1
Q
What are 6 risk assessment procedures?
A
Risk Assessment Procedures
1. Obtain an Understanding of the Entity and its Environment
2. Obtain an Understanding of Internal Controls over Financial Reporting
3. Inquire of the AC, management, and others about the RMM
4. Perform analytical procedures
5. Discuss RMM with engagement team
6. Other procedures
2
Q
What are analytical procedures? What is the point of performing these during the planning stage? What account do we specifically need to perform analytical procedures over during planning?
A
- Looking at relationships between data over time
○ Analytical procedures often look at CY and compare to PY
○ Or compare CY to budget
○ Often compare ratios to industry- If we’re performing these during the planning stage, it’s because we’re trying to:
○ Enhance our understanding of the entity
○ Identify risky areas
- If we’re performing these during the planning stage, it’s because we’re trying to:
Need to perform over revenue
3
Q
What is the risk assessment discussion?
A
- This is different than the fraud risk discussion!
- The risk assessment discussion focuses on the susceptibility of the FS to material misstatements
- Will discuss:
○ Risky areas of the audit and procedures to address those
○ Company’s selection and application of accounting principles, including disclosure requirements
○ Areas with unusual accounting practices (procedures, principles, etc.)
○ Important control systems
○ Materiality levels - There is some overlap between the risk assessment discussion and the fraud planning discussion such as:
○ Key members of the engagement team will be there
○ Discuss important matters
○ Emphasize need to have professional skepticism
○ Allow experienced team members to share insights with less experienced team members - Discussions will often be held at the same time since they are with the same people
4
Q
What are the scalability considerations in regards to how ICs are implemented at a company?
A
The size and complexity of a company will determine how ICs are designed, implemented, and maintained.
5
Q
What are the PCAOB standards for obtaining and understanding of the entity and its environment?
A
- PCAOB Standards for Issuers:
○ Read public information
○ Observe or read transcripts of earnings calls and other public meetings of the client
§ Either need to be on the call or read the transcript
○ Obtain information from SEC filing
○ Understand compensation agreements with management
○ Inquire with chair of compensation committee
○ Obtain understanding around policies and procedures around executive reimbursement
6
Q
Do audit objectives differ between manual and automated controls?
A
No
7
Q
What are factors that shift supply?
Hint: ECOST
A
- Expectations
- Costs
- Other goods
- Subsidies
- Technology
8
Q
What are factors that shift demand?
Hint: SPINE
A
- Substitutes/compliments
- Popularity
- Income
- Number of buyers
- Expectations
9
Q
What are elasticity, cross price elasticity, income elasticity, normal goods, and inferior goods? When is profit maximized?
A
Elasticity - how much the demand for a good changes in response to a change in price
Cross price elasticity - how much the demand for good X changes in response to a change in the price of good Y
Income elasticity - how much the demand for a good changes in response to a change in average income
Normal goods - demand increases as income increases
Inferior goods - demand decreases as income increases
Profit maximization - MC = MR
10
Q
What are the different business phases?
A
- Expansionary Phase
○ Rising economic activity resulting in higher profits, growth, prices
○ Low unemployment- Peak
○ Profits at highest level
○ Firms can’t produce enough - Contractionary Phase
○ Economic activity decreases, reduced demand, lower profit, higher unemployment - Trough
○ Firms have lots of excess, prices fall, unemployment very high - Expansionary Phase (Again)
- What is asked about this?
○ Order
○ What happens in each phase
- Peak
11
Q
What is a recession vs a depression?
A
- Recession - two consecutive quarters of falling GDP
- Depression - very severe recession, lasts for years
12
Q
What are leading, coincident, and lagging economic indicators?
A
- Leading - help predict economy
- Unemployment - average weekly unemployment insurance claims
○ Indicates economy is not heading in a good direction - Bond Yield Curve - if we see an increase in yield, good
- Interest Rate Spreads - 10 year treasury vs federal funds rate
○ Federal funds rate used to speed up or slow down economy
○ If interest rate increases, means economy will probably slow soon - Producer Price Index (PPI) - cost increases for suppliers
○ Want to see a slight increase
- Unemployment - average weekly unemployment insurance claims
- Coincident Indicators - indicate what’s happening right now
- Industrial production
- Sales
- GDP
- Lagging indicators - follow economic activity (confirm prior thoughts)
- Average duration of unemployment
○ Long means bad economy
○ Short means good economy - Consumer price index (CPI)
○ Change in prices over time
○ Small increase is okay, too much/little is bad
- Average duration of unemployment
13
Q
What are the criteria in which you are required to test a control?
A
a) Addresses a sig risk
b) The control is over JEs or adjustments
c) We are relying on the control to test operating effectiveness in order to change/reduce substantive procedures
14
Q
What are GITCs? What is the auditor’s role related to GITCs?
A
General IT Controls - support effective and reliable operation of IT at a company
- Auditor's role ○ Obtain understanding of risks related to IT ○ Then evaluate GITCs
15
Q
What should an auditor be documenting about ICs?
A
- Key elements of understanding of each control component (CRIME)
- How did you obtain understanding (e.g. inquiry, inspection, etc.)
- Documentation can include one or more of the following (FIND)
a. Flow charts
§ More appropriate than narratives for complex controls
b. Internal control questionnaire or checklists
c. Narratives
§ More appropriate for simple controls
d. Document from client
§ If the client has documented their controls already, sometimes we can just use their work
16
Q
What are limitations of ICs?
A
- Internal controls can only provide reasonable assurance, not absolute assurance because:
○ Management override
○ Human error
○ Deliberate circumvention
○ Collusion by two or more people
○ External events
○ Issues related to suitability of entity’s objective - effectiveness of control depends on what the entity is trying to achieve
17
Q
What are the two levels where an auditor should assess RMM?
A
- Financial Statement Level
- Assertion Level
18
Q
What are FS level risks?
A
- Risks that could affect several different parts of the FS
○ Pervasive & far-reaching- Examples to be familiar with:
a. Process to prepare the FS
b. Overall system of internal controls
c. Lack of qualified personnel in financial reporting roles
d. Selection and application of significant accounting policies
- Examples to be familiar with:
19
Q
What are assertion level risks?
A
- RMMs that are not pervasive, they are specific to:
○ Transactions
○ Account balances
○ Disclosures- For assertion level risks, have to assess inherent risk and control risk separately
- Auditor will also identify significant risks
○ Risks where IR is high magnitude and high likelihood - Significant risks to be familiar with:
a. Risk of fraud
b. Significant emerging economic or accounting developments
c. Related party transactions
d. Improper revenue recognition
e. Nonroutine, unusual, or complex transactions
f. Subjective measurements
g. Accounting principles open to interpretation
20
Q
How do we alter the NET of procedures based on the assessed level of risk?
A
- Nature of procedures
○ Purpose - test of controls vs substantive
○ Type - inspection, observation, inquiry, etc.- Extent of procedures
○ Quantity - Timing of procedures
○ Year-end vs interim
- Extent of procedures
21
Q
What is a dual-purpose test?
A
- Test of controls performed concurrently with test of details
○ E.g. test approval and that a transaction was recorded at the correct amount for the same invoice instead of two separate invoices
22
Q
When would we need to perform a test of controls?
A
- Performed when:
○ Auditor’s risk assessment assumes the controls are operating effectively
○ When substantive procedures alone are insufficient (e.g. tech used extensively)
23
Q
What is the difference between testing design and operating effectiveness of controls?
A
Design effectiveness focuses on the concept of the control—whether it could work if implemented as intended.
- Inquiry
- Observation
- inspection
Operating effectiveness focuses on the execution of the control—whether it works in practice.
- Inquiry
- Observation
- inspection
- reperformance
24
Q
What does an auditor do in the case of a control deficiency?
A
- Consider compensating controls
- Significant deficiency or material weakness
- Could this result in a big misstatement
- Design substantive controls to work around the deficiency
25
What audit procedures would be conducted to try and detect noncompliance by management or TCWG?
- Auditor should obtain an understanding of:
○ Legal and regulatory framework applicable to a client
○ How entity is complying with that framework
- Then determine whether the laws and regs have a:
a) Direct Impact
§ Material amount or disclosure on FS impacted by laws and regs (e.g. tax provisions)
§ Audit procedure it to obtain sufficient appropriate audit evidence
b) Indirect Impact
§ Might not actually be on FS but could have an affect on the entity's operations
§ E.g. HIPPA confidentiality
§ Auditor needs to inquire of management about their compliance
- If you suspect that noncompliance is occurring:
○ Discuss with management one level above the committee
26
What is estimation uncertainty and what is the auditor's responsibility in relation to it?
Estimation Uncertainty - the susceptibility of an accounting estimate to error due to inherent variability or lack of precision in the underlying data, assumptions, or measurement techniques
Auditor's responsibility:
- consider if estimates need to be changed or if specialists should be involved
- evaluate if it gives rise to a sig risk
- if it's a very uncertain estimate, gain more assurance over it
27
What audit procedures would be conducted to gain assurance over accounting estimates?
1. Obtain evidence up to the date of the auditor's report and compare to estimate
* Can use subsequent events to help provide better value of things on the FS
* E.g. litigation resolved in Jan can be revalued on Dec 31 FS
2. Test how management made the estimate
* Methods - ask what methods or tools they used and make sure they seem reasonable
* Significant Assumptions - see if it's consistent with other areas in the entity's business
* Data Used - any information put through the estimate should be tested for reliability and relevance
3. Develop auditor's own estimate
- Point Estimate - "I think the estimate is this"
- Range Estimate - "the estimate should be between X and Y"
28
What are an auditor's responsibilities of related party transactions?
- Obtain understanding of related parties
- Obtain conflict of interest statement from company
- Know if there were any unapproved related party transactions
- Ask TCWG about these
- Review SEC filings to see affiliates of the company
- Look at legal confirms, minutes, etc.
- Look at PY audit documentation
29
What if we do find unidentified/undisclosed related parties or transactions with related parties?
1. Communicate to ET
2. Request again that management identify all related party transactions (e.g. give them another chance)
3. If they don’t, figure out why they didn't identify this one
4. Perform additional substantive procedures
5. Reconsider risk
6. Evaluate broader considerations (e.g. management is hiding something) or if it was just a control error
30
How do we identify litigation, claims, or assessments?
- Management inquiry
- Review of IRS report
- Review minutes of board or stockholder meetings
- Obtain letter from client's attorney
31
What happens if we ask management to send a legal confirm and they refuse? What if we send the legal confirm and the lawyer refuses to answer?
- If we ask management to send a letter to their attorney and they refuse:
○ Big issue
○ Results in a disclaimer (b/c of scope limitation) or withdrawal from the audit
- If we send out the letters and the attorney refuses to answer:
○ Will result in a disclaimer or qualification
32
What is the process for sending a legal confirm?
1. Letter of inquiry drafted by management
2. Send to legal counsel
3. Attorney responds
4. Response needs to be dated close to audit report date (w/in 2 weeks ish)
5. If dated earlier than 2 weeks, might need an updated response
33
What are two things not to do when making legal inquiries?
- Confirm directly with the lawyer that all litigation in the FS is correct
○ Not the lawyer's job to understand GAAP, that is our job
- Auditor goes to lawyer's office to examine documents
○ Not our job to understand legal language
○ We can rely on lawyers
34
What are factors that indicate substantial doubt around going concern?
- Financial difficulties
- Internal matters - work stoppages, labor difficulties, issues with production
- Negative trends
- External matters - legal proceedings, bad market conditions
35
Under going concern rules, we need to evaluate that companies can continue for a "reasonable period of time". What is a reasonable period of time?
For issuers: 1 year after the date the financial statements are issued.
For nonissuers: 1 year after the date the financial statements are available to be issued.
36
How would you amend the audit report for going concern issues that are or are not mitigated (issuers and nonissuers)?
- If auditor identified going concern issues and they ARE mitigated
○ May add (optional) emphasis of matter paragraph
- If auditor identified going concern issues and they ARE NOT mitigated
○ Include a separate heading "Substantial Doubt of the Entity's Ability to Continue as a Going Concern"
37
What are two types of audit evidence?
1. Accounting Records
* Don't alone provide sufficient evidence to support opinion
* E.g. JEs , ledgers, checks, invoices, worksheets
2. Corroborating/Contradictory Evidence
- Corroborating evidence provides additional support to accounting records
- Contradictory evidence shows that accounting records are incorrect
- E.g. minutes, confirms, analyst reports, other things inspected or observed
38
What is the hierarchy of audit evidence?
Hint: AEIO
1. Auditor's direct personal knowledge and observation
○ Things you do yourself
○ Observations, inspection, etc.
2. External evidence
a) Sent directly to the auditor - e.g. confirmations
b) Evidence received by the client and then sent to the auditor - e.g. bank statement
○ Sent directly is more reliable than from the client
3. Internal evidence
○ Information produced by the client
○ More reliable if the client has good controls
○ If bad controls, then this is not very reliable
4. Oral evidence
○ Inquiry
○ Not sufficient or persuasive on its own
39
Define the following types of bias:
a) Availability bias
b) Confirmation bias
c) Overconfidence bias
d) Anchoring bias
e) Automation bias
- Availability Bias - put weight on events that are more recent or readily available
- Confirmation Bias - put weight on things that corroborates rather than contradicts
- Overconfidence Bias - tendence to overestimate one's abilities
- Anchoring Bias - tendency to use initial information as an anchor against subsequent information
- Automation Bias - tendency to favor information generated from automated systems over something non-automated
40
What are the common audit procedures?
Hint: C the FIVE CARROT WARS
1. Cutoff
2. Footing, cross footing, and recalculation
3. Inquiry
4. Vouching
5. Examination/inspection
6. Confirmation
7. Analytical procedures
8. Reconciliation
9. Reperformance
10. Observation
11. Tracing
12. Walk-throughs
13. Auditing related accounts simultaneously
14. Representation letters
15. Subsequent events review
41
When are analytical procedures required?
- Required during the planning stage
○ Goal is to understand entity and environment
- Also required during final review
○ Goal is to look at overall balances and ensure sufficient evidence has been obtained
42
What is the process for using SAPs?
1. Figure out if SAPs are suitable
- don't provide as persuasive of evidence as TODs
2. Evaluate the reliability of the data you're using
- external is better than internal
- also want controls in place
3. Develop the expectation
- Methods used:
a. Trend analysis - compare current periods with prior periods
§ Low assurance b/c even if something was $500k last year doesn't really provide much assurance if it is $500k again this year
b. Ratio analysis - compare ratios to PY or industry
§ Also not great for same reason as trend analysis
c. Nonstatistical Predictive Modeling - use variables to come up with a predictive amount
§ Pretty high assurance
§ Don't use computer or anything too sophisticated (e.g. payroll is 25% of sales or total expenses)
d. Regression Analysis
§ Highest assurance
§ Use several independent variables
4. Compare to what the client has recorded
5. Investigate differences
43
What assertion does vouching usually test?
Existence --> we're picking something and moving down to the source document
e.g. pick an invoice from a GL listing and then get the original source document
44
What is tracing and what assertion does it test?
Looking from source document to GL (e.g. floor to sheet count)
Tests completeness
45
What is positive vs negative confirmation? What if management tries to prevent you from sending confirms?
Positive - write us back if X is correct
Negative - if you don't write us back, we'll assume X is correct
What if management tries to prevent you from sending confirms?
- If it is reasonable (e.g. you are inquiring of a celebrity), then maybe it's okay
- If unreasonable, communicate with TCWG
46
What procedures would you perform to test completeness?
1. Tracing - start with source document and go up to where it appears in the FS
2. Analytical Review - consider how items might be omitted from the account balances
3. Observation - of process and procedures to make sure they are recording correctly (e.g. watching them do an inventory count)
47
What procedures would you perform to test cutoff?
Cutoff procedures around anything (e.g. AR, AP, prepaids, etc.)
48
What procedures would you perform to test valuation, allocation, and accuracy?
1. Inspection - of documents supporting transactions
2. Footing and cross-footing
3. Recalculation
49
What procedures would you perform to test existence and occurrence?
1. Confirmation - very important one
2. Observation, inspection, and examination
3. Vouching
50
What procedures would you perform to test rights and obligations?
1. Inspection
2. Confirmation
51
What procedures would you perform to test understandability of presentation and classification?
1. Inspection of documents supporting transactions
2. Review of related disclosures
3. Inquiry of management
52
What are the different types of sampling?
1. Attribute Sampling - for internal controls
- can be answered by yes/no questions
2. Variable Sampling or PPS (probability proportional to size) Sampling - for substantive testing
- can't be answered yes/no
53
What is sampling risk in substantive and control testing?
1. Substantive Testing
* Acceptance - samples and concludes that balance IS NOT misstated when in reality IT IS
○ Risk you take whenever you sample
* Rejection - sample supports the conclusion that the balance IS materially misstated when it reality it ISN'T
2. Control Testing
* Risk of Assessing Control Risk Too Low - sample shows controls ARE operating well, but they AREN'T
○ Can lead to ineffective audit b/c you then will gather less persuasive evidence throughout the audit
* Risk of Assessing Control Risk Too High - sample shows controls ARE NOT operating well, but they ARE
○ Leads to inefficient audit b/c you do more work than you need to
54
What are the steps to attribute sampling?
1. Objective - define objective of test
2. Population - define population
3. Sampling Unit
4. Attributes of Interest - what are we looking at to determine deviations
5. Determine Sample Size
a) Risk of assessing control risk too low - if we want less risk we want a bigger sample size
b) Tolerable Deviation - if we want a lower deviation, we want a bigger sample
c) Expected Deviation - if we expect the deviation to be higher, we pick a larger sampe
6. Select the sample (randomly or systematically, not block)
7. Evaluate Results
* Sample deviation rate + allowance for sampling risk = upper deviation rate
○ Sample deviation rate - deviation rate in sample
○ Allowance for sampling risk - cushion added to sample deviation rate that we expect might reasonably be incorrect
8. Form Conclusions
* If upper deviation rate ≤ tolerable deviation rate = auditor may rely on controls
* If upper deviation rate ≥ tolerable deviation rate = auditor CANNOT rely on controls
9. Document results
55
What are two other attribute sampling methods?
- Discover Sampling - used when auditor believes population deviation rate is 0 or near 0 (often used when looking for fraud)
- Stop-or-go Sampling - designed to avoid oversampling attributes by allowing auditor to stop midway through (used when errors are expected to be very low)
56
What is the formula for mean per unit estimation, ratio estimation, and differences estimation?
1. Mean-per-Unit (MPU) Estimation - uses the average value of the items in the sample to estimate the true population value
* Mean per unit estimation=(Total audited value)/(Number of samples audited)∗Number of items in population
2. Ratio Estimation - uses ratios to project true value
* Ratio estimation=(Audited value of sample)/(Book value of sample)∗Total book value
3. Differences Estimation - average difference between audited value and book value projected to entire population
* Projected error=(Book value of sample−Audited value of sample)/(Number of items audited)∗Population of items
* Point estimate=Total book value of population −projected error
57
How does probability proportional to size sampling work?
* Each sampling unit is an individual dollar (e.g. not each customer account)
* Advantages:
* Emphasizes larger amounts --> automatically stratifies population
* Generally results in a smaller sample
* Disadvantages:
- Zero balances, negative balances, or understated balances require special considerations
58
How do you determine sample size in probability proportional to size sampling?
* Sampling Interval=(Tolerable Misstatement)/(Reliability Factor)
* Sample size=(Recorded amount of population)/(Sampling Interval)
59
What are descriptive, diagnostic, predictive, and prescriptive data analytics?
1. Descriptive Analytics
* Describes what happens
* E.g. summary statistics, data sorting and filtering, aging data
2. Diagnostic Analytics
* Explains why something happened
* Tries to find correlations, patters, or relationships in data
* E.g. clustering, drill down/through, data mining, variance analysis, period over period analysis, data profiling, sequence checks
3. Predictive Analytics
* Try to forecast what will happen in the future
* E.g. regression analysis, forecasting, time-series modeling, classification, sentiment analysis
4. Prescriptive Analytics
- Recommend what action to take based on predictive future analysis
- E.g. what-if analysis, decision support and automation, machine learning, natural language processing
60
What is a:
- Data lake
- Data warehouse
- Data mart
- Data cube
- Database
- Table
- Spreadsheet
* Data Lake - all structured and unstructured data (stored in raw form)
* Data Warehouse - structured and organized database tables (easily searchable and accessible, cleaned and organized already)
* Data Mart - smaller, more focused version of data warehouse. Contains data for fewer sources
* Data Cubes - data tables transformed for drilling down (e.g. particular year, area, or product)
* Databases - structured tables for specific analysis
* Table - single sheet of attributes and records
* Spreadsheets - has tables and/or other values
61
Define the following data analytics terms:
a) Normalization
b) Primary key
c) Foreign key
d) Composite Key
a) Normalization - Reduces redundancies by taking larger tables and breaking them into smaller tables
b) Primary key - unique identifier of a table that allows it to be linked to another table
c) Foreign key - Attribute in one table that contains values from a primary key in another table
d) Composite Key - unique key created when a single record can't identify an entry
AUD Exam
flashcards
Decks in class (4)
# Cards
