A3 - Risk, Evidence, and Sampling Flashcards
What happens when there is Fraud commited by an officer?
Fraud involving an officer should be reported to governance.
What happens if, after communicating the Fraud of an officer to governance, governance does not do anything about it?
The auditor should consider withdrawing from the engagement.
What is Fraud?
Fraud is an intentional act that results in a material misstatement in financial statements that are the subject of an audit.
What is Error?
Error is an unintentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure.
What is the primary objective of the fraud brainstorming session?
The primary objective of the fraud brainstorming session is to assess the potential for material misstatement due to fraud.
What is an integrated audit?
An audit where two opinions are expressed:
- Opinion on the fairness of FS.
- Opinion on the operating effectiveness of controls.
When should the auditor consider the assessment of the risk of material statement?
During every stage of the audit.
What should the auditor consider during the overal review stage of the audit?
The auditor should consider whether the resuls of any of the audit procedures affect the assessment of the risk of material misstatement due to fraud.
What happens when an auditor expresses an unmodified opinion on FS that are materially misstated due to fraud?
Since fraud is so hard to detect, the auditor will be considered to have met his or her responsibility provided the audit was planned and performed appropriately, including a specific assessment of the rist of material misstatement due to fraud.
What are the three risk factors?
POA!
- Pressures/Incentives.
- Opportunity.
- Attitude/Rationalization.
What happens when the three risk factotrs are present in an audit?
The risk of material misstatement is greatest.
What happens when there is only one but less than three risk factors present in an audit?
One is enough to cause a risk of material misstatement due to fraud.
What is the most important factor concerning an auditor’s responsibility to detect errors and fraud?
The risk that mistakes, falsifications, and omissions may cause the FS to contain material misstatements.
What are the procedures that an auditor should follow to identify the risks of material misstatement due to fraud?
- Inquire of entity personnel regarding their views on fraud risk.
- Consider the results of Analytical Procedures.
- Evaluate Fraud Risk Factors.
What are the inquiries an auditor should make to personnel regarding their views on fraud risk?
- Identified or suspected instances of fraud.
- The process for identifying and responding to fraud riskm and controls established to address fraud risk.
- Communication of Management’s code of ethics.
- Whether management has communicated to governance about internal controls.
What are the conditions noted during fieldwork that may affect the auditor’s assessment of fraud risk?
- Discrepancies in the accounting records.
- Conflicting or missing evidential matter.
- Problematic relationship btwn auditor and mgmt.
- Objections by mgmt to the auditor meeting privately with the audit committee.
- Accounting policies that are inconsistent with industry practices.
- Frequent weird changes in accounting estimates.
- Tolerance of violations of the company’s code of conduct.
What are the 4 attributes of risk?
- Type of risk = Fraud in FS or misappropriation of assets?
- Significance of the risk = Material misstatement?
- Likelihood of the risk = Chances for fraud to happen.
- Pervasiveness of the risk = Does it affect FS as a whole or only some accounts, transactions etc?
What are the factors that should be considered when evaluating overall fraud risk?
- Whether the 3 fraud risk factors are present.
- Size, complexity, and ownership characteristics of the entity.
- Susceptibility of items to manipulation.
- How fraud can be perpetrated or concealed.
What should an auditor do when the audit evidence is not reliable?
The auditor should reevaluate the risk of fraud and design alternate tests for the related transactions.
What is the formula for Audit Risk?
Audit Risk = Risk of Material Misstatement * Detection Risk
What is the formula for Risk of Material Misstatement (RMM)?
RMM = Inherent Risk * Control Risk
What is Inherent Risk?
The susceptibility of a relevant assertion to a material misstatement, assuming that there are no related controls.
When is Inherent Risk high?
When an account is more likely to contain a material misstatement.
What are the assertions that have a high inherent risk?
- Complex calculations.
- Estimates.
- Cash
- High-volume transactions.
What is Control Risk?
The risk that a material misstatement that could occur in a relevant assertion will not be prevented or detected o an timely basis by the entity’s internal control.
When is Inherent Risk high?
When:
- There are no effective controls relative to the specific assertion.
- The implemented controls are not operating effectively.
- It would not be efficient to test the operating effectiveness of controls.
What is Detection Risk?
The risk that the auditor will not detect a material misstatement that exists in a relevant assertion.
Some detection risk will always exist as the auditor does not review 100% of things.
What makes Inherent and Control Risk different from Detection Risk?
Inherent risk always exist, and can’t be changed by the auditor.
How does the auditor show in the auditor’s report that there is audit risk?
With the sentence: “Auditor obtains reasonable assurance (NOT ABSOLUTE) about whether the FS are free of material misstatement”.
What is Audit Risk?
The risk that the auditor may unknowingly fail to appropriately modify the opinion on FS that are materially misstated.
What is a Material Misstatement?
An omission or misstatement of accounting information important enough that the judgement of someone relying on the info would have been influenced by it.
What are types of misstatements?
- Factual Misstatements.
- Judgemental Misstatements.
- Projected Misstatements.
What is a Factual Misstatement?
A misstatement about which there is no doubt.
What is a Judgemental Misstatement?
Differences arising from the judgements of management related to accounting estimates or inappropriate application of accounting policies.
What is a Projected Misstatement?
The auditor’s best estimate of misstatements in populations, based on the auditor’s projection of the audit sample to the entire population.
What is the ultimate purpose of assessing control risk?
To contribute to the auditor’s evaluation of the risk that material misstatements exist in the FS.
What is the assessed level of control risk useful for?
To determine the risk of material misstatement, which also determines the acceptable level of detection risk for FS assertions.
What is the relationship between the acceptable level of detection and the assurance provided by substantive tests?
They are inversely related. If acceptable level of detection risk decreases, assurance required from substantive tests increases.
What should you do when your assessment of risk is judgmental?
Perform more substantive tests.
What is the relationship between assessed risk of material misstatement and the allowed detection risk?
They are inversely related. If assessed risk of material misstatement increases, allowed detection risk decreases.
What are the relationships between risks?
RMM Inc –>Detection risk Dec –> Substantive Test Inc
Inherent Inc –>Detection risk Dec –> Substantive Test Inc
Control Inc –>Detection risk Dec –> Substantive Test Inc
What happens when controls are proven to be ineffective?
Extent of tests of details must increase.
What happens when controls are made during interim periods?
Detection risk increases.
Interim = Increase
YE = Decrease
When are tests of operating controls performed?
When the auditor’s risk assessment is based on the assumption that controls are operating effectively or when substantive testing alone is not enough.
What are the three elements of further audit procedures?
NET!
- Nature = Purpose and type of audit procedure.
- Extent = Quantity of audit procedure to be performed.
- Timing = Whether performed at interim or at YE.
What are the procedures used to test operating effectiveness of internal controls?
- Recalculation.
- Observation.
- Reperformance.
- Inquiry.
When would an auditor should not to perform substantive tests or tests of controls?
When doing so is inefficient.
What tests are performed after the auditor has assessed risk?
Test of details of transactions are used to detect material misstatements in the FS after the auditor has assessed risk.
What are the Substantive Procedures?
- Verification.
- Analytical procedures.
- Confirmation.
What should the auditor do when his risk assessment is based on the effective operation of controls?
The auditor should:
- Identify specific internal controls relevant to specific assertions.
- Perform tests of such controls to evaluate their effectiveness.
Why does the auditor decide to perform tests of controls?
Because, after obtaining an understanding of the entity and its environment, the auditor’s risk assessment is based on the effective operation of controls.
What are the parts to understanding internal control?
- Ascertaining whether internal controls have been inplemented.
- Considering factors that affect the risk of material misstatement.
- Identifying the types of potential misstatements that can occur.
What are the responses that the auditor should develop to the assessed risk of material misstatement?
- An overall response to address FS risk.
- A reponse at the relevant assertion level. In this case, NET will be designed to address risk to specific assertions.
- A response to significant risks.
What are the different actions that occur in an overall response? —> NEED TO KNOW!
- Communicate the need for professional skepticism.
- Assign more experienced, specialized staff.
- Increase level of supervision.
- Incorporate a greater level of unpredictability into the audit.
- Make pervasive changes to NET.
What are the different actions that occur in a response at the relevant assertion level?
Design procedures that address the risks of material misstatement for each relevant assertion for each significant account, balance, or disclosure.
What is the objective of tests of details performed as test of controls?
To evaluate whether internal controls operated effectively.
What are the accounts that are most likely to be selected for interim testing?
Accounts that are easily predictable.
What is a dual purpose test?
A Dual Purpose Test is a test of controls that is performed concurrently with a test of details on the same transaction.
What is the purpose of reviewing conflict of interest statements signed by management?
- To ID transactions with RP. (Main purpose).
2. To assess control risk related to RP.
What is the auditor’s responsibility for a client’s compliance?
To identify material misstatements in the entity’s FS due to noncompliance.
What are the items that may indicate there is a RP transaction?
- Compensating balance arrangements.
- Loan guarantees.
- Unusual, non-recurring transactions near YE.
- Non arm’s length transactions.
- Nonmonetary exchanges.
What should an auditor do after the effect of noncompliance on the FS is evaluated?
Auditor must:
- Determine the reliability of mgmt representations.
- Consider if other similar acts have occurred.
- Recommend remedial actions to govmt.
What should the auditor do when noncompliance has a direct effect in the FS?
Obtain SAE regarding material amts and disclosures in FS.
What should the auditor do when noncompliance has an indirect effect in the FS?
An auditor should apply the following audit procedures to ascertain that noncompliance has occured:
- Inquire if the entity is compliant.
- Inspect correspondence with authorities.
What evidence provides the highest level of assurance?
Evidence obtained from independent sources.
What does make evidence to be appropriate?
Reliability and relevance.
What are the attributes of reliable evidence?
Reliable evidence only needs to be corroborative or persuasive, not conclusive.
What makes reliability higher?
Effective internal controls.
What is relevance dependent on?
- Timing of the audit procedure.
- Whether the audit procedure is designed to test an assertion.
- Whether the audit procedure is designed to test for an under/overstatement.
What is the audit evidence hierarchy?
- Auditor’s direct personal knowledge.
- External evidence.
- Internal evidence.
- Oral evidence.
What is directional testing?
Refers to forward or backward testing.
What is forward testing?
Provides evidence of completeness. Traces forward from source docs to JE.
What is forward backward testing?
Provides evidence of existence. Traces backward from JE to source docs.
What are the tests that help auditors achieve audit objectives related to particular assertions?
Substantive tests.
What is audit documentation used?
To record the results of audit procedures that have been performed to achieve audit objectives.
What is the objective of substantive tests?
To detect material misstatements in the FS.
What are substantive tests made of?
- Test of details of transactions and balances.
2. Analytical procedures, when more effective than test of details.
What is the objective of tests of controls?
Attaining assurance about the reliability of information relevant to financial statements.
Why does an auditor always perform analytical procedures on revenue?
Because there is presumption of revenue fraud in all audits.
What are the most predictable relationships between accounts in terms of analytical procedures?
- Data generated in a stable, rather than dynamic, environment.
- IS data rather than BS data.
- Transactions that are less subject to management discretion.
What is C the CARROT WARS?
The standard audit procedures:
- Confirmation.
- Footing (recalc).
- Inquiry.
- Vouching (backward testing).
- Examination (inspection).
- Cutoff review.
- Analystical procedures.
- Reperformance.
- Reconciliation.
- Observation.
- Tracing (forward testing).
- Walkthrough.
- Auditing related accounts.
- Rep letter.
- Subsequent events review.
When are analytical procedures performed?
During planning and during final review.
What are the factors considered in assessing the efficiency and effectiveness of analytical procedures?
- Nature of the assertion tested.
- Plausibility and predictability of the data relationship.
- Availability and reliability of data used to develop the expectation.
- Precision of the expectation.
What are the methods used to develop an auditor’s expectation?
- Trend analysis.
- Ratio analysis.
- Nonstatistical predictive modeling.
- Regression analysis.
What is trend analysis?
YoY comparison.
Provides low level of assurance.
What is ratio analysis?
Calculated ratios.
Provides low level of assurance.
What is NPM analysis?
Uses predictive model to estimate FS amt.
Provides high level of assurance.
What is regression analysis?
Advanced statistical technique that uses PY data to predict future.
Provides high level of assurance.
What is an exception?
A response that indicates a difference between the information from the client and the confirming party.
What are the ratios commonalities?
- Return on/Turnover formulas are always IS accounts as the numerator, and Avg BS accounts on the denominator.
- Days in formulas always have the Ending Balance of a BS account as a numerator, and the IS/365 as the denominator.
What is attribute sampling?
A statistical sampling method used to estimate the % of occurrence of a specific characteristic.
It is used to test controls.
What is incorrect acceptance?
When the auditor concludes that an account was (ok) fairly presented, when it was not.
What is incorrect rejection?
When the auditor concludes that an account was (wrong) materially misstated, when it was not.
What are the factors to consider when determining the sample size?
- Risk of assessing control risk too low.
- Tolerable deviation rate.
- Expected deviation rate.
- Population size.
What are the relationships related to the factors in attribute sampling?
- > control risk ; < sample size = Inverse.
- > tolerable deviation rate; < sample size = Inverse.
- < expected deviation rate; < sample size = Direct.
What is the formula for Upper Deviation Rate?
Upper Deviation Rate = Allowance for sampling risk + Sample deviation rate
What are the two sampling risks?
- Risk of assessing control risk too low.
2. Risk of assessing control risk too high.
What is risk of assessing control risk too low?
Assessed level of control risk < True risk
ALSO
Sample deviation rate < tolerable rate < True deviation rate
What is risk of assessing control risk too high?
Assessed level of control risk > True risk
ALSO
Sample deviation rate > tolerable rate > True deviation rate
What are the risks related to the efficiency of an audit?
- Risk of incorrect rejection.
2. Risk of assessing control risk too high.
What are the risks related to the effectiveness of an audit?
- Risk of incorrect acceptance.
2. Risk of assessing control risk too low.
What is risk of overreliance?
Another word for Risk of assessing control risk too high/low.
What are the advantages of statitical sampling?
Helps the auditor to:
- Measure the sufficiency of audit evidence obtained.
- Provide an objective basis for quantitatively evaluating sample results.
- Design an efficient sample.
- Quantify sampling risk to limit risk to an acceptable level.
What is nonsampling risk?
- All other aspects of the audit that are not due to sampling.
- It always exists, and can’t be measured.
- The auditor can only try to reduce it by adequate planning and supervision.
What is audit sampling?
The application of audit procedures to some of the items within a population to evaluate one thing (ex. proper approval).
What are the types of sampling?
- Attribute sampling: rate of occurrence. Used for internal controls.
- Variables sampling: numerical quantity. Used in substantive testing.
- PPS: numerical quantity. Used in substantive testing.
What are the conclusions an auditor forms about an internal control that is tested?
Upper deviation rate < Tolerable deviation rate = May rely on control
Upper deviation rate > Tolerable deviation rate = reduce reliance on control, increase RMM, increase level of control risk.
What is variable sampling used for?
To estimate a numerical measurement of a population.
What is random-number sampling?
A method used to select a sample for evaluation. Can be used on variable or attribute sampling.
Ex: All items in the population are assigned a number, and then a random number generator selects a few those numbers to sample.
What is discovery sampling?
- A type of attribute testing.
- It is used in control testing.
- Used when looking for something very specific, like fraud.
What is stratified sampling?
- Separating the population into relatively homogeneous groups.
- Used when there is a lot variation among subjects in the population.
- Results in a reduced sample size, and increases efficiency.
What are the relationships related to the factors in variable sampling?
a. > expected misstatement ; > sample size = Direct.
b. > std deviation ; > sample size = Direct.
c. > assessed risk ; > sample size = Direct.
d. > tolerable misstatement; < sample size = Inverse.
e. > acceptable risk; < sample size = Inverse.
What is a disadvantage of PPS sampling?
Using negative balances is hard and requires an special design.
What are the three types of classical variables sampling?
- Mean per unit estimation.
- Ratio estimation.
- Difference estimation.
What is mean per unit estimation?
True population = Average sample value * # of items in population.
Does not require book value of population to estimate true population.
What is ratio estimation?
True population = Audited values / Book values.
Very efficient when calc’d audit amounts ARE proportional to client’s book amounts.
What is difference estimation?
True population = Avg of (Audited values - Book values).
Very efficient when calc’d audit amounts ARE NOT proportional to client’s book amounts.
What is precision?
Calculating the possible error in either direction.
What is the process of calculating projected error/misstatement in a PPS?
- Projected Error = Sample Interval * Taining %
2. Taining % = (Recorded Amt - Audit Amt) / Recorded Amt
What is the process of calculating projected error/misstatement for the entire population?
- Projected Error = Overstatement Amt / Samples %
2. Samples % = Amt sampled / Total population
What are the steps in the ADA process?
- Plan the ADA.
- Access and obtain the data.
- Review and analyze the relevance and reliability of the sourced data.
- Perform the ADA utilizing selected tools and techniques.
- Evaluate and address the outcomes of the ADA.
What are the matching charts to the analysis?
- Regression/Relationship Analysis = Scatter plots.
- Variance Analysis = Bullet charts.
- YoY Analysis = Column charts.
- Classification Analysis = Pie charts, tree maps or scatter plots.
- Trend Analysis = Line chart.
What are the ADA data types?
- Structured data.
2. Unstructured data.
What is Structured Data?
Organized, formatted data that is easily searchable. Ex: Excel, GLs, etc.
What is Unstructured Data?
Unorganized data with a variety of formats and types. May be text, numbers, images, audio, and video.
What are the ADA Techniques?
- Descriptive analytics.
- Diagnostic analytics.
- Predictive analytics.
- Prescriptive analytics.
What is Descriptive Analytics?
Explains what happened and what is happening with data. Ex: Data sorting.
What is Diagnostic analytics?
Explains why something happened to the data.
Used when the company wants to understand the underlying cause of the results. Ex: YoY analytics.
What is Predictive Analytics?
Explains what will happen to the data.
Uses historical data to predict estimates.
Ex: Forecasting.
What is Prescriptive Analytics?
Explains how to make something happen.
Ex: What if analysis.
