A5 Flashcards
Only area where auditor does not use judgment in sampling
*deciding which items will be selected
Sampling Risk
*risk that the sample is not representative of the population and that the auditor’s conclusion will be different as a result
Statistical vs. Nonstatistical Sampling
nonstatistical chooses sample size judgmentally
Does statistical sampling eliminate the need for auditing judgment?
No
Types of sampling
attribute sampling - I/C
variables sampling - substantive work
*attributes can usually be answered yes or no
Sampling Risks in Substantive Testing
- Risk of Incorrect Acceptance (Beta) (Effectiveness)
2. Risk of Incorrect Rejection (Alpha) (Efficiency)
Sampling Risks in Tests of Controls
- Risk of Assessing Control Risk too Low (Beta) (Effectiveness)
- Risk of Assessing Control Risk too High (Alpha) (Efficiency)
Beta risk is inversely related to
the confidence interval
Types of nonsampling risk
- use inappropriate audit evidence
2. improperly evaluate the results
What is used to determine whether or not a sample of internal controls can be accepted?
the UPPER DEVIATION RATE
= sample deviation rate + allowance for sampling risk
Formula for upper deviation rate
= sample deviation rate + allowance for sampling risk
Does population size have a large impact on sample size?
No
I/C: Inversely Related to Sample Size
- risk of assessing control risk too low
2. tolerable deviation rate
I/C: Directly Related to Sample Size
- expected deviation rate
Is block (cluster) sampling allowed?
No
UDR <= TDR
accept
UDR > TDR
reject
Discovery sampling
once you find one instance you reject
*used with fraud/critical items
When to use stratification
- when a population has highly variable recorded amounts
* results in a reduced sample size
Three Types of Sampling Plans
- mean-per-unit
- ratio estimation
- difference estimation
Mean-Per-Unit
- misstatement per item selected X population
2. 1 standard deviation X population
Ratio Estimation
audited amount / recorded amount X population recorded amount
Difference Estimation
recorded amount - audited amount / sample size X population size
What is a sampling unit?
*one account, dollar, etc.
Direct Relationship for Sample Size for Substantive
- expected misstatement
- standard deviation
- assessed level of risk
Inverse Relationship for Sample Size for Substantive
- tolerable misstatement
2. acceptable level of risk
Advantages of PPS (MUS)
- automatically emphasizes larger items by automatically stratifying the sample
- generally requires a smaller sample when no errors are expected
Disadvantages of PPS (MUS)
- special procedures for zero balances, negative balances, and understated balances
PPS Sample Size Determination
Sampling Interval: Tolerable misstatement/reliability factor
Sample size: recorded amount of population/sampling interval
Do internal control problems mean that there are necessarily possible misstatements?
No
Do ISAs define the term material weakness?
No
How must communication of control deficiencies be communicated?
in writing, even if corrected
What should an auditor do about previously existing deficiencies?
tell the client again (remind them)
When must communication about control deficiencies be communicated?
Preferred: report release date
Required: release date + 60 days
Does communication to management about control deficiencies need to be restricted?
Yes
May an auditor report that there were no significant deficiencies?
No
May an auditor issue communication that there were no material deficiencies identified?
Yes
What unique items are in written communication about internal controls?
- disclaimer of opinion
- describe the terms
- restrict use
Do PCAOB standards apply to nonissuers, even if they are having an opinion for their internal controls?
No
Written representation for internal controls is part of a possible _____ limitation
scope
Is fraud risk assessment part of the audit of internal controls?
Yes
How to test controls when issuing an opinion on the controls?
- evaluate the design effectiveness
* evaluate the operating effectiveness
Can you use the work of others during an audit of internal controls?
Yes, so long as they are not in high-risk areas
In order to examine a nonissuer’s internal controls, what condition must already be set in place?
the auditor must also have audited the accompanying financial statements
What is benchmarking of automated controls?
*if the automated controls have not changed from one year to the next, the auditor may not need to repeat specific testing performed; just needs to verify that the control has not changed
Are controls evaluated for a period or as of?
As of the balance sheet date
When should communication be made for significant and material weaknesses?
by the report date
When should communication be made for control deficiencies (not material or significant)?
within 60 days of the report release date
Which types of deficiencies must be communicated in writing?
all of them
Unique aspect in separate report for internal controls
*inherent limitations paragraph
When auditing internal controls, the auditor can opine on either:
- the direct internal control
or - management’s assertion
Types of reports for internal controls and financial statements
- combined report
2. two separate reports
When a material weakness exists, what should the auditor express an opinion on
*the internal control, NOT management’s assertion
Is reporting on whether a previously reported internal control weakness continues to exist required?
it is not required; it would be a voluntary engagement
Even in a disclaimer of opinion, an auditor should still mention:
*material weaknesses identified
Can an auditor use the work of another auditor in conducting an audit of internal controls?
Private: yes
Public: no
Would an examination be sufficient to see if an entity is in compliance with the Foreign Corrupt Practices Act (FCPA)?
No
Communication of control deficiencies: financial statement audit vs I/C audit
F/S audit: within 60 days
audit I/C: by the report release date
How often must an auditor meet with the audit committee with management being present?
at least once per year
What should the auditor communicate to those charged with governance?
- overview of the planned scope and timing of the audit
* significant audit findings
What special considerations should be taken if those charged with governance are not involved with managing the entity?
*auditor should discuss material, corrected misstatements brought to management’s attention as a result of the audit
Should communication to those charged with governance be restricted in use?
Yes
Form of communication with those charged with governance
must be in writing
For audits of issuers, when must communications with those charged with governance happen?
before the audit report release date
When must management’s representation letter be dated?
the same date as the auditor’s report
ISA allows it to be close to
What is the final piece of evidential matter?
the management representation letter
Contents of the management representation letter
- financial statements
- completeness of information
- fraud (I/C)
- laws and regulations
- uncorrected misstatements
- litigation and claims
- estimates
- related party transactions
- subsequent events
- additional representations (specific to F/S)