A2 - Quality Control, Engagement Acceptance, Planning, and Internal Control Flashcards
What is the primary purpose of a second partner or wrap-up review?
To evaluate significant judgements made by the engagement team and the related conclusions rached in forming the overall conclusion.
What is the purpose of establishing policies and procedures to accept/continue a client relationship?
To provide reasonable assurance that the firm:
- Minimizes the likelihood of association with a client that lacks integrity.
- Undertakes only those engagements that the firm can reasonably expect to complete with professional competence.
- Can comply with legal and ethical requirements.
What are the policies and procedures to withdraw from an engagement?
- Documentation of significant issues.
- Discussion with the client of appropriate action to be taken by the firm based on facts and circumstances.
- Consideration of any regulatory requirements for the firm to remain open or for the firm to report the withdrawal.
How can a firm be reasonably assured of meeting its responsibility to provide professional services?
By having appropriate QC system.
What are the standards that oversee QC?
AICPA Statements on Quality Control Standards.
What is the Audit Documentation (workpapers)?
Documentation that serves mainly to provide:
- Principal support for the auditor’s report.
- Assistance in the planning, conduct, and supervision of the audit.
- Accountability.
- Useful info.
What factor influences the form and extent of the auditor’s documentation of an entity’s internal control environment?
Size and complexity of the entity.
If an entity is small, it has less, simpler, procedures.
If an entity is bigger, more things come into play.
How long does an auditor must keep audit workpapers in their records for a PRIVATE client?
7 Years.
How long does an auditor must keep audit workpapers in their records for a PUBLIC client?
5 Years.
What’s the deadline to complete and assemble the final audit file for a PRIVATE company (SAS)?
60 days.
What’s the deadline to complete and assemble the final audit file for a PUBLIC company (PCAOB)?
45 days.
What is the level of detail that audit documentation must have?
Enough so an experienced auditor that has nothing to do with the engagement can understand the procedures performed and evidence obtained.
What do workpapers document?
Procedures that are applied and the conclusions reached in an audit engagement.
What additional column does the auditor’s working TB have?
A Reclassifications and Adjustments column.
What happens on report release date?
The date that:
- The auditor grants the client permission to use the report.
- The report is delivered to the client.
- The record retention starts.
What is the date in which existing documentation must not be deleted and additions to the documentation file must be documented as such?
The document completion date.
What are the factors that affect the nature and extent of audit documentation?
- Risk of material misstatement.
- Extent to which judgement was required in performing the work dand evaluating results.
- Nature of the specific auditing procedure.
- Significance of evidence obtained.
- Naute and extent of any problems identified.
- Need to document conclusions that may not be obvious.
What is the permanent file?
A file that includes audit documentation that never changes for an entity.
Like JCPA!!! - Articles of Inc, IRS elections, etc, contracts, org charts, debt agreements, etc.
What is the current file?
A file that includes all audit documentation applicable to the year under audit. Ex: FS, WTB, AJEs, reclass entries.
What are the REQUIRED contents of the engagement letter?
- Reference to the expected form and content of any reports, and that these may be subject to change.
- Objective and scope of the audit.
- Responsibilities of the auditor.
- Responsibilities of management.
- Identification of financial framework.
- State that there is unavoidable risk that some material misstatements may not be detected.
What are the factors the auditor must consider before accepting new clients?
- Firm’s ability to meet reporting deadlines.
- Firm’s ability to staff the engagement.
- Independence.
- Integrity of Client Management.
- Group Audits.
What would be a factor that would make the auditor conclude that the audit can’t be conducted?
Integrity of Client Management.
What are the preconditions of an audit?
- Financial reporting framework used must be acceptable.
- Management responsibility is clear.
- Management must not impose a scope limitation that will result in an disclaimer of opinion.
What are the specific inquiries of the predecessor auditor that a succesor auditor should make?
- Integrity of client management.
- Disagreements with management as to accounting principles, auditing procedures, etc.
- Communications with those charged with governance regarding fraud, noncompliance, internal control, etc.
- Predecessor’s understanding as to the reasons for the change of auditors.
What should the auditor consider when requested to change the engagement from an audit to a compilation of FS?
- Effort needed to complete the audit
- Cost of completing the audit.
- Reasons for the client’s request.
What are ACCEPTABLE reasons to change an engagement from an audit to a compilation or review?
- Change in client requirements.
2. Misunderstanding as to the nature of the service to be rendered.
What are UNACCEPTABLE reasons to change an engagement from an audit to a compilation or review?
- Engagement would uncover errors or fraud.
- Client is attempting to create misleading or deceptive FS. (Betty la fea con Don Armando).
- Client’s refusal to allow correspondence with legal counsel (Scope Limitation).
- Client’s refusal to provide a signed representation letter.
When is an auditor not allowed to issue a compilation report or a review report?
- When engaged to audit FS and there is client’s refusal to allow correspondence with legal counsel (Scope Limitation).
- When engaged to audit or review FS and there is client’s refusal to provide a signed representation letter..
What are the factors that must be considered in developing an overal audit strategy?
Preliminary evaluations of:
- Materiality.
- Audit risk.
- Internal control.
What are the procedures that an auditor may consider in planning the audit?
- Type of the audit.
- Scope of the audit.
- Timing of the audit with client’s management.
What comes into consideration when determininig the extent of supervision needed for the staff?
- The nature of the company.
- The nature of the work assigned to each team member.
- Risk of material misstatement.
- Knowledge, skill, and ability of each team member.
What are the six main financial statements?
COVERUP!
- Completness
- Cutoff
- Valuation, allocation and accuracy.
- Existence and ocurrence.
- Rights and Obligations.
- Understandability of Presentation and Classification.
According to the PCAOB, what does a centralized accounting function indicate?
A centralized accounting function is indicative of less complex operations.
What is the auditor required to do during planning?
- Obtain knowledge of the client’s business and industry.
- Develop the audit strategy.
- Develop the audit plan.
- Perform risk assessment procedures to understand the entity enough to assess the risk of material misstatement and design further audit procedures.
What are the two types of risk assessment procedures?
- Test of the operating effectiveness of internal controls.
- Substantive procedures.
- Other audit procedures.
What are Test of Controls?
Test controls are used to evaluate the operating effectiveness of internal controls in preventing or detecting material misstatements.
When are Test of Controls necessary?
Test of Controls are necessary when the auditor’s risk assessment is based to some extent on the operating effectiveness of internal control or when substantive procedures are not sufficient.
What are Substantive Procedures?
Substantive procedures are used to detect material misstatements. They include:
a. test of details; and
b. substantive analytical procedures.
What should an auditor do when designing a written audit plan?
When designing a written audit plan, an auditor should establish specific audit objectives that relate mainly to FS assertions.
What should the auditor do when applying substantive tests to an account at interim dates?
The auditor must assess the incremental risk involved and determine whether sufficient alternative procedures exist to extend the interims conclusions to year-end.
When may External Auditors use the work of Internal Auditors?
When there is:
- Competency of the internal audit function.
- Objectivity, and it is reflected in the org chart.
- Policies that prohibit internal auditors to audit areas where there is no independence.
- Use of documented internal audit procedures and an existing QC policies.
How is competence of the internal auditor assessed?
- Education (BS).
- Professional certification (CPA).
- Experience (Resume).
- Performance Evaluations (Raise?).
- Audit Plan. (M4)
- Quality of audit doc (QC).
How is objectivity of the internal auditor assessed?
- Organizational level to which the internal auditor reports.
- Policies that prohibit internal auditor to audit areas where they’re not independent.
- Info obtained from previous experience.
- Info obtained from discussions with management.
- Info obtained from external quality reviews.
- Info obtained from professional auditing standards.
What should the external auditor do when the internal auditor provides direct assistance in performing test controls?
The external auditor should: a. Supervise b. Review c. Evaluate; and d. Test the work performed by the internal auditor, and there should be communication between the auditors regarding responsibilities, objectives, and accounting/ auditing issues.
What is the most important thing to remember regarding independence of an external auditor?
The independent auditor is SOLELY responsible for reporting on the financial statements. No responsibility is shared with the internal auditor EVER!
When would the auditor refer to an specialist’s findings in the auditor’s report?
When the auditor is giving a modified opinion. In this case, the auditor would add a explanatory paragraph emphasizing a matter regarding the FS.
When does the auditor need to perform tests of assertions?
When the degree of subjectivity of the assertion increases. (Less estimates, more actual numbers).
How should the auditor determine the materiality level for the FS?
The auditor should determine the materiality level for the FS as a WHOLE.
What should the auditor use when assessing materiality?
The auditor should use the smallest aggregate level of misstatement that could be material to any of the FS.
What should the auditor do to reduce the risk that the the sum of undetected misstatements in the group FS of a private company exceeds the materiality for the group FS as a whole?
The auditor should establish a component materiality that is lower than the materiality of the group FS.
What are the factors that are used to make the preliminary assessment of materiality?
- Percentage application to an appropriate FS benchmark.
- PY, YTD FS + CY budget and forecasts.
- Any known or expected significant changes.
- Changes in the economy, industry, etc.
What should the auditor consider when identifying an appropriate benchmark to apply a %?
- Items in the FS that on which users would focus their attention.
- Nature of the entity and industry.
- Size of entity, nature of ownership, and its financing methods.
- Examples of materiality benchmarks, such as revenue, PBT, net assets, etc.
What is performance materiality?
An amount that needs to be less than materiality to reduce the probability that the sum of undetected errors exceeds materiality.
What is tolerable misstatement?
The max error in a population that the auditor is willing to accept.
How do you calculate Overall Materiality?
Overall Materiality = Applicable Benchmark * Applicable %
How do you calculate Tolerable Misstatement?
Tolerable Misstatement = Overall Materiality * Applicable %
What are the factors that an auditor should consider when assessing risk?
- Industry, REG, tech, and other external factors.
- Nature of the entity.
- Selection and application of accounting policies.
- Objectives, strategies, and business risks,
- Entity’s financial performance.
- Understanding the group, its components, and their environment.
- Required documentation.
Why do you need to obtain an understanding of the entity and its environment?
To provide an auditor with enough knowledge to assess the risk in audit planning.
What are analytical procedures?
Analytical procedures consist of studying plausible relationships between both financial and non-financial data.
What is the objective of performing analytical procedures?
To discover unusual transactions or events that may have an impact on the planning of the audit.
Why do you need to obtain knowledge about the client’s business and its industry?
To determine the effect of transactions, events, and practices on the client’s FS.
What should analytical procedures focus on when planning the audit?
- Enhancing the auditor’s understanding of the client’s business and transactions that have occurred since the last audit.
- Identifying areas that may represent specific risks relevant to the audit.
What are analytical procedures during planning?
During planning, analytical procedures consist of a review of data aggregated at a high level to help the auditor better understand their client.
What are examples of analytical procedures during planning?
- Comparing FS to budget.
- Comparing CY balances for conformity with predictable patterns.
What are examples of matters that may result in a risk of a material misstatement of the FS?
- Industry developments.
- New products and services.
- Business growth/expansion.
- New accounting rules.
- REG requirements.
- Current and future financial requirements.
- Implementing new strategies (risk of improper implementation).
- Changes in key personnel.
- Deficiencies in internal control.
- Pending litigation and contingent liabs.
- Past misstatements, errors, etc.
What are the 5 components of internal control?
CRIME!
- Control Environment.
- Risk Assessment.
- Information and Communication Systems.
- Monitoring.
- Existing Control Activities.
What are the 8 control activities in a strong system of internal control?
- Pre-numbering of docs.
- Authorization of Transactions.
- Independent checks to maintain asset accountability.
- Documentation.
- Timely and appropriate financial performance reviews.
- Information Processing Controls
- Physical controls for Safeguarding Assets.
- Segregation of Duties.
What is the foundation of the components of internal control?
Control environment.
What are the 3 inherent limitations of Internal Control?
- Mgmt override of internal control.
- Human error.
- Deliberate circumvention of controls by collusion of two or more people.
What are the 7 control environment factors?
MCCHAPO!
- Mgmt’s philosophy and operating style.
- Communication and enforcement of integrity and ethical factors.
- Commitment to competence.
- HR policies and practices.
- Assignment of authority, responsibility, and accountability.
- Participation of those charged with governance.
- Org structure.
What is substance over form?
When controls exist on the surface but IRL they’re not operating effectively or they’re not enforced by mgmt.
What does control environment focuses on?
Control environment focuses primarily on the governance and mgmt functions.
What does the auditor need to know when obtaining an understanding of an entity’s internal control?
Obtain knowledge about design of controls and whether they have been implemented.
What is the auditor’s primary consideration regarding an entity’s internal control?
Whether the control affects the FS assertions.
What should the auditor document about internal controls?
The auditor should document key elements of the understanding of the entity and its environment.
What are the entity’s objectives?
- Financial reporting.
- Operations.
- Compliance.
What is the purpose of obtaining an understanding of an entity’s information and communication system?
HTM = Hija de Tu Madre!
To understand:
1. How transactions are initiated, processed, reported.
2. The financial reporting process.
3. Means used by an entity to communicate financial reporting roles and responsibilities.
What is the difference between the entity’s assessment of risk and the auditor’s assessment of risk?
The entity is concerned with managing risks that affect the entity’s objectives.
The auditor is concerned with the risk that material misstatements could occur in the FS.
What does the evaluation of a design control pertain?
Determining whether the design of a control is capable of preventing and correcting material misstatements.
What does the evaluation of a implementation pertain?
Obtaining evidence about whether the individuals responsible for performing the controls are aware of the precedure, their responsibility towards the procedure, and knowledge on how to execute the control.
What are the procedures used to obtain evidence about the design and implementation of internal controls?
WIOIO
- Walkthroughs.
- Inquiry of entity personnel.
- Observation of application of controls.
- Inspection of documents and reports.
- Observation of the entity’s premises and plant facilities.
What is the primary objective of a walkthrough procedure?
To help obtain evidence about whether the controls are operating effectively.
What are the Walkthrough procedures?
- Inquiry.
- Observation.
- Inspection of documentation.
- Reperformance of controls.
What are the advantages of using Generalized Audit Software Packages (GASPs)?
- GASPs allow auditor to sample and test a higher % of transactions. The more, the merrier.
- GASPs require little tech knowledge. If auditor is familiarized with GASPs, then info is accessible wo getting into details of client’s IT.
- When used over time, GASPs reduce audit time wo sacrificing quality.
What are the types of CAATs?
- Transaction Tagging.
- Embedded Audit Modules.
- Test Data.
- Integrated Test Facility.
- Parallel Simulation.
What is Transaction Tagging?
A computer-assisted technique (CAAT) that the auditor uses to “tag” specific transactions and follow them through the client’s system.
What are Embedded Audit Modules?
Sections of the application programc code that collect data for the auditor. They are used to ensure that controls operate effectively. Ex. Auditor wants to examine all transactions affecting Cash that are >$500.
What is Test Data?
A computer-assisted technique (CAAT) that uses the application program to process a set of test data for which the results are already known.
What is Integrated Test Facility?
Similar to Test Data, except that Test Data is commingled with live data, and client’s employees are not informed that the test is being run.
What is Parallel Simulation?
A computer-assisted technique (CAAT) that allows an auditor to insert the auditor’s version of the client’s program to process data and acompare the outputs.
What are the differences between Manual and IT environments?
- Segregation of Duties.
- Dissappearing Audit Trail.
- Uniform Transaction Processing.
- Computer-Initiated Transactions.
- Potential for Increased Errors and Irregularities.
- Potential for Increased Supervision and Review.
- Dependence on IT Gral Controls Over Computer Processing.
What are the two requirements to achieve audit efficiency and effectiveness with a computer?
- Identification of the appropriate audit tasks.
2. Appropriate software to perform selected audit tasks.
