A3: Engagement Acceptance, Planning, & Risk Assessment

Question 1

Client Acceptance

Answer 1

Ensure integrity of client management
If scope limitation imposed by management (eg, lack of records) will result in disclaimer of opinion, do not accept engagement
If limit will result in qualified opinion or limit beyond management’s control, okay to accept

Question 2

Engagement Letter

Answer 2

-audit scope and objective, auditor and management responsibilities, inherent limitations of audit/risks that misstatements won’t be found, audit timing/client assistance/ document availability/fee arrangements

Question 3

New Client

Answer 3

• must speak to old CPA before accepting (w/ client permission)
• management integrity, disagreements, reasons for change, communications on fraud/ illegal acts/internal control issues
• review old CPA’s workpapers/evidence

Question 4

Discover issue with old CPA report

Answer 4

Request meeting with client and old CPA to resolve

Question 5

Planning Process

Answer 5

• obtain knowledge of business/industry
• audit strategy
• audit plan
• risk assessment

Question 6

Audit Strategy

Answer 6

-scope of audit, reporting objectives, timing, required communications, factors determining focus of nature (preliminary views of materiality, audit risk, internet control; areas of higher risk of material misstatement)

Question 7

Materiality

Answer 7

• smaller level of misstatement that could be material to any one of F/S
• both qualitative and quantitative judgment
• preliminary assessment revised during audit

Question 8

Audit Plan

Answer 8

• outlines Nature, Extent, Timing (“NET”) of specific procedures to be performed
• must be in writing
• risk assessment procedures, tests of controls, and substantive tests

Question 9

Assertions

Answer 9

C – Completeness 
O  - cutOff 
V – Valuation, allocation and accuracy
E – Existence and occurrence
R – Rights and obligations
U – Understandability and classification

Question 10

Transaction Assertions

Answer 10

-completeness, cutoff, accuracy, classification, occurrence

Question 11

Balance Assertions

Answer 11

-completeness, allocation and valuation, rights and obligations, existence

Question 12

Presentation and Disclosure Assertions

Answer 12

-completeness, understandability and classification, rights and obligations, valuation and accuracy

Question 13

Client’s Internal Auditors

Answer 13

• not independent
• consider objectivity (who report to) and competence (reputation, workpapers)
• can’t share responsibility for decisions, judgments or assessments
• I/As can assist with testing
• CPA must test areas of high risk/subjectivity

Question 14

Use of Specialist

Answer 14

• CPA must understand specialist’s work and evaluate adequacy of work for audit purposes
• evaluate competence and objectivity
• client’s specialist may be acceptable
• audit report may refer to specialist if modified opinion b/c of their work

Question 15

Audit Risk

Answer 15

-risk of issuing unmodified opinion when there are material misstatements
AR = Risk of Material Misstatement * Detection Risk

Question 16

Misstatement Types

Answer 16

• Factual: known misstatements
• Judgmental: management estimates the CPA considers unreasonable or application of accounting policies CPA considers inappropriate
• Projected: estimate of misstatements in population, projected from those in audit sample

Question 17

Risk of Material Misstatement

Answer 17

-risk that F/S are materially misstated
-exists independently of F/S audit
RMM = Inherent Risk * Control Risk

Question 18

Inherent Risk

Answer 18

-risk of material misstatement, in absence of controls

Question 19

Control Risk

Answer 19

-risk that controls will not timely prevent/ detect material misstatement

Question 20

Detection Risk

Answer 20

• risk that CPA will not detect material misstatement

- CPA controls Detection Risk

Question 21

Impact of Risk on Audit

Answer 21

• higher RMM, need lower DR
• higher RMM, more audit work required
• even if low RMM, must always do substantive tests on all assertions

Question 22

Fraud Types

Answer 22

• fraudulent financial reporting (lying)
• misappropriation of assets (stealing)
• corruption (cheating)

Question 23

Fraud Characteristics/Triangle

Answer 23

• Incentives/Pressures: reason to commit
• Opportunity: no effective controls
• Rationalization/Attitude: justify behavior (ethics/integrity)

*existence of all factors doesn’t indicate there is fraud; their absence doesn’t indicate lack of fraud

Question 24

Responsibilities concerning fraud

Answer 24

• MR: design/implement programs & controls to prevent/deter/detect fraud
• AR: design audit to obtain reasonable assurance whether F/S are free of misstatements due to error or fraud; must assess risk due to fraud during planning

Question 25

Auditor Fraud Procedures

Answer 25

• team must discuss fraud risk, brainstorm how it could be committed
• make inquiries regarding fraud risk (issuers: ask about response to whistleblowers)
• consider results of analytical tests (required relating to revenue)
• must document fraud risk assessment and response (include support if improper revenue recognition not identified as fraud risk)

Question 26

Fraud Risk Factors

Answer 26

• presumption of risk: revenue recognition, management override of controls
• considerations: fraud triangle, size/ complexity of entity, degree of judgment and subjectivity or complex accounting principles

Question 27

Responses to Fraud Risk

Answer 27

• general (more personnel, more supervision, increased unpredictability of audit testing)
• alter Nature/Extent/Timing of test (“NET”)
• risks of management override (examine journal entries for adjustments, review estimates for bias, evaluate unusual transactions)

Question 28

Evidence of Fraud

Answer 28

• may be indicative of problem w/ management integrity (consider withdrawing)
• reevaluate fraud risk, effectiveness of controls, appropriateness of audit procedures

Question 29

Communications Regarding Fraud/Crimes

Answer 29

• any indication of (even immaterial) fraud discussed w/ mgt 1 level about those involved
• any causing material misstatement discussed w/ senior mgt & those charged w/ governance
• CPA talks to outsiders: comply w/ legal/ regulatory requirements, successor auditor (w/ client permission), response to subpoena, to funding/other agency (client has gov’t financial assistance)

Question 30

Responsibilities over Compliance with Laws/ Regulations

Answer 30

• MR: ensure that operations are in accordance with laws and regulations
• AR: reasonable assurance that F/S free to material misstatements; not responsible to prevent noncompliance or detect all noncompliance

Question 31

Auditor Procedures concerning Noncompliance

Answer 31

• get rep letter from mgt
• obtain understanding of legal/regulatory framework and how entity complies w/ it
• evidence on elements of F/S determined by laws & regulations w/ direct effect on F/S
• indirect effect: only inquiries, inspect correspondence w/ regulatory agencies
• noncompliance found/suspected: discuss w/ mgt, consider withdrawal if unsatisfied

Question 32

Reporting on Legal Noncompliance

Answer 32

• material effect on F/S and not disclosed: qualified or adverse
• insufficient evidence: qualified or disclaimer
• inadequate client response: withdraw

Question 33

Steps in Assessing Risks of Material Misstatement

Answer 33

I – understand of entity, env and Internal control
M – assess risk of Material Misstatement
A – Assessed level of risk response
C – Control testing
P – Perform substantive testing
A – Audit evidence evaluation

Question 34

Procedures to obtain understanding of entity

Answer 34

• risk assessment procedures required
• analytical procedures required (PCAOB requires analytics related to revenue)
• no need to test effectiveness of controls (may perform control tests/substantive tests concurrently w/ risk assessment procedures)
• inquiries of management/others
• observation and inspection
• understanding selection/application of accounting policies, & internal control system
• discuss risk assessment w/ audit team

Question 35

Assessing Risks of Material Misstatement

Answer 35

• assess overall F/S level risks as well as risks related to specific balance/transaction/ disclosure assertion
• significant risk: when inherent risk is very high; fraud risk, recent economic/accounting developments, related party transactions, improper revenue recognition, unusual/ complex transactions, estimates/subjective measurements, illegality

Question 36

Required Documentation – Material Misstatement Risk Assessment

Answer 36

-audit team discussion, elements of understanding of entity, assessment of misstatement risks, identified risks and controls

Question 37

Internal Control Objectives

Answer 37

• reliability of financial reporting, effectiveness/ efficiency of operations, compliance w/ laws/ regulations
• internal control can be overcome by: collusion, management override, human error

Question 38

Components of Internal Control

Answer 38

C – Control Environment
R – Risk Assessment
I – Information and communication systems
M - Monitoring
E – Existing control activities

Question 39

Control Environment

Answer 39

-integrity and ethical values, commitment to competence, participation of those charged w/ governance, management philosophy and operating style (concern if focus on meeting budget, dominated by on person, or compensation based on performance), organizational structure, human resource policies and procedures

Question 40

Risk Assessment (internal control)

Answer 40

• entity’s understanding/analysis of risks to achievement of objectives
• changes in external/internal circumstances

Question 41

Information and communication systems

Answer 41

• procedures/records to initiate, authorize, record, process and report transactions, events and conditions
• accounting system, AIS
• communicating roles and responsibilities

Question 42

Monitoring

Answer 42

-assesses quality of internal control over time, management and supervision activities, evaluations of internal control, internal audit

Question 43

Existing control activities

Answer 43

P – Prenumbered documents
A – Authorization of transactions
I – Independent checks
D – Documentation
T – Timely performance reviews (analytics)
I – Information processing controls (application and general controls)
P – Physical controls for safeguarding assets (security)
S – Segregation of duties (“ARC” – Authorization, Recordkeeping, Custody)

Question 44

Understanding of Internal Control

Answer 44

• element of assessment of risk of material misstatement, even if no plan to rely on controls/tests of controls in audit
• evaluate design and implementation of identified controls

Question 45

Types of Controls

Answer 45

• preventive controls: only valid transactions are permitted

- detective controls: errors are discovered and corrected

Question 46

Design and Implementation of Controls

Answer 46

• design: whether it is capable of preventing/ detecting/correcting material misstatements
• implementation: if it exists and is being used

Question 47

Procedures to obtain evidence about control design and implementation

Answer 47

• inquiries (inquiries alone insufficient)
• observe use of controls
• inspect documents/records
• observe premises and facilities
• walkthrough: trace transactions through entire accounting system

Question 48

Document Understanding of Internal Controls

Answer 48

F – Flowcharts (graphical depiction of understanding)
I – Internal control questionnaires (for employees)
N – Narratives (written version of flowchart)
D – Documentation (client’s manuals, etc.)

Question 49

IT Impact on Internal Control

Answer 49

• if evidence is not retrievable, difficult to determine timing of control/substantive tests
• may be impossible to reduce detection risk through substantive tests alone (need to do control tests of IT)

Question 50

Types of IT Controls

Answer 50

• manual: performed by people, useful when judgment/discretion needed
• automated: performed by IT, useful for high volume/recurring transactions
• general: relate to many applications, support proper operation of system
• application: relate to processing of individual transactions, ensure they are authorized

Question 51

Segregation of Duties in IT

Answer 51

C – Control group
O – Operators 
P – Programmers 
A – Analyst (system)
L – Librarian 
-weakness if anyone does/supervises another area

Question 52

Service Organizations and Internal Control

Answer 52

-service org’s systems considered part of client’s information system

Question 53

Service Auditor Reports

Answer 53

• Type 1: mgt description of system, opinion on design and implementation (no opinion on operating effectiveness); user CPA may not rely to reduce control risk for relevant areas
• Type 2: mgt description of system, opinion on design, implementation and operating effectiveness; may provide evidence allowing reduction in assessed level of control risk

Question 54

Responding to Assessed Risks of Material Misstatement

Answer 54

-design audit procedures that address risks for each relevant assertion of each account/ balance/disclosure

Question 55

Nature, Extent and Timing of Tests (“NET”)

Answer 55

• nature: purpose (control/substantive) and type (inquiry/confirmation/etc)
• extent: quantity (# of observations, sample size)
• timing: interim (strong controls) or at period end (weak controls)

Question 56

Audit Approaches

Answer 56

• substantive approach: only substantive tests (control risk high b/c no effective controls, control ineffective, or control tests inefficient)
• combined approach: both control tests and substantive tests, less substantive if effective controls (but don’t eliminate substantive tests)
• control tests required if heavy use of IT (even if control risk high)
• dual purpose test: serves as both test of controls and a substantive test

Question 57

Planning Tests of Significant Risks

Answer 57

• if relying on effective operation of controls, must test controls in current period
• must perform relevant substantive tests (details, or detail and substantive analytics)

Question 58

Control Testing

Answer 58

• evidence regarding operating effectiveness of controls
• nature: inquiry (alone insufficient), observation, inspection, reperformance
• extent: only need to test few automated IT controls
• timing: if interim, supplement with additional evidence for remaining period

Question 59

Audit Evidence Hierarchy

Answer 59

A – Auditor knowledge
E – External evidence
I – Internal evidence
O – Oral evidence

Question 60

Perform Substantive Tests

Answer 60

• used to detect material misstatements

- required for each material transaction/ balance/disclosure

Question 61

“NET” of Substantive Tests

Answer 61

• nature: tests of details, substantive analytical procedures
• extent: generally refers to sample size
• timing: interim only if low risk of material misstatement, if interim need to supplement with additional procedures for remaining period

Question 62

Audit evidence evaluation

Answer 62

-results of tests may lead to reassessment of risk of material misstatement, should then modify planned audit procedures

Question 63

Sufficient Appropriate Evidence

Answer 63

• use judgment, consider significance/ likelihood of misstatements, mgt’s responses/ controls, results of procedures, source/ reliability/persuasiveness of evidence
• PCAOB factors: uncorrected misstatements, results of procedures, risk assessment, appropriateness of evidence obtained

Question 64

Documentation of Evidence Evaluation

Answer 64

-overall response, NET of audit procedures, linkage of procedures w/ assessed risks, results of audit procedures, conclusions reached