A3 - Risk, Evidence, and Sampling Flashcards
How is the overall audit risk lowered?
If the risk of material misstatement is too high (e.g, with regard of overstatement of revenue), the audit has no choice but to lower the detection risk, and with it, the overall audit risk is lowered by performing more substantive testing.
How is detection risk lowered?
If the risk of material misstatement is too high, you lower detection risk as follows:
1. N - Nature: substantive test rather than test of controls
2. E - Extent: More testing rather than less
3. T - Timing: Closer to year end
Increased emphasis on professional skepticism when gathering and evaluating audit evidence.
What risks does the auditor assesses?
- Inherent risk
- Control risk
What risk does the auditor make a decision to increase or decrease?
Detection risk
How is detection risk increased?
If the risk of material misstatement is below the maximum, you increase detection risk as follows:
1. Perform less substantive tests or perform them earlier in the year.
2. Test controls instead of substantiative tests
3. Perform testing earlier in the audit
How does inherent risk and control risk differ from detection risk?
- They exist independently of the audit of financial statements. The auditor cannot change them.
- Assessed by the auditor.
Why does the auditor assesses control risk?
Because it affects the level of detection risk that the auditor may accept.
How is Audit Risk (AR) computed?
Audit Risk (AR) (should be low) = Risk of material misstatement (RMM) (assessed by auditor) * Detection Risk (DR) (controlled by auditor)
How is Risk of material misstatement (RMM) computed?
Risk of material misstatement (RMM) = Inherent risk (IR) * Control risk (CR)
How are the components of audit risk assessed?
The components (e.g., inherent risk, control risk, detection risk) can be assessed as either quantitative (e.g., as a percentage) or nonquantitative (e.g., high, medium, low, etc.)
What is considered a judgmental misstatement?
Are differences arising from the judgement of management, including those concerning recognition, measurement, presentation, and disclosure of F/S (including selection of accounting policies considered unreasonable/inappropriate and estimates)
What is considered projected misstatement?
Auditor’s best estimate of misstatements in populations, involving the projections of misstatements identified in audit samples to the entire population from which the samples were drawn. Auditor’s improper judgement or estimate.
What factors represent a high inherent risk (CECH)?
C - Complex calculations
E - Estimates (Amounts derived from estimates)
C - Cash
H - High-volume transactions
What other factors specific to the entity and its environment may also increase inherent risk?
- Technology that renders a product obsolete
- A lack of working capital
- A decline in the overall industry or economy
What is control risk?
The risk that material misstatements that could occur in a relevant assertion will not be prevented or detected (and corrected) on a timely basis by the entity’s internal control.
When does the auditor assess control risk as high?
- There are no effective controls relative to the specific assertions
- The implemented controls are not operating effectively
- it would not be efficient to test the operating effectiveness of the controls.
What is audit risk?
It is the risk that the auditor may unknowingly fail to modify the opinion on financial statements that are materially misstated.
What is fraud risk?
The risk that misstatements will arise from fraudulent financial reporting or misappropriation of assets.
What would the auditor consider in an overall response to financial statement level risk?
- Communicate the audit team an increased need for professional skepticism
- Assign staff with more experience or specialized risk
- Increase the level of supervision
- Incorporate a greater level of unpredictability into the audit
- Make pervasive changes to the nature, extent, or timing of tests, such as shifting substantive procedures closer to period end.
What is a dual-purpose test?
It is a test of controls that is performed concurrently with a test of details on the same transaction. The test should be designed to achieve both objectives.
What is the purpose of the test of controls?
To evaluate the operating effectiveness of a control
What is the purpose of a test of details?
To support relevant assertions or to detect material misstatements.
How does the auditor performs the risk assessment to determine the effective operation of controls?
- Identifying specific controls relevant to specific assertions that are likely to prevent or detect material misstatements.
- Performing tests of such controls to evaluate their effectiveness.
How would the auditor validate segregation of duties?
The auditor will perform a test of segregation of duties by relying on inquiry and observation.
if an entity is being forced to discontinue operations in a foreign country, what would the auditor assume?
The auditor could assume that the client committed an act of noncompliance with laws and regulations in the foreign country.
What would the auditor do if the client refuses to accept an auditor’s report with a modified opinion due to noncompliance with law and regulation?
The auditor should withdraw from the engagement and notify those charged with governance in writing,
What would the auditor consider to identify related party transactions?
- Compensating balance arrangements (which may be maintained by or for related parties)
- Loan guarantees
- Unusual, nonrecurring transactions near year-end
- Transactions based on terms that differ significantly from market terms
- Nonmonetary exchanges.
PECO = appropriate reliability of audit evidence
P = Personal knowledge (most reliable) - performs examination, inspection, or recalculation
E = External Source (e.g., bank confirmations, receivable confirmations)
C = Client Evidence (auditor’s consideration of data developed under an adequate system of internal controls)
O = Oral client evidence (less reliable)
RORI = Procedures used to test operating effectiveness of internal controls
R = Recalculation
O = Observation
R = Reperformance
I = Inquiry
What is considered auditor’s personal knowledge?
P = Personal knowledge (most reliable)
E
C
O
- Observation
- Examination
- Inspection
- recalculation
What is considered evidence from external sources?
P
E = External Source
C
O
- bank confirmation
- receivables confirmation
- Vendor invoice
What is considered evidence obtained from client?
P
E
C = Client Evidence
O
- Internal evidence in writing
- client prepared invoices and documents
- Purchase orders
- sales orders
- General ledger
- Management reports
- Shipping documents
- Receiving reports
If the auditor considers that the data is developed under a strong system of internal controls, the auditor would consider the data more reliable but less reliable than personal knowledge.
What is considered oral client evidence?
P
E
C
O = Oral client evidence (less reliable)
Client answering auditor’s inquiry. This inquiry would likely need to be corroborated by additional evidence.
What does the PCAOB states regarding relevance of audit evidence?
the PCAOB consider the following:
1. The design of the audit procedures to test assertions and understatements/overstatements
2. The timing of the audit procedures.
What is the purpose of substantive procedures?
They’re designed to detect material (dollar) misstatements of the F/S at the assertion level. Consist of:
1. Test of details applied to transactions, balances, and disclosures
2. Substantive analytical procedures.
How are analytical procedures performed by the auditor?
Analytical procedures are performed by first developing an expected amount and then compare it to the actual amount.
What is the best way to use analytical procedures as a substantiative test?
Analytical procedures need to be based on predictable relationships. Income statement accounts are more predictable than balance sheet accounts because represent transactions over a period of time (e.g., interest expense).
Are all income statement accounts predictable?
No, those income statement accounts with management discretion are less predictable (e.g., travel and entertainments expense).
What is inquiry?
Requesting information from knowledgeable parties both internally (e.g., managers and supervisors) and externally (e.g., attorneys and bankers)
What should the auditor consider when performing inquiry?
- Specific characteristics to whom the inquiry is directed (e.g., knowledge, objectivity, qualification, etc.)
- Ask appropriate questions
- Evaluate the response and take appropriate action (e.g., follow up with additional inquiry, modify planned audit procedures, etc.)
What is examination/inspection?
Auditor may inspect or examine records, documents, or tangible assets (either physically present or use of remote observation). documents may be internal or external.
What are the balance sheet assertions or assertions about account balances at year end (CARE)?
C - Completeness
A - Allocation and valuation
R - Rights and obligations
E - Existence
What are the income statement assertions (COCCA)?
C - Completeness
O - Occurrence
C - Cutoff
C - Classification - proper account
A - Accuracy and valuation - proper amount
When does the auditor apply reperformance?
Reperformance occurs when an auditor independently performs procedures or controls to ensure that the client performed them correctly.
When does the auditor apply recalculation?
An auditor recalculates to verify the mathematical accuracy of statements and schedules by adding down (footing), adding across (cross-footing), or recalculating amounts. It could be done manually or through the use of automated tools.
When are analytical procedures required to be completed in the audit?
Analytical procedures are required during planning to obtain an understanding of the entity’s business and final review to assist the auditor in the final review for reasonableness.
What steps the auditor uses to develop analytical procedures that are efficient and effective?
- Develop procedures to test assertions that address the risk of material misstatement in the F/S.
- Evaluate reliability of client’s data to develop expectations. Strong effective internal controls improve reliability.
- Develop an expectation of recorded amounts.
- Perform analytical procedures and compare results to the expectations.
- Investigate any significant differences by inquiring of management or performing other audit procedures.
What would the analytical procedures indicate if there is a mismatch or significant difference?
The mismatch or significant difference indicates either a material misstatement or the fact that the auditor’s expectations are flaw. If analytical procedures disclose unexpected differences, the auditor should consider the F/S to be misstated.
How is regression analysis applied for analytical procedures?
it is an advanced analytical technique that often uses data from prior period(s) to develop a model or predict future periods.
When is regression analysis best used?
It is best used for creating expectations based on several independent variables
What is the level of assurance that regression analysis can provide?
May provide a very high level of precision and may be used as the principal substantive procedure
What are advantages of using regression analysis?
- Provides an explicit, mathematical objective, and precise method for forming an expectation
- allows inclusion of a large number of independent variables
- Provides direct and quantitative measures of the precision of the expectation
What analytical procedures does the auditor perform as final review?
The auditor is required to evaluate the overall financial statement presentation and assesses the conclusion reached. Auditor will read the financial statements and consider whether there are unusual or unexpected balances.
What is the completeness assertion refers to?
The assertion is that all transactions and events have been recorded, if some have not been recorded, the books are not complete.
what are the documentation requirements for analytical procedures?
The auditor is required to document:
1. Auditor’s expectations
2. Factors considered in the development of expectations
3. Results of the comparison of the expectations to recorded amounts
4. Additional audit procedures performed in response to significant unexplained differences
5. Results of such additional procedures.
What is factual misstatement?
Factual misstatement are those in which there is no doubt
How are analytical procedures performed during the planning phase?
Analytical procedures are performed at a high-level using aggregated financial and nonfinancial data
What is inherent risk?
The susceptibility of a relevant assertion to a material misstatement, assuming no internal control exist.
What is statistical sampling?
auditor specify the sampling risk they are willing to accept and then calculate the sample size that provides the degree of reliability.
What is nonstatistical sampling?
Sample size is not determined mathematically, but is selected based on auditor’s judgement.
What is incorrect acceptance?
The risk that the sample selected in a test of detail (variable) supports the conclusion that the recorded account balance is not materially misstated when in fact it is materially misstated (i.e., sample result fail to identify an existing material misstatement) - Effectiveness
What is incorrect rejection?
the risk that the sample selected in a test of detail (variable) appears to have many errors and the auditor reject the account balance as fairly stated, when the sample is misleading, and the account balance and population are correct. This could lead to inefficiencies as the auditor incorrectly performed more substantive testing than needed.
What are the advantages of statistical sampling?
- Measure the sufficiency of the audit evidence obtained
- Objective basis for quantitatively evaluating sample results
- Design an efficient sample
- Quantify sampling risk to limit risk to an acceptable level.
What is nonsampling risk?
All aspects of audit risk that are not due to sampling
What are examples of nonsampling risk?
- Selecting inappropriate audit procedures
- Using inappropriate audit evidence
- Failure by the auditor to recognize misstatements in documents examined.
When can an auditor incorrectly assess control risk lower than appropriate?
The deviation rate in the auditor’s sample is less than the tolerable rate, but the deviation rate in the population exceeds the tolerable rate.
Does the population size has any effect in the sample size?
No, population size is not an issue provided the population is large (i.e., greater than 5,000 items).
How to determine if there is a test of control?
Controls often relate to the following:
1. Authorization
2. Validity
3. Completeness
4. Accuracy
5. Appropriate classification
6. Accounting in conformity with GAAP
7. Proper period
How to determine if there is a test of detail (substantive test)?
Look for the following words:
1. Account balance
2. Amount
3. Valuation
4. Presentation
5. Disclosure
6. Estimate (reasonableness check, e.g., check for inventory quantities on hand)
What should the auditor consider to determine the sample size?
- Risk of assessing control risk too low
- Tolerable deviation rate
- Expected deviation rate
- Population size (no issue if larger)
How is changes to planned assessed level of control risk affect sample size?
The planned assessed level of control risk is related to the expected deviation rate (a low expected deviation rate corresponds to a low planned assessed level of control risk).
What are planning considerations for a test of detail?
- The relationship of the sample to the relevant audit objective
- Preliminary estimates of materiality (tolerable misstatement)
- The auditor’s allowable risk of incorrect acceptance
- Characteristics of a population
What is tolerable misstatement?
maximum monetary misstatement in the related account balance or class of transaction that the auditor is willing to accept.
What is stratification technique?
Items subject to sampling may be separated into homogeneous groups. Each group is treated as a separate population, and results in a reduced sample size. Used when a population has highly variable recorded amounts.
When does the sample size increases in a test of detail?
Sample size increases as the following increase (direct relationship):
1. Expected misstatement
2. Standard deviation (population variability)
3. Assessed level of risk
When does the sample size decreases in a test of detail?
Sample size decreases as the following increase (inverse relationship):
1. Tolerable misstatement
2. Acceptable level of risk
What is the formula to calculate projected misstatement?
projected misstatement = net over/understatement/sample selection %
How to determine if the account is misstated based on the net over/understatement?
if the projected misstatement > tolerable misstatement, the account has a high risk of misstatement.
What is the probability proportional to sample size (PPS) technique?
PPS is a method designed to estimate overstatement errors. Zero balances, negative balances, and understated balances require special design consideration.
What is Descriptive Analytics?
Descriptive analytics explains what happened or what is happening with the data.
How is descriptive analytics used in an audit?
It is important to gain a high-level understanding of the following:
1. Size
2. Range
3. Location
4. Dispersion
5. Other descriptive values of the data being analyzed.
What are descriptive analytical techniques?
- Summary statistics
- Data sorting
- Aging data
- Data reduction
What is diagnostic analytics?
Used when an organization wants to understand the underlying cause of results, or why something happened with the data.
How is diagnostic analytics used in an audit?
works to do the following:
1. uncover correlations
2. patterns
3. relationships among data to explain outcomes
What are diagnostic analytical techniques?
- Clustering
- Drill-down and drill-through analysis
- Data mining and discovery
- Variance analysis
- Period-over-period analysis
- Data profiling
- Sequence checks
What is predictive analytics?
Uses historical data and facts to make predictions, estimates, and assertions about future events. Looks at what will happen in the future.
What are predictive analytical techniques?
- Regression analysis
- Forecasting
- Time-series modeling
- Classification
- Sentiment analysis
What is prescriptive analytics?
It builds on predictive analytics and shifts the focus from addressing what will happen to how to make something happen.
What are prescriptive analytical techniques?
- What-if analysis
- Decision support and automation
- Machine learning
- Natural language processing
When is trend analysis used?
Trend analysis is used to develop expectations of future results. It helps the auditor compare internal values that have relationships or even bring in industry/external data for comparative purposes
What chart would be appropriate to describe a trend analysis?
A Line chart because they appropriately address the forward-moving concept of time.
When is regression analysis used?
Regression analysis allows for an auditor to evaluate relationships between variables (e.g., dependent and independent variables)
What chart would be appropriate to describe a regression analysis?
Scatter plots where the data points are plotted with an (X, Y) relationship with a corresponding regression line.
What is required in all financial statement audits?
- Determine risk assessment procedures
- Analytical procedures (this determines if test of operating effectiveness of internal controls and/or substantive procedures are performed)
What is a requirement to obtain audit evidence?
- Sufficient - quantity (volume)
- Appropriate - quality (relevance and reliability)
What is the auditor’s responsibility when performing an audit of a nonissuer’s compliance with laws and regulations?
The auditor is responsible for obtaining a general understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with that framework.
What is considered reliability of audit evidence?
The more effective the internal control structure, the more accuracy it provides about the reliability of accounting data and financial statements
When is the auditor sampling for attributes?
Auditor is testing controls hoping that the control passes the auditor’s test and control risk can be lowered, and as a result less substantive testing.
When is the auditor sampling for variable?
Auditor is testing account balances looking for overstatements and understatement
What is the goal of a sample?
it is to select enough items so that the sample is representative of the population as a whole.
What is the estimated actual error (deviation) rate (1st steps) used to determine the sample size and how is it determined in attribute sampling (test of controls)?
- Auditor estimates the actual error (deviation) rate (or deviation) (or expected error rate or expected misstatement).
- As the expected error rate rises, the sample size must be increased.
What is the tolerable deviation rate (2nd step) used to determine the sample size and how is it determined in attribute sampling?
- Auditor determines the tolerable deviation rate (or maximum rate of deviation) (highest error rate that could be present before feeling the control activity is not reliable).
- As the tolerable deviation rate rises, the required sample size will decrease.
- Determined based on auditor’s judgement
How is the allowable level of sampling (3rd step) used to determine the sample size and how is it determined in attribute sampling?
- Auditors determine allowable level of sampling risk (chance that sample will be misleading)
- sets a limit for how reliable the sample needs to be (confidence level 100%).
- As the need for reliability increases (e.g., from 90% to 95%), the sample size increases.
How is the sample size actually determined?
- using the expected error rate, tolerable rate, and allowable level of risk, the auditor uses a chart based on the sampling risk (usually 10%) and using the sample size calculates the sample error rate.
- Using the sample error rate, calculates the upper (maximum) deviation rate (or population error rate)
How is the sample error (or sample deviation) rate calculated?
sample error (deviation) rate = # of errors/sample size based on sample risk chart (using expected error rate and tolerable rate)
What is the purpose of the upper (maximum) deviation rate?
Helps the auditor know how high the population error rate could be based on knowledge of the sample error rate. A chart is used to determine the highest expected error rate for the population. This is considered the population error rate. Formula to compute it:
Upper deviation rate = Sample deviation (error) rate + Allowance for sampling risk
How is determine if the control is effective?
The upper deviation rate is compared to the tolerable rate. If upper deviation rate > tolerable rate, the control is ineffective. This means substantive testing has to be increased.
Upper deviation rate < tolerable rate, the control is effective
How is the allowance for sample risk or precision computed?
Allowance for sample risk/precision = upper deviation rate - sample error rate
What is the purpose of the allowance for sample risk or precision?
It represents the closeness of the auditor’s sample result to the true (but unknown) population error rate. it is used to describe the auditor’s evaluation of sampling results by calculating the possible error in either direction
When is a nonstatistical predictive model used?
When the auditor uses a simple technique like having multiple independent variables and multiplying them to arrive at the expectation.
How does the auditor perform the sample selection using probability proportional to size sampling (PPS)?
The auditor picks individual dollars from the population rather than individual units. This method increases the chance that bigger items (with potentially bigger errors) will be used in the sample.
What are advantages of using probability proportional to size sampling (PPS)?
PPS is useful to test for overstatement of receivables, existence assertion. Not good to test understatement/completeness.
How is the sampling interval determined in PPS?
sampling interval = Tolerable misstatement/reliability factor
How is the sample size determined in PPS?
- Obtain the reliability factor from table using the # of misstatements and risk of incorrect acceptance.
- calculate the sampling interval
sampling interval = tolerable misstatement/reliability factor - calculate the sample size by dividing the account BV by the sampling interval
sample size = Book Value/sampling interval
How to determine which samples to include for testing from a sample selection if cumulative totals are used in a PPS selection?
if a random starting point and the sampling interval are determine, perform the following:
1. start with the random starting point and confirm this amount is included in the book value
2. add to the random starting point the sampling interval to obtain a total
3. Compare the total to the cumulative total (sum of BV of sample #1 and #2), if cumulative total > total computed in #2, then select that sample for review. If cumulative total < total computed in #2, then do not select that sample.
How is the projected error computed in PPS?
- Difference of book value and audited value = Book Value - Audited value
- Calculate the Tainting % (difference BV-Audited value/BV)
- Determine the sampling interval, if not given
sampling interval = tolerable misstatement/reliability factor - Calculate the Projected error = Tainting % * Sampling interval
If audited value > book value, then you will have negative values.
What is the formula to compute the Tainting % in a PPS?
Tainting % = Difference BV - Audited Value/Book Value
What are incentives and pressures to misappropriate assets?
- Management or other employees have significant amount of personal debt.
- Employee layoffs have occurred or are anticipated.
- Compensation levels have recently changed and people have may gotten a salary reduction or not the raise they were expecting
- Job promotions were inconsistent with a person’s expectation.
What are opportunities to commit misappropriation of assets that could result in fraud risk?
- large amount of cash on hand
- Inventory items are small and are of high value
- Company holds assets (such as bearer bonds) that can be easily converted to cash
- Company does a poor job of screening employees with access to assets.
What are opportunities to commit fraudulent financial reporting that could result in fraud risk?
- Significant, unusual, or highly complex transactions, especially those happening towards the end of the year.
- A number of reported balances are based on significant estimations. Each estimates presents an opportunity to cook the books
- Management is dominated by one-person - can override all controls or a group of controls without appropriate oversight.
- High turnover of senior management so the organization is unstable
- lack of segregation of duties
- high turnover of accounting or IT personnel
- Related party transactions as terms of these transactions are different to those used in the ordinary course of business.
- significant bank accounts in tax-haven jurisdictions with no clear business justification
What are incentives and pressures to commit financial reporting fraud?
- Management/employees are pressured to meet net income to receive bonuses based on stock price
- Employees may have their personal financial pressures
- Company announced an overly optimistic earnings forecast, pressure to report higher profits
- Pressure to meet debt covenants
- Company’s products are vulnerable to rapid changes in technology, increasing business failure while reporting unusual profitability.
- Company plans to obtain debt or equity financing.
- Entity’s industry is experiencing declining customer demand creates pressure to meet financial metrics.
What objective does classical sampling help achieve?
To determine the inventory quantity on hand as it helps the auditor determine the reasonableness of the account.
How is the point estimate calculated using mean per unit estimation sampling under classical variable sampling?
- Determine the book value of the account based on a selected sample
- Determine the audited value of the account for the selected sample
- Calculate the average value:
Average value = Audited value/sample selected - Calculate the point estimate
point estimate = average value * total population - Identify the true error
True error = total book value of account - point estimate
How is the point estimate calculated using ratio estimation sampling under classical variable sampling?
- Determine the book value of the account based on a selected sample
- Determine the audited value of the account for the selected sample
- Calculate the ratio:
Ratio = Audited value/Book value - Calculate the point estimate
Point estimate = ratio * total account book value - Identify the true error
True error = total book value of account - point estimate
How is the point estimate calculated using difference estimation sampling under classical variable sampling?
- Determine the book value of the account based on a selected sample
- Determine the audited value of the account for the selected sample
- Calculate the difference of BV and audited value
Difference = BV - Audited Value - Determine the value of the selected sample
Value of selected sample = Difference/selected sample - Calculate the projected error
projected error = value of selected sample * total items in the population - Determine the audited value of the entire population
Audited value of entire population = book value of account - projected error
Is documentation related to fraud brainstorming sessions required?
Yes, audit documentation is required to include a description of the discussion among engagement personnel regarding the risk of material misstatement due to fraud.
What characteristics impact the sample size in variable sampling?
- Population (e.g., variability)
- Tolerable misstatement
- Expected misstatement
- Acceptable level of risk
- Assessed risk
How is a large sample size determined in variable sampling?
- Large expected amount of misstatement
- Smaller tolerable amount of misstatement
- Reduction (lower) in the allowable amount of sampling risk
- Higher amount of variability in the population
How is a small sample size determined in variable sampling?
- Smaller expected amount of misstatement
- Higher tolerable amount of misstatement
- Increase in the allowable amount of sampling risk
- Smaller amount of variability in the population
If auditor is in doubt about a material assertion (e.g., valuation), what should the auditor do?
The auditor should gather sufficient evidence to eliminate the doubt and before communicating any issues to management and audit committee.
What is attribute sampling?
It is a statistical sampling method used to estimate the rate (percentage) of occurrence (exception) or a specific characteristic (attribute). Samples taken to test the operating effectiveness of controls.
How is attribute sampling managed?
Attribute sampling generally deals with yes-or-no questions Example:
1. Are time cards appropriately authorized (e.g., to assure recorded hours were worked)?
2. Are invoices properly voided (e.g., stamped “paid”) to prevent duplicate payments?
