A3: Engagement Acceptance, Planning, & Risk Assessment Flashcards

1
Q

Client Acceptance

A

Ensure integrity of client management
If scope limitation imposed by management (eg, lack of records) will result in disclaimer of opinion, do not accept engagement
If limit will result in qualified opinion or limit beyond management’s control, okay to accept

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Engagement Letter

A

-audit scope and objective, auditor and management responsibilities, inherent limitations of audit/risks that misstatements won’t be found, audit timing/client assistance/ document availability/fee arrangements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

New Client

A
  • must speak to old CPA before accepting (w/ client permission)
  • management integrity, disagreements, reasons for change, communications on fraud/ illegal acts/internal control issues
  • review old CPA’s workpapers/evidence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Discover issue with old CPA report

A

Request meeting with client and old CPA to resolve

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Planning Process

A
  • obtain knowledge of business/industry
  • audit strategy
  • audit plan
  • risk assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Audit Strategy

A

-scope of audit, reporting objectives, timing, required communications, factors determining focus of nature (preliminary views of materiality, audit risk, internet control; areas of higher risk of material misstatement)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Materiality

A
  • smaller level of misstatement that could be material to any one of F/S
  • both qualitative and quantitative judgment
  • preliminary assessment revised during audit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Audit Plan

A
  • outlines Nature, Extent, Timing (“NET”) of specific procedures to be performed
  • must be in writing
  • risk assessment procedures, tests of controls, and substantive tests
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Assertions

A
C – Completeness 
O  - cutOff 
V – Valuation, allocation and accuracy
E – Existence and occurrence
R – Rights and obligations
U – Understandability and classification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Transaction Assertions

A

-completeness, cutoff, accuracy, classification, occurrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Balance Assertions

A

-completeness, allocation and valuation, rights and obligations, existence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Presentation and Disclosure Assertions

A

-completeness, understandability and classification, rights and obligations, valuation and accuracy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Client’s Internal Auditors

A
  • not independent
  • consider objectivity (who report to) and competence (reputation, workpapers)
  • can’t share responsibility for decisions, judgments or assessments
  • I/As can assist with testing
  • CPA must test areas of high risk/subjectivity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Use of Specialist

A
  • CPA must understand specialist’s work and evaluate adequacy of work for audit purposes
  • evaluate competence and objectivity
  • client’s specialist may be acceptable
  • audit report may refer to specialist if modified opinion b/c of their work
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Audit Risk

A

-risk of issuing unmodified opinion when there are material misstatements
AR = Risk of Material Misstatement * Detection Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Misstatement Types

A
  • Factual: known misstatements
  • Judgmental: management estimates the CPA considers unreasonable or application of accounting policies CPA considers inappropriate
  • Projected: estimate of misstatements in population, projected from those in audit sample
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Risk of Material Misstatement

A

-risk that F/S are materially misstated
-exists independently of F/S audit
RMM = Inherent Risk * Control Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Inherent Risk

A

-risk of material misstatement, in absence of controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Control Risk

A

-risk that controls will not timely prevent/ detect material misstatement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Detection Risk

A
  • risk that CPA will not detect material misstatement

- CPA controls Detection Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Impact of Risk on Audit

A
  • higher RMM, need lower DR
  • higher RMM, more audit work required
  • even if low RMM, must always do substantive tests on all assertions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Fraud Types

A
  • fraudulent financial reporting (lying)
  • misappropriation of assets (stealing)
  • corruption (cheating)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Fraud Characteristics/Triangle

A
  • Incentives/Pressures: reason to commit
  • Opportunity: no effective controls
  • Rationalization/Attitude: justify behavior (ethics/integrity)

*existence of all factors doesn’t indicate there is fraud; their absence doesn’t indicate lack of fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Responsibilities concerning fraud

A
  • MR: design/implement programs & controls to prevent/deter/detect fraud
  • AR: design audit to obtain reasonable assurance whether F/S are free of misstatements due to error or fraud; must assess risk due to fraud during planning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Auditor Fraud Procedures

A
  • team must discuss fraud risk, brainstorm how it could be committed
  • make inquiries regarding fraud risk (issuers: ask about response to whistleblowers)
  • consider results of analytical tests (required relating to revenue)
  • must document fraud risk assessment and response (include support if improper revenue recognition not identified as fraud risk)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Fraud Risk Factors

A
  • presumption of risk: revenue recognition, management override of controls
  • considerations: fraud triangle, size/ complexity of entity, degree of judgment and subjectivity or complex accounting principles
27
Q

Responses to Fraud Risk

A
  • general (more personnel, more supervision, increased unpredictability of audit testing)
  • alter Nature/Extent/Timing of test (“NET”)
  • risks of management override (examine journal entries for adjustments, review estimates for bias, evaluate unusual transactions)
28
Q

Evidence of Fraud

A
  • may be indicative of problem w/ management integrity (consider withdrawing)
  • reevaluate fraud risk, effectiveness of controls, appropriateness of audit procedures
29
Q

Communications Regarding Fraud/Crimes

A
  • any indication of (even immaterial) fraud discussed w/ mgt 1 level about those involved
  • any causing material misstatement discussed w/ senior mgt & those charged w/ governance
  • CPA talks to outsiders: comply w/ legal/ regulatory requirements, successor auditor (w/ client permission), response to subpoena, to funding/other agency (client has gov’t financial assistance)
30
Q

Responsibilities over Compliance with Laws/ Regulations

A
  • MR: ensure that operations are in accordance with laws and regulations
  • AR: reasonable assurance that F/S free to material misstatements; not responsible to prevent noncompliance or detect all noncompliance
31
Q

Auditor Procedures concerning Noncompliance

A
  • get rep letter from mgt
  • obtain understanding of legal/regulatory framework and how entity complies w/ it
  • evidence on elements of F/S determined by laws & regulations w/ direct effect on F/S
  • indirect effect: only inquiries, inspect correspondence w/ regulatory agencies
  • noncompliance found/suspected: discuss w/ mgt, consider withdrawal if unsatisfied
32
Q

Reporting on Legal Noncompliance

A
  • material effect on F/S and not disclosed: qualified or adverse
  • insufficient evidence: qualified or disclaimer
  • inadequate client response: withdraw
33
Q

Steps in Assessing Risks of Material Misstatement

A
I – understand of entity, env and Internal control
M – assess risk of Material Misstatement
A – Assessed level of risk response
C – Control testing
P – Perform substantive testing
A – Audit evidence evaluation
34
Q

Procedures to obtain understanding of entity

A
  • risk assessment procedures required
  • analytical procedures required (PCAOB requires analytics related to revenue)
  • no need to test effectiveness of controls (may perform control tests/substantive tests concurrently w/ risk assessment procedures)
  • inquiries of management/others
  • observation and inspection
  • understanding selection/application of accounting policies, & internal control system
  • discuss risk assessment w/ audit team
35
Q

Assessing Risks of Material Misstatement

A
  • assess overall F/S level risks as well as risks related to specific balance/transaction/ disclosure assertion
  • significant risk: when inherent risk is very high; fraud risk, recent economic/accounting developments, related party transactions, improper revenue recognition, unusual/ complex transactions, estimates/subjective measurements, illegality
36
Q

Required Documentation – Material Misstatement Risk Assessment

A

-audit team discussion, elements of understanding of entity, assessment of misstatement risks, identified risks and controls

37
Q

Internal Control Objectives

A
  • reliability of financial reporting, effectiveness/ efficiency of operations, compliance w/ laws/ regulations
  • internal control can be overcome by: collusion, management override, human error
38
Q

Components of Internal Control

A
C – Control Environment
R – Risk Assessment
I – Information and communication systems
M - Monitoring
E – Existing control activities
39
Q

Control Environment

A

-integrity and ethical values, commitment to competence, participation of those charged w/ governance, management philosophy and operating style (concern if focus on meeting budget, dominated by on person, or compensation based on performance), organizational structure, human resource policies and procedures

40
Q

Risk Assessment (internal control)

A
  • entity’s understanding/analysis of risks to achievement of objectives
  • changes in external/internal circumstances
41
Q

Information and communication systems

A
  • procedures/records to initiate, authorize, record, process and report transactions, events and conditions
  • accounting system, AIS
  • communicating roles and responsibilities
42
Q

Monitoring

A

-assesses quality of internal control over time, management and supervision activities, evaluations of internal control, internal audit

43
Q

Existing control activities

A

P – Prenumbered documents
A – Authorization of transactions
I – Independent checks
D – Documentation
T – Timely performance reviews (analytics)
I – Information processing controls (application and general controls)
P – Physical controls for safeguarding assets (security)
S – Segregation of duties (“ARC” – Authorization, Recordkeeping, Custody)

44
Q

Understanding of Internal Control

A
  • element of assessment of risk of material misstatement, even if no plan to rely on controls/tests of controls in audit
  • evaluate design and implementation of identified controls
45
Q

Types of Controls

A
  • preventive controls: only valid transactions are permitted

- detective controls: errors are discovered and corrected

46
Q

Design and Implementation of Controls

A
  • design: whether it is capable of preventing/ detecting/correcting material misstatements
  • implementation: if it exists and is being used
47
Q

Procedures to obtain evidence about control design and implementation

A
  • inquiries (inquiries alone insufficient)
  • observe use of controls
  • inspect documents/records
  • observe premises and facilities
  • walkthrough: trace transactions through entire accounting system
48
Q

Document Understanding of Internal Controls

A

F – Flowcharts (graphical depiction of understanding)
I – Internal control questionnaires (for employees)
N – Narratives (written version of flowchart)
D – Documentation (client’s manuals, etc.)

49
Q

IT Impact on Internal Control

A
  • if evidence is not retrievable, difficult to determine timing of control/substantive tests
  • may be impossible to reduce detection risk through substantive tests alone (need to do control tests of IT)
50
Q

Types of IT Controls

A
  • manual: performed by people, useful when judgment/discretion needed
  • automated: performed by IT, useful for high volume/recurring transactions
  • general: relate to many applications, support proper operation of system
  • application: relate to processing of individual transactions, ensure they are authorized
51
Q

Segregation of Duties in IT

A
C – Control group
O – Operators 
P – Programmers 
A – Analyst (system)
L – Librarian 
-weakness if anyone does/supervises another area
52
Q

Service Organizations and Internal Control

A

-service org’s systems considered part of client’s information system

53
Q

Service Auditor Reports

A
  • Type 1: mgt description of system, opinion on design and implementation (no opinion on operating effectiveness); user CPA may not rely to reduce control risk for relevant areas
  • Type 2: mgt description of system, opinion on design, implementation and operating effectiveness; may provide evidence allowing reduction in assessed level of control risk
54
Q

Responding to Assessed Risks of Material Misstatement

A

-design audit procedures that address risks for each relevant assertion of each account/ balance/disclosure

55
Q

Nature, Extent and Timing of Tests (“NET”)

A
  • nature: purpose (control/substantive) and type (inquiry/confirmation/etc)
  • extent: quantity (# of observations, sample size)
  • timing: interim (strong controls) or at period end (weak controls)
56
Q

Audit Approaches

A
  • substantive approach: only substantive tests (control risk high b/c no effective controls, control ineffective, or control tests inefficient)
  • combined approach: both control tests and substantive tests, less substantive if effective controls (but don’t eliminate substantive tests)
  • control tests required if heavy use of IT (even if control risk high)
  • dual purpose test: serves as both test of controls and a substantive test
57
Q

Planning Tests of Significant Risks

A
  • if relying on effective operation of controls, must test controls in current period
  • must perform relevant substantive tests (details, or detail and substantive analytics)
58
Q

Control Testing

A
  • evidence regarding operating effectiveness of controls
  • nature: inquiry (alone insufficient), observation, inspection, reperformance
  • extent: only need to test few automated IT controls
  • timing: if interim, supplement with additional evidence for remaining period
59
Q

Audit Evidence Hierarchy

A

A – Auditor knowledge
E – External evidence
I – Internal evidence
O – Oral evidence

60
Q

Perform Substantive Tests

A
  • used to detect material misstatements

- required for each material transaction/ balance/disclosure

61
Q

“NET” of Substantive Tests

A
  • nature: tests of details, substantive analytical procedures
  • extent: generally refers to sample size
  • timing: interim only if low risk of material misstatement, if interim need to supplement with additional procedures for remaining period
62
Q

Audit evidence evaluation

A

-results of tests may lead to reassessment of risk of material misstatement, should then modify planned audit procedures

63
Q

Sufficient Appropriate Evidence

A
  • use judgment, consider significance/ likelihood of misstatements, mgt’s responses/ controls, results of procedures, source/ reliability/persuasiveness of evidence
  • PCAOB factors: uncorrected misstatements, results of procedures, risk assessment, appropriateness of evidence obtained
64
Q

Documentation of Evidence Evaluation

A

-overall response, NET of audit procedures, linkage of procedures w/ assessed risks, results of audit procedures, conclusions reached