A3 - Risk, Evidence, and Sampling Flashcards
1
Q
During an audit, the auditor should maintain an attitude of:
A
- Professional skepticism
- Which includes a questioning mind and a critical assessment of audit evidence
2
Q
The auditor’s responsibility is to plan and perform the audit to obtain:
A
- Reasonable assurance about whether the FS are free of material misstatement, whether caused by error or fraud
- This includes a specific assessment of the RMM due to fraud
3
Q
The disclosure of fraudulent activities to parties other than the client’s senior management and those charged with governance is:
A
- NOT ordinarily part of the auditor’s responsibility
4
Q
Inquiries the auditor should make to identify the RMM due to fraud:
A
- How management has communicated to those charged with governance regarding IC and how it functions to prevent, deter or detect MM due to fraud
- How management communicates to employees its views on acceptable business practices
- Whether there are any particular business segments for which a risk of fraud may exist
- Whether management is aware of any allegations of fraud
5
Q
The auditor should consider implications of an act of noncompliance with laws and regulations in relation to other aspects of the audit, particularly:
A
- The reliability of the management representation letter (representations of management)
6
Q
Lack of ownership identification on the entity’s fixed assets would heighten:
A
- An auditor’s concern about the RMM arising from the misappropriation of assets
7
Q
If evidence is not reliable, the auditor should:
A
- Reevaluate the risk of fraud and design alternate tests
8
Q
What attributes should be considered in the process of identifying client risks that may result in a MM due to fraud?
A
- Type of risk
- Significance of the risk
- Likelihood of the risk
- Pervasiveness of the risk
9
Q
How does inherent risk and control risk differ from detection risk?
A
- They exist independently of the audit
10
Q
Judgmental misstatement:
A
- Differences arising from judgments of management and the auditor
11
Q
Factual misstatement:
A
- Misstatements about which there is no doubt
12
Q
Projected Misstatement:
A
- The auditor’s best estimate of misstatements in populations, involving the projection of misstatements identified in audit samples to the entire population
13
Q
Control risk:
A
- Risk that a material misstatement that could occur in a relevant assertion will not be prevented or detected (and corrected) on a timely basis by the entity’s internal control
14
Q
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the:
A
- Risk that material misstatements exist in the financial statements
15
Q
The auditor assesses control risk because it:
A
- Affects the level of detection risk that the auditor may accept
- To obtain an understanding of internal control
16
Q
To determine the assessed RMM, the auditor:
A
- Uses the assessed level of control risk along with the assessed level of inherent risk
- This affects the acceptable level of detection risk for FS asserstions
17
Q
If the assessed level of fraud risk is high, the auditor should attempt to reduce:
A
- Detection risk
- This helps ensure that the auditor will obtain reasonable assurance about whether the FS are free of material misstatement caused by fraud
18
Q
Audit risk is comprised of:
A
- The risk of material misstatement and detection risk
19
Q
Audit risk:
A
The risk that the auditor may unknowingly fail to modify appropriately the opinion of the FS that are materially misstated
20
Q
Fraud risk:
A
- The risk that misstatements will arise from fraudulent financial reporting or misappropriation of assets
21
Q
Detection risk:
A
- The risk that the audit procedures implemented will not detect a misstatement that exists in a relevant assertion
- This is not assessed, but rather controlled by the auditor through the level of testing performed
22
Q
Inherent Risk:
A
- The susceptibility of a FS assertion to a material misstatement assuming there are no related controls
23
Q
Regardless of the assessed level of control risk, an auditor would perform some:
A
- Substantive tests to restrict detection risk for significant transaction classes
24
Q
In an audit of FS, substantive procedures:
A
- Will always be necessary for all relevant assertions related to material transaction classes
25
If an auditor assesses control risk at the maximum level:
- Document the assessment and make decisions to potentially perform more substantive procedures
26
The acceptable level of detection risk is INVERSELY related to the:
- Assurance provided by substantive tests (perform more tests/change extent of tests)
- Risk of material misstatements (IR x CR)
27
- Increasing the assessed level of control risk would increase the:
- Extent of test of details
28
What is always necessary in a FS audit:
- Analytical procedures
| - Risk assessment procedures
29
When are tests of operating effectiveness in controls performed?
- Only when the auditor's risk assessment is based on the assumption that controls are operating effectively
When substantive procedures alone are insufficient
30
An auditor may decide not to perform tests of controls after performing risk assessment procedures because:
- The time required to perform tests of controls would be greater than the reduction in time spent on substantive testing
31
In assessing control risk, an auditor would perform:
- Inquiry
- Inspection
- Observation
- Reperformance
32
When risk assessment is based on the effective operations of controls, an audit will involve:
- Identifying specific internal controls relevant to specific assertions
33
An auditor should design tests of details to ensure that evidence supports:
- the planned level of assurance at the relevant assertion level
34
Auditor should consider when determining the appropriate extent of testing controls:
- Frequency of performance of control during the period
- Length of time auditor wishes to rely on control
- Relevance and reliability of evidence obtained
- Extent to which other tests provide evidence about the same assertion
- Extent auditor wishes to rely on operating effectiveness on the control to reduce substantive procedures
- Expected deviation rate from the control
35
What level would address the RMM by the auditor's consideration of an entity's control environment?
- Financial statement
36
If substantive tests solely do not reduce detection risk, an auditor would:
- Perform tests of controls to support a lower level of assessed control risk
37
During the planning phase of the audit, an auditor obtains an understanding of IC system by considering:
- Type of misstatements that may occur
- Risks that misstatements may occur
- Factors that influence the deign of tests of controls and substantive tests
- Assessment of inherent risk
- Judgements about materiality
- Complexity and sophistication of the entity's operations and systems
- Use of manual vs. computerized control procedures
38
AN auditor determines whether a risk is significant by:
- Its inherent risk alone
39
What procedure would assist an auditor in identifying related party transactions?
- Reviewing confirmations of loans receivable and payable for indications of guarantees
40
What procedure would assist an auditor in determining whether management has identified all accounting estimates that could be material to FS?
- Review the lawyer's letters for information about litigation
41
Reliability of audit evidence:
- Auditor's direct personal knowledge (and observation)
- External
- Internal
- Orally
42
PCAOB standards state that RELEVANCE of audit evidence depends on:
- Timing of the audit procedure
- Whether audit procedure is designed to tests for an understatement or overstatement
- Whether the audit procedure is designed to directly test an assertion
43
Corroborating evidence:
- Includes minutes of meetings, confirmations industry analysts' report, data about competitors, evidence obtained from management specialists, and information obtained through OBSERVATION, INQUIRT, and INSPECTION
44
Risk of incorrect rejection:
- Risk that the sample supports the conclusion that the recorded account balance is materially misstated when it is not materially misstated
45
Risk of incorrect acceptance:
- Risk that the sample supports the conclusion that the recorded account balance is NOT materially misstated when it is
46
Deviation rate:
- The auditor's best estimate of the deviation rate in the population from which it was selected
47
Tolerable deviation rate:
- The maximum rate of deviation from the prescribed procedure the auditor will tolerate without modifying planned reliance on internal control
- INVERSE relationship with the sample size
48
Attribute sampling (used to determine the NET of the substantive testing):
- Define objective of the test
- Define the population
- Define the sampling unit
- Define attributes of interest
- Determine the sample size
- Select the sample
- Evaluate the results
- Form conclusions
- Document the procedure
49
Upper deviation rate =
Sample deviation rate + Allowance for sampling risk
50
In determining the sample size, the auditor must determine the following factors:
- Risk of assessing control risk too low
- Tolerable deviation rate
- Expected deviation rate
51
Risk of assessing control risk too low:
- Risk that the assessed level of control risk based on the sample is less than the true level of control risk based on the actual operating effectiveness of the control
- Inverse relationship to sample size
52
What effect does the population size have on the sample size?
- Little effect
53
If the upper deviation rate is LESS than or equal to the tolerable deviation rate:
- The auditor MAY rely on the control
54
If the upper deviation rate EXCEEDS the tolerable deviation rate:
- The auditor would NOT rely on the control
55
Sample size of a test of controls is INVERSELY related to:
- Tolerable rate
56
Statistical compared to nonstatistical sampling provides a basis for planning the:
- Sample size
| - Provides an objective basis for quantitatively evaluating sample risk
57
Statistical sampling advantages:
- Provide a scientific basis for planning the sample size
- Provide an objective basis for quantitatively evaluating sample risk
- Measure the sufficiency of the audit evidence obtained
58
Deviations from specific control activities at a given rate ordinarily result in:
- Misstatements at a lower rate
59
Nonsampling risk
- Includes all aspects of audit risk that are not due to sampling
- Always present and cannot be measured; can only attempt to REDUCE this risk through planning and supervision
60
Sampling risk:
- Arises from the possibility that a conclusion may be different from the conclusions that would have been reached had the tests been applied to all items
61
If deviation rate in the sample is less than the tolerable rate, but the deviation rate in the population exceeds the tolerable rate:
- The control risk was assessed too low
62
If sample rate of deviation + allowance for sample risk exceeds tolerable rate, the auditor would reduce:
- The planned reliance on the prescribed control
63
In statistical sampling for substantive tests, and auditor would stratify the population into meaningful groups if:
- The population has highly variable recorded amounts
64
Tolerable misstatement:
- A planning concept related to the auditor's preliminary judgment about materiality levels
- The maximum monetary misstatement in an account balance that may exist without causing the FS to be materially misstated
65
When planning a sample for a test of subsequent cash receipts, the auditor should consider:
- Preliminary judgments about materiality levels
66
Ratio estimation is most effective if:
- There is a correlation between book values and audit amounts
67
Which sample method results in a smaller sample if no errors are expected?
-Probability-Proportional-to-size (PPS)
68
What is an advantage of variable sampling compared to PPS?
- The selection of negative balances requires NO special design considerations
69
Probability-Proportional-to-Size Sampling:
- The sampling unit is defined as an individual dollar in a population. Once a dollar is selected, the entire account (containing that dollar) is audited
- Advantages:
- Automatically emphasized larger items by stratifying the sample
- In no errors are expected, generally smaller samples
- Disadvantages:
- Zero balances, negative balances, and understated balances generally require special design considerations
- Recorded amount in the population/the sample size
- Auditor controls the risk of incorrect acceptance by specifying that risk level for the sampling plan
70
Mean-per-Unit Estimation:
- A sampling plan that uses the average value of the items in the sample to estimate the true population value (i.e. Estimate = Average sample value x Number of items in the population)
71
Stratified vs. Unstratified MPU:
- Stratified is more efficient produces an estimate having a desired level of precision with a smaller sample size
72
Projected error:
- The auditor's best estimate of the error in the total population based upon evaluating the actual error rate in the sample results
73
Statistical concept of precision:
- The auditor's evaluation of sampling results by calculating the possible errors in either direction
74
An auditor may decide to decrease the acceptable level of risk when:
- The cost and effort of selecting additional sample items is low
75
PPS Sample Size Determination:
Sampling Interval = Tolerable misstatement/Reliability factor
Sample size = Recorded amount of the population/Sampling interval
Projected error = (Recorded amount - Audit amount)/Recorded amount
76
Smaller tolerable misstatement results in:
- Increase in sample size
77
Higher risk of incorrect acceptance results in:
- Smaller sample size
78
Scatter plots:
- Allow for the auditor to graphically show the relationships among variables
- Allow for regression lines to be added to show the direction and strength of correlation
79
Best type of visualization when performing a trend analysis?
- Line chart
| - They appropriately address the forward-moving concept of time
80
Structured data:
- Organized, has consistent data types and formats, and is easily searchable
- i.e. Information systems, spreadsheets, databases, data warehouses, and data marts
81
Unstructured data:
- Not structured
- Data is typically in its original unmodified format and remains that way until transformed and modified for analysis
- Not organized and difficult to sort
- i.e. Social media posts, interview or phone transcrips, data sourced from sensors (internet of things), videos or images
82
Descriptive analytics:
- Explain what happened or what is happening with data
83
Diagnostic analytics:
- Utilized when an org wants to understand the underlying cause of results, essentially, why something happened with the data
84
Predictive analytics:
- Use historical data and facts to make predictions, estimates, and assertions about future events
- What will happen in the future
85
Prescriptive analytics:
- Most advanced and complex type
- Builds on predictive analytics
- How to make something happen
- Prescribes courses of actions to help optimize decisions
86
Benefits of Audit Data Analytics:
- Better understanding of clients and operations
- Advanced assessment of risk
- Expanded audit coverage
- Increase efficiency of applied procedures
- Enhanced fraud detection
- Improved communication through visualizations
