Assurance Flashcards
CPA 2025 Audit & Assurance Content
True or False:
In an assurance engagement, the subject matter is compared against certain criteria
True.
The conclusion provided is based on the evaluation of the subject matter against the criteria.
True or False
An assurance engagement consists of a two-party relationship
False
An assurance engagement has a three-party relationship: the practitioner, a responsible party (Management or those charged with governance) and the intended users.
What is the primary purpose of the assurance engagement?
The primary purpose of the assurance engagement is to have the practitioner provide their opinion (a conclusion) on the subject matter.
True or False
In an assurance engagement, the practitioner does not need to collect sufficient and appropriate evidence.
False
The practitioner is required to collect sufficient, appropriate evidence before forming a conclusion.
How many parties are involved in an assurance engagement?
Three parties: the practitioner, a responsible party, and the intended users.
The responsible party typically includes management and those charged with governance.
True or False: In an assurance engagement, the practitioner does not provide a conclusion.
False
The primary purpose of the assurance engagement is for the practitioner to provide their opinion (a conclusion) on the subject matter.
Fill in the blank: In an assurance engagement, the practitioner is required to collect _______ before forming a conclusion.
sufficient, appropriate evidence
Collecting evidence is crucial for the practitioner to form a reliable conclusion.
True or False: An audit of annual financial statements provides limited assurance.
False
An audit provides reasonable assurance, not limited assurance.
What does the conclusion “nothing has come to our attention” mean in a review engagement?
This phrase indicates limited assurance in a review engagement.
What type of engagement does not provide any assurance and simply compiles information?
A compilation of the annual financial statements
A compilation does not involve any assurance or verification of the information presented.
What does an agreed-upon procedures engagement provide instead of assurance?
Results/outcomes of performing specific audit procedures
This type of engagement does not express an opinion or provide assurance but reports on specific procedures performed.
What is the primary difference between an audit and a review engagement?
An audit provides reasonable assurance; a review provides limited assurance
The level of assurance distinguishes the two types of engagements.
Which qualitative characteristic of financial information would be used to justify expensing asset purchases of less than $100.
Materiality, a component of relevance, specifies that an item that is immaterial can be ignored.
What is a Statutory Audit?
Statutory audits are those required by law.
Explain Agency Risk
Agency risk is the risk that managers are not acting in the best interests of the shareholders.
A new bonus has been implemented that awards managers based on revenue. What type of risk is this?
Agency Risk, may create a bias for managers to make sales that are not profitable to the company, and therefore would not be in the best interests of the shareholders.
What are Audit Data Analytics?
ADAs are audit procedures used to discover and analyze patterns, identify anomalies, and obtain other useful information from
True or False
ADAs can only be used in the risk assessment and execution stages of an audit?
False
ADAs can be used for planning, execution and reporting/concluding.
What type of opinion is this?
In our opinion the accompanying financial statements present fairly, in all material respects, the financial position of the Company as at Dec 31, Year 1, and its financial performance and its cash flows for the year then ended in accordance with IFRS.
Unmodified Opinion
An unmodified Opinion is written using one of the following phrases:
a. in our opinion the accompanying FS present fairly, in all material respects, (…) in accordance with (applicable framework);
b. In our opinion, the accompanying financial statements give a true and fair view of (…) in accordance with (applicable framework)
By clarifying responsibilities of both management and the auditor the _______________ is reduced.
The Expectation Gap; because the likelihood of misconception of responsibilities outside of the auditors scope is documented.
What does the basis for opinion paragraph of the Independent Auditors report discuss?
This paragraph discusses the auditor’s independence from the auditee and compliance with ethical requirements
What is discussed in the key audit matters paragraph?
The key audit matters paragraph discusses areas of higher assessed risk of material misstatement.
What are the limitations of a risk-based audit?
The cost and time required to perform the audit procedures can exceed the benefits to be gained. Therefore, the auditor may not have sufficient resources to respond to all risks.
Who is responsible for for preparing the subject matter in a three-party relationship?
Management and those charged with governance (TCWG) are responsible for the preparation of the subject matter.
What area of the assurance standards do CASs 200-810 apply to?
CASs 200-810 apply to audits of financial statements and other historical financial information.
What area of the assurance standards does CSRE 2400 apply to?
CSRE 2400 includes requirements and application guidance for review engagements of annual and interim historical financial statements.
What area of the assurance standards does CSAE 3000 apply to?
CSAE 3000 deals with attestation engagements other than audits or review of historical information, which are dealt with in CASs and CSRE 2400, respectively.
What area of the assurance standards does CSRS 4400 apply to?
CSRS 4400 provides guidance related to agreed-upon procedures engagements. This type of engagement does not provide assurance.
What is an effect that an increase in regulation can have on Audits?
Increased regulation can lead to over-regulation, for which the additional costs to reduce information risk are not warranted. There comes a point of diminishing gains on additional regulation costs.
What is the purpose of the preface section of the CPA Canada Handbook - Assurance?
The preface explains the authority of the Canadian standards and the importance of applying professional judgement in the application of the Canadian standards.
True or False
CASs apply to all financial statement audits?
True
CASs apply to all financial statement audits. They include objectives, requirements, application and other explanatory material, and introductory material and definitions.
What is the role of AASB in setting CASs?
AASB is responsible for setting auditing and assurance standards, to ensure the credibility of audit work.
What is the standard-setting process for CASs?
Stakeholders provide ideas for new Canadian standards, comment on the contents of statements of principles for new Canadian standards, and comment on exposure drafts of new Canadian standards.
What is the definition of audit risk?
The risk that the auditor issues an incorrect opinion on the financial statements. Such as expressing an inappropriate audit opinion when the financial statements are materially misstated.
What area of risk would the following fall under:
Company’s staff read and sign the employee code of conduct on an annual basis.
Control Risk at the OFSL
Because it is pervasive to the financial statements.
What do the following factors indicate?
- A company in poor financial health
- significant market competition that is driving down prices and pressuring cost structures.
Inherent risks at the OFSL Level
What is Detection Risk?
Detection Risk is the risk that the procedures performed by the auditor will not detect a material misstatement.
What is Information Risk?
Information Risk is the risk that the financial information presented to stakeholders is not reliable and that decisions made based on this information may not yield the results expected.
The risk that a material financial statement misstatement, either individually or when aggregated with other misstatements, will not be prevent, detected, or corrected on a timely basis is what?
A Control Risk.
Where in the auditors assessment of assertion level risks should the below be included:
Company installed security cameras inside and outside of the its manufacturing and storage facilities.
A Decrease in Control Risk at the Assertion level.
What is the relationship between detection risk and the rest of the audit risk model?
The auditor should set detection risk to an appropriately low level when the RMM is high. This ensures the level of audit risk is acceptably low. Audit risk must always be assessed as low.
What type of risk is this an example of?
Company does not have an individual assigned to review the calculation of its AFDA.
Control Risk - creates a risk of material misstatement in the financial statements because the business may not be accurately presenting its AFDA. Arises due to a lack of controls around the calculation of the AFDA.
What type of risk is this an example of?
Company has customers in foreign countries with various currencies, which leads to some complications in computing foreign exchange gains or losses.
Inherent Risk - arises due to foreign transactions.
What is is a sufficient response to an OFSL risk?
Increasing the sample sizes in all areas of the audit.
Results in additional extent of testing and more sufficient evidence for the audit.
What is a reason why an account or assetion might be susceptible to higher inherent risk?
There is a rapid pace of technological change in the industry.
Can result in companies falling behind their competitors, losing cash flow, and ceasing operations, which could increase inherent risk in several accounts.
True or False
When a business is operating under a going-concern basis, the entity is viewed as not being able to continue business for the foreseeable future.
False.
When a business is operating under a going-concern basis, this means that the auditor does not have concerns about the entity’s ability to continue operation in the foreseeable future.
What actions are appropriate for an auditor to undertake to assess the going-concern basis?
A review of management’s plans to deal with the issue, including future cash flow projections addresses the entity’s ability to continue as a going concern.
What is an appropriate procedure for an auditor to perform to complete their assessment of an entity’s ability to operate under the going concern basis?
Analyzing the entity’s latest interim financial statements.
Allows the auditor to see the most up-to-date financial information to help make their assessment as recent as possible.
If the auditors conclusion is that the going concern basis is not appropriate, what should the auditor highlight in their report?
The auditors report should highlight the fact that the financial statements are prepared on a liquidation basis. This should be included under the heading “Emphasis of Matter” to inform the users of the impact of the going concern basis not being appropriate.
Would an increase in the debt-to-equity ratio cast doubt on the going-concern basis of accounting?
Yes, this is a deteriorating action that could indicate the company is taking on more debt in relation to equity, which increases the risk that the company will not be able to service that debt, subsequently increasing the risk of financial insolvency.
The auditor’s conclusion is that the going concern basis is not appropriate, and the entity does not have adequate disclosure. What type of audit opinion will be issued?
Adverse Opinion - Inadequate disclosures are considered a GAAP departure, an adverse opinion is appropriate if the material uncertainty is pervasive to the entity.
True or False
Ending an agreement with an international supplier and replacing it with a new agreement with a Canadian supplier is an indicator of issues with the going concern basis?
False. For the supply chain to suggest a potential issue with the going concern basis, the entity would have to have difficulty obtaining key supplies.
True or False
A strike held by all retail employees is an indicator of issues with the going concern basis?
True. Labour issues represent one operating indicator of a potential issue with the going concern basis. A strike represents a significant labour issue.
What are the assertions for the Income Statement?
Occurrence
Completeness
Accuracy
Cut-Off
Classification
Presentation
What are the assertions for the Balance Sheet?
Existence
Completeness
Accuracy, Valuation & Allocation
Rights & Obligations
Classification
Presentation
___________ is an assertion that attests that all transactions have been recorded appropriately and related disclosures have been appropriately measured and described.
Accuracy - Income Statement
Accuracy, Valuation, and Allocation is an assertion that…
attests that assets, liabilities, and equity interests are recorded at the appropriate amounts and any valuation or allocation adjustments are appropriately recorded and related disclosures are appropriately measured and described.
What is Inherent Risk?
Inherent Risk is the likelihood that the financial statements are misstated before considering internal control.
What is Control Risk?
Control risk is the likelihood that misstatements resulting form the IR will not be prevented or detected and corrected by the client’s internal controls.
At what levels does the auditor assess risk?
- Overall Financial Statement Level (OFSL) - relates to the financial statements as a whole.
- Assertion Level - Specific class of transaction, balance or disclosure
What does the principle of Objectivity mean?
Members must maintain and independent and objective state of mind and not allow conflict of interest to override professional judgements
What are the five key principles to the Codes of Professional Conduct?
- Objectivity
- Integrity & Due Care
- Professional Competence
- Confidentiality
- Professional Behaviour
What does the principle of Integrity and Due Care mean?
Members must act with integrity and due care in the performance of their professional and business activities.
“Members must maintain their knowledge and skill at a level required by the professional bodies” relates to what key principle?
Professional Competence.
As well they must not undertake work for which they lack the necessary competence.
Define the key principle of confidentiality
Members must maintain confidentiality with respect to the affairs and the business of their employer or client.
“Members must behave in a way that maintains the good reputation of the profession and serves the public interest. “ relates to which key principle?
Professional Behaviour
Members are expected to avoid actions that would discredit the profession.
A practitioner (or their firm) has a financial interest in the client is an example of what threat to indepence?
Self-Interest Threat
Partitioner is in the position of having to form an opinion on his or her own work defines which threat to independence?
Self-Review Threat
What are the threats to independence?
- Self-Interest Threat
- Self-Review Threat
- Advocacy Threat
- Familiarity Threat
- Intimidation Threat
Practitioner or their firm is perceived to promote or actually promotes the position of the client defines which threat to independence?
Advocacy Threat
Define a Familiarity Threat
A close relationship exists or is perceived to exist between the practitioner and the client.
Define Intimidation threat.
client intimidates the practitioner or their firm.
Define independence as it relates to an audit.
Independence is defined as the practitioner’s ability to act with objectivity, integrity, and professional skepticism, falls under the key principle of objectivity.
What are safeguards to independence?
Safeguards minimize the risk that a threat to independence will develop or reduce the impact of the threat to independence once it has developed.
What are some examples of safeguards to independence?
Profession Safeguards - education and training
Client Safeguards - introduction of an audit committee or policies and procedures that ensure statements are fairly presented.
Practitioner safeguards - firm policies and procedures that ensure the quality of the firm’s service and compliance.
What should be done if it is not possible to implement safeguards to reduce the threat to an acceptable level?
- remove the individual from the audit team
- refuse to accept the audit engagement
- resign from the audit engagement
True or False
Shareholder losses can only be recouped if the company has also suffered a loss that can be recovered on behalf of the shareholders.
True.
The losses have to be recovered by the company for the shareholders as a whole so they can be distributed to the shareholders as a whole.
A fee that is based on the amount of net income after tax reported by the audit client is an appropriate fee quotation for audit services?
No. Quotes for services must be rendered on a just and reasonable basis and provide explanations (as needed) for the amounts billed.
How can an auditor reduce potential litigation?
Auditors can reduce potential litigation by having a formalized contract. Example: Engagement letter, which clarifies the terms and conditions of the engagement.
Define duty of care
Duty of care needs to be exercised when performing any acts that could foreseeably harm others.
What are the steps in the Acceptance/Continuance Stage of Audit?
- Identify and assess the engagement risks.
- Establish the engagement preconditions.
- Obtain a signed engagement letter.
What is involved in identifying and assessing the engagement risks?
- Assess the integrity of the client.
- Ensure engagement team has the competence and resources
- Comply with ethical requirements
- Consider significant matters.
What is involved in establishing the engagement preconditions?
- Determine whether the financial framework is appropriate
- Obtain agreement of management responsibilities
-Consider limitations such as scope limitations.
What should the signed engagement letter contain?
- objective and scope of the audit
- responsibilities of the auditor
- responsibilities of management
- identification of the application financial reporting framework.
- expected form and content of the audit report.
How does client integrity affect the acceptance or continuance decision?
If a clients integrity is questionable, it is more difficult for the auditor to believe the client’s representations.
Inquiring with the prospective client’s banker for their opinion of the client would be a procedure to assess what?
Client Integrity. An independent 3rd party inquiry is the most effective way to gather reliable information about a client’s integrity.
In what stage does the auditor identify and assess the engagement risks & establish preconditions?
Client acceptance and Continuance
True or False
The auditor is required to issue a new engagement letter each year to a continuing client.
False.
The Auditor should issue a new engagement letter if there has been significant changes in circumstances that would require a change in the terms of the engagement.
What are the Audit Approaches?
Substantive or Combined
When control risk is High which approach should you use?
Substantive approach with substantive procedures. (no reliance on controls)
When should you use a combined approach? Tests of controls and substantive procedures.
When control risk is Low, and you can rely on the controls.
What is a substantive procedure?
An audit procedure designed to detect material misstatements at the assertion level.
- Tests of details (classes of transactions, account balance and disclosures)
- Substantive analytical procedures
What is a test of controls?
An audit procedures designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.
An audit approach that places no reliance on the operating effectiveness of controls is what?
Substantive Approach
What does a combined audit approach consider?
It considers the operating effectiveness of controls and whether or not they can be relied upon to reduce detection risk to an acceptably low level.
How does the assessment of control risk affect the auditor’s selection of the audit approach?
If control risk is high, the auditor cannot rely on internal controls and would opt for a substantive approach.
Performance materiality is always set at a ________ amount than overall materiality in order to ______ the chance of testing smaller balances, which together could surpass overall materiality.
Lower Amount
Increase the Chance
How do you design an Audit Procedure?
- Explain WHAT the risk is, and WHY it is a risk
- Explain HOW to perform the procedure
- Verb, object, verb, object and purpose
