Assessing Risk & Developing Planned Response Flashcards

Question

identifying controls relevant to financial reporting - attestation engagements (control risk and attestation risk)

Answer 1

Control risk is the risk that a material misstatement could occur in the subject matter and not be prevented, or detected and corrected, on a timely basis by internal control Attestation risk is the risk that the accountant expresses an inappropriate opinion or conclusion, as applicable, when the underlying subject matter or subject matter information (or assertion) reported on is materially misstated. Attestation risk is not applicable to an agreed‐upon procedures engagement, as the design of procedures in that type of engagement is the responsibility of the specified party(ies).

Answer 2

apply to all aspects of IT function BEFORE TRANSACTIONS ARE PROCESSED (vs. application controls that operate at the process level and apply to processing transactions) outside controls that provide protection for applications and mitigate: risk of system crash risk of unauthorized processing risk of unauthorized master file updating risk of unauthorized change to application software

Answer 3

1) admin of IT function (tone at the top, control environment) 2) segregation of duties 3) system development (segregation of roles) 4) physical and online security 5) backup and contingency planning 6) hardware controls (to detect system failure)

Answer 4

1) admin of IT function (tone at the top, control environment) attitude of sr mgmt and BOD resource allocation to IT function involvement of IT in decision making, signal to IT importance IT steering committee smaller org = CIO relied upon by BOD if assigned to lower level employees who don't have any authority or outsourced, may signal less importance

Answer 5

ARC "Protect you from a flood of problems" Authority Record keeping Custody of related assets

Answer 6

BOD CIO or IT Mgr Security Admin (physical assets and online security) System development (purchase and/or develop/test software) **("authorization")** system analysts - architect designs system programmers - create/write the program, document it (cannot be user of system - violation of segregation of duties) Operations **("recording/record keeping")** Librarian - program moves from programmer to librarian , who controls the use of the program and does not release it back to the programmers when they need to make changes network administrator - maintains network, supports all users using network computer operators - import data into the computer system Data control **("custody")** database admin - "hold keys", super user logins and all data for company (cannot have access to operations or system development - violation of segregation of duties) data input/data output

Answer 7

Security admin

Answer 8

power failure, fire, excessive heat/humidity, water damage, sabotage, terrorism battery backups, generators disaster recovery plan offsite storage outsource to firms that specialize in secure data storage hot site - secondary site to continue to conduct business cold site - secondary site that would need a bit of time to get going, but less expensive

Answer 9

6) hardware controls built into computer equipment to detect and report equipment failure

Answer 10

IT application controls - designed to achieve specific control objectives related to specific accounting tasks. They pertain to the processing of individual applications. The auditor is responsible for identifying and documenting an entity’s relevant IT application controls within the flow of an entity’s transactions for a significant business process and must consider the effect of these controls on the completeness, accuracy, and reliability of an entity’s data. Application controls - **controls that surround the applications themselves ** designed for each software specifically manual or automated controls - input, processing, and output controls

Answer 11

1) input control - info entered is authorized, accurate and complete (garbage in, garbage out) -management authorization -adequate prep of input source documents -competent personnel -adequately designed input screens with preformatted prompts for transaction information -online based input controls for ecommerce applications where external parties perform the initial art of the transaction inputting -check digit - purpose of a check digit is to verify that the information on the barcode has been entered correctly -validity check - computer-performed validation test of input accuracy such as validation of customer number against customer master file -edit check - auto controls programmed into application to help prevent invalid data being entered -limit test - user has to enter SSN before any other input; check over $$$ threshold is void -pull-down menu -immediate error correction procedures to provide for early detection and correction of input errors -accumulation of errors in an error file for subsequent follow up by data input personnel

Answer 12

record count hash total financial total count account# $ owed 1 1256 200 2 3645 300 3 2542 500 4 2569 650 5 5987 100 6 4386 350 7 6598 200 8 3749 125 9 5823 275 45 36555 2700

Answer 13

2) processing control - prevent and detect errors while transaction data are processed this is where the general controls during the development stage provide essential control for minimizing processing errors specific processing controls are often programmed into the software to prevent, detect, and correct processing errors -validation test - ensures particular type of transaction is appropriate for processing (does tran code = predetermined code?) -sequence test - determines that data submitted for processing are in the correct order (payroll transactions in dept order before processing?) -arithmetic accuracy test - checks accuracy of processed data (does sum of net pay + withholdings = gross pay?) -data reasonableness test - determines whether data exceed prespecified amounts (does gross pay > 60 hours for week?) -completeness test - determines that every field in a record has been completed ( are emp #, name, etc. included for every employee?)

Answer 14

3) output controls - detects errors after processing -review data for reasonableness by knowledgeable employees -reconcile (compare sample of transactions, reconcile to manual control totals, compare number of units processed to number submitted)

Answer 15

qualified personnel, adequate training segregating duties to prevent fraud controlling physical access and system access (key cards, passwords, biometrics)

Answer 16

QC reconcilement

Answer 17

backup copies procedures to correct errors DR plan computer emergency response team (CERT) to react to security breaches and take corrective action timely -determine problem exists -contain the problem quickly to minimize damage -identify why problem occurred -repair damage and correct problem (retore backup, reinstall corrupted program) -determine prevention in future -determine whether to prosecute perpetrator

Answer 18

1) classes of transactions that are significant to financial reporting 2) procedures (auto and manual) to initiate/authorize/record/process/report transactions in FS 3) related (electronic or manual) accounting records and supporting information that are significant to FS 4) how info systems capture events and conditions other than transactions that are significant to FS 5) financial reporting process used to prep FS, including significant estimates and disclosures 6) controls around JEs, especially those recording nonrecurring, unusual transactions or adjusting transactions

Answer 19

1) identifies and records all valid transactions 2) describes transactions in sufficient detail to permit proper classification for financial reporting 3) measures value of transactions that permit proper value in FS 4) determines correct time period to record 5) presents transactions (and disclosures) in FS

Answer 20

auditor should obtain an understanding of IT systems that are, directly or indirectly, the source of financial transactions or the data used to record financial transactions and document the procedures performed to obtain that understanding.

Answer 21

auditor should perform risk assessment to determine whether relevant internal controls are effectively designed and operating and use to: 1) identify types of potential misstatements 2) consider factors that affect the risks of misstatements 3) design tests of controls and substantive procedures

Answer 22

Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing or detecting and correcting material misstatements

Answer 23

Implementation of a control means that the control exists and that the entity is using it

Answer 24

1) inquiry of personnel (NOT SUFFICIENT BY ITSELF) 2) observation of application of specific controls 3) inspection of documents and reports 4) tracing transactions through systems relevant to financial reporting

Answer 25

consistently apply predefined business rules and perform complex calculations in processing large voumes of transactions or data enhance timliness, availability and accuracy of information facilitate additional analysis of information enhance ability to monitor performance, policies and procedures reduce risk of control circumvention enhance ability to achieve segregation of duties via security controls in applications, databases, operating systems use of barcode technology to eliminate human data entry and improve perpetual inventory recordkeeping speed and accuracy

Answer 26

reliance on systems or programs that could be processing data inaccurately or processing inaccurate data unauthorized access to data resulting in destruction or change in data unauthorized change to data in master files unauthorized change to systems or programs failure to make necessary changes to systems or programs inappropriate manual intervention potential loss of data or inability to access data possibility of IT personnel gaining access beyond necessary, breaking down segregation of duties

Answer 27

SOC® 1 report addresses internal controls over financial reporting, the SOC® 2 report focuses on operational and compliance controls SOC® 1 reports are for management of the service organization, user entities, and user auditors (design of controls over financial reporting) SOC® 2 reports are restricted and are only for parties that are knowledgeable about the nature of the service provided by the service organization (design and operating effectiveness of operational and compliance controls)

Answer 28

human judgment, human failures lack of understanding of purpose of control collusion mgmt override- mgmt is in a unique position to perpetrate fraud because of its ability to manipulate accounting records and prepare fraudulent financial statements by overriding established controls that otherwise appear to be operating effectively **mitigation/detection: examine JEs and other adjusting entries for evidence of possible misstatement due to fraud; review accounting estimates for biases that could result in misstatement due to fraud; evaluate business rationale for significant unusual transactions segregation of duties not possible due to small number of employees

Answer 29

1) type of risk, ie fraudulent financial reporting, misappropriation of assets 2) significance of risk - magnitude could result in possible material misstatement 3) likelihood of risk - will it result in material misstatement 4) pervasiveness of risk - whether potential risk is pervasive to FS as a whole or specifically to a particular assertion/account/class of transactions

Answer 30

a. discrepancies on accounting records 1) transaction not recorded in a complete or timely manner 2) unsupported or unauthroized balanes or transactions 3) last minute adjustments 4) evidence of unauthorized access 5) tips to auditors about alleged fraud 6) overly complex transactions b. conflicting or missing evidence 1) missing documents 2) documents appearing to be altered 3) unavailability of original documents 4) significant unexplained items on recons 5) inconsistent/vague explanations from mgmt or employees 6) unusual discrepancies between entity's records and confirmations 7) missing inventory or physical assets 8) unavailable electronic evidence inconsistent with retention policies 9) inability to produce evidence of key ssytem development and program change testing and implementation c. problematic or unusual relationships between auditor and mgmt 1) denial of access to records/employees 2) undue time pressures imposed by mgmt 3) complaints by mgmt about conduct of audit, intimidation 4) unusual delays by entity in providing information 5) unwillingness to facilitate auditor access to key electronic files 6) denial of access to key IT operations staff 7) unwillingness to add/improve disclosures to make them more complete or clear 8) unwillingness to address identified deficiencies in IC timely net income doesn't tie well to cash flows changes in inventory/AP/sales is inconsistent with prior period profitability or bad debt write offs aren't comparable to industry trends or data sales volumes don't compare well to production statistics

Answer 31

opportunity pressure (earnings) rationalization

Answer 32

error = unintentional; fraud = intentional primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. Misstatement #1 - misstatement arising from fraudulent financial reporting; committed by mgmt to deceive FS users manipulation, falsification, alteration of accounting records; misrepresentation or omission of events, transactions; intentional misapplication of accounting principles Misstatement #2 - misappropriation of assets; committed against entity most often by employees embezzling, theft, or causing entity to pay for goods not received risk factors to consider: pressure/incentive to commit?; perceived opportunity?; able to rationalize?

Answer 33

-discussions with audit team regarding fraud - brainstorming helps newer auditors learn, allows consideration of known external and internal factors, professional skepticism, should continue throughout the audit, document discussions -inquiries of mgmt regarding fraud - knowledge of, aware of allegations of, mgmt's communication of process to identify, mgmt's communication of views on business practices and ethical behavior, any significant transactions entered into? -auditor should address the risk of management override of controls apart from any conclusions regarding the existence of more specifically identifiable risks by designing and performing audit procedures to: 1) test appropriateness of JEs 2) review accounting estimates for bias 3) evaluate whether any transactions suggest they may have been entered into to engage in fraudulent activity or misappropriate assets

Answer 34

1) response that has an overall effect on how the audit is conducted, including (1) assignment of personnel and supervision, (2) management’s selection of accounting principles, and (3) using audit procedures that include an element of unpredictability. 2) response to identified risks involving the nature, extent, and timing of the auditing procedures to be performed. The auditor should consider changing the nature, extent, and timing of audit procedures to address specifically identified risks. 3) response involving the performance of certain (innovative, inventive) procedures to further address the risk of material misstatement due to fraud involving management override of controls. a) performing procedures on a surprise or unannounced basis b) ask that inventories be counted at period end or close to period end to minimize risk of balance manipulation c) making oral inquiries of major customers d) performing substantive analytical procedures e) interviewing personnel

Answer 35

Compilation engagements provide no assurance. There is no responsibility on the part of the practitioner to perform any procedures to identify or respond to fraud risk. Review engagements provide limited assurance. Inquiry, analytics, and other procedures are designed and performed to provide limited assurance, which is substantially less than the reasonable assurance expressed in an audit. Discuss with appropriate parties; ask they bring in legal or regulatory, obtain legal advice, communicate with regulator In a review, if the accountant becomes aware of any actual, suspected, or alleged fraud or noncompliance with laws or regulations affecting the subject matter, the accountant should communicate (either written or oral) the matter as soon as practicable to the appropriate level of management

Answer 36

attestation engagement - Examination engagements require an assessment of attestation risk, similar to financial statement audits, to provide reasonable assurance whether any material modifications should be made to the underlying subject matter in order for it to be in conformity with stated criteria. In both examination and review engagements, the accountant should make inquiries of appropriate parties to determine whether they have knowledge of any actual, suspected, or alleged fraud In an agreed‐upon procedures engagement, the design of procedures is the responsibility of the specified party(ies). Those procedures may or may not include fraud‐related procedures.

Answer 37

auditor should identify risks of material misstatement by obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, and by considering the particular classes of transactions, account balances, and disclosures in the financial statements. Risk assessment procedures: 1) inquiries of mgmt 2) analytical procedures 3) observation and inspection

Answer 38

analytical procedures applied at two phases of all audits: 1) initial planning stages to help plan nature.timing.extent 2) overall review of financial information I the final review stage of audit analytical procedures should focus on: 1) enhancing auditor's understanding of client's business and transactions and events that have occurred since last audit 2) identify areas that represent specific risks relevant to audit identify unusual transactions, amounts, events auditor should develop expectations of relationships reasonably expected to exist

Answer 39

observation of entity activities and operations inspection of documents, records reading mgmt reports physical observation of premises auditor should remain alert when inspecting records or documents for arrangements or other information that may indicate the existence of related party relationships or transactions that management has not previously identified or disclosed to the auditor (bank and legal confirmations, BOD/AC meeting minutes)

Answer 40

operations in unstable economy operations exposed to volatile markets complex regulation going concern, liquidity issues achieving stated objectives only marginally capital, credit constraints changes in industry, supply chain new products, services expansion into new locations reorgs changes in key personnel significant transaction with related parties IC weaknesses new financial reporting systems past misstatements, errors new accounting pronouncements pending litigation transactions that lack commercial or economic substance

Answer 41

Transactions Account Balances Presentation and Disclosure

Answer 42

Completeness Offs (cut) Valuation, allocation, & accuracy Existence & Occurrence Rights and Obligations Understandability & Classification

Answer 43

-Existence & occurrence: Transactions and events that have been recorded or disclosed have occurred, and such transactions and events pertain to the entity. -Completeness: All assets, liabilities, and equity interests that should have been recorded have been recorded, and all related disclosures that should have been included in the financial statements have been included. Liabilities/Expenses = Completeness, more risk that client understates. Test from source docs to ledger. -Valuation/allocation/accuracy: Amounts and other data relating to recorded transactions and events have been recorded appropriately, and related disclosures have been appropriately measured and described. -cutOff: Transactions and events have been recorded in the correct accounting period. -Understandability & classification: Transactions and events have been recorded in the proper accounts.

Answer 44

-Existence. Assets, liabilities, and equity interests exist Assets/Revenues = Existence, more risk that client overstates. Test from ledger to source docs. -Rights and obligations. The entity holds or controls the rights to assets, and liabilities are the obligations of the entity. -Completeness. All assets, liabilities, and equity interests that should have been recorded have been recorded. -Valuation/allocation/accuracy. Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded.

Answer 45

-Existence & occurrence. Disclosed events and transactions have occurred -Rights and obligations. Disclosed events and transactions pertain to the entity. -Completeness. All disclosures that should have been included in the financial statements have been included. -Understandability & classification. Financial information is appropriately presented and described and information in disclosures is clearly expressed -Valuation/allocation/accuracy. Financial and other information is disclosed fairly and at appropriate amounts.

Answer 46

Completeness = "tracing" = trace sample of fixed assets from fixed asset schedule/FA requisition form to the GL; examine repair and maintenance expense for additions or disposals Off(cut) = examine purchases and sales shortly before and after period end Valuation/allocation/accuracy = recalculate depreciation to verify reasonableness Existence & occurrence = "vouching" = vouch sample of receiving reports to vendor invoices to determine that items have been properly received and properly paid for Understandability & classification = examine all charges made to repairs/maintenance expense to verify capitalization vs expense

Answer 47

treasury stock stock transactions board minutes articles of incorporation stock transfer agent stock certificate retained earnings

Answer 48

asset tagging controls observation calculation comingled goods related accounts quantity presentation analytical review obsolete/damaged goods

Answer 49

segregation of duties outside confirmations physical inspection cutoff confirmations reasonableness/appropriateness knowledge/skill

Answer 50

bank confirmation (open/closed acct) bank reconciliation cutoff, i.e. bank statement

Answer 51

Authorization = supervisor/HR recording = payroll dept custody = treasurer Completeness = "tracing" = trace timesheets to payroll report/register Off(cut) = pull sample of timesheets before and after cutoff Valuation/allocation/accuracy = confirm valuation of payroll expense on IS by comparing amounts recorded in payroll to total amount of checks issued and outstanding; compare labor rates to employee records; recalculate based on sample of payroll checks Existence & occurrence = "vouching" = vouch payroll report back to entries made in payroll register back to sample of timesheets Understandability & classification = review sample of paychecks and determine whether classified into proper expense item on IS

Answer 52

author = credit, i.e. sales order custody = warehouse reconcile = shipping, i.e. lading recording = billing/AR/acctg, i.e. invoice & GL Completeness = "tracing" = trace sample of sales orders to the shipping documents to sales invoices to sales journal Off(cut) = compare sample of sales invoices shortly before and after cutoff with shipment dates and dates sales were recorded Valuation/allocation/accuracy = compare prices to sales terms on invoices to ensure correct amount was computed Existence & occurrence = "vouching" = vouch sales journal back to invoices back to shipping docs back to sales orders Understandability & classification = "examine" = examine sample of sales invoices for proper classification into the appropriate revenue accounts

Answer 53

author = purchasing dept - approve/prepare PO custody = warehouse reconciliation = receiving dept - match with blind PO, prepare receiving report recording = acctg/AP - receives outside doc/invoice, match to PO/receiving report, prepare and approve payment cash disbursement = treasury dept - review docs, prepare checks/remittance advice, sign checks, mark voucher as paid, mail checks Completeness = "tracing" = determine prenumbered listings of purchase orders/vouchers and trace PO/voucher samples to receiving reports to invoices (PO+receiving reports+ invoices = "VOUCHER PACKAGE") to purchase journal Off(cut) = determine that dates applied to vouchers/POs with dates that were recorded in sales journal; examine purchases immediately before and after cutoff Valuation/allocation/accuracy = recalculate amounts recorded on vendor invoices Existence & occurrence = determine if expenditures were properly authorized and properly presented on receiving report. Understandability & classification = examine sample of purchases and determine whether they were properly classified

Answer 54

Significant risks are often derived from business risks that may result in a material misstatement AND SHOULD BE DOCUMENTED BY AUDITOR: whether risk is risk of fraud whether risk is related to recent significant economic, accounting or other developments therefore requiring special attention complexity of transactions whether risk involves significant transactions with related parties degree of subjectivity in measurement of financial information, especially the degree of uncertainty whether risk involves significant nonroutine transactions that are outside normal course of business or unusual Routine, noncomplex, systematic transactions are less likely to be significant risks because they have lower inherent risk

Answer 55

Nature Extent Timing

Answer 56

1) emphasize to audit team the need to maintain professional skepticism in gathering an evaluating audit evidence 2) assign more experienced staff or those with specialize skills 3) provide more supervision 4) incorporate additional elements of unpredictability in the selection of audit procedures to be performed 5) make general changes to audit procedures, i.e. perform substantive procedures at period end rather than interim date 6) if there is a more effective control environment the auditor can have more confidence in internal control and the reliability of audit evidence generated internally 7) if there are weaknesses, the auditor may consider: a) performing more audit procedures at period end rather than interim b) seeking more extensive audit evidence c) modifying audit procedures to obtain more persuasive audit evidence d) increasing number of locations to include in scope 8) use substantive approach which emphasizes substantive procedures or use of combined approach which tests controls along with performance of substantive procedures 9) perform further audit procedures that are responsive to the risks of material misstatement at the relevant assertion level, considering: a) significant of risk b) likelihood that MM will occur c) characteristics of class of transactions, account balance, or disclosure involved d) nature of specific controls used by entity and whether they are manual or automated e) whether auditor expects to obtain audit evidence to determine if controls are effective in preventing or detecting MM f) results of data analytic output used to determine relationships and interpret results to provide basis for developing audit procedures 10) auditor's assessment of identified risks at relevant assertion level provides basis for considering appropriate audit approach for designing and performing further audit procedures 11) regardless of approach, auditor should design and perform substantive procedures for all relevant assertions related to each material class of transactions, balances, disclosures 12) auditor must specifically analyze transactions that have higher risk of MM from audit data analytic output by determining relationships among variables and interpreting results to provide a basis for developing planned audit procedures 13) for a smaller entity, auditor may rely less on authorization and approval for audit evidence regarding the validity of related party transactions and instead may consider performing other audit procedures (inspecting documents, confirmations) 14) **nature** of further audit procedures refers to their purpose (tests of controls or substantive procedures) and their type, that is, inspection, observation, inquiry, confirmation, recalculation, reperformance, or analytical procedures. 15) Certain audit procedures may be more appropriate for some assertions than others, i.e. for revenue, tests of controls may be more responsive to the assessed risk of misstatement of the completeness assertion, whereas substantive procedures for assessed risk of misstatement of the occurrence assertion. 16) higher auditor's assessment of risk = more reliable and relevant evidence is sought 17) **timing** - when audit procedures are performed or the period or date to which the audit evidence applies. 18) higher risk of MM = more likely auditor will decide to perform substantive audit procedures nearer to period end date or unannounced 19) contrary argument is that performing audit procedures before the period end may assist the auditor in identifying significant matters at an early stage of the audit, and resolve w/mgmt or develop effective audit plan to address 20) If the auditor performs tests of the operating effectiveness of controls or substantive testing before the period end, the auditor should consider the additional evidence that is necessary for the remaining period 21) when considering when to perform audit procedures, consider: a) effectiveness of control environment b) when relevant info is available c) nature of risk d) period or date to which audit evidence relates 22) **extent** - quantity of a specific audit procedure to be performed; for example, a sample size or the number of observations of a control activity. determined by the judgment of the auditor after considering the materiality, the assessed risk of material misstatement, and the degree of assurance the auditor plans to obtain

Answer 57

1) risk of MM due to fraud 2) effectiveness of controls over JEs and other adjustments 3) financial reporting process and nature of evidence that can be examined 4) characteristics of fraudulent entries or adjustments 5) nature and complexity of accounts 6) JEs or other adjustments processed ouside of normal course of business

Answer 58

control risk = risk that material misstatement that could occur in a transaction or adjusting entries will not be prevented or quickly detected by internal controls (can be assessed by auditor, but cannot be changed/reduced by auditor) inherent risk = susceptibility of transactions to be recorded in error or to be influenced by mgmt's fraudulent activities (can be assessed by auditor, but cannot be changed/reduced by auditor) audit risk = Risk that auditor expresses an inappropriate opinion when financial statements are materially misstated detection risk = risk that material misstatement would not be caught by audit procedures risk of material misstatement = auditor's combined assessment of inherent risk and control risk (both exist independently of the audit of FS risk of material misstatement and detection risk are inversely related: higher risk of MM = lower risk of detection risk that can be accepted by auditor

Answer 59

1) determining extent and nature of risk assessment procedures 2) identifying and assessing the risks of material misstatement 3) determining the nature, timing, extent of further audit procedures 4) evaluating whether the FS as a whole are fairly presented in all material respects in conformity with applicable reporting framework 5) obtaining reasonable assurance about whether the consolidated FS as a whole are free from material misstatement whether due to error or fraud

Answer 60

1) elements of FS (asset, liab, equ, income, exp) and the FS measures defined in GAAP 2) whether there are FS items on which users tend to be focused 3) nature of entity and industry and changing economic environment in which it operates 4) size, nature of ownership, way it's financed 5) relative volatility of the benchmark

Answer 61

1) affects compliance with regulatory requirements, debt covenants, contractual requirements 2) relates to incorrect selection or application of accounting policy currently immaterial but expected to become material 3) masks change in earnings or other trends 4) affects ratios used to evaluate entity's financial position 5) has effect of increasing mgmt's compensation 6) is significant with regard to previous communications to users 7) related parties 8) omission of information not required by framework but is in auditor's professional judgment to be important to users' understanding of financial position 9) affects other information that will be communicated to users in audited FS 10) misclassification 11) too costly to correct 12) represents risk that other undetected misstatements would affect auditor's evaluation 13) changes loss into income or vice versa

Answer 62

application of performance materiality to a particular audit sampling procedure and may be the same amount or an amount smaller than performance materiality.

Answer 63

Performance materiality = amount less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. auditor should determine one or more levels of performance materiality for classes of transactions, account balances, and disclosures. Performance materiality is a planning concept related to the auditor’s determination of materiality for planning the financial statement audit in such a way that misstatements, combined for all of the tests in the entire audit, do not exceed materiality for the financial statements. i.e. auditor should normally set performance materiality for a specific audit procedure at less than the financial statement materiality so that when the results of the audit procedures are aggregated, the required overall assurance is attained.

Answer 64

No reference is made to the CA when: 1) CA is associated with or retained by group audit engagement team 2) group audit partner is satisfied with CA's work 3) portion of FS examined by CA is immaterial Conditions for referencing component auditor (CA) 1) component's FS are prepared using the same financial reporting framework, unless certain criteria are met 2) CA has performed audit that meets GAAS/PCAOB requirements 3) CA's report is not restricted as to use Group partner can make reference to CA in group report if: 1) group partner indicates dollar amounts audited by CA (total assets, revenues) 2) obtain CA's permission to include name 3) presents CA's report 4) if group partner chooses not to name the CA in the group report the group partner should indicate dollar amounts audited by CA (total assets, revenues)

Answer 65

1) group engagement team or component auditor should perform audit of component using materiality of component 2) group engagement team should be involved in risk assessments and should inquire about significant business activities, susceptibility of component to MM 3) group team should review component auditor's documentation incl audit program and workpapers (to ascertain that sufficient appropriate audit evidence has been obtained) 4) If it isn't possible to rely on work of CA, a qualified or disclaimed report may be appropriate 5) If CA's report is qualified, the group partner must assess materiality to group FS as a whole WHEN NOT TO USE CA WORK: 1) CA lacks independence relevant to group audit 2) group engagement team has concerns about ability to make reference or otherwise use work of CA; group engagement team ultimately responsible for obtaining sufficient appropriate evidence to support auditor report

Answer 66

1) Individually significant to the group financial statements = audit the financial information 2) Due to specific nature or circumstances, likely to include significant risks of material misstatement in the group financial statements = audit the financial information or one or more accounts, classes of transactions, or disclosures 3) if not significant, then analytical procedures at the group level may be appropriate

Answer 67

valuation (appraiser, FV experts) amounts derived by specialized techniques (actuary) quantity/conditions (engineers, geologists) interpretation (attorney, regulatory experts) NOT INTERNAL AUDIT

Answer 68

evaluate competence, capabilities, and objectivity inquire regarding threats to objectivity use variety of sources obtain knowledge of qualifications, professional license, association, etc. obtain agreement as to roles and responsibilities include within scope of QC policies and procedures

Answer 69

auditor's responsibilities: establish agreement relating to nature, scope, objectives of work including form and content of specialist's report understand significant assumptions and methods used specialist's responsibilities: appropriateness and reasonableness of methods and assumptions used and applications of procedures accept findings of specialist and related FS assertions, unless auditor's procedures determine findings are unreasonable

Answer 70

evaluating mgmt's specialists SINCE ENGAGED BY MANAGEMENT NOT AUDITOR - consider objectivity, competency, capabilities of specialist obtain work incl technical or professional standards use variety of sources inherent threats to objectivity SINCE ENGAGED BY MANAGEMENT NOT AUDITOR - evaluate specialist relationship with client (perform additional procedures, consider using auditor specialist to corroborate work)

Answer 71

1) may impact nature, timing, extent of audit procedures 2) may provide direct assistance in performing procedures (understanding IC, control risk assessment, substantive procedures) 3) responsibility for opinion cannot be shared with IA

Answer 72

1) obtain understanding of IA function, incl IC (status in org, nature/timing/extent of their work, limitations on scope of activities?) 2) identify IA activities that are relevant to audit 3) assess the competence and objectivity (education level, professional certification/experience) 4) may change or reduce work of independent auditor

Answer 73

YES YES YES

Answer 74

1) Many laws and regulations relate principally to the operating aspects of an entity, and therefore do not affect the financial statements and are not captured by the entity’s information system 2) Noncompliance may involve conduct designed to conceal it, such as collusion, forgery, or intentional misrepresentations made to the auditor. 3) A court of law, not the auditor, determines if an act constitutes noncompliance.

Answer 75

1) inquiring of mgmt and those charged with governance about whether the entity is in compliance with such laws and regulations 2) inspecting correspondence with relevant regulatory or licensing authorities

Answer 76

1) auditor should obtain understanding of nature of the act and circumstances in which it occurred a) examine supporting documents and compare them to accounting records b) confirm info with 3rd parties c) determine whether transaction has been properly authorized d) consider whether similar transactions have occurred and apply procedures to identify them e) discuss with mgmt and those charged with governance 2) obtain further information to evaluate possible effect on FS 3) obtain sufficient appropriate audit evidence to form an opinion and report at the level specified in the governmental audit requirement about whether the entity complied in all material respects with applicable compliance requirements 4) identify audit and reporting requirements specified in governmental audit requirement and perform procedures to address those requirements 5) consult w/mgmt a level above those involved to obtain understanding of nature of act 6) consult with client's legal counsel or other specialists if mgmt' response is unsatisfactory

Answer 77

1) should issue qualified or adverse if determines noncompliance with laws/regulations has material effect of FS and that the act has not been properly accounted for or disclosed 2) should express qualified or disclaim opinion if precluded by client for obtaining sufficient appropriate audit evidence to evaluate whether noncompliance with laws/regulations that could be mateiral have occurred 3) should withdraw from engagement if client refuses to accept auditor's report as modified and include reasons for withdrawal in writing to those charged with governance 4) determine whether you have the responsibility to notify outside parties of noncompliance 5) include description of noncompliance and results of discussions with those charged with governance as well as with 3rd parties in audit documentation

Answer 78

1) mgmt understands their responsibility for understanding and complying 2) mgmt acknowledges responsibility for design, implementation, maintenance of controls around compliance with governmental programs in accordance with compliance requirements 3) mgmt states that they have identified and disclosed to auditor all government programs and related activities subject to governmental audit requirement 4) mgmt states they have made available to auditor all contracts, grant agreements, correspondence relevant to programs related to governmental audit requirement 5) mgmt states all known noncompliance has been disclosed to auditor 6) mgmt states they believe entity has complied 7) mgmt has made all documentation available to auditor 8) mgmt understands responsibility for taking corrective action

Answer 79

1) differing interpretation of accounting principles 2) required complex or subjective judgment 3) assumptions about effects of future events 4) potential lack of consistency from period to period 5) management bias

Answer 80

1) complexity and subjectivity associated with process 2) availability and reliability of data 3) number and significance of assumptions made 4) degree of uncertainty associated with assumptions

Answer 81

1) recognized and disclosed accounting estimates are reasonable (related disclosures are adequate, are in accordance with applicable financial reporting framework) 2) obtain understanding of following as basis for risk identification and assessment: requirements of applicable financial reporting framework how mgmt identifies relevant transactions and events that require estimation for presentation or disclosure how mgmt makes the estimates including what data the estimates are based on method/model, controls, use of specialist, assumptions, changes in method/assumptions from prior

Answer 82

1) identify material related party transactions that could affect FS 2) common ownership or mgmt control relationships (obtain understanding of mgmt's responsibilities, activities, relationships with entity components) 3) consider business purpose served by components 4) transactions should not be assumed to be outside of ordinary course of business, absent evidence to the contrary

Answer 83

1) borrowing or lennding interest free or below market rate 2) selling RE at price significantly different than FMV 3) nonmonetary exchanges 4) loans without written terms

Answer 84

1) lack of sufficient working capital or credit 2) urgent desire to improve earnings or stock price 3) overly optimistic forecasted earnings 4) concentrated dependence on few customers or products 5) declining industry, incl obsolete products/services 6) significant litigation

Answer 85

Security admin