AUD 3.3 - Identifying, Assessing, And Responding To Risk Flashcards
Risks that relate pervasively to the financial statements as a whole and potentially impact many relevant assertions:
Financial statement level risks
Financial statement level risks include weaknesses related to:
The process used to prepare the financials
Overall control environment
Lack of qualified personnel in financial reporting roles
The selection and application of significant accounting principles
Risks that relate to specific transactions, account balances, or disclosures at the relevant assertion level
Assertion level risk
Risks that require special audit consideration
Significant risks
A significant risk exists when:
Inherent risk is exceptionally high
Factors that may be indicative of significant risk include:
Fraud
Related party transactions
Improper revenue recognition
Accounting estimates
Complex transactions
Noncompliance
In order to reduce audit risk to an acceptably low level, the auditor should develop the following responses to the assessed risks of material misstatement:
An overall response to address financial statement level risks
A response at the relevant assertion level
A response to significant risks
This includes both the purpose (test of controls vs substantive procedures) and its type (inspection, observation, reperformance, etc.) of an audit procedure:
The nature
The higher the assessed risk of material misstatement requires what of audit evidence?
The more reliable and relevant audit evidence must be
If the auditor uses information provided by the entity’s information system, what must be tested?
The accuracy and completeness of that system
This refers to the quantity to be performed, such as the number of observations to be made or the sample size to be used of an audit procedures
Extent
The higher the assessed risk of material misstatement requires what of audit procedures?
The greater the extent of audit procedures should be
The higher the assessed risks of material misstatement, the closer or further to period-end substantive procedures should be performed?
Closer to year-end
Audit tests may be performed at interim if? Audit tests may be performed at year-end if?
Interim if strong controls
Year-end if weak controls
The auditors specific approach to identified risks at the relevant assertion level may consist of either:
Substantive approach only
OR
A combined approach
When would a substantive approach for relevant assertions an risk be performed?
When there is a maximum control risk because:
There is no effective controls relative to the assertion
The implemented controls are ineffective
It’s not efficient tot test the operating and effectiveness of controls
Why would there be a maximum control risk?
There is no effective control related to the assertion
The implemented controls are ineffective
It would be inefficient to test the operating effectiveness of controls
When would a combined approach for relevant assertions and risk be performed?
If controls are operating effectively, less assurance will be required from substantive procedures
The combined approach uses what tests?
Tests of operating effectiveness of controls and substantive procedures
Test of controls are usually required when?
A business uses IT
Audit assertions are related to highly automated processing
Audit evidence is obtained electronically
When a test of controls is performed concurrently with a test of details on the same transaction
Dual purpose test
When the status of internal controls is: None or weak
What is the control risk assessment set at?
Would the auditors perform a test of controls?
Would the auditors perform substantive procedures?
Control risk assessment: high
Perform control tests: no, unless heavy use of IT
Reform substantive procedures: yes - maximum reliance
When the status of internal controls is: there are some
What is the control risk assessment set at?
Would the auditors perform a test of controls?
Would the auditors perform substantive procedures?
Control risk assessment: medium
Perform control tests: yes
Perform substantive procedures: yes - a medium reliance
When the status of internal controls is: strong
What is the control risk assessment set at?
Would the auditors perform a test of controls?
Would the auditors perform substantive procedures?
Control risk assessment: low
Perform control tests: yes
Perform substantive procedures: a minimum amount of reliance
For all significant risks, the auditor should:
Evaluate the design and implementation of related controls
IF relying on the operating effectiveness of the controls, test of controls must be performed
Perform substantive procedures that are linked to the risk
Test of controls are performed when?
Controls are operating effectively
The entity extensively uses IT
When can prior year test results for test of controls be relied on?
If not a significant risk, but test of controls must be performed once every 3 years
Testing the design and operating effectiveness of controls includes obtaining evidence regarding:
The controls were present and functioning
How the controls were applied
The consistency in which they are applied
By who an by what means the control are applied
What is the audit evidence hierarchy?
Auditor knowledge
External evidence
Internal evidence
Oral evidence
What types of audit evidence is obtained when testing the design and effectiveness of controls?
A mix of inquiry, observation and inspection
What types of audit evidence is obtained when testing the operating effectiveness of controls?
A mix of inquiry, observation, inspection, and reperformance
If a control is applied on a transaction basis throughout the period, the auditor should use what type of testing?
Sampling to test the control
If controls are deemed to be operating effectively and can be relied upon, what should be done next?
Proceed to substantive procedures based on the assed risk of material misstatement
If controls are deemed to not be operating effectively, the auditor should:
Test alternative controls
OR
Reassess control risk, thereby resulting in the need for more reliable and extensive substantive procedures
What is used to detect material misstatement at the relative assertion level?
Substantive procedures
What is required for each material transaction class, account balance, or disclosure regardless of the assessed risk of material misstatement?
Substantive procedures
What should substantive procedures include?
Agreement to the financials
Examination of material journal entries or adjustments
Evaluation of the overall presentation of the financials
What are the two types of substantive procedures?
Tests of details
Substantive analytical procedures
This consists of audit procedures used to gather evidence to support the account balance as reflected in the financial statements
Test of details
This consist of evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data. Comparisons of recorded amounts to be independent expectations developed by the auditor.
Substantive analytical procedures
What type of substantive procedures I used when there is a large volume of predictable transactions?
Substantive analytical procedures
What type of substantive procedures is used when obtaining evidence regarding the existence nd valuation of account balances?
Test of details
What may be used to reduce detection risk to an acceptably low level if tests of controls indicate that control are operating effectively?
Substantive analytical procedures
What may be used if tests of controls indicate that control are not operating effectively?
Test of details only
Only use substantive testing at interim if…
Risk of material misstatement is low
Performing substantive procedures at an interim date increases the risk that?
The auditor will not detect material misstatements int he financials. The longer the period between interim and year end, the greater that risk
If there is an identified fraud risk of material misstatement, the auditor should perform substantive procedures when?
At or near year end
