A3 Flashcards

(185 cards)

1
Q

If the client is an issuer, then the auditor must perform an

A

integrated audit of the client’s FS and IC over financial reporting. Integrated audits may also be performed for nonissuers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

As a part of the pre-acceptance phase of the engagement, the auditor should consider and document compliance with the firm’s quality control policies and procedures related to client acceptance and continuance. Specifically, the auditor should assess the following:

A
  • Firm’s ability to meet reporting deadlines
  • Firm’s ability to staff the engagement
  • Independence
  • Integrity of client management
  • Group Audits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The auditor should obtain the agreement of management that it acknowledges and understands its responsibility to:

A
  • For the preparation and fair presentation of the FS
  • For the design, implementation, and maintenance of IC
  • To provide the auditor with:
    - Access to all the information
    - Unrestricted access to persons
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some management imposed scope limitations?

A
  1. Audit required by law or regulation - if the entity is required by law or regulation to have an audit and a disclaimer of opinion is acceptable, such as in audit of an employee benefit plan, the auditor is permitted but not required, to accept the engagement.
  2. Scope Limitations that do not Preclude Engagement Acceptance -If a management imposed scope limitation will result in a qualified opinion, or if the scope limitation is imposed by circumstances beyond management’s control, the auditor may still accept the engagement.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Required Contents of an Engagement Letter:

A
  1. Objective and scope of the audit
  2. Responsibilities of the auditor
  3. Responsibilities of management
  4. Statement that because of the inherent limitations of an audit
  5. Identification of the applicable financial reporting framework
  6. Reference to the expected form and content of any reports
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some other things that the engagement letter may also refer to?

A
  • Elaboration of the scope of the audit
  • Form of any other communication
  • Arrangements regarding planning and audit performance
  • Written representations
  • Agreement of management to make info available
  • Subsequent events
  • Fees and billing arrangements
  • Arrangements concerning the involvement of other auditors, specialists, internal auditors, or other staff of the entity
  • Arrangements with predecessor auditor
  • Any restriction on the auditor’s liability
  • Additional services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

On recurring audits, the auditor should assess whether circumstances require the terms of the engagement to be revised. The following factors may make it appropriate to revise the terms of the engagement:

A
  • Management misunderstands the objective
  • Special engagement terms
  • Change in senior management
  • Significant change in ownership
  • Significant change in the nature or size of the entity’s business
  • Change in legal or regulatory requirements
  • Change in financial reporting framework
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a requirement of initial audit?

A

Communication with the predecessor auditor before engagement acceptance - mandatory

Inquiries include:

  • management integrity
  • disagreements with management
  • Reasons for change
  • Communication with management regarding fraud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Initial Audits - Opening Balances

  1. Auditors Responsibilities
  2. Audit Procedures
A
  1. Auditor Should obtain sufficient appropriate audit evidence:
    - Opening balances contain misstatements
    - Accounting policies reflected in opening bal have been consistently applied in the current period
  2. Auditor should;
    - Read the most recent FS, if any, and the predecessor auditor’s report
    - if a modification was made to the predecessor auditor’s opinion, the auditor should consider the effect of the matter giving rise to the modification on the current period assessment of the risks of material misstatement
    - Request management to authorize the predecessor to allow a review of the predecessor auditor’s documentation related to the most recently completed audit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The inability of the auditor to obtain sufficient appropriate audit evidence regarding opening balances may result -

A

GAAS issue

A qualified opinion or a disclaimer of opinion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When would a qualified or adverse opinion be expressed regarding opening balances?

A
  1. opening balances contain a misstatement
  2. Acct policies not consistently applied regarding open bal
  3. A change in accounting policy is not properly accounted for or adequately presented or disclosed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If, during the audit, the successor auditor becomes aware of the information indicating that the FS reported on by the predecessor auditor may require revision, he or she should…

A

request the client to arrange a meeting among the three parties to discuss the info and attempt to resolve the matter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Planning and Supervision: The engagement partner is responsible for:

A
  1. Planning the audit
  2. Supervising the work of engagement team members
  3. Compliance with relevant auditing standards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the auditor use to cover the clients records and IC?

A

Nature, Extent and Timing of Supervision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a requirement once the audit engagement is accepted?

A

the auditor must obtain an understanding of the client’s industry and business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

To gain knowledge of the client’s business, the auditor may:

A
  • Tour Client facilities
  • Review the Financial History of the Client
  • Obtain an understanding of client accounting
  • Inquire of client personnel
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is involved in developing the audit strategy-

A

A. Overall audit strategy - written (Nature, Extent, Timing)
B. Scope of the Audit (Extent)
C. Reporting Objectives, Audit Timing, and Required Communications (Timing)
D. Factors that determine the focus of the audit (Nature)
-Preliminary evaluations of materiality, Audit risk, and IC-to develop an overall audit strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

PCAOB standards state that when establishing an overall audit strategy:

A
  • Knowledge of the company’s IC
  • Matters Affecting the industry
  • The extent of recent changes in the company
  • The auditor’s preliminary judgments
  • Control deficiencies previously communicated
  • Legal or regulatory matters
  • Relative complexity of the company’s operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What should the auditor use when assessing materiality?

A

The auditor should use the smallest level of misstatement that could be material to any one of the FS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Who is the auditor required to communicate the planned scope and timing of the audit?

A

Those charged with governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is required when developing an audit plan

A

An written audit plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Audit procedures are performed to obtain evidence on which to base the audit opinion. Audit procedures may be categorized as:

A
  1. Risk assessment procedures - req in all FS audits
  2. Further audit procedures
    - Test of Controls - Audit test IS (used to evaluate the operating effectiveness of IC in preventing or detecting material misstatements)
    - Substantive procedures - Substantive Testing - (are used to detect material misstatements. They include tests of details (as applied to transaction classes, account bal, and disclosures) and substantive analytical procedures - at end of audit
  3. Timing of Audit procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the six main FS assertions?

A

COVER U

C-Completeness
O-cutOff
V-Valuation, allocation and accuracy
E-Existence and Occurrence 
R-Rights and obligations
U-Understandability and classification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are relevant assertions?

A

Transactions and Events
Account Balances
Presentation and Disclosure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
PCAOB standards state that the FS assertions are:
C-Completeness E-Existence O-Occurrence ``` A-Allocation P-Presentation R-Rights O-Obligations V-Valuation E D-Disclosure ```
26
What is the role of the client's internal auditors
Does not equal Judgment The auditor should consider the extent of involvement of the client's internal auditors in the performance of the audit. While internal auditors must maintain objectivity and integrity, they are not independent of the client, their employer. Thus, the independent external auditor cannot share with the internal auditor any of the responsibility for audit decisions, judgments, or assessments made as part of the audit
27
What are the external auditor responsibilities?
- Obtain an understanding of the internal audit function - Assess competence and objectivity-if the auditor decides to make use of the internal auditor's work, the internal auditor's competence and objectivity must be assessed
28
The auditor should have a sufficient understanding of the specialist's field of expertise to enable the auditor to:
- Determine the nature, scope, and objectives of the work of the auditor's specialist; and - Evaluate the adequacy of the specialist's work for the auditor's purposes
29
If info to used as audit evidence is prepared using the work of a management's specialist, the auditor should:
- Evaluate the competence, capabilities, and objectivity of the specialist - Obtain understanding of the work of the specialist; and - Evaluate the appropriateness of the specialist work as audit evidence for the relevant assertions
30
In assessing the objectivity of internal auditors
The independent CPA who is auditing the entity's FS considers info obtained from previous experience, from discussions with management, from external quality reviews (if performed), and from professional internal auditing standards (such as those developed by the Institute of Internal Auditors)
31
What is the AICPA's Accoutning Trends & Techniques?
is an annual survey of accounting practices followed in 600 stockholders annual reports
32
The work of an internal auditor may aid the external auditor in obtaining an understanding of....
IC, assessing risk, and performing substantive procedures
33
Assistants should be informed of their...
Responsibilities and the objectives of the procedures that they are to perform. Part of the assistant's responsibility is to properly evaluate audit results, and the in charge auditor would likely discuss this with them
34
The auditor's preliminary judgment about materiality is
Generally based on either annualized interim FS or annual FS from a prior period
35
The Internal auditor may provide assistance to an independent CPA in:
- Obtaining an understanding of IC - Performing tests of controls - Performing substantive tests
36
Pre-audit planning meeting are typically held to plan
Technical and personnel aspects of the audit. Assistants should be informed of their responsibilities and the objectives of the procedures that they are to perform
37
The auditor should consider the methods the entity uses to process accounting information in planning the audit because
Such methods influence the design of IC
38
Review of assistants' work is necessary to determine whether it was performed in
A satisfactory manner and to determine whether the work supports the conclusions presented in the auditor's report
39
The auditor should obtain knowledge of the client's business and its industry in order to...
Determine the effect of transactions, events, and practices on the client's FS
40
The auditor with final responsibility for an engagement and one of the assistants have a difference of opinion about the results of an auditing procedure. If the assistant believes it is necessary to be disassociated from the matter's resolution, the CPA firm's procedures should enable the assistant to:
Document the details of the disagreement with the conclusion reached
41
Sample to test IC are intended to provide a basis for an auditor to conclude whether:
the control activities are operating effectively
42
What happens when substantive tests to the details of assets and liability accounts as of an interim date?
Increases risk- as it is possible that errors will occur between the date of interim testing and the BS date
43
Use of internal auditor's work - Need to be aware of the competence and objectivity - what should the auditor look for?
Competence is reflected by education, professional certification, experience, performance evaluations, the audit plan, audit procedures, and the quality of internal audit documentation. Objectivity- is reflected by the organizational level to which the internal auditor reports, as well as by policies prohibiting audits of areas where the internal auditor lacks independence
44
In designing a written audit plan, an auditor should establish specific audit objectives that relate...
primarily to the FS assertions
45
The Nature, Extent and Timing of the supervision depend upon:
- the size and complexity of the entity - Nature of the work assigned - Assessed risks of material misstatement - Qualifications of assistants
46
What is materiality?
The amount of error or omission that would affect the judgment of a reasonable person
47
What is Audit Risk?
Is the risk that the auditor may unknowingly fail to appropriately modify the opinion on FS that are materially misstated
48
Misstatements can result from errors, which are unintentional, or fraud, which is intentional. Misstatements Include:
- Inaccuracies - Departures from GAAP - Omissions - Incorrect estimates or judgments - Inappropriate selection or application of accounting policies
49
What are Factual misstatements?
Are misstatements about which there is no doubt
50
What are judgmental misstatements?
Are differences arising from judgments of management concerning accounting estimates that the auditor considers unreasonable or the selection or application of accounting policies that the auditor considers inappropriate
51
What are projected misstatements?
Are the auditor's best estimate of misstatements in populations, involving the projection of misstatements identified in audit samples to the entire population from which the samples were drawn
52
What is the audit risk model?
The risk that the auditor will issue the wrong opinion
53
What is the formula for audit risk?
Audit Risk (should be low) = Risk of material misstatements (addressed by auditor) X Detection risk (controlled by auditor)
54
Risk of Material misstatement can be subdivided into?
Inherent Risk (IR) and Control Risk (CR)
55
What is Inherent Risk?
Is the susceptibility of a relevant assertion to a material misstatement, assuming there are no related controls
56
What is Control Risk?
Is the risk that a material misstatement that could occur in a relevant assertion will not be prevented or detected (and corrected) on a timely basis by the entity's IC
57
What is detection risk?
Is the risk that the auditor will not detect a material misstatement that exists in a relevant assertion Is a function of the effectiveness of audit procedures and of the manner in which they are applied
58
What is Inverse Relationship of RMM to DR?
When the auditor determines that the risk of material misstatement is high, DR should be set at a low level. Conversely, when the risk of material misstatement is low and the auditor can justify a higher DR
59
Considerations of audit risk and materiality are affected by...
The size and complexity of the entity, as well as the auditors experience with and knowledge of the entity, its environment, and its IC
60
At what levels should audit risk and materiality must be considered?
At both the FS level and the account balance, individual transaction class, or disclose item level
61
How are considerations of audit risk and materiality at the account balance, individual transaction class, or disclose item level used?
To determine the nature, extent, and timing of audit procedures to be applied to specific account balances, transaction classes, or disclosure item
62
What are errors?
Are unintentional misstatements or omissions
63
What is fraud?
Is an intentional act by one or more individuals
64
What does fraudulent financial reporting involve?
"Lying" | Intentional misstatements or omissions of amounts or disclosures in the FS that are designed to deceive FS users
65
What is misappropriation of assets?
"Stealing" | Or Defalcation, involves theft of an entity's assets
66
What is corruption?
"cheating"
67
What are the fraud risk factors?
- Incentives/Pressures: a reason to commit fraud - Opportunity: a lack of effective control - Rationalization/Attitude: an attempt to justify fraudulent behavior - Ethics and Integrity
68
What kind of assurance does an auditor express that the FS are free from material misstatements resulting from errors or fraud?
Reasonable assurance because due to the concealment aspects of fraud and the need to apply judgment in evaluating fraud risk, even a properly planned and executed audit may fail to detect fraud
69
What is management's responsibility with fraud?
To design and implement programs and controls to prevent, deter, and detect fraud
70
What is auditor's responsibility with fraud?
To plan and perform ("design") the audit to obtain reasonable assurance about whether the FS are free of material misstatement, whether caused by error or fraud
71
Who should the auditor direct inquiries to?
Management, employees involves involved in financial reporting, operating personal, internal auditors, in-house legal counsel, those charged with governance, etc.
72
PCAOB standards state that the auditor should ask management and audit committee whether?
They have received and responded to tips or complaints regarding company's financial reporting
73
In analyzing risk, the following four attributes should be considered?
- Type of risk: Does it involve fraudulent financial reporting or misappropriation of assets? ("or corruption") - Significance of Risk - Likelihood of Risk - Pervasiveness of the Risk
74
There is a presumption in every audit that the following two risks exist:
- Improper Revenue recognition : "analytical procedures req" | - Management override of controls
75
What are some additional considerations to deal with fraud?
- The size, complexity, and ownership characteristics of the entity - Large entities may have an audit committee, an internal audit function - A smaller entity may lack such features - The susceptibility of items to manipulation. Items are more susceptible to manipulation when they involve: - A high degree of management judgment and subjectivity; or - Highly complex accounting principles
76
The auditor is required to respond to the results of the fraud risk assessment on three levels.
- Overall, General Response - Assigning personnel - Supervision - Evaluating management's selection and application of accounting principles - Unpredictability in the selection -Response encompassing specific audit procedures = "NET" - Response Addressing Risks Related to Management Override - Examine J/E and other Adjustments - Review accounting estimates for biases - Evaluate the business purpose for significant unusual transactions
77
What happens if there are significant risks?
Withdraw
78
What conditions identified during fieldwork may affect the auditor's assessment of fraud risk?
- Discrepancies in the accounting records - Conflicting or missing evidential matter - Problematic relationships b/n the auditor and management - Objections by management to the auditor meeting privately with the audit committee - Accounting policies that appear inconsistent with industry practices - Frequent changes in accounting estimates - Tolerance of violations of the company's code of conduct
79
The auditor should consider whether any misstatements identified during the audit are indicative of fraud, and should evaluate the related implications. what are these?
- Misstatement caused by fraud (even immaterial misstatements) may be indicative of an underlying problem with management integrity - The auditor may need to reevaluate the assessment of fraud risk, the assessed effectiveness of controls, and the appropriateness of the audit procedures applied
80
Who should fraud be discussed with even if immaterial? Who should it be if it causes material misstatement? Who should it be discussed with if it is involving senior management?
1. Should be discussed with an appropriate level of management at least one level above those involved 2. Should be discussed with senior management and reported directly to those charged with governance 3. Reported directly to those charged with governance
81
In certain circumstances, fraud should be discussed with parties outside of the entity which includes:
- To comply with certain legal and regulatory requirements - To a successor auditor - with specific permission of client - To a funding agency or other specified agency in accordance with requirements for the auditors of entities that receive governmental financial assistance - In some circumstances - to authorities
82
What is management's responsibility with compliance with laws and regulations?
Responsible for ensuring that the entity's operations are conducted in accordance with applicable laws and regulations
83
What is auditor's responsibility with compliance with laws and regulations?
Obtaining reasonable assurance that the FS are free from material misstatement due to noncompliance with laws and regulations. The auditor is not responsible for preventing noncompliance and cannot be expected to detect noncompliance with all laws and regulations.
84
The Auditor's Consideration of Noncompliance: When obtaining an understanding of the entity and its environment, the auditor should obtain an understanding of:
- the legal and regulatory framework | - how the entity is complying with that framework
85
What are the procedures when noncompliance is identified or suspected...auditor should?
The auditor should discuss the matter with management at least one level above those suspected of noncompliance and, when appropriate, those charged with governance.
86
In the following circumstances, a duty to disclose outside the entity may exist:
- In response to inquiries from an auditor to a predecessor auditor - In response to a court order - In compliance with req for the audits of entities that receive federal financial assistance from a government agency
87
Reporting noncompliance in the auditor's report:
1. Material effect on the FS - "GAAP issue= except for an adverse") 2. Insufficient Evidence = "GAAS Issue = Except for or Disclaimer 3. Client Responses /"Refuse" = GAAS Issue = Withdrawal issue
88
What are the series of steps in assessing the risks of material misstatement and responding appropriately to that risk?
I - obtain an understanding of the entity and its environment, including its IC M - Assess the risks of MATERIAL MISSTATEMENT = ID types of potential misstate A-Resond to the ASSESSED LEVEL OF RISK by designing further audit procedures based on this ASSESSMENT C-Test internal CONTROL to evaluate their operating effectiveness P - PERFORM SUBSTANTIVE procedures A - Evaluate the sufficiency and appropriateness of AUDIT EVIDENCE obtained.
89
What are risk assessment procedures to obtain an understanding of the entity and its environment, including its IC.
1. Inquiries 2. Analytical Procedures 3. Observation and Inspection 4. Risk assessment discussion 5. Other Procedures (Reviewing external info & Prior Period evidence)
90
What are the Mandatory Analytical procedures?
- During planning to understand the entity and identify areas of risks - As an overall review in the final review stage of the audit
91
What are the analytical procedures during planning?
Analytical procedures consist of a review of data aggregated at a high level, such as comparing FS to budgeted or anticipated results
92
What types of data are used during the analytical procedures?
Generally, financial data is used, though relevant non-financial data (e.g. # of employees, square footage of selling space, or volume of goods produced) and their relationships with related financial data may also be considered
93
The objective of analytical procedures used during planning is to:
- Enhance the auditor's understanding | - Identify unusual transactions and events
94
PCAOB standards state that when applying analytical procedures as risk assessment procedures, the auditor should...
Perform analytical procedures related to revenue in order to identify unusual or unexpected relationships
95
PCAOB Standards state that the auditor should perform the following risk assessment procedures:
- perform analytical procedures; - Conduct a discussion among engagement team members - Inquire of the audit committee, management, and other within the company about the risks of material misstatement
96
PCAOB standards state that the auditor should consider performing the following procedures to obtain an understanding of the nature of the entity:
- Read public info - Observe or read transcripts of earnings calls - Obtain an understanding of senior management compensation arrangements; - Obtain info from SEC filings
97
What are the assertion level risks?
Are risks that relate to specific transactions, account balances, or disclosures at the relevant assertion level
98
What are financial statement level risks?
Are risks that relate pervasively to the FS as a whole and potentially impact many relevant assertions.
99
When does significant risk exist?
Exists when inherent risk is exceptionally high
100
What are the factors that may be indicative of significant risks?
- Risk of fraud - Significant recent economic, accounting, or other developments - Related parties and related party transactions - Improper revenue recognition - Nonroutine, unusual, or complex transactions - Accounting estimates or other subjective measurements of financial info - Noncompliance with laws and regulations - Accounting principles that are subject to different interpretations
101
What should the auditor document when assessing the risks of material misstatement?
- Discussion among the audit team - Key elements of the understanding of the entity and its environment - The assessment of the risks of material misstatement - Identified risks and related controls evaluated by the auditor - A more complex entity/environment results in more extensive audit procedures, which in turn should result in more extensive audit documentation
102
PCAOB: Factors that are relevant to the assessment of the risks of material misstatement associated with a particular location or business unit and the determination of the necessary audit procedures include:
- the nature and amount of assets, liabilities, and transactions executed at the location or business unit - the materiality of the location or business unit - the specific risks associated with the location or business unit - the effectiveness of the control environment
103
Objectives represent what an entity strives to acheive. An entity's may be divided into three categories:
1. Reliability of financial reporting = FS fraud = (lying) 2. Effectiveness and efficiency of operations = Asset misappropriation (stealing) 3. Compliance with applicable laws and regulations = corruption (cheating)
104
What are the five components of IC? (the COSO framework)
C - Control environment: overall tone of the organization R - Risk assessment: management's identification of risk I - Information and communication systems: a means of recording transactions and communicating responsibilities M - Monitoring: assessment of IC performance over time E - Existing Control activities - control policies and procedures
105
What is the control environment?
Auditor/CPA should obtain understanding & knowledge
106
What are the control environment includes such factors as:
- Communication and enforcement of integrity and ethical values of the people - Commitment to competence - Participation of those charged with governance - Management's philosophy and operating style - Organizational structure - Assignment of authority, responsibility, and accountability - Human resource policies and practices
107
The following circumstances would raise concerns regarding management's philosophy and operating style:
- Management consumed with meeting the budget = pressure - Management dominated by one person = opportunity (mgt override) - Management compensation contingent upon the entity's financial performance = Bonus & Stock = Rationalize
108
What is the risk assessment by management?
is an entity's identification and analysis of risks to achievement of its objectives (Note that this component concerns the assessment by mangament of risk facing the entity, not the auditor's assessment of control risk)
109
Information and communication systems support...
the identification, capture and exchange of info in a timely and useful manner
110
Accounting Information System: The auditor is especially interested in the business processes relevant to financial reporting, and should obtain an understanding of:
- Class of transactions - Accounting processing (Both automated and manual), from initiation of a transaction to inclusion in the FS - Accounting records (both electronic and manual), supporting the information, and specific accounts involved in initiating, authorizing, recording, processing and reporting transactions - the financial reporting process, including the development of significant accounting estimates and the inclusion of appropriate disclosures
111
What is monitoring?
Is the process that assesses the quality of IC performance over time. Establishing and maintaining IC is a responsibility of management
112
What are existing control activities and what is the rule?
Are the policies and procedures that help ensure that management directives are carried out and that necessary steps to address risk are taken. RULE: In a well designed IC environment, errors should be prevented and/or detected by employees in the ordinary course of their job/business
113
What are the control activities in a strong system of IC?
"PAID TIPS" P - Prenumbering of documents (Your Checkbook) A - Authorization of Transactions (Signed Approvals) I - Independent Checks to maintain asset accountability (Checks & Balances) D - Documentation (Paper Trail) T - Timely and Appropriate Performance Reviews (analytical procedures) -Comparison of actual performance to budgets, forecasts, and prior periods -Comparison of financial and non financial info I -Information processing controls P-Physical Controls for safeguarding assets S - Segregation of duties
114
What are information processing general and application controls? What are general and what are application?
Ensure that transactions are valid, properly authorized, and completely and accurately recorded Application Controls - apply to the processing of individual transactions General Controls - apply to information processing throughout the company
115
What reduces the opportunities for any individual to both perpetrate and conceal errors or fraud in the normal course of duties?
Assigning different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of the related assets
116
What type of risk can be assessed in quantitative terms such as percentages or in non quantitative terms that range, for example, from a minimum to a maxium
Control Risk Detection Risk Inherent Risk
117
An auditor assesses control risk because it:
Affects the level of detection risk that the auditor may accept
118
What are some steps the auditor may take when detection risk decreases?
- Change the nature of substantive tests from a less effective to a more effective procedure - Change the extent of substantive test - Change the timing of substantive tests
119
Control risk should be assessed in terms of
FS assertions
120
The acceptable level of detection risk is inversely related to...
The assurance provided by substantive tests.
121
How does inherent risk and control risk differ from detection risk in that they:
Exist independently of the FS audit
122
What are preventive controls?
Are designed to provide reasonable assurance that only valid transactions are recognized, approved, and submitted for processing
123
What are Detective Controls?
Are designed to provide reasonable assurance that errors or irregularities are discovered and corrected on a timely basis.
124
Evaluating the design of a control involves determining whether
It is capable, individually or in combination with other controls, of preventing or detecting and correcting material misstatements
125
What are the procedures used to obtain evidence about the design and implementation of IC?
- Inquiry of personnel - Observation - Inspection - Observation of the entity's premises and plant facilities - Walkthroughs
126
What is the purpose of walkthroughs
To confirm the auditor's understanding
127
What are the procedures involved in walkthroughs?
- Inquiry - Observe individuals performing their info processing and control procedures - Re-perform the info processing - Inspect - Corroborate inquiry responses with other knowledgeable about the info processing and control procedures
128
What are the documents required by the auditor in the understanding of IC?
F - Flowcharts: Depicts auditor's understanding of IC system I - Internal control questionnaires: used for each assertion of management, so as to "Cover U" N - Narratives - Hard to "see" weakness in IC D - Documentation from the client
129
What are system flowcharts?
An adequate flowchart shows the origin of each document in the system, its subsequent processing, and its final disposition
130
What are program flowcharts
IT flowcharts are initially created to document the logic and existing flow of a computer program
131
What are internal control questionaires
Generally consists of a list of questions to be answered by "Yes" or "No" response. A negative response is designed to draw attention to a possible weakness in IC. Written explanations are required for "No"
132
What is a narrative?
A written version of a flowchart
133
What are manual controls?
Are IC performed by people and are more suitable when judgment and discretion are required Are also used to monitor automated controls
134
What are automated controls?
Are IC performed using IT and are more suitable for High volume or recurring transactions
135
What are general controls in regards to IT?
Are policies and procedures that relate to many applications and support the effective functioning and proper operation of the info system
136
What are application controls in regards to IT?
Apply to the processing of individual transactions and help to ensure that transactions occurred, are authorized, and are completely and accurately processed and reported.
137
What are the IT Benefits?
- Ability to process large volumes of transactions and data accurately and consistently - Improved timeliness and availability of info - Facilitation of data analysis - Reduction of risk that controls will be circumvented - Enhanced segregation of duties through effective implementation of security controls - Enhanced ability to monitor the performance of the entity's activities and its policies and procedures
138
What are the IT Risks?
- Potential reliance on inaccurate system - Unauthorized access to data - Unauthorized change to data - Failure to make required changes or updates - Inappropriate manual intervention - Potential loss of data
139
What are the inherent limitations of IC?
- management override of IC - Human error - Deliberate circumvention of controls by collusion of two or more people - Segregation of duties may be difficult to achieve in a smaller entity
140
A service organization's services are considered...
To be part of a user entity's info system when those services affect the initiation, execution, processing or reporting of the user company's transactions
141
What is a "Type 1 Report"?
Is a report on the design and implementation of a service organization's controls. It does not provide assurance on the operating effectiveness of the controls.
142
What is a "Type 2 Report"?
Is a report on the design, implementation, and operating effectiveness of a service organization's controls.
143
What are the three elements of further audit procedures?
Nature - of an audit procedures includes both its purpose and its type Extent - Refers to the quantity to be performed, such as the number of observations to be made of the sample size to be used Timing - Audit tests may be performed at an interim date (strong) or at period end (weak)
144
What are the two approaches to identify risks at the relevant assertion level?
Substantive Approach | Combined Approach
145
For certain relevant assertions and risks, only substantive procedures will be performed. This occurs when...
Control Risk is assessed at maximum because: - There are no effective controls relative to specific assertions - The implemented controls are assessed as ineffective; or - It would not be efficient to test the operating effectiveness of controls
146
What is combined approach?
Both test of the operating effectiveness of controls and substantive procedures are used. Typically, if controls are operating effectively, less assurance will be required from substantive procedures
147
When are test of controls for IT required?
- An entity conducts its business using information technology - Highly automated processing - Audit evidence is obtained in electronic form
148
For all significant risks, the auditor should:
- Evaluate the design of the entity's related controls and determine whether the controls have been implemented - If relying on the operating effectiveness of IC intended to mitigate significant risk, test of controls must be performed in the current period. the auditor cannot rely on test of controls performed in prior periods - Perform substantive procedures that are clearly linked and responsive to the risk
149
PCAOB standards state that when performing test of controls, the auditor must...
obtain evidence that the controls selected for testing were both designed effectively and operated effectively during the period of reliance
150
What are substantive procedures?
Are used to detect material misstatements at the relevant assertion level. Are required for each material transaction class, account balance or disclosure
151
What are the types of substantive procedures?
- Test of details | - Substantive analytical procedures
152
If substantive procedures are performed at an interim date, the auditor should perform
Further substantive procedures, or substantive procedures combined with test of controls, to provide a reasonable basis for extending audit conclusions to period end - roll forward
153
Performing substantive procedures at an interim date increases
The risk that the auditor will not detect material misstatements in the FS. The longer the period b/n the interim date and period end, the greater the risk
154
What should the auditor do if the assessed level of risk changed?
The auditor should modify planned audit procedures
155
What does the auditor use to evaluate sufficiency and appropriateness of audit evidence?
Judgment
156
PCAOB standards state that the following factors are relevant to the conculsion that sufficient appropriate evidence has been obtained:
- Significance of uncorrected misstatements - Results of audit procedures performed - Auditor's risk assessment - Appropriateness of the audit evidence obtained
157
What are the documents required when evaluating the sufficiency and appropriateness of audit evidence?
- The overall response - The Nature, extent and timing - Linkage of those audit procedures - Results of audit procedures - Conclustions reached
158
The auditor would consider confirming a large complex sale when
the risk of material misstatement is high
159
What is an important consideration when deciding the nature of tests to use in a FS audit?
The nature of tests to be applied on a particular engagement is a matter of the auditor's professional judgment
160
What kind of risk is it if the entity enters into derivative transactions as hedges?
Inherent Risk - because of the complex calculations
161
Which type of risks most likely would increase if accounts receivable are confirmed three months before year end?
Detection risk- is a function of he effectiveness of audit procedures and of the manner in which they are applied. Audit procedures that provide less assurance increase detection risk, which is the risk that the auditor will not detect a material misstatement that exists. Specifically, audit performed at interim provides less assurance than audit procedures performed at year-end
162
During an audit, the auditor should maintain an attitude of professional skepticism, which includes....
A Questioning mind and a critical assessment of audit evidence
163
What happens if the noncompliance has a material effect on the FS, and has not been adequately reflected in the FS-
A qualified or adverse opinion should be issued
164
What information does an internal control questionnaire provide?
Provides info about control policies and procedures, but does not provide info about actual transactions or events that have occurred. There, it is unlikely to uncover any acts of noncompliance with laws and regulations
165
The auditor should obtain an understanding of the entity and its environment sufficient to ...
Assess the risk of material misstatement and to design and perform further audit procedures
166
What are the objectives of analytical procedures used during planning?
- Enhance the auditor's understanding | - Identify unusual transactions and events
167
What should the auditor do when the auditor's risk assessment is base don the effective functioning of IC?
The auditor should identify specific IC relevant to specific assertions that are likely to prevent or detect material misstatements in those assertions.
168
An audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in the audit of FS?
Document the auditor's understanding of IC
169
Control environment: The following circumstances would raise concerns regarding management's philosophy and operating style:
1. Management consumed with meeting the budget = Pressure 2. Management dominated by one person = opportunity (mgt override) 3. Management compensation contingent upon the entity's fin performance = bonus & stock - rationalize
170
What does proper segregation of duties reduce?
The opportunities for any individual to both perpetrate and conceal errors or fraud
171
What is the ultimate purpose of assessing control risk?
Is to contribute to the auditor's evaluation of the risk that material misstatements exists in the FS
172
What are the inherent limitations of IC?
Collusion, Human Error and management override
173
The auditor should obtain sufficient knowledge of the clien'ts information system relevant to fin reporting to understand...
The transactions processed, and how the transactions are initiated, recorded and summarized. Included in the info system relevant fin reporting is the preparation of significant accounting estimates
174
The advantage of using systems flowcharts to document internal information is
That flowcharts provide a visual depiction of clients' activities
175
Automated controls are more suitable than manual controls where...
Transactions are high-volume and recurring
176
When a service organization provides services that affect the initiation, execution, processing, or reporting of a user company's transactions, those services are considered
To be part of the user company's information system
177
What is the best compensating control for the lack of segregation of duties in smaller organizations?
Is to have more management oversight of incompatible functions.
178
What does test of controls include?
Inspecting documentation, inquiry, observation and repreformance
179
When an entity transmits, processes, maintains, or accesses significant info electronically, factors unique to electronic processing may make it impractical or impossible to reduce detection risk...what should be done?
Test of controls should be performed
180
The auditor should consider the following factors in determining the appropriate extent of testing controls:
- Frequency of the performance of the control during the period - Length of time during which the auditor wishes to rely on the control - Relevance and reliability of the evidence to be obtained - Extent to which other tests provide audit evidence about the same assertions - Extent to which the auditor wishes to rely on the operating effectiveness of the control to reduce substantive procedures - Expected deviation rate from the control
181
During the planning phase of the audit, the auditor obtains an understanding of the IC system by considering:
- Types of misstatements - Risk that misstatement - Factors that influence the design of tests - Assessment of inherent risk - Judgments about materiality - Complexity of the entity's operations and systems - Use of manual vs. Computerized control procedures
182
Assessing risk based on the effective operations of controls involves ...
(1) identify specific IC relevant to specific assertions that are likely to prevent or detect material misstatements in those assertions (2) Performing tests of such controls to evaluate their effectiveness
183
If controls have changed since they were last tested -
Operating effectiveness must be retested in the current period
184
When an auditor assesses control risk at the maximum-what happens
The assessment should be documented and the auditor should make decisions to potentially perform more substantive procedures
185
Providing more supervision during an audit of a nonissuer in response to assessed risks of material misstatement at the FS level is an example of...
An overall response