AUD deck Flashcards

Question

What is the Allowable Risk of Over-reliance?

Answer 1

Risk of Assessing Control Risk too low Gives you the Sampling Risk

Answer 2

Attribute sampling is only useful when there is documented evidence (an audit trail) to test Use when the existence of an error needs to be verified or debunked

Answer 3

Testing for a dollar amount Value in sample gives information about value in entire population.

Answer 4

Mean Per Unit = Sample Average x Number in Population Stratification - Decreases effect of variance in population and reduces sample size

Answer 5

A form of Variable Sampling Does NOT use Standard Deviation Auditor focuses on a dollar amount Larger or more valuable items get picked more often as part of the sample

Answer 6

Misstatement found in sample - have to project it to remainder of population

Answer 7

PPS: Easier to use- Results in a stratified (homogenous) sample- Results in a smaller sample size to audit- Easy to design Classic Variables Sampling: Easy to expand sample size- Selecting zero and negative balances easy

Answer 8

Tolerable rate for error - Inverse relationship with sample size Risk of assessing Control Risk too low - Inverse relationship with sample size Expected population error rate - Direct relationship with sample size Population size does NOT affect the sample size - as population is larger- sample size doesn't grow.

Answer 9

SER + ASR < TER SER = Sample Error Rate ASR = Allowance for Sampling Risk TER = Tolerable Error Rate

Answer 10

The amount that you add to the Sampling Error Rate to get some cushion for your sample. As high as you think the population error rate could go based on experience.

Answer 11

The amount of error rate that you can accept - If population error rate is less than TER- then accept the Control as effective If population error rate is more than TER- do more testing to get SER lower or conclude control isn't effective. Do more substantive testing

Answer 12

Determine Test Objective - for example- have sales shipments been billed? Define Population and Deviation - take a sample of shipping document- trace forward to see if billed Determine Sample Size based on tolerable rate for error- risk of assessing Control Risk too low- and expected population error rate. Select Sampling Technique

Answer 13

Perform the Sampling Plan Evaluate Results Document Results

Answer 14

Every certain # of a population is selected Population needs to be randomly ordered Primary advantage is that population doesn't require pre-numbering

Answer 15

Also called Stop or Go sampling Each audit step determines the next step

Answer 16

Audit is testing an area that is so crucial that zero population errors can be tolerated Any phony employees on payroll?

Answer 17

Easy to implement- but is the worst method of sampling.

Answer 18

To provide users of financial information with REASONABLE ASSURANCE that the financial statements are not materially misstated.

Answer 19

Auditors are *not* responsible for detecting theft or fraud. Instead- they are responsible for providing REASONABLE ASSURANCE that the financial statements are not materially misstated.

Answer 20

The earlier the auditor is hired- the better for audit planning and efficiency.

Answer 21

If Control Risk for the accounts and/or transactions is low- audit procedures can be performed at interim dates. The auditor then reviews changes in the balances at year-end.

Answer 22

The auditor can take the engagement if they are able to overcome the limitations of the engagement.

Answer 23

To plan the scope of the audit To plan the objectives of the audit

Answer 24

The auditor can compare actual versus forecasted numbers.

Answer 25

If issues relating to predecessor auditor's work on previous Financial Statements come up during the current audit- Auditor must have client's permission to discuss the issue.

Answer 26

Were they adequately performed? (Review the working papers) Are the results consistent with the audit report?

Answer 27

Auditor determines what the reporting objectives are. Auditor determines the scope of the audit.

Answer 28

Materiality and Audit Risk

Answer 29

Training and Proficiency (Education and Audit Experience) Independence Due Professional Care (TIP)

Answer 30

Auditor must be independent in fact and appearance Honesty No direct financial interest No indirect material financial interest

Answer 31

``` Technical abilities mirror those held by peers in the profession Follow GAAS Standards Obtain a Reasonable Level of Assurance Maintain Reasonable Level of Skepticism Supervise Audit Staff Review judgment at every level ```

Answer 32

Planning and Supervision Internal Control Evidence (PIE)

Answer 33

Consistency Disclosures Opinion GAAP (CDOG)

Answer 34

Review the previous financial statements Speak to third parties Contact predecessor auditor to evaluate whether engagement should be accepted (must have client permission)

Answer 35

Note: must have permission of client to contact predecessor auditor (no permission = no engagement) Why the Auditor Change? Any Serious Discussions with Audit Committee? How is Management Integrity? Disagreements? How was Internal Control? Understand Industry or Be Willing to Learn Consider Scope Limitation - Limited evidence available = no engagement

Answer 36

Note: must be written Objectives of Engagement Limitations of Engagement Responsibilities of Management - Provide written assertions Responsibilities of Auditor - Limited error/fraud responsibility Expectations of Access to Records Financial Statements (and Disclosures) are Management's Responsibility Compliance with Laws Internal Control

Answer 37

Management is responsible for financial statements and adequacy of disclosures. ``` Presentation & Disclosure Existence (Tests Overstatements) Rights & Obligations Completeness (Tests Understatements) Valuation & Allocation ```

Answer 38

Responsible for Hiring Auditor Oversees Internal Control Must Agree with Auditor on: Responsibility of the Parties- Audit Fee- Timing of the Audit- Audit Plan Acts as Liaison Between Auditor and the Board Auditor Communicates Concerns about: Internal Control Deficiencies- Errors- Fraud- Illegal Activities

Answer 39

Inherent Risk x Control Risk x Detection Risk Risk that material mistakes- errors- omissions- or fraud will result in an inaccurate audit report Based on Auditor Judgment Measured in both Qualitative and Quantitative

Answer 40

Risk that internal control will not detect error or fraud Auditor cannot control this.

Answer 41

Which transactions have a higher level of risk? Auditor cannot control

Answer 42

Will the auditor fail to detect a material misstatement? Auditor CAN control Do testing at year-end Increase substantive testing Run more effective tests

Answer 43

Less Acceptable DR = Run More Substantive Tests More Acceptable DR = Run Less Substantive Tests More Substantive Tests (DR down) = Less Audit Risk; (AR = IR x CR x DR) Less Substantive Tests (DR up) = More Audit Risk; (AR = IR x CR x DR)

Answer 44

Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of percentages Non-Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of acceptable ranges

Answer 45

It is Management's responsibility.

Answer 46

Assess the RISK that such things will lead to material misstatements Design the audit to provide reasonable assurance against fraud- illegal acts that directly and materially affect the financial statements Report ALL management fraud to the audit committee (minor fraud by low-level employees not reported to committee) Perform required inquiries and procedures (management inquiries- analytical procedures- discussions with audit personnel about fraud)

Answer 47

Fraud is born out of: Rationalization Incentive Opportunity (RIO)

Answer 48

Errors are unintentional- fraud is intentional.

Answer 49

Management compensation tied to stock Aggressive financial forecasting Former auditor disagreed with Management Records not available for audit Current audit procedures may need to be reconsidered if red flags exist.

Answer 50

Has been observed in similar situations Does NOT necessarily mean that there is a material weakness in internal control Leads to an auditor taking action

Answer 51

Internal control analysis can result in the conclusion that IC is weak- but probably won't identify illegal acts

Answer 52

Strives to make audit engagement procedures less patterned and predictable Re-evaluates management's application of accounting procedures Finds and assigns audit personnel with relevant skills in this area

Answer 53

Any fraud risks identified that could lead to material misstatement Audit procedures performed to assess risks Nature of communication made to audit committee and company management Disclosure to third parties regarding fraud not normally the auditor's responsibility Fraud by management should normally be reported to the audit committee- NOT the SEC.

Answer 54

Created PCAOB Designates Officer responsibility for internal control Must disclose significant internal control weaknesses to auditor and audit committee Must disclose any level of fraud discovered by employees with internal control responsibilities

Answer 55

1. Statements on Auditing Standards (SAS) 2. Auditing Interpretations- AICPA Guides & SOPs 3. Industry Articles (no authority)

Answer 56

Firm Leadership exhibits quality and leads by example and sets the tone for the organization Firm should Monitor and document that its policies and procedures are being followed Firm should have Relevant Ethical Requirements Acceptance and continuance of client engagements should continue to be evaluated for client integrity- auditor competency- and legality Firm should have competent and ethical personnel Firm engagements are performed- supervised- and reviewed in accordance with professional standards and regulations.

Answer 57

SSARS - Statements on Standards for Accounting and Review Services These govern reporting for non-public entities only

Answer 58

Independence NOT required for Compilations No Internal Control work allowed No assurance given

Answer 59

Compilations are not an assurance service. No assurance is provided.

Answer 60

Reviews provide NEGATIVE assurance.

Answer 61

Reviews require independence. No Internal Control work allowed Performs analytical procedures No material indirect financial interest allowed No immaterial direct financial interest allowed

Answer 62

Must have an understanding of the client industry.

Answer 63

CPA expresses a conclusion about an assertion - Compliance with laws NOT considered a Consulting engagement Independence Required

Answer 64

Independence is not required for consulting services.

Answer 65

Report is restricted to specified users. Agreed-upon procedures are implemented.

Answer 66

Collection of evidence to support the opinion.

Answer 67

Evidence consists of client accounting data and supporting documentation from client or from third parties.

Answer 68

Evidence has an inverse relationship with Detection Risk The one aspect of Audit Risk an auditor can control through (N)ature (T)iming (E)xtent of audit procedures. Inherent Risk and Control risk are outside of auditor's control.

Answer 69

Detection Risk which is decreased by gathering evidence.

Answer 70

Inherent Risk and Control Risk are outside of an auditor's control.

Answer 71

Less Evidence collected. Opens door for incremental audit risk - Internal Control should be strong. Business and transactions should be relatively stable and predictable. (N) Less-competent Evidence collected (T) Interim testing acceptable (E) Fewer transactions are verified.

Answer 72

More Evidence collected (N) More-competent Evidence collected (T) End of year balance testing (E) More transactions are verified

Answer 73

Auditors are there to verify that Assets & Revenues are not overstated Expenses & Liabilities are not understated Exception - if the CPA Exam states that it is a tax-driven company flip them around

Answer 74

Cost vs. Benefit is a primary constraint.

Answer 75

Sufficient (quantity) Appropriate: Relevant & Reliable (Quality)

Answer 76

Best evidence: Observation of activity by auditor. 2nd Best: Originates from External Parties and is sent directly to auditor (or failing that items are generated by third party and provided to auditor by the client such as a bank statement) Weakest: Oral evidence from management.

Answer 77

Third party documents are more persuasive and credible than internally-prepared docs Auditor Knowledge = Most Persuasive 3rd Party info given to auditor 3rd Party info given to client Internally-prepared doc

Answer 78

Test substance/amounts/values. They help to reduce the risk of material misstatements. They only test accuracy of financial statements and dollar amounts - they don't test internal controls.

Answer 79

``` Trace (or Vouch) Reconcile Analytical Procedures Confirmations Examine evidence that supports management assertions. ``` (T.R.A.C.E.)

Answer 80

Auditors focus first on Balance Sheet Accounts then associated Income Statement items

Answer 81

Assurance Level is High. Acceptable Detection Risk is Low.

Answer 82

If Acceptable DR is High - Negative Confirmation is used - Customer only responds if balance is materially wrong. If Acceptable DR is Low - Positive Confirmation is used - Customer asked to confirm by telling auditor the balance. Corresponding Income Statement Account - Revenue

Answer 83

Review purchase orders/invoices Confirm with Vendors Corresponding Income Statement Account - Various Expenses

Answer 84

Examine purchase agreements Look at Board Minutes Is Inventory held as collateral? Corresponding Income Statement Account - COGS

Answer 85

Should match last year's ending balance.

Answer 86

If Beginning Balance Additions Subtractions are OK then Ending Balances should also be OK.

Answer 87

Foot all balances - Check the Math Trace Cash Flow items to other Financial Statements Check classifications - Operating Activities Investing Activities Financing Activities

Answer 88

Interest Paid Income Taxes Paid Non-cash Transactions Cash and Cash Equivalents Definitions

Answer 89

Results as if you had used Indirect Method Non-cash Transactions Cash and Cash Equivalents Definition

Answer 90

Subsequent events occur after the Balance Sheet Date but before the audit report is issued. Auditor needs to make inquiries and assess if they affect the audit report.

Answer 91

If audit report has already been issued and auditor becomes aware of a situation that was present as of the BS date client should issue a disclosure to financial statement users and/or revise the financial statement. Regulatory agencies might need to get involved under some circumstances.

Answer 92

If auditor discovers that they forgot to perform a substantive procedure auditor should determine if other substantive procedures performed served as a substitute. Otherwise support for their audit opinion could be jeopardized.

Answer 93

REQUIRED When planning the audit (preliminary) REQUIRED When reviewing the audit (final) Analytical procedures may be also performed optionally along with the substantive testing. Use of Analytical Procedures in the audit must be documented.

Answer 94

Helps the Auditor: Determine if Management Assertions are reasonable Develop audit plan Develop some expectations about the financial statement and hopefully bring to light any glaring errors on financial statement

Answer 95

Analytical Procedure focus is on dollar amounts (not internal controls) Analyzes Financial Data: Do Financial Statements Make Sense? Comparison of data between years

Answer 96

Current Ratio = Current Assets / Current Liabilities

Answer 97

Quick Ratio = Liquid Assets / Current Liabilities

Answer 98

Asset Turnover = Net Sales / Average Assets

Answer 99

Inventory Turnover = COGS / Average Inventory

Answer 100

Gross Margin % = Gross Margin / Sales

Answer 101

Ratios are Analytical Procedures

Answer 102

Budget vs. Actual comparisons are Analytical Procedures.

Answer 103

Ratio analysis Budget vs. Actual comparison Comparison of data between years Use of non-financial data to predict expected values for financial data

Answer 104

Management assertions help the auditor to plan the audit and select substantive tests.

Answer 105

Presentation - Cutoff Classification - Is it in the right period and category? Existence/ Occurrence - Did it happen? Does it exist? Rights & Obligations - Does the company own them? Completeness - Was everything recorded? Valuation - Are they worth the amount at which they are recorded? (PERCV)

Answer 106

Occurrence Cutoff Classification Completeness Accuracy

Answer 107

Occurrence Completeness Classification Accuracy

Answer 108

No it is an extended procedure. For example you don't have to take a loan covenant document and go search out that it's a valid loan covenant. Instead you consider the source - if it's externally prepared it's more persuasive.

Answer 109

First and foremost you need to understand management's rationale and methods for developing estimates before you can judge reasonableness. Next Auditor should formulate their own opinion on what a good estimate should be and compare it. Finally determine if subsequent events affect the estimate.

Answer 110

Audit workpapers are the property of the auditor. They can be paper or electronic. They must include a WRITTEN audit program (either paper or electronic).

Answer 111

Information pertaining to the current year's audit.

Answer 112

Information used for this audit and future audits which is updated as needed.

Answer 113

Must be kept for 5 years after the audit release date or according to regulations whichever is longer. Must be kept for 7 years under PCAOB Audit PCAOB audits also require an Engagement Completion Document

Answer 114

Any experienced auditor should be able to look at your work and understand what you did.

Answer 115

If further documents are added to the work papers after the audit report is issued it must be documented as to who added them why they were added and any effects on the audit report.

Answer 116

After the audit report is released the firm has 60 days to subtract from the file. You can still add to the file if you document it but you cannot delete any information after 60 days. Note - for SEC auditors the PCAOB only allows deletions up to 45 days after issuance of the audit report.

Answer 117

Control risk increases with poor Internal Controls and sloppy accounting practices.

Answer 118

Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.

Answer 119

Internal control provides reasonable assurance that Material misstatements will be prevented Reliability/integrity of financial statements will be preserved Assets are protected against misuse

Answer 120

CEO/CFO must disclose Internal Control deficiencies Management must provide assessment of Internal Control Management must certify Financial Statements

Answer 121

Inverse Relationship Stronger Internal Controls - Less Testing Needed Weaker Internal Controls - More Testing Needed

Answer 122

Reliability of Financial Reporting Operational Efficiency/Effectiveness Compliance with Law and Regulations

Answer 123

Control Environment Risk Assessment Information and Communication Monitoring Control Activities

Answer 124

Sets tone for the entire company

Answer 125

Integrity/Ethics of Management Competence of Management Organizational Structure Human Resource Policies Assignment of Authority/Responsibility Management's Style (riskier with a dominant/aggressive individual) Board/Audit Committee involvement

Answer 126

Detection Risk determines nature- timing- and extent of audit procedures.

Answer 127

Risk of material misstatement determines acceptable level of Detection Risk

Answer 128

Rapid growth in the company. The methods management uses to identify risk- estimate its significance and assess the likelihood of occurrence Major changes to operations- personnel- systems- IT- products- corporate organization- and foreign operations.

Answer 129

No Internal Control testing is performed. All audit procedures are increased in intensity to compensate for increased risk.

Answer 130

Auditor tests Internal Controls. Auditor evaluates Control Risk based on tests Auditor adjusts substantive tests accordingly Weaker Internal Control - More substantive tests Stronger Internal Control - Less substantive tests

Answer 131

Performance Reviews Information Processing Physical Controls Segregation of Duties

Answer 132

Understand Client's Major transaction classes Transaction initiation Support records/documents Transaction processing Financial Statement internal reporting process Financial Statement external reporting process

Answer 133

Through written documentation such as Internal Control memos- flowcharts- and questionnaires

Answer 134

Were all transactions recorded? Were they timely? Measured appropriately? Recorded in correct period? Presented and disclosed properly? Did Management communicate their responsibilities?

Answer 135

Auditor needs reasonable assurance that controls are functioning as designed and effective Internal Control Testing should be strong as (IRON) so that nothing gets past them Inquiry - Interview company personnel Re-performance - Can it be replicated? Observation - Watch the control be applied INspection - Dig into the details/documents If results are as expected- substantive procedures do not need to be adjusted

Answer 136

Controls tested by auditor in a prior year can be used in the current year's audit assuming they are re-tested every third year Exception If the control has changed since the last audit

Answer 137

Control Risk increases Scope of substantive procedures increases Detection Risk decreases Material Weakness - Reasonable possibility that a material misstatement in Financial Statements would not be found- more than a remote chance of occurrence

Answer 138

Reasonable possibility exists that a material misstatement in Financial Statements would not be found- and has more than a remote chance of occurrence.

Answer 139

Tests Completeness Starts with source document and traces forward to the journal entry.

Answer 140

Tests Existence. Starts with a journal entry and searches for a voucher or source document to support the entry.

Answer 141

Non-compatible duties performed by separate individuals- such as Authorization of asset disbursement vs. Recording of Assets vs. Custody of assets If supporting audit evidence doesn't exit - use Observation and Inquiry Accounting should be segregated from Production

Answer 142

Employees who prepare vouchers/invoices should not also have the authority to SIGN CHECKS Tip - Remember this as an underlying theme with Segregation of Duties. The authority to make a payment should not also lie in the hands of those creating invoices/vouchers. Why? People commit fraud by setting up fake companies and basically paying themselves

Answer 143

Employees who have custody of assets should not also RECORD those assets Someone in charge of petty cash should not also control the petty cash records Treasury Department (custodians) should NOT have record keeping duties They control assets and should not be able to adjust any recording of those assets

Answer 144

Controls can't stop collusion or bad judgment Management can override controls Cost vs. Benefit relationship of Internal Control

Answer 145

A written report to management is required. Report declaring that no material weaknesses were found is allowed Previous weaknesses reported that still exist should be reported again Should be reported no later than 60 days after audit report release date If one or more material weaknesses is uncorrected at year-end- an Adverse Opinion on Internal Control must be given

Answer 146

A significant deficiency adversely affects a company's ability to report in the financial statements according to GAAP. A significant deficiency is a more than a remote likelihood of material misstatement by more than an inconsequential amount

Answer 147

If a Significant Deficiency is identified- a written report to management required Report declaring that no significant deficiencies exist is not allowed Previous deficiencies reported that still exist should be reported again Should be reported no later than 60 days after the audit report release date

Answer 148

A control is not operating as intended.

Answer 149

Are they competent? Are they objective?

Answer 150

Auditor needs to understand the role of Internal Auditors within the organization because their work affects the audit plan Responsibility for judgments about materiality or appropriateness of entries or estimates cannot be shared with third parties like Internal Auditors Internal Auditors should be asked to do some of the legwork like preparing schedules or running reports They should not be asked to make any decisions or judgments

Answer 151

CEO/CFO must disclose deficiencies Management must provide assessment of Internal Controls Management must certify Financial Statements

Answer 152

Has inverse relationship Stronger Internal Control results in LESS substantive testing Weaker Internal Control leads to MORE substantive testing

Answer 153

Reliability of Financial Reporting Operational Efficiency/Effectiveness Compliance with Law and Regulations

Answer 154

Control Activities Risk Assessment Information and Communications Monitoring Control Environment

Answer 155

Integrity/Ethics of Management Competence of Management Organizational Structure Human Resources Policies Assignment of Authority/Responsibility Management's Style (riskier with a dominant/aggressive individual) Board/Audit Committee involvement

Answer 156

Auditor tests Internal Controls. Auditor evaluates Control Risk based on tests Auditor adjusts substantive tests accordingly Weaker Internal Control - More substantive tests Stronger Internal Control - Less substantive tests

Answer 157

Understand Client's Major transaction classes Transaction initiation Support records/documents Transaction processing Financial Statement internal reporting process Financial Statement external communication process

Answer 158

Auditor must document understanding of Internal Control via Memos - Flowcharts - Questionnaires

Answer 159

Auditor needs reasonable assurance that controls are functioning as designed and effective Internal Control Testing should be strong as (IRON) so that nothing gets past them Inquiry - Interview company personnel Re-performance - Can it be replicated? Observation - Watch the control be applied INspection - Dig into the details/documents If results are as expected - substantive procedures do not need to be adjusted

Answer 160

Preparation and Fair Presentation of Financial Statements in accordance with the Applicable Financial Reporting Framework

Answer 161

Internal Control Design, Implementation, Maintenance

Answer 162

Introduction Management's Responsibility for the F/S Auditor's Responsibility Opinion

Answer 163

Introduction Management's Responsibility for F/S Auditor's Responsibility Basis for (Modified) Opinion (Modified) Opinion

Answer 164

Introduction Management's Responsibility for the F/S Auditor's Responsibility Opinion Emphasis-of-Matter Other-Matter