A2 - Engagement Quality and Acceptance, Planning, and Internal Control Flashcards
A2,M1 - Engagement Acceptance and Terms
Who are those “Charged with Governance”
Those who bear the responsibility of overseeing the obligations and strategic direction of an entity
Typically, the Board of Directors and Audit Committee
A2,M1 - Engagement Acceptance and Terms
What is an audit committee? What is their purpose?
An audit committee is an independent group outside the board of directors.
They serve as a direct form of communication between the outside directors and the independent auditor
A2,M1 - Engagement Acceptance and Terms
What are the pre-conditions for accepting a proposed engagement?
- Entity using an applicable financial reporting framework
- Entity having management responsibilities
A2,M1 - Engagement Acceptance and Terms
In the case where there is a management-imposed scope limitation, what should the auditor do?
- Not accept the engagement
- Consider accepting only if limitation is beyond management’s control
A2,M1 - Engagement Acceptance and Terms
What’s the contents of a typical engagement letter?
- Objective and scope of the audit
- Responsibiliites of the auditor
- Responsibiliites of management
- Inherent limitations
- Identification of applicable financial reporting framework
A2,M1 - Engagement Acceptance and Terms
True or False: With recurring audits, management is allowed to use the same engagement letter
True, only if nothing has changed. If revision is not needed, then auditor should remind management about previous agreement.
A2,M1 - Engagement Acceptance and Terms
When is a change in scope (audit ->review/compilation) not allowed?
- When client refuses to allow correspondence w/legal counsel
- Client refuses to provide representation letter
A2,M2 - Engagement Quality
What are the Elements of Quality Control?
Hint: “HELP ME”
- Human Resources
- Engagement/Client Acceptance and continuance
- Leadership Responsibilities
- Performance
- Monitoring
- Ethical Requirements
A2,M2 - Engagement Quality
What’s the difference between GAAS and QC?
GAAS focuses on the conduct of the individual audit
QC incorporates all professional activities of the entity
A2,M3 - Documentation
What are “working papers”/”work papers”?
The principal record of audit procedures performed, evidence obtained, and conclusions reached
A2,M3 - Documentation
What are the document retention requirements for issuers and non-issuers?
Issuers (PCAOB requirements): at least 7 years from the report release date
Non-Issuers (SAS Requirements): at least 5 years from the report release date
A2,M3 - Documentation
What is the final document completion date for issuers and non-issuers?
Non-Issuers: 60 days past the report release date
Issuers: 14 days following report release date, along w/an engagement completion document
A2,M3 - Documentation
Give examples of the type of content included in the permanent file of audit documentation.
- Pension plans
- Contracts
- Leases
- Articles of incorporation, etc
A2,M3 - Documentation
Give examples of the type of content included in the current file of audit documentation.
- Audit Plan
- Financial statements and audit report
- Trial balance
- Letters of representation
- Letters of confirmation
A2,M4 - COSO Internal Control Framework
What are the objectives of COSO’s internal control framework?
- Reliability of financial reporting
- Effectiveness and efficiency of operations
- Coompliance w/applicable laws and regulations
A2,M4 - COSO Internal Control Framework
What are the components of the COSO Framework?
*Hint: CRIME
- Control Environment
- Risk Assessment
- Intervention and Communication
- Monitoring Activities
- Existing Control Activities
A2,M4 - COSO Internal Control Framework
What are the control activities relevant to an audit
*Hint: PAID TIPS
- Pre-numbering of documents
- Authorization & approval of transactions
- Independent checks to maintain asset accountability
- Documentation
- Timely and appropriate financial performance reviews
- Information processing controls
- Physical or logical controls for safeguarding assets
- Segregation of duties
A2,M4 - COSO Internal Control Framework
What are the 3 components of Segregation of Duties
*Hint: ARC
- Authorization of Tasks
- Reporting transactions
- Custody of Related Assets
A2,M5 - Planning
What are the 4 main requirements during the planning phase of an audit?
- Obtain knowledge of the client’s business & industry
- Develop audit strategy
- Develop the audit plan
- Perform risk assessment and procedures
A2,M5 - Planning
True or False: Knowledge of the client’s industry is required before accepting an engagement
False: Prior experience is not required before an engagement. However, once an engagement is accepted, knowledge of industry is needed to plan the audit accordingly
A2,M5 - Planning
What is outlined in the audit strategy?
- Scope of the audit engagement
- Reporting objectives
- Timing of the audit
- Required communications
- Factors that determine the focus of the audit
A2,M5 - Planning
What are risk assessment procedures?
Procedures used to obtain an understanding of the client’s internal control environment
A2,M5 - Planning
Name the 2 types of risk assessment procedures
- Test of controls - used when substantive procedures are insufficient
- Substantive Procedures - Used to detect material misstatements
A2,M5 - Planning
What are financial statements?
Financial statements are not statements of fact.
Financial statements are claims and assertions made by management about the recognition, measurement, presentation, and disclosure of information in the financials
A2,M5 - Planning
What are the 6 main financial statement assertions?
- Completeness
- Cutoff
- Valuation, allocation, and accuracy
- Existence and Occurance
- Rights and Obligations
- Understandability of presentation and classification
A2,M5 - Planning
Financial Statement Assertions: Define Completeness
All account balances, transactions, and disclosures should have been recorded and included in the financials
A2,M5 - Planning
Financial Statement Assertions: Define Cuttoff
Transactions have been recorded in the proper accounting period
A2,M5 - Planning
Financial Statement Assertions: Define Valuation, Allocation, & Accuracy
Accounting balances, transactions, & disclosures are recorded & fairly described and measured at appropriate amounts
A2,M5 - Planning
Financial Statement Assertions: Define Existence and Occurance
Account balances exist & transactions recorded actually occured
A2,M5 - Planning
Financial Statement Assertions: Define Rights and Obligations
Entity holds/controls the rights to assets; liabilities are the obligations of the entity
A2,M5 - Planning
Financial Statement Assertions: Define Understandibility of Presentation and Classification
Transactions have been recorded in proper accounts and appropriately aggregated or disaggregated
A2,M5 - Planning
True or False: A written audit plan is required for every audit
t
A2, M6 - Using the Work of Others
What can/can’t the client’s internal auditors do?
- They can aid in exploring internal controles, assessing risk, and performing substantive procedures
- They cannot aid in giving an opinon or the other activities related to the auditor’s own
A2,M7 - Materiality
What is Performance Materiality (Issuers) /Tolerable Misstatement (Non-Issuers)?
The maximum error in a population that the auditor is willing to accept
A2,M7 - Materiality
True or False: Total Materiality should be greater than performance materiality
t
A2,M8 - Audit Risk
What is audit risk?
The risk that the auditor may unknowingly fail to appropriately modify the opinon on financials that are materially misstated
A2,M8 - Audit Risk
Name the 3 types of misstatements
Factual - no doubt about mistatement
Judgemental - Differences arising from judgement of management
Projected - Auditor’s best estimate of misstatements in populations
A2,M8 - Audit Risk
What is the audit risk model
hint: AR =
Audit Risk = Risk of Material Misstatement x Detection Risk
Audit Risk = (Inherent Risk x Control Risk) x Detection Risk
RMM = Inherent Risk x Control Risk
A2,M8 - Audit Risk
What are the 2 sub categories of RMM?
Inherent Risk and Control Risk
A2,M8 - Audit Risk
What are some items that are typically of high inherent risk? (name at least 3)
- High volume, unique or specific transactions
- Complex or subjective calculations
- Amounts derived from estimates
- Cash
- Decline in overall industry
- Lack of working capital
- Technology that renders a product obselete
A2,M8 - Audit Risk
What are some items that are typically of high control risk? (name at least 3)
- No effective controls related to specific assumptions
- implemented controls are not operating effectively
- Risk for particular assertion may be addressed by perfomring only substantitive procedures
A2,M8 - Audit Risk
What is inherent risk?
The susceptibility of a class of transactions, account balances or disclosues to material misstatements before considering related controls
A2,M8 - Audit Risk
What is control risk?
The risk that a material misstatement could occur in an assertion that could not be prevented or detected by the system’s internal controls
A2,M8 - Audit Risk
What is detection risk?
The risk that an auditor will not detect a material misstatement in an assertion
A2,M8 - Audit Risk
What is the relationship between RMM and Detection Risk?
Inverse;
When RMM increases, Detection Risk (allowed) should decrease
visa versa
A2,M9 - Fraud Risk
What are the 3 risk factors of fraud?
- Incentives/Pressures
- Opportunity
- Rationalization/Attitude
A2,M9 - Fraud Risk
What are the 2 types of fraud risk that presumptively exists in every audit?
Improper revenue recognition & Management Override of Controls
