AUD 3 - Risk, Evidence, and Sampling Flashcards
What is…
1) the OBJECTIVE of analytical procedures used in the planning stage of the audit?
2) the PURPOSE of applying analytical procedures in the overall review stage?
3) BEST explains why an analytical procedure might be used?
1) In planning = Assist in planning the nature, timing, and extent of auditing procedures to be performed
2) Purpose in overall review stage = to assist auditor in assessing the conclusions reached and FS presentation AND adequacy of evidence gathered in response to unusual or unexpected balances
3) Best explains = more effective and efficient at providing an appropriate level of assurance than are tests of details
1) What is the first step that should be performed in analytical procedures? What is it actually comparing or doing?
2) What is and is not considered analytical procedures?
3) What does US auditing standards require auditors to perform analytical procedures to?
1) Develop an expectation of a balance or ratio by using relationships that are expected to exist
- comparison of financial data or ratio analysis (ie AR turnover or quick ratio)
2) Is = Comparing inventory balances to recent sales activities
NOT = Projecting deviation rate of a statistical sample
3) U.S. auditing standards require the auditors to perform analytical procedures related to REVENUE.
Statistical Sampling?
Attribute sampling?
Variables sampling?
Stop and go?
- Helps the auditor measure the sufficiency of the audit evidence because auditor can QUANTIFY the audit risk
- Attribute sampling = testing INTERNAL controls
- Variable sampling = substantive testing of account balances. Estimate dollar values of population.
- Stop and go is a type of attribute sampling used when testing controls
What is Stratification?
Stratification involves the grouping of transaction sharing some characteristic (like amount)
Goal is to ensure selection of items that are potential misstatements that may equal/exceed tolerable risk
Probability-proportional-to-size (PPS) sampling primary objective and downside?
Objective = designed to estimate overstatement of errors
Best used = a lot of variability in a sample
Bad = selection of negative balances require no special design considerations
Fraud Risk
Difference between error and fraud?
2 types of fraud - misappropriation of assets and fraudulent financial reporting?
When fraud occurs, what are the 3 fraud risk factors?
Error - unintentional misstatements or omissions of amounts or disclosures
Fraud - INTENTIONAL act by 1 or more to deceive
Misappropriation of assets = stealing an entity’s assets by employees/mgmt
Fraudulent financial reporting = lying about amounts or disclosures to deceive users
3 Fraud Risk Factors: (corruption = cheating)
- incentives/pressure
- opportunity = lack of effective controls
- rationalization/attitude = justify behavior
What are the 3 procedures useful to obtain information about potential fraud risk?
What are 2 items that are always presume in every audit that the auditor needs to show proof that it didnt occur at the end of the audit?
1) inquire of entity personnel regarding their views of fraud risk = inquiries to mgmt, employees
2) results of Analytical Procedures = high level testing used in planning stage and final review
3) Evaluate fraud risk factors = auditor uses judgement to determine if present
Presumption Risk
- Improper revenue recognition
- Management override of controls
Communications
Any indication of fraud should be discussed with…
Any fraud that causes 1) significant deficiencies and 2) Material impact to FS/material misstatement should be discussed with who?
Typically, disclosure of fraud to parties outside senior management and those charged with governance is not part of auditors responsibility EXCEPT
- appropriate level of management at least one level above those involved
- Senior management AND reported directly to those charged with governance
EXCEPT
- to a subpoena
- successor auditor
- comply with legal/regulatory requirements (8K)
Audit Risk Model
What is audit risk? Ex? And how should audit risk and materiality be considered?
What is Audit Risk made up of? (equation)
What is the ONLY risk that auditor has ability to change? and how?
And what is unique about the variables?
- Risk the auditor issues the wrong opinion unknowingly
- Ex: issue an unmodified opinion when its really adverse
- audit risk and materiality affect size and complexity, environment, and internal control
- They should be considered at the FS level and account balance level
AR = (RMM) x (DR)
- RMM = mgmt risk*
- DR = auditor risk*
Risk of Material Misstatement = (IR x CR)
- Inherent Risk = susceptibility of incorrect assertions.
HIGH IF: high volume/complex transactions or client system has errors - Control Risk = Risk that management WONT catch an error.
HIGH IF: no effective INTERNAL CONTROLS - Detection Risk = Risk that auditor will miss a material misstatement IS ONLY change auditor can make by varying NET nature, extent and timing
RMM and DR have an inverse relationship.
What are required documentation during audit?
Auditor should document:
- overall response addressing assessed risk
- nature, extent, and timing
- results
- conclusion
High level
What is audit evidence?
What are you performing throughout the audit process (broken down) 4 steps?
What happens in the first step of the process?
Audit evidence
- obtained to support auditor’s conclusion
During audit you’re performing:
1) Risk assessment procedures
2) Test of controls
3) Substantive testing
- objective - detect material misstatement in FS
4) Other audit procedures
Risk Assessment Procedure
- The auditor must assess the risk of material misstatement, which includes both inherent risk and control risk, in order to determine the appropriate level of detection risk.
- The level of detection risk is then used to determine the nature, timing, and extent of substantive tests.
= assess CR BEFORE substantive testing begins
What is the hierarchy of audit evidence?
A - Auditor's direct personal knowledge E - External evidence I - Internal evidence O - Oral evidence U - u know this
What is the tolerable deviation rate?
Difference between expected deviation rate?
What is upper deviation rate (equation)? Used to form conclusions about which type of sampling? And what are the conclusions?
Tolerable deviation rate = tolerable mistakes = risk of misstatement
- Tolerable deviation = max deviation auditor will tolerate without modifying reliance on internal controls
- Expected deviation = auditor’s best estimate of the deviation rate
Upper Deviation Rate (UDR)
= Sample deviation rate + Allowance for sampling risk
- Used to form conclusions for Attribute Sampling Testing (Internal Control Testing)
Conclusions
If UDR LESS THAN auditor’s tolerable risk (RELY on CONTROLS)
If UDR MORE THAN auditor’s tolerable risk ( NOT rely on contols)
- modify nature, extent and timing
Activity Ratios
1) AR Turnover & Days sales in AR
2) Inventory Turnover & Days in inventory
3) AP Turnover & Days in AR
4) Asset turnover
1) AR TO = Sales / Avg. AR
End AR / ((Sales)/365)
2) Inventory TO = COGS / Avg Inventory
End Inventory / ((COGS)/365)
3) AP TO = COGS / Avg AP
End AP / ((COGS)/365)
4) Sales / Avg Total Assets
What are the sampling risks for both 1) Substantive Testing = Variable Sampling AND 2) Test of Controls = Attribute Sampling?
1) Variable Testing = Substantive Testing
Risk of Incorrect Acceptance
= Fail to identify material misstatement (Effectiveness) (Auditor fear) (Beta Risk)
Risk of Incorrect Rejection
= Mistakenly indicates material misstatement (Efficiency) (Alpha risk)
2) Attribute Sampling = Test of Controls
Risk of Assessing Control Risk Too Low
= OVER-RELIANCE on Internal Controls (Auditor Fear)
Risk of Assessing Control Risk Too High
= UNDER-RELY on Financial Statements (Effects Efficiency) (IC was actually strong NOT weak)
