A3 Flashcards
What are the two types of fraud risk?
- Fraudulent financial reporting
2) misappropriation of assets - theft of an entity’s assets
What are three fraud risk factors whose presence indicates a greater possibility of fraud?
1) Incentives / pressures exist when there is a reason to commit fraud
2) Opportunity to commit fraud exists due to a lack of effective controls
3) rationalization / attitude associated with attempting to justify fraudulent behavior
What is management’s responsibility with respect to fraud
Design and implement programs and controls to prevent, detect and deter fraud
What is the auditor’s responsibility related to fraud?>
responsibility to obtain reasonable assurance about whether the financial statements are free of material misstatements, whether due to error or fraud. The auditor must:
1) exercise professional skepticism
2) discuss fraud risk with engagement partners
3) obtain information regarding fraud risk (inquiry, analytical procedures, etc)
4) Identify and assess fraud risk and develop an appropriate response
5) evaluate how audit evidence affects the fraud risk assessment
When analyzing fraud, which four attributes should the auditor consider?
1) type of risk
2) significance of the risk
3) likelihood of the risk
4) pervasiveness of the risk
When there is fraud, what should the auditor do if the fraud is immaterial versus material
immaterial — report to management at least one level about the parties involved
material or involves senior management - report to audit committee or those charged with governance
What are the three types of material misstatement?
1) Factual misstatements
2) judgemental misstatements
3) projected misstatements
What is a factual misstatement?
misstatements about which there is no doubt
what is judgemental misstatements?
management and the auditor have material judgement differences on accounting estimates or the application of accounting policies
What is a projected misstatement?
This represents the auditor’s best estimate of misstatements in populations, by projecting misstatements in an audit sample to the population from which the sample was drawn
What is audit risk
risk that the auditor may unknowingly fail to modify appropriately the opinion on financial statements that are materially misstated
what are the two factors of audit risk
1) risk of material misstatement
2) detection risk
What are factors that would increases inherent risk?
- Technological developments that make a product obsolete
- a lack of working capital
- a decline in overall industry or economy
high - high-volume transactions
- complex transactions
- amounts derived from estimates
What are the two components of the risk of material misstatement?
1) inherent risk
2) control risk
What is inherent risk
The susceptibility of a relevant assertion to a material misstatement assuming that there are no related controls
What is a control risk
The risk that a material misstatement that could occur in a relevant assertions will not be prevented or detected (and corrected) on a timely basis by internal control
What is the audit risk model
AR = RMM x DR
What is the relationship between detection risk to substantive risk
There is an inverse relationship between RMM and DR. As the acceptable level of detection risk increases, teh assurance required from substantive test decreases. As the acceptable level of detection risk decreases, the assurance required from substantive testing must increase
How can an auditor obtain more assurance from substantive procedures
1) changing the nature of substantive tests from a less effective to a more effective procedures (e.g., a direct test toward independent parties outside the entity rather than toward parties or documentation inside the entity)
2) changing the extent of substantive tests (e.g., using larger sample size)
3) changing the timing of substantive tests (e.g., performing substantive tests at year-end rather than at the interim)
What is the relationship between audit risk and materiality?
- audit risk and materiality must be considered together in designing the NET of audit procedures
- Audit risk and materiality must be considered at both the financial statement level and at the individual account balance, transaction class or disclosures item level
- there is an inverse relationship between audit risk and materiality
what are the three ways an auditor should respond to assessed risk?
1) overall response to address risk at the FS level
2) a response at the relevant assertion level
3) a response to significant risk
what is a significant risk
one that requires special audit consideration
What are factors that are indicative of a significant risk
- non-routine, unusual, or complex transactions
- improper revenue recognition
- fraud risk
- significant related party transactions
- accounting estimates or other subjective measurements of financial information
- accounting principles that are subject to different interpretations
- non-compliance with laws and regulations
what are the documentation requirements around the auditor’s assessment of risk?
The auditor should document
- dicsussion among the audit team
- understanding of the entity and its environment, icnluding its internal control
- assessment of the risk of material misstatement
- basis of the risk assessment
- identified risks and related controls evaluated
what should be included in each step of the audit plan?
NET Each step of the audit plan should set out the procedure in detail, specifying the nature, extent and timing of the work to be performed and including a reference under consideration N- Nature E- Extent T- Timing
How does the auditor’s assessment of the risk of material misstatement affect substantive procedures
- the auditor’s determination that the risk of material misstatement is high necessitates a greater level of assurance from substantive procedures, which maybe obtained by varying the nature, extent, or timing of such procedures
- the auditor’s determination that risk of material misstatement is low allows a reduction in the assurance required from substantive procedures. this too may be accomplished by varying the nature extent, or timing of such procedures
What are the two approaches an auditor may use to respond to identified risks at the relevant assertion level?
1) substantive approach
2) Combined approach
What is a substantive approach
only substantive tests are used, either because there are no effective controls, or because it would not be efficient to test the operating effectiveness of controls
What is a combined approach?
tests of the operating effectiveness of control and tests of substantive procedures are both used
When are tests of controls performed in a financial statement audit?
When the auditor’s risk assessment is based on the assumption that controls are operating effectively OR
When substantive procedures alone are insufficient, such as when there is a significant amount of electronic processing
What steps should the auditor perform in assessing and responding to risk?
1) Obtain an understanding of the entity and its internal control
2) assess the risk of material misstatement
3) respond to the assessed level of risk by designing further audit procedures based on this assessment
4) test internal controls to evaluate their operating effectiveness
5) perform substantive tests
6) evaluate the sufficiency and appropriateness of audit evidence obtained
at what level does the auditor assess risk
1) at the financial statement level
2) at the relevant assertion level
3) to identify any significant risks
What is the difference between a substantive approach and combined?
substantive — controls are nonexistent or ineffective or it would be inefficient to test them
Combined approach - test of controls are performed in the hope that effective controls will allow a reduction in substantive testing, substantive testing is always required
What are some common audit procedures related to contingencies, including pending litigation of possible future litigation?
Audit procedures related to pending or threatened litigation might include:
1) obtaining and reviewing the response from a letter of inquiry to the client’s attorneys
2) inquiring of management
3) reviewing minutes of meetings of stockholders, board of directors, and other executive committees
4) reviewing correspondence and invoices from lawyers
5) reviewing contracts, loan agreements, loan guarantees, leases, and correspondence from taxing authorities
Define related parties
Related parties may include the reporting entity’s affiliated, principal owners, and management, as well as any members of their immediate families
How can the auditor determine whether related parties exist?
The auditor can identify related parties by
1) evaluating the company’s procedures for identifying and accounting for related party transactions
2) Asking management
3) reviewing the reporting entity’s filings with the SEC
4) Reviewing material transactions for related party evidence
5) Reviewing prior year audit documentation or inquiring of the predecessor auditor
What is the auditor’s primary concern with respect to related party transactions?
The auditor’s primarily concerned with proper disclosure or related party transactions in accordance with GAAP
what should the auditor do if the client refuses to accept the modified opinion due to noncompliance issues?
withdraw from the engagement
What is the auditor’s responsibility related to management’s estimates?
The auditor should determine whether accounting estimates with high estimation uncertainty give risk to significant risks. The auditor should review judgements and decisions made by management to identify indicators of possible management bias exist
What are indicators that management bias exists related to estimates
1) changes in accounting estimates or methods
2) use of an entity’s own assumptions for fair value accounting estimates when they are inconsistent with observable market assumptions
3) the selection or construction of significant assumptions that yield a point estimate favorable for management’s objectives
4) the selection of a point estimate that may indicate a pattern of optimism or pessimism
List the three types of audit procedures
1) Risk assessment procedures
2) Tests of controls
3) Substantive procedures
What are risk assessment procedures?
to obtain an understanding of the entity and its environment, including its internal control
What are tests of controls?
To evaluate the operating effectiveness of internal control in preventing or detecting material misstatements
What is substantive procedures?
To detect material misstatements in the financial statements
When is audit evidence gathered during an audit?
the auditor gathers evidence when performing
1) risk assessment procedures
2) tests of controls
3) substantive procedures
4) other audit procedures
What influences the auditor’s decision regarding the sufficiency of evidential lmatter?
- Risk of material misstatement
- the quality of audit evidence
What factor’s should be considered when evaluating the reliability of audit evidence
- the auditor’s direct personal knowledge (e.g., from observation, examination, inspection, or recalculation) provides more persuasive evidence than knowledge obtained indirectly.
- evidence obtained from independent external sources is more reliable than internally generated evidence
- evidence sent directly to the auditor is more vlaid than evidence received and held by the client
- internal evidence generated under strong, effective internal controls is more reliable than that generated under weak controls
- evidence is documentary form is more reliable than oral evidence
- consistency among evidence provides a greater degree of assurance
- the accuracy and completeness of information produced by the client should be evaluated
How is relevance of evidence determined?
To be relevant, evidence must related to the financial statement assertions under consideration.
PCAOB standards state that the relevance of audit evidence depends on the design and timing of the audit procedure
What are the documentation requirements surrounding the auditor’s response to assessed risk?
document the:
- overall response addressing assessed risk at the FS level
- nature, extent, and timing of further audit procedures
- linkage of further audit procedures with assessed risk at the relevant assertion level
- results of audit procedures
- conclusions reached regarding the use of prior period evidence
What factors are relevant to the conclusion that sufficient appropriate evidence has been obtained?
- the significance of uncorrected misstatements and the likelihood of their having a material effect on the financial statements
- the results of audit procedures performed
- the auditor’s risk assessment
- the appropriateness of the evidence obtained
what is the hierarchy of audit evidence?
1) auditor’s direct personal knowledge
2) external evidence
3) internal evidence
4) oral evidence
What are some of the standard auditing procedures used in most audits?
C the FIVE CARROT WARS C - confirmations F - Footing, cross-footing, and recalculation I - inquiry V- Vouching E - Examination / inspection
C- Cutoff review A - analytical procedures R - Reprefromance R- reconciliation O- observation T - tracing
W- walkthrough
A- auditing related accounts simultaneously
R- representation letter
S- subsequent events review
What are analytical procedures
evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data (e.g., ratio analysis).
Note - analytical procedures are required in the planning and final review phase of the audit. they also may be used (but are not required) in substantive testing.
What steps are involved when using analytical procedures for substantive testing?
Steps when using analytical procedures for substantive testing
1) determine that the analytical procedures are suitable for testing the assertions
2) evaluate the reliability of data from which the auditors expectation is to be developed
3) develop an expectation of the recorded amount
4) compare the actual and expected amounts
5) investigate any significant differences
What is the purpose of applying analytical procedures during the overall review stage of the audit?
To evaluate the overall financial statement presentation, to assess the conclusions reached, and to assist in forming an opinion on whether the financial statements are free of material misstatement.
The evaluation is typically performed by the managing partner.
What should the direction of testing be if the auditor is concerned about the existence or occurrence assertion?
vouching backward from the records to source documents provides evidence of existence or occurrence
What should the direction testing be if the auditor is concerned about the completeness assertion?
Tracing forward from source documents to the accounting record (i.e., financial statements, journal entries, etc.) provides evidence of completeness
What is the test of details
tests of details consist of audit procedures applied to ending balances, the details of transactions, or a combination of the two
what tests make up substantive procedures
1) tests of details
2) substantive testing
What factors improve the efficiency and effectiveness of analytical procedures
1) nature of assertion being tested
2) plausibility and predictability of the data relationship
3) availability and reliability of data used to develop the expectation
4) precision of the expectation
What documentation is required when analytical procedures are the principal test?
- auditor’s expectations
- factor’s considered in the development of the expectation
- the results of the comparison of the expectation to recorded amounts
- additional audit procedures performed in response to significant unexplained differences
- the results of such additional procedures
What is the difference between nonstatistical and statistical sampling?
statistical sampling -
1) uses law of probability for selection and evaluation of a sample
2) allows for qualification of audit risk and sufficiency of audit evidence
Nonstatistical sampling
1) does not utilize statistical models in calc
2) auditors use their judgement to determine sample sizes, and sample results are evaluated using auditor judgement
when is professional judgement necessary in the use of statistical or nonstatistical sampling by an auditor?
the audotr must use professional judgement to:
1) define the population and sampling unit
2) select the appropriate sampling method
3) evaluate whether the audit evidence is appropriate
4) evaluate the nature of deviations of errors
5) consider sampling risk
6) evaluate sample results and project to the population
What are important things to note about statistical or nonstatistical sampling
- either method is acceptable
- statistical method rely on mathmatical concepts
- both methods involve the use of judgement
What is sampling risk?
the risk that the auditor’s conclusion based on a sample is different from the conclusion that would have been reached if the tests had been applied to all items in the population
What are two aspects of sampling risk that the auditor would be concerned with when performing substantive testing?
1) Risk of incorrect acceptance
2) risk of incorrect rejection
What are the two aspects of sampling risk for tests of controls
1) risk of assessing control risk too low
2) risk of assessing control risk too high
What is the risk of assessing control risk too low?
deciding that the control is more effective / reliable than it really is; affects audit effectiveness
what is the risk of assessing control risk too high?
deciding that the control is less effective / reliable than it really is; affects audit efficiency
What is the relationship between sampling risk and reliability (confidence level)?
Sampling risk + confidence level = 100%
What is attribute sampling?
attribute sampling is a statistical method used to estimate a rate of occurence in a sample. it is used in tests of controls
what factors affect sample size for an attribute sampling application?
- risk of assessing control risk too low
- tolerable deviation rate (inverse relationship)
- expected deviation rate (direct relationship)
- population size (not an issue if the population is large)
What rates are compared in drawing conclusion about an attribute sampling application?
Auditor compares upper deviation rate with the tolerable deviation rate.
If the upper deviation rate exceeds the auditor’s tolerable deviation rate, the auditor will not rely on the control
What is discovery sampling?
Discovery sampling is a type of attribute sampling used when the expected deviation rate is zero or near zero. It is used when the auditor is looking for a very critical characteristic (i.e., fraud)
What does the auditor’s conclusion about the control mean?
it will determine the NET of substantive procedures to be performed
Define tolerable deviation rate
for attribute sampling
The maximum rate (%) of deviation from a control procedure that the auditor is willing to accept while still relying on the control
What is tolerable misstatement?
- for various sampling
- The largest amount of misstatement the auditor believes can exist in a balance or a class of transactions without causing the financial statements to be materially misstated
What factors affect sample size for variable sampling application?
- standard deviation or population variability (direct relationship)
- Tolerable misstatement (inverse)
- Acceptable level of risk (inverse)
- expected size and frequency of misstatements (direct)
- assessed level of risk (direct)
Describe variable sampling
variable sampling is a statistical sampling method used to estimate the numerical amount of a population.
- primarily used in substantive testing
What is stratification and why would an auditor stratify a population?
separates the sample into relatively homogenous groups. each group is tested as a separate population
- stratification is typically used when a population has highly variable amounts. stratification usually results in a smaller sample size
What amounts are compared in drawing a conclusion about a variables sampling application
The auditor compares the client’s book value to the calculated range in a variable sampling application.
If the recorded book value is within the acceptable ranges, the book value is considered fairly stated.
what is the expected misstatement
The auditor’s estimate of misstatement (before sampling)
What is the projected misstatement
the auditor’s estimated misstatement based on sampling
What is commonly used classical variables sampling plans
1) means per unit (MPU)
2) ratio estimation
3) difference estimation
What is means per unit?
the sample mean is multiplied by the number of items in the population to estimated population value
What is ratio estimation
the ratio between book value and audited value (from a sample) is used to estimate population value
What is the difference estimation?
The difference between book value and audite value (from a sample) is used to estimated population value
Define probability proportional to size (PPS) sampling?
hybrid sampling technique that uses attribute sampling theory to express a conclusion in dollar amounts rather than as a rate of occurrence.
The sampling unit is defined as an individual dollar in a population, which creates the effect of stratified sampling (the unit’s chance of being selected increases as its amount increases)
what are the advantages and disadvantages of using PPS sampling?
advantages:
1) automatic stratification
2) efficient (smaller sample)
Disadvantages
1) may require special considerations for negative, zero, and understand balances
How is sampling interval determined in a PPS sampling application?
Sampling interval = tolerable misstatement / reliability factor
The reliability factor comes from a table and is based on the risk of incorrect acceptance
How is sample size determine in a PPS sampling application
sample size = recorded amount of the population / sampling interval
How is sample size determine in a PPS sampling application
sample size = recorded amount of the population / sampling interval
What is a dual purpose sample?
The same sample may be used to perform both tests of controls and test of details. this is called dual purpose sample
