documented
Correct: 1. auditor should document findings that could mod. the audit report. this is one of the purposes Incorrect 2. oral explanation serve as sufficient support if explanation is documented. oral may be used to explain or clarify information.
Auditor use working TB resembling f/s w/out footnotes to
Reclass and adjust
Reconcile and tickmark are used for
are used for the audit documentation
The audit current and permanent files would include
Current; bank recs and bank statement; attorney letters, lead schedules, working TB audit plan f/s and audit reprt working tb je’s and reclass je’s letter of confirmation and rep letteri/s Permanent files: article of incorp pension plan contract flowchart of i/c debt agreements lease agreement bond indenture stock option agreements board and committee minutes
Are workpapers the use to as the document used in the procedures that applied and the conclusion reached in an audit engagement
yes.
M3 Terms of the Engagement Letter
the engagment letter consist of the following 1. Addressee: the CEO, COO, CFO, or governance. they are going to be signing the letter 2. Objection and scope of the Audit: what is being audited at y-e b/s, statement of income, Stockholder equity, state of CF, and related notes to f/s. will accept to audit with the objecive of expressing an opinion. 3.Responsibility of the Auditors: audited will be conducted under auditing standard (GAAS) accepted in the US. Standards require we plan and perform audit to obtain REASONABLE ASSSURANCE about co. f/s are free from material misstatements. Perform procedures to obtain evidence about amounts and disclosed in the f/s. procedure involved using auditing judgement. assesement of risk whether due to fraud or error. audit also the appropriateness of accounting policies and procedures and REASONABLE OF SIGNIFANT ACCOUNTING EST. made by mgmnt. there is a unavoidble risk event with i/c. 4. Responsibility of Mangement mr dims, management of i/c, provide access on info. unrestricted access. 5. Other Relevant Information (optional): fees placed here, 6. Reporting writtent report on opinion. eOM, om or withdrawal could be done. 7. Signature
M3 MCQ: will the cpa firm involve IT specialist in the audit
Yes. there can be IT specialist used in the audit.
Is one the matters successor auditors communicate with new clients is predecessor auditors
Yes.
would management’s responsibility to correct deficiency in i/c id by auditors be a required part of the understanding between auditor and client
No. there may be a cost benefit of not doing i/c deficiency.
Before accepting a new client, would an auditor what to know management integrity
Yes.
a successor conversation with a predessor auditor should include before audit is engaged is
the predecessor knowing the reason for the change in auditors
If management has a disregard for i/s would this cause a auditor in not taking the client
Yes.
In the engagement letter would there be a statement on “ management responsibility to provided certain written representation letters to the auditors
Yes. this give the auditors understanding and documention on how the audit will be conducted.
Part of the audit planning process with client would to
find out the timing of inventory observation procedures to be performed and when can schedule time to see it. Never: will auditor meet with client about evidence gathering.
will there any specific discussion on procedures or auditors communicating with predecessor in the audit
not on procedures but the auditor can put something about commuicating with prior auditors.
If auditor is auditng and was asked to change the engagement to a review of a restricted scope and there was reasonable justification for the change. In the accountant review report what should it NOT REPORT
should be not mention of : Scope limitation, orignal engagment or aduting procedures performed.
If an audit client is requested to change the engagement from an audit to a compilation he should consider the
effort to complete the audit cost to complete the audit reason for clients request
would the factors of adequacy of accouting records and operating effectiveness of i/c influence an auditor that a client is auditable
adequacy of accounting records would but not ops. effectiveness of I/c maybe for IT expert field work
When predessor is terminated who should initiate communication about new auditors
New auditors with permission from client.
If an audit client is requested to change the engagement from an audit to a review due to scope limitation. the auditor should consider the following info in the report
A statment about the review is substantially less in scope than an audit.
If the predessor review to give new audit wp what should the new do
review the risk assessment of opening balances of f/s. can not seek legal counsel due to know law says he has to give them to you.
what would the success auditor ask the prior auditor after the accepting the audit
ask about matters to eval consistency of current and prior years financial reporting
would turnover in board be a factor in an engagement letter that has auditors auditing parent and a component
no.
Can internal auditor be used in assistance of audit by auditors
yes. but they can not make significant decisions.
Who is responsible for part of the audit: management of auditors
- obtaining an understanding of i/c: auditor must understand to lead to opinion 5. Following GAA: management follow to do f/s 6. detection of immaterial errors: management responsibe for free material errors f/s; audit job is to detect material errors. So no one is responsible 8. Provision of representation letter:auditors provides the template but management job is to sign it. management is responsible 10. compliance of laws & regs: of f/s management responsible being audited 11. Coordinating client assistance: both sides. mangagement assist with staff and audit assist with statf
M4 Planning
Audit planning with PCAOB standards consist of planning activities depending of the size and complexity of the co., previous experienceir with the co, and changes in circumstance during the audit.
auditor plan
Auditor plans the audit to the initial assessment of the risk of material misstatement. however, must be prepared to revised the audit strategy and the plan based on audit procedures.
key. engagement team members
the engagement partner and other key personnel should be involved in the audit and responsible for: -planning the audit -supervising the work -compliance with relevant audit standard Supervising the assistants; the objective is to document evidence to support the express opinion on f/s key supervising items -communicating with audit on all audit maters -informing assistant of their responsibilties -staying inform on all audit matters -reviewing assistant work -dealing with difference of opinion amongst audit team. the final resolution should be documented Audit is done through nature, extent and timing of supervision of assistance because; audit uses clients records (assertions and claims) and i/c to form basis of opinion.
Knowledge of the client’s business and industry
auditor is not required to have prior experience in client business or industry. however, once the audit begin auditors should have understanding of client business and industry. -knowledge of clients industry; helps to highlight pracitce used in industry that may effect clients f/s. The most common sources are; -AICPA accounting and audit guides -trade publications and professional trade associations -govt publications -AICPA accounting trends and technique (annual surveys of accounting practices) -knowledge of client business: tour the facilities - meet the staff -review prior year audit report -annual and permanent files -prior yr and interim f/s -BoD and stockholders minutes -communication w/ third parties -SEC filings -D&B reports -tax returns -understand co. accounting methodology -know there business development
Develop the audit strategy
overall audit strategy; written with nature ,extent and timing Nature-Factors that determine the focus of the audit= na *premlin on the evaluation of materiality, audit risk, and internal control, *material location and account bal. *areas with higher risk and material misstatement *significant accounting changes *significant business and industry develoment, legal or regulatory matter that co. is aware *management committment to design and ops of i/c Extent- define the scope of the audit based in the size and complexity of the co. extent and scope include: * from the engagement, what is the basis of reporting, reporting of currency and location of co. *industry specific *size and complexity of audit and co. *effect on iT *knowledge gain from prior experience on this co audit *use of service organization by co. *recent changes in co. ops and i/s over fin reporting *extent to evidence on effectiveness on i/c Timing: determining the audit reporting objectives, timing and required communication. *deadlines for interim and final reportin *key dates for meeting with managment and BOD *expecting type and timing of reports and communications *timing of audit team communication, including audit team meeting and review of audit work *communication with third parties ; legal, vendors and customers Strong i/c = more work can be done at interim weak i/c = more work done at year end.
Developing the audit plan written with NET
The audit plan is based on audit strategy outline on NET procedures. written audit plan with specifit audit procedure is required. Risk Assessment Procedures= Required in all f/s audits: that are used to obtain an understanding of co. environment, i/c in order to assess risk of material misstatments and determine NET of further audit procedures Further audit procedures; -test controls of i/c due understand i/c and reliable of i/c overall management is in charge of i/c so auditors with test ob checks and bal. of segregation of duties. and review the desing of i/c -test $ubstantive bal -control -sending letters to attorneys test timing of audit work -effect of IT’;how is iT used and what processes are in place.
Consideration of f/s assertions
Further test of control and $substance are performed at relevant assertion for each material account bal., transaction class, and disclosure item in the f/s. f/s are not facts but claims and assertions made explicity and implicity by management about recognition, measurement, presentation and disclosure on information in f/s There are 6 main assertion (claims) on the f/s : COVER U 1. Completeness: account bal , transactions, and disclosure that should have been recorded are recorded 2. cutOff; trans record in the proper accounting period 3. Valuation, allocation and accuracy; account bal , transactions, and disclosure record fairly and valuation a and allocation are recorded accurately. 4. Existance and occurence;account bal exist, transactio recorded and disclosed 5. Rights and obligation; entity hold control over assets and liab ar obligation 6. Understandability and classification trans have been record in right spots and clearly expressed.
Use of assertions (claims)
relevant assertion form a basis for assessing risk for the design and performance of further audit procedures examples include Assertion; inventories included in b/s physically exist Potential misstatement or risk assessment: physical bal include some amounts that don’t exist. Audit procedure: examine physical inventory
Writing Audit plan
Drafting the audit plan= required (written) sufficient planning info has been gathered, an audit plan should be drafted listing audit procedures ;NET nature= type both control and substance: perform specific procedures ( count/vouch/trace/ compare/calculate/ confirm/examine extent; scope - is it a little test or a lot of testing information; what are the specifi number of records from the specified population timing; what year or accounting period. some interim period, either the entire year or from the date of the interim fieldwork Group audit paln; different audit do different location; and audit responisbilties
List needed for the audit
In addition to the regular items we receive, we may need to get new stuff from the list to auditor. auditors will audit new stuff as well New Stuff 1. purchase investment @10% in a company. There is no signifcant influence so i would use the fv method and not equity method. Company would give auditors the Avail for sale invest documentation 2. if co security are sold to public to finance building, audit would want look at transfer agent statement with board minutes that shows sale of stock plus APIC 3. For tax purpose; Revenue sold by product line.
M4 MCQs: The audit plan can not be finalized until
auditor has obtain a sufficient understanding of i/c. through consideration that i/c has been completed
When an auditor is review co. accounting p&p in considering the audit planning matters to
get an understanding of ops and business
in developing audit procedures through ; nature, extent and timing. Would an audit want to know the extent of involvement internal auditors would have
yes; it will help with audit procedures via NET
A decrease in the amount of misstatement that an auditor could tolerate would say that
that is a lot of issue with assertions give by management and audit will have to work harder so he will perform audit procedures closer to b/s
Before applying substantive test to details in asset accounts at an interim date, the auditor should
assess the difficulty in controlling the incremental audit risk. Because he may have to harder that mean move procedures to b/s or not work harder means procedure test at interim date.
What is one the procedures that an audit would perform in the planning stage
make preliminary judgement about materiality.
If an audit plan is to sustantive test at interim date and not b/s date he is saying that
the potential increase in risk of errors that exist at b/s date will not be detected
Would an auditor obtain an understanding of the entity’s risk assessment process in the planning phase of a financial statement audit
yes. during the planning stage, an auditor wants to obtain a sufficient understanding of each of the five component of i/s and risk assessement is one of them
If an audit is engage to examine management assertions on a investment schedule what provision would he comply with
Statement of standards for attestation engagements (SSAE) it does examination, reviews and agreed upon procedurers
An audit would use which procedures to determine material misstatement
Sustantive procedure $$ testing of accounts detail and analytical procedures and not Risk assessement which do an understanding of the entity environment
Which one of the following would not have an impact on the scope of the existing audit: current reg and statutory reporting requirments prelim eval of materiality and audit risk audit knowledge gain from prior work on entity effect of iT
prelim eval of materiality and audit risk will have impact on the audit and not the scope
Which procedure would an auditor use to test clients f/s assertions at the account, trans and disclosure
substantive procedure for $$ account and trans and test of control for disclosure or control testing.
What are audit strategy and what are audit plan
Audit strategy; provide the scope of the audit, outline the reporting objectives, provide preliminary assessment of materiality and tolerable misstatement Audit planning ; NET, risk assessment
Would a cpa make a decision on whether to perform test at the interim date or wait to start of audit b/s date and whether to rely on the work of IA for audit planning
yes, interim date and b/s dates testing are use and whether to rely at what extent of ia are used in audit planning
A2 M4 Sim: What is included and excluded from audit strategy and planning
- Has management agreed to the preliminary materiality amount; EXCLUDE THIS IS DONE IN THE AUDIT PROCESS 5. Document the deadlines of the interim and final reporting; INCLUDE WOULD DEVELOP THIS AUDIT PLANNING AND STRATEGIES 9. Will the audit utilize the clients internal auditor for direct assistance: Include would what to in the planning stages to what extent will IA will be used. 10. Does the work on Deferred credits support conclusion; exclude this done with audit 11. Document the areas where there is a higher risk of material misstatement; include this is done in the Risk assessment phase when we are knowing the co. environment. 12. Was the mangement rep letter obtain; exclude done at the end of the audit 13. Document if any additional reg. reporting requirements that the entity must adhere to: include ; would want to know what is need to plan for the audit.
M6- Materiality
When the audit strategy is established, the auditor will determine materiality for the f/s as a whole, performance , classes of trans., account bal, and disclosures. All for a qualititative and quantitative judgement.
By law what is materiality in an audit
a substantial likelihood that the fact would have been viewed by the reasonable investor as having significantly altered the total mix of information available.
Needs for users
Auditors view how materiality is influenced and can altern the users perspective; Users assume: knowledge of business,economy and accounting f/s may have some levels of inherent and include uncertanty understand how materiality can affect prep of audited f/s willingness and an ability to properly analyze f/s
Factors to be considered in materiality
profession judgement quantitative and quantitative facts the materiality levels in the f/s need to be expressed as a specific amount when assesing auditor should use the smallest( amount that will hurt co.) in level of missistate that lead to materiality
Smallest level that could hurt co. use these factors
application of a percentage of benchmark: used in simular co. or industries application of percentage of f/s in interim or annual f/s: SCF , Rev, exp, b/s accounts, net assets prior pd financial results, period to date financial results and position current budget to actual known or expected changes in entity’s circumstances condition of industry or economy as a whole
PCAOB standards
separate lower materiality levels should be set for accounts and disclosures. when there is substantially likelihood misstatement of amount is less than materiality for whole f/s influence be judgement of users.
Performance materiality
reduce to an low level of probabilty that the aggregate of uncorrected and undetected misstatement exceeds materiality for the financial statement as a whole. Tolerable: is the maxiamum error in a population before become material May sure to view Summary of adjustments pass during (SOAP) examination many small entries could lead to materiality.
Calculating Materiality
using a benchmark of the larger of total asset and gross revenue. Multiplying it by 1% if the larger is total asset and .5% if it is gross revenue. Tolerable is 70% for low likelihood and 50% for high likelihood. Total revenue : $2,500,000 Total asset: $1,750,000 Overall materiality = total revenue $2,500,000*.005= $12,500 (prelimiary planning mateiality) Tolorabel is said to at 70% low likelihood overall materiality $12,500*70%=8,750 tolerable or performance materiality
Materiality fo particular classes of trans, a/c bal and disclosures
the cycle test has 3 categories 1. Transactions 2.account balance 3. disclosures and cycle test has 7 cycles 1. Revenue 2. Expenditures 3. Investments 4. Inventory 5. PPE 6 Payroll 7. Financing
Materiality for Group Audits
Group audits should do the following for prelim materiality assessing: Assess materiality, including performance of materiality for group f/s as a whole determine materiality applied to class of trans, account bal and disclosures in the group f/s Determine components ( rev, ni, assets,) materiality on which group enagement will perform Determine threshold above which misstatement cannot be regarded as clearly trivial to the group f/s.
Revised of materiality
Remember materiality can always be revised based on audit procedures of NET.
Should I read all the question and information before giving an answer
Yes. sometime question has 6 months total and answer wants annual information. Exam trick
If new information becomes avail that requires relevant of quantitative levels of materiality an auditor should
Raise of lower the materiality levels as appropriate to the situation. Remember an audit can the materiality threshold and procedures if neccessary
Under PCAOB standards, if a client will not be able to respond to auditors request for evidence with time frame would the auditor reevaluate material levels
No. would not have any impact on materiality levels
Which of the following would an audit use in the preliminary judgement of materiality: -assertion that are emboided in f/s -anticipated sample size of for planned substantive taes -initial assessment of control risk -f/s of the prior year
Auditor would use -f/s of the prior year for prelim work. it is a good starting point to est. expected results -assertion that are emboided in f/s; have little relationship to materiality becuase they are claims. will be test during the audit process -anticipated sample size of for planned substantive test: these are done after prelim and during audit -initial assessment of control risk help design audit procedure ; substance and controls
what is the determination factors im materiality levels
- f/s as a whold 2. certain classes of transaction, account bal and disclosure cylces 3. performance materiality or overall materiality 4. preliminary planning materiality 5. prior f/s for good strarting point Not. transaction cycles with misstatement in th prior year or there is no establish for specific transaction cycles from the prior year.
M6 SIM Research: make sure in advance search to utilize singular and plural of the work
Yes. it maybe able to give you more detail that you need to get the right answer.
what are examples of benchmarks
Total revenue, Total asset, a/r, expense, EBIT, OI, NI, Profits.
M7 Risk Assessment Part 1:
Risk Assessment” CPA test i/c in order to adequately plan the NET of auit procedures. Which includes perform risk assessment procedures on” -ID and assess risk of material misstatement -obtaining an understanding of entity and environment (is it a highly competative environment) -obtain understanding of i/c over financial reporting -develop analytical procedures -application of accounting principals -design further audit procedure and test i/c if needed -inquire with audit committee -have discussion among engagement team -perform other procedures
Obtain and understanding of entity and environment
Understand : industry, regulatory, and other factors: - could be pressure to do well in industry due to competition, products are becoming obsolete, work is cyclical or seasonal, energy supply and costs Regualary factors: -that are industry specifics -regulation of industry -laws and regulations -taxations -gov policies -environmental requirements (could lead to fraud)
Nature of entity
auditors understanding of nature of entity with ops, ownership, corp governance, investments, financing methods.
PCAOB Standards
States thing to know about entity: -must read public -observe and read transcripts of earning call -obtain and understanding of compensation arrangements -SEC filings -make inquires with management and audit committe on risks of material misstatement -Inrquires with the compensation committee - develop and understanding of client’s i/c -perform analytical procedures -approval of executive officer expense reimbursements. not a PCAOB : performing prelim test controls over selected transaction cycles: this is done after risk assesment via NET when doing procedures or with substantive testing.
Selection of Application of Accounting policies
Audit will gain an understanding of i/c and reviewing managements determination of estimates and assumptions
Objectives, strategies , business and inherent risks
all are part of auditors risk assessment to see how adverse events and circumstance could impact entity. Examples would be: -industry development -expansion of the business -New accounting requirments -regualatory -current and prospective financing requirements -Pending litigation
Entitys financial performance
do risks assessment when financial performance will yield bonuses and compensation. that could lead to pressor to get good numbers.
Understanding group, its component, and their environment and required documentation
in the following area; -understanding on the consolidation process -confirm or revise its initial ID or significant components Documentation: Relevant industry, regulatory, external factors, including applicable reporting framework - ops -ownership or governance -types of investments the entity is making -evaluate whether accounting policies are appropriate for the business and consistent with framework
Other risk assessment procedures
other risk assessment on i/c: -inquires on management, governance and then outsider ( legal and valuation experts) -performing analytical procedures ( which are the evaluation of financial information by a study of plausible relationships between financial and non financial). completed in the Plan stage and final stage. 1. review data aggregate at hign level 2. non financial: revenue by number of employees, square footage of selling space, or volume of good produced) 2. the objective of analytical procedures during the planning is to : * enhance understanding of past transactions and events entity *id any unusaul large trans, ratios or trends * review may see material missstatement which could be fraud
Risk assesment discussion
with audit team should discuss: -areas of significant audit risk, accounting principles, disclosures on unusal accounting procedures. - more experience auditors should share more ensight -should emphasize and excercise profession skepticism -risk assessment discussion should continue through out the audit even when condition changes.
Audit Data Analytics (ADAs)
5 steps in performing ADAs risk assessment procedures. such as testing controls, performing substanive procedures and performing concluding procedures 1. Plan ADA; determine objectives, data population to be analyzed, select tools and grphics and tables used. 2. Access, prepare the data 3. consider relevance of reliability of data 4. Perform ADA 5. Evaluate the results and conclusion.
Notable items of ADA
-id a previously unid risk, -modify or support the assessment of risk of material misstatment For groups: -items that do not id new or high risk of material missistatement (False positive) -items require further review because the may represent higher risk or material misstatements. base on evaluation, audit should determine level of risk of material missstatement and plan audit procedures that will appropriately respond to assessed risk. ADA: auditor auditing sells of copiers in ye 4. do AD: y3 type C copiers down due to fires in the facility. y2 and y4 type d and type e sells up.
Other procedure:
review external informatin ( trade journals, analyst report) -results of fraud risk assessment -information obtain during acceptanc and continuation process -obtain information on other engagements performed by entity -prior pd event to the extenet that it is still relevant. Risk assessment and audit evidence is always required in f/s audit On going assessment: 1. analytic procedures, 2. risk assessment, and test of ops effectiveness control = notn requirement 1. test controls may indicate not op, effectively 2. may detect more or less frequent material 3. revised risk assessment and mod. plan for procedures.
Would GAAP framework would be considered a internal or external factor
Its managment choice of framework = Internal
M7 MCQS: when performing analytical procedures in the planning stages, an auditor would most likelyreview
Analytical procedures are analysis to plan procedures on NET which the used on testing transactions, account balances and disclosures. They are done in the planning and final review. They are financial data (financial stuff) information. They are comparison of recorded amounts to independent expectation developed. A good example, using unaudited information from internal quarterly reports. Not a example< control assessment relating to special financial assertions. would not be usefu.
An auditor obtains knowledge of cleint’s businessa and its industry to
understand the events and transactions that may effect the client’s f/s. Not to develop an attituded of professional skepticism concerning management f/s assertions. not necessary in knowledge of business.
would an audit use analytical procedures such as comparing financial info to non financial info in planning stage
yes.
Which are and are not PCAOB risk procedures
States thing to know about entity: -must read public -observe and read transcripts of earning call -obtain and understanding of compensation arrangements -SEC filings -make inquires with management and audit committe on risks of material misstatement -Inrquires with the compensation committee - develop and understanding of client’s i/c -perform analytical procedures -approval of executive officer expense reimbursements. not a PCAOB : performing prelim test controls over selected transaction cycles: this is done after risk assesment via NET when doing procedures or with substantive testing.
what are some analytical procedures done in the planning stages and ones that are done in the review stages
Planning stage: Planning comparing financial data Planing financial data with non financial data Obtain clients financial ratios and comparing with industry average Overall review stage: reviewing f/s and disclosures for unusal transaction or unexpected balances. this task in normally done by audit partner or audit manager.
Sims M7 ADA risk assessment
- If a company being audited sales equipment, auditor does analysis on inventory and not FA, and if sales are declining due inventory valuation, auditor would look rights of warranty issue due to quality and warrany provisions. quality increase and provision no modification. 2. the next question of sales decline qtr three compared to other q3 from previous yrs was due to a labor strike. 3. should auditor modify risk. no stay the same. he was informed by co. about labor strike. if he found something unusual, the made analysis to increase or decrease risk assessment. 4, what a sales mix risk assessment ( sales budget to sales actual on portion of product sold to sales) due to inventory valuation that showed a decline on 3 machines with one being discontinued. so we would increase risk assessment in y4 for 2 machine that still in inventory during yr 4 audit the discontinued machine was off the book by y2 . 5. since the sale decline was not a quality issue where there would be a increase in risk assessment, audit would keep risk the same since the decline was from labor strike and new ye 4 qtr 2 machine has high sales due to innovation.
M8 Risk Assessment II
Overview of i/c; three objectives of i/c related to financial reporting 1. reliability of financial reporting: most related and relevant to the audit. 2. effectiveness and efficiency of operations 3. compliance with applicable laws and regulations The other two relate to analytical procedures with non financials is ops and if non compliance to laws and regs. could have an impact on material effect of f/s.
Components of i/c
Auditor must obtain an understanding of the design and implementation of entity i/c during the auditor’s audit planning stage. So he must understand 5 components of i/c called CRIME - Control Environment: tone at the top of organization; no lying or cheating should go on in company Sets the tone of the organization and provides the discipline and structure for other components of i/c and generated by management and governance Tone at the top good structure when there is a clear lines of reporting from BOD to CEO to CFO to Controller to staff. There is evidence of control environment and whistleblowing policy *The following circumstance would raise concerns regarding managements philosophy and operating styles; 1. management consumed with meeting the budget 2. management dominated by one person 3. management compensation contingent upon the entity’s financial performance. - Risk assessment ; management id. of risk; or assess where is the chances that lying stealing or going on ID and analysis of risks to meet the achievement of entitys objectives ( such as financial reporting) Risk assessment ; is there a high, medium or low risk of employee theft; if inventory needed for sales become scarce and putting pressure on management, or new accounting standards were not implemented properly. -Information and communication; a means of recording transactions and communicating responsibilities Make entries are entered in system correctly. Systems supports the identification, capture, and exchange of information in a timely and user manner. -Monitoring; Assessment of i/c performance over time: make sure control are functioning correct for lying stealing. The process that assesses the quality of i/c performance over time Using IA to monitor i/c and evaluation of strength and weakness and control effieciencies. - Existing Control Activities; control of policies and procedures; prevent or detect if lying or stealing is going on. P&P that helps ensure that management directives are carried out and that necessary steps to address risks are taken. *Segregation of Duties these are frequently tested by auditors. So protect against a flood of trouble; ARC: one person do each of the following Authorize Record keeping Custody of related assets * Auditors questions focus on the control environment and control activities. * it is not necessary for auditor to access all of entity i/c over financial reporting. Auditor must use judgement as to which to assess during the audit and focus on control risks on entitys relevant controls. Audit should evaluate i/c of these components - design -implementation -procedures Auditor should document the understanding of i/c: FIND -Flowcharts -Internal Control Questionnaire and checklists -Narrative -Documentation from the client, including copies of entities procedures manual and organization charts. * Flowcharts; are a symbolic diagram sequential flow of authority, processes and documents’ auditors use them in two way: 1. evaluate i/c 2. IT; evaluating i/c on automated accounting systems. *Types of flowcharts - System flowcharts: shows the flow of document in a system from beginning to end. it aids in auditors evaluation i/c due to steps involved in the documenting process. -Program Flowcharts; shows the logic and existing flow of computer programs. auditors can use these to flow of program and i/c on IT functions. -Flowchart organization; 1. shows general flow of documents and data 2. start at top to bottom , left to right, 3. use wording familiar to reader 4. avoid intersecting flow lines and off page/on connectors Flowcharts systems ; symbols shown in flowchart
What is a is symbol flowcharts that shows how payroll is processed
- Employee submit timesheets electronically 2. Supervisor review timesheets 3. Timesheets review for accuracy and completeness 4. print and initial approved timesheets 5. print payroll list and match names 6. perform compliance 7. is the timesheet compliant 8. submit to payroll system processing 9. resolve errors.
m8 mcqs: which of the following reason is NOT a possible reason why a properly designed i/c may fail to prevent fraud or detect -inadequate segr of duties - human errors -collusion of two or more indiv -managment override
Not a possible reason= inadequate segr of duties. this is bad design of i/c other are possible reasons - human errors -collusion of two or more indiv -managment override
what factor would an auditor consider as most relevant in clients organization structure
suitable of client line of reporting on the organization chart.
when obtaining knowledge of i/c of entity does he have to get understanding of design of control operating effectiveness of controls
yes; design of controls no; ops effectiveness
Would employee not required to take vacation have anything to do with client computer access
no.
is i/c relevant to the entire entity or to any of its ops or business functions. and what would an understand ops and business for audit plan i/c
relevant to the entire entity or to any of its ops or business functions would be relevant for i/c. in contrast, understand ops and business for audit plan i/c would not necessary in audit plan of i/c
An objective on entity for i/c
Objective = ORC 1. Reliability of financial reporting 2. Operations Effective and efficient 3. compliance with law and regs.
What is correct primary criteria of i/c
cost of i/c should not outway the benefit
what services performed by another entity would not be considered part of clients info systems
Services performed another organization that are not to be part of the clients info system when the execution transaction are specifically authorized by client and does not effect the organization ( like prep of f/s by outside accounting firm). like investment securities by external brokers
would procedures that prevent the excess use of materials in production be a least likely control to effect the f/s audit
yes. these are reporting of inefficiency
An audit would obtain sufficient knowledge of IT relevant to fin. reporting to understand
the process used to prepare significant accounting est. are process properly in system. Remember ; authorization is not relevant to iT system.
When an audit eval control environment is he looking a t management and Board
yes
audit focus on substance over control to determine
management est. appropriate procedures maybe not being enforced
how is risk assessment evaluated in i/c
understand how management addresses risks relevant to fin. reporting
proper segregation of duties reduce employees from
record and conceal fraudulent transactions
when an auditor has sufficient understanding of i/c related to a sales order process he would
note in a narrative describing the steps used were conducted correct or incorrect based on procedures.
is circumvention of controls by collusion of two or more person as limitation of i/c rather failure
yes. i/c limitaiton; - human errors -collusion of two or more indiv -managment override
What is the monitoring component
Assessing and improving of the performance i/c over time. A corrective actions not eliminating.
When would use manual controls When would you use automated controls
Manual: detecting; large, unusual or nonrecurring transactions Automated; routine errors, that can be predicted and corrected circumstances that require a high degree of accuracy high-volume transactions that require additional calculations
to ensure appropriate systems of software applications what we be the best control
General controls relate to many applications and support effective functioning of ops and IT.
What is most accurately description that best describes walkthrough
best descibed; following a transaction of origin to f/s. other description; observation, inquiry with managment, inspection of relevant documentation.
In audit planning, auditors knowledge of relevant design i/c should be used to
iD the types of potential misstatement that could occur
What is a likely outcome of the benefit of iT used in i/c
enhance the timeliness of information
is establishing budget and forecast to id. variances from expectations a management control that improves management;s ability to supervise acitivities effectivelly
yes. it can serve as a tool to show management there maybe problems.
By obtaining and understanding of clients i/c, the auditor is directly addressing
the clients risk of material misstatement via inherent and control risks
When a client iT system is extensively integrated throughout the company’s accounting system (ERP) would the auditor increase test of controls
Yes. evidence of substance testing would not be available and the auditor will have to heavly test i/c total. When accounting system is largely based on manual system, auditor can use substantive test and less i./c testing.
A2 m8 Sim 2 Walkthrough step
When a/p system security system in place this would be a iT application control and not a general control or security control When manager review files for errors is a detective control because action have happen. opposed to a prevent control where preventing from happening When a/p send files to treasurer office for printing checks, this is a segregation of duties. if i see bank name of reconcilation , then rec came from the bank.
A2 m8 sim 8 identifying i/c componpreents
- Adopting new accounting policy= risk assessment = new things = new risk 8. new personnel= risk assessment = new things = new risk 10. HR policy and practices; control environment= hr policy and practice = control envioronment 11. Incorp of new tech= risk assessment = new things = new risks 12 pre-numbering document; existing control activities; procedure in place for pre-numbers 15 operating performance review; existing control activities procedure in place. 16. corp restructuring= risk assessment = new things = new risk. Things to keep in mind information and communication : presentation of f/s, measuring and recording of entries, and information captured in system. Control activities; authorization of transactions, record, safeguard assets pre number docs.
M9; the effects of iT on the audit
Segregation of duties in iT ; COPAL - Control Team -Operations -programmers -Analyst (systems) -librarian
Difference between manual and computerized iT environment
Disappearing audit trail; paper audit-trails are substantially reduced in a computerized environment. Client process most of it financial data without any paper documentation. Audit test s/b performed on a continuous basis. Computer systems that supply electronic audit trails are often as effective as paper trails.
Potential for increased errors and irregularities
= negative/disadvantage outcomes due to several characteristic of remote access and unauthorized users
Potential for increased supervision and review
= positive/ advantage outcomes due to integration of audit procedures in the application programs themselves. Also, in a computerized environment the increased availability of raw data and managed reports afford greater opportunity for both the client & auditor to perform analytical procedures.
Effect of iT on evidence gathering
Manual audit procedures are called auditing around the computer Computer assisted audit techniques (CAATs) are called auditing through the computer. auditor could do one or both. it is highly dependent on crucial that the auditor gain a thorough understanding of the structure and usage of the control system through inquiry and observation. note: substantive testing alone may not be sufficient Test of controls s/b performed to assess control risk in a highly computerized system.
Use of an iT professional /specialist
treat like staff
Manual audit procedures are called auditing around the computer
Author does not directly test the application program. The auditor tests the input data. process the data independently, and then compares the independent determine results to the program results. Emphasis is on the input and output stages. example; simpe batch simple.
Computer assisted audit techniques (CAATs) are called auditing through the computer.
- Transaction Tagging; electronically mark or tag specific transaction and follow them to client system 2. Embedded Audit modules; application program codes that collect transaction data for the auditor. i.e. auditor wants to examine all transactions affecting a specific amt. greater than $500. Audit must involved in system design of application. time taken away to do other audit 3. Test data# invalid employee #, excess pay rate, and hours to process a set of test data off line while under auditors control. real computer files are not effected. 4. Integrated Test Facility (ITF): simular to test data. the test data is separated form live data and processed to dummy account. Clients are not informed that test is being run. 5. parallen simulation; auditor reprocess some or all clients live data (using software provided by auditor) and then compare data to clients files.With controlled process, auditor observes their data to clients data. uses archive copy of clients data.
Generalized Audit Software Packages (GASP)
Generalized Audit Software Packages (GASP) Allows the auditor to perform test of controls and substantive test directly on client systems. Requires little tech knowledge of clients hwd or sfw Advantages; sample and test a much higher % of transactions, which should result in a more reliable audit. requires little tech knowledge.
M9 MCQs: auditor will use CAATs rather than manual techiniques when
they want to verify all transactions
if an audit is doing an audit of payroll emplyee files for fraud of invalid ssn# what would tech would they usedq
compare the SSn # in payroll file to file of gov’t ssn #
what is a primary reason why an auditor wold not use embedded audit modues
Embedded Audit modules; application program codes that collect transaction data for the auditor. i.e. auditor wants to examine all transactions affecting a specific amt. greater than $500. Audit must involved in system design of application. time taken away to do other audit
if auditor wishes to capture an entity data as transactions are processed and continuosly testing would most likely use
Embedded audit module. are sectins of an application program code that collects transactions data for the auditor. allow auditor to capture specific data
with parallel simulation auditor is using reprocessed data in audit software what is an advantage
the size of the data to test can be expanded with relatively little additional cost.
What is an advantage of using test data
Test data# invalid employee #, excess pay rate, and hours to process a set of test data off line while under auditors control. real computer files are not effected and processed with clients computer and the results are compared with auditors predetermine results
what is a disadvantage of microcomputer -prepared data files rather than manually prepared files.
it is easier for unauthorized person to get access and alter micro computer files than manual.. micro computers are difficult to maintain because of increased number of data entry points and potential ability to defeat access point.
An auditor would least likely to use computer software to assess
assess EDP control risk. it is based on auditor judgement and can not be replaced by assessing control risks.
Which is a characteristic distinguish difference between computerized processing and manual processing
errors and irregularities are detected soon.
what reason would an audit would focus on automated controls than i/c
when it is more efficient and cost effective to focus on automated control than i/c
MCQ test A1-a2; what is true and not true about test data
true; only one transaction each need to be process ; test on clients computer under the auditors control; test data consist of valid and invalid data the interest auditor. not true; test data consist of all valid and invalid conditions
when is dual dating used
when there is additional or subsequent event after the audit report. Dual dating is not used in a situation where previous auditor report is included in current auditors report
Can a auditor issue a unmodified opinion when there is a departure from gaap
yes. when it is justified
for a single audit is the auditor least likely to considered the whole audit opinion
yes.
What are the QC for Auditors; hELPME
- HR 2. Engagement/client acceptance and continuance 3. Leadership Responsibility 4. Performance of the engagement 5. Monitoring 6 Ethical Requirement
What should a successor auditor ask a predecessor audit after engagement sign
matters of facilitating financial reporting consistency between prior year and current year. not; disagreement btwn auditor and mngmt over accounting principles that is prior to engagement.
when would an auditor refer to a specialist in an opinion
when there is a departure from an unmodified opinion an audit want to discuss in the OM section
is human judgement in decision making an inherent sitiuation
yes. because human can make mistake not an inherent situition is when there is a complex information system; this could be resolved in the design
If a government agency declines to include supplemental information required by GASB. the auditor should
give an unmodified opinion with a om paragraph
if a cpa completed an audit and client wanted to change opinion to a review due to scope limitation and it was justified the cpa would
the review would be a new engagement. Cpa would just give a statement that review is less than scope.
A cpa firm wants to make sure work provided meets qualtiy standard what standard is the firm doing
P = performance in engagement in HELPME. Would review the engagement and audit report . documentation. E would be evaluating the client continuance
What is an auditor responsibilty when supplement infor is outside of basic f/s
perform limited procedures on supplement information
when using a specialist should the auditor have an understanding of the objective and scope of work
yes
a material departure from gaap would be a
qualified a pervasive from gaap= adverse
a scope limitation= disclaimer or qualified due to gaas
if an auditor is unable to gather information on appplication of accounting principals and no infor on asset and liab at the begin of the year what opinion would he give
would not be able to express an opinion but can express and opinion on statement of financial position using end year numbers
what is true about test data and integrated test facility
test data: are process with clients computer and compared to auditors pretermined amounts
itegrated test facility uses dummy accounts ( not invalid data) like test data go through system but extract by codiing and result show under actual situations
how does and not considered significant risk
does consider inherent risk alone as start - is first stopped by control risk - then detected by auditor = audit risk audit use professional judgement significant risk exist when inherent risk is high does not considered; when determining risk, whether isignificant impact or not,
should ignore internal controls when considering risk factors.
if there has been an accounting change but does not change the f/s and is material should the auditor report it
no. and no mention in notes to the f/s.
only if there were material modifications and would be mention in EOM or departure from GAAP an material.
