AUD 2 - Quality & Internal Control, Engagement Acceptance, and Planning Flashcards
What are 3 Internal Control Limitations? or issues?
- Management override of internal controls
- Human error, which may include errors in the design or use of automated controls
- Collusion by two or more people by deliberate circumvention of controls
5 Computer Assisted Audit Techniques (CAATs)
Transaction tagging - electronically mark “tag” specific transactions and follow them through the client system
Embedded Audit Modules - section of program code that can be used to collect specific transaction data for the auditor.
Parallel Simulation - auditor reprocesses the client’s data using the auditor’s own software
Test data - consists of using “dummy” data run through the client’s computer system but under auditors control.
Integrated Test Facility - allows fictitious and real transactions to be processed together. it uses test data commingled with actual data to test transactions.
Why do auditors hesitate to use embedded audit modules?
- Auditors are required to be involved in the system design of the application to be monitored
Quality Control
6 elements of Quality Control and what is it?
Guidelines for quality on how to perform audit
6 Elements:
- Human Resource (hiring and recruiting)
- Engagement/Client Acceptance and continuance (minimize engagement with client who’s MGMT lacks integrity)
- Leadership responsibilities (tone at the top)
- Perform of the engagement )
- Monitoring (ongoing consideration/evaluation of the design and effectiveness of quality control system by qualified individuals)
- Ethical requirements (personnel maintain independence, in fact and appearance, to perform all responsibilities with integrity and objectivity
“HELP ME” maintain good quality in acc/auditing
Documentation
What are “working papers” or “work papers”?
Audit documentation requirements?
Working papers is my excel/notes (my source documents) to determine that revenue is incorrect. Its the evidence and conclusions reached by auditor.
Audit documentation should:
- Show when and who performed the review
- Assist engagement team in planning, conducting, supervising
- Show ACC records reconcile with financial statements
- Enable engagement team to show accountability
- Records show acc. evidence, procedures performed, evidence examined, and conclusions reached
- Document discussions of significant findings or issues with mgmt or those in charge of governance
Documentation Retention/Completion date
Document retention under SAS and PCAOB rules?
Document completion date under SAS and PCAOB rules?
Retention:
SAS Rules (Nonissuers) - at least 5 years
PCAOB (Issuers) - 7 years
After the audit release date, auditor has a window of time to assemble the final audit documentation (turning notes into official documents):
SAS - 60 days
PCAOB - 45 days
Nature/Extent of Audit Documentation
What should the auditor consider?
Regarding specific contents, what are examples of permanent and current file?
Nature and Extent - auditor should consider:
- size and complexity of entity
- nature of specific auditing procedures
- risk of material misstatement
Permanent = information does doesn’t change annually
- Articles of incorporation
- Legal docs
Current = info that changes annually
- Financial statements
- Audit report
- Audit plan
- letter of representation
- analyses worksheets
Terms of Engagement
As part of the pre-acceptance phase, what should the auditor assess?
Client Acceptance:
- Firms ability to meet reporting deadlines
- Firms ability to staff the engagement
- Independence
- Integrity of client management
- Group audits (engagement team will be able to obtain sufficient appropriate audit evidence)
Preconditions for an Audit
What preconditions must be met in order to accept the proposed engagement? If preconditions are not present, the auditor should not accept proposed engagement.
1) Applicable Financial Reporting Framework (general understanding of the business):
- Nature of entity (business, gov, NFP)
- Nature of financial statements (complete set or single)
- Purpose of the financial statements (wide or narrow range of users)
- Whether law or regulation prescribes the framework
2) Management Responsibilities:
- preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework
- design, implementation, and maintenance of internal control relevant to preparation and fair presentation of FS that are free from material misstatement, whether due to fraud or error
- Auditor needs unrestricted access to persons and all information
3) Management-imposed Scope limitation
- Auditor should NOT accept if, prior to engagement, there is a known mgmt scope limitation that is material and pervasive (disclaimer)
Engagement Letter Contents
What required contents should an engagement letter include?
Required contents:
- Objective and scope of audit
- Responsibility of management and auditor
- statement stating because of inherent limitations of an audit, together with inherent limitation of internal control, an unavoidable risk exists that some material misstatement may not be detected even with properly planned/performed audit in accordance with GAAS
- Identification of applicable financial reporting framework
- Reference that circumstances may arise in which a report may differ from expected content
Change in Engagement
What is it and why? What must be considered and the acceptable reasons?
During an engagement, client may ask the accountant to change from an audit to a compilation or review. You should consider the following before agreeing:
- Reason for the request, especially if there a scope limitation
- Effort required to complete the engagement
- Estimated additional cost to complete
Acceptable reasons
- change in client requirements
- misunderstanding as to the nature of the services rendered
Unacceptable reasons
- engagement would uncover errors or fraud
- client is attempting to create misleading/deceptive financial statements
Planning
During planning, what is an auditor required to do?
During Planning, Auditor required to:
- Obtain knowledge of the client business and industry
- Develop the audit strategy
- Develop the audit plan
- Perform risk assessment to obtain understanding of the entity and its environment, including internal control, sufficient to assess the risks of material misstatement and design further audit procedures
Planning
What are some ways to get knowledge on a client’s Industry and Business? (Separate)
Knowledge on Client’s Industry
- AICPA accounting and audit guides
- Trade publications and professional trade associations
- Government publications
- AICPA Accounting Trends and Techniques (annual survey of accounting practices)
Knowledge of the Client’s Business
- Tour client facilities (meet personnel and general operations is most important with new client)
- Review financial history of client (previous audit, annual FS, SEC filings)
- Understanding of client accounting (methods used to gather and process accounting information)
- Inquire client personnel
Audit Strategy
Developing the Audit strategy
Nature, Extent, and Timing (NET)
Nature (Focus of audit)
- Preliminary evaluations of materiality audit risk and internal control
Extent (Scope of audit)
- Characteristics of engagement, including the basis of reporting
- Size and complexity of entity
Timing
- Deadlines for reporting
- key dates for meetings with management and board
Audit Plan
Developing the Audit Plan. What is required?
How should an auditor establish specific audit objectives?
Audit plan MUST be written (audit procedures)
- Audit plan is based on the audit strategy.
- Establish specific audit objectives that relate to financial statement assertions
- Mainly, audit procedures are performed to obtain evidence to base the opinion:
1) Risk assessment procedures
- obtain understanding and its environment, including internal control, to assess risk of material misstatement.
2) Test of controls
- tests effectiveness of internal controls in preventing or detecting misstatement (understand and rely on them)
3) Substantive procedures
- tests of DETAILS like account balances, transactions, and disclosures
- they’re performed in response to planned risk detection level
4) Timing
- auditor must assess risk and whether sufficient procedures exist at interim dates
