Audit Flashcards
What is Management Responsible for in regards to the Financial Statements?
Preparation and Fair Presentation of Financial Statements in accordance with the Applicable Financial Reporting Framework
What are the requirements for an Audit Report?
Must conform to GAAP Consistency with prior period reporting is implied (must state if inconsistent) Adequacy of disclosure is implied (must state if disclosures are lacking) Opinion is provided - provides assurance Must be signed by the auditor and dated.
What is Audit Sampling?
Taking part of a population- subjecting it to audit procedures- projecting results to a population
What is the primary duty of an auditor?
To provide users of financial information with REASONABLE ASSURANCE that the financial statements are not materially misstated.
What is the majority of an auditor’s work in determining an audit opinion?
Collection of evidence to support the opinion.
When is an audit of IT NOT required?
Controls are redundant to another department The system does not appear to be reliable and testing controls would not be an efficient use of time Costs exceed benefit
If Internal Control is poor and a company’s accounting practices are sloppy - which risk is higher?
Control risk increases with poor Internal Controls and sloppy accounting practices.
Who created the International Auditing Standards?
The International Auditing and Assurance Standards Board (IAASB) Member of the International Federation of Accountants (IFAC)
What engagements are covered by the AICPA Code of Professional Conduct?
Covers all professional engagements and is the minimum standard of conduct Member should additionally follow specific standards for a specific engagement
What is Management Responsible for in regards to Internal Control?
Internal Control Design, Implementation, Maintenance
How should an Audit Report be adjusted if reporting is not consistent with the prior period?
If inconsistent- an Unqualified Opinion is OK Explanatory paragraph after Opinion is added Otherwise - Qualified Opinion issued
What are the characteristics of Statistical Sampling?
Based on formulas Helps find an appropriate audit sample Helps evaluate evidence obtained Helps evaluate results and quantify Sampling Risk
What is the auditor’s responsibility for detecting theft or fraud?
Auditors are *not* responsible for detecting theft or fraud. Instead- they are responsible for providing REASONABLE ASSURANCE that the financial statements are not materially misstated.
Of what does audit Evidence consist?
Evidence consists of client accounting data and supporting documentation from client or from third parties.
When can an audit of IT be performed without directly interacting with the system?
System isn’t complex or complicated System output is detailed
If Internal Control is poor - what is the effect on the audit?
Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.
For whom were IAASB International Auditing Standards created?
IAASB standards are for countries that don’t have their own standards and help set the tone for the rest of the members who do have their own standards (AICPA) IAASB doesn’t override member standards
What must an accountant have under the AICPA Code of Professional Conduct?
Integrity Objectivity No Conflicts of Interest No known misrepresentations of facts No outsourcing of judgment
What are the 4 paragraphs in the Audit Report for an Unmodified Opinion?
Introduction Management’s Responsibility for the F/S Auditor’s Responsibility Opinion
When is consistency not violated with respect to changes in reporting between years?
Accounting Errors Reclassifications Prospective treatment of a new principle Accounting Estimate Change
What are the characteristics of Non-Statistical Sampling?
Based on human decision Equally acceptable as Statistical Sampling
When should an auditor be hired in relation to the balance sheet date for optimum audit planning and efficiency?
The earlier the auditor is hired- the better for audit planning and efficiency.
What is the relationship between Evidence and Detection Risk?
Evidence has an inverse relationship with Detection Risk The one aspect of Audit Risk an auditor can control through (N)ature (T)iming (E)xtent of audit procedures. Inherent Risk and Control risk are outside of auditor’s control.
What is the role of a Database Administrator?
Maintains database Restricts access Responsible for IT internal control
What does Internal Control provide reasonable assurance for?
Internal control provides reasonable assurance that Material misstatements will be prevented Reliability/integrity of financial statements will be preserved Assets are protected against misuse
What financial approach is used under IAASB audit standards?
IAASB standards are based on a risk assessment approach
What are threats and safeguards to independence?
Safeguards > Threats - Independence Threats > Safeguards - No Independence
What are the 5 paragraphs in the Audit Report for an Modified Opinion?
Introduction Management’s Responsibility for F/S Auditor’s Responsibility Basis for (Modified) Opinion (Modified) Opinion
What assurance is provided in an audit opinion?
The opinion states that the financial statements are fairly presented in all material respects The opinion states if the financials are in conformity with GAAP.
What are the characteristics of Substantive Tests?
Variables sampling Probability proportionate to size sampling
When can audit procedures be performed at interim dates?
If Control Risk for the accounts and/or transactions is low- audit procedures can be performed at interim dates. The auditor then reviews changes in the balances at year-end.
Which aspects of Audit Risk can an auditor control?
Detection Risk which is decreased by gathering evidence.
What is the role of a Systems Analyst?
Recommends changes or upgrades Liaison between IT and users
What is required in an examination of Internal Control under Sarbanes-Oxley?
CEO/CFO must disclose Internal Control deficiencies Management must provide assessment of Internal Control Management must certify Financial Statements
How do IAASB audit standards compare to US audit standards?
IAASB - No Internal Control audits IAASB - No Referencing another Audit Firm IAASB - Less detailed documentation IAASB - Required: obtain written fraud assessment IAASB - Required: location of auditor’s home office
What are the threats to independence?
Self-Review (Auditing own work) Advocate of the Client Adverse Interest (Lawsuit against Client) Too familiar with Client - could impair the appearance of Independence to public Undue influence on Client - On Board of Directors- exception being an Honorary board position
In an Unmodified Opinion with Emphasis-of-Matter / Other-Matter sections, what is the order of the paragraphs?
Introduction Management’s Responsibility for the F/S Auditor’s Responsibility Opinion Emphasis-of-Matter Other-Matter
What are the sections of the Audit Report?
Title - States that the auditor is independent Address - whomever hired the auditor Introduction Paragraph Scope Paragraph Opinion Paragraph Signed and Dated by Author
What type of sampling are Control Tests?
Attribute Sampling
When can an auditor accept an engagement offered after the year is already closed?
The auditor can take the engagement if they are able to overcome the limitations of the engagement.
Which aspects of Audit Risk can an auditor NOT control?
Inherent Risk and Control Risk are outside of an auditor’s control.
What is the role of the data Librarian?
Responsible for disc storage Holds system documentation
What is the relationship between Internal Control and Substantive Testing?
Inverse Relationship Stronger Internal Controls - Less Testing Needed Weaker Internal Controls - More Testing Needed
What are International Ethical Standards?
Standards set by International Ethics Standards Board for Accountants (IESBA) Code of Ethics for Professional Accountants - Similar to AICPA Code of Professional Conduct
What are the Safeguards to independence?
Offset the threats Safeguards are created by Legislation (SOX)- Client (Audit Committee)- Accounting Firm (Policies)
Which statements are included in the Scope Paragraph of the Audit Report?
GAAS was followed (IF SEC company- uses the standard of the PCAOB) Reasonable assurance about material misstatements was obtained. Financial statements and disclosures are supported by evidence. Management estimates evaluated Accounting principles evaluated Financial Statement presentation evaluated Reasonable basis exists for an opinion If any scope limitations exist- the auditor tries to work around them and still issue an unqualified opinion if possible.
What is Sampling Risk?
Risk that your sample isn’t representative of population Can happen even if audit is done properly
For what does an auditor use professional skepticism?
To plan the scope of the audit To plan the objectives of the audit
How does a high level of acceptable Detection Risk affect an audit?
Less Evidence collected. Opens door for incremental audit risk - Internal Control should be strong. Business and transactions should be relatively stable and predictable. (N) Less-competent Evidence collected (T) Interim testing acceptable (E) Fewer transactions are verified.
What is the benefit of Generalized Audit Software in an audit?
Uses computer speed to quickly sort data and files- which leads to a more efficient audit Compatible with different client IT systems Extracts evidence from client databases Tests data without auditor needing to spend time learning the IT system in detail Client-tailored or commercially produced
What are the 3 objectives of Internal Control?
Reliability of Financial Reporting Operational Efficiency/Effectiveness Compliance with Law and Regulations
Which groups are covered under the three sections of the International Ethical Standards?
A) Covers all accountants B) Covers Public accountants C) Covers accountants in a business environment
What are the characteristics of a Covered Member?
On the engagement team- have Significant influence on Audit- such as: Reviewing Partner Managing Partner in CPA Firm Firm Personnel who does more than 10 hours of non-attest work (Income Taxes) Partner sharing office with another Partner who oversees an engagement Financial Interest in Client by Covered Member (Auditor on Engagement)
For an unqualified opinion to be issued- what must be the case with all periods presented?
A prior year’s Financial Statement used for comparative purposes must also meet criteria for an Unqualified Opinion If an exception arises- the Explanatory and Opinion paragraphs will address the issue If a prior year’s issue has been corrected - issue an Unqualified opinion and ignore the past issue
What is the risk of assessing Control Risk too high?
A risk of Control Testing - Auditor works to make Control Risk lower More substantive tests - Sample overstates Control Risk- Leads to an under-reliance on internal control- over-testing- and overall audit inefficiency Audit ends up being effective (correct result)- but you do more work
How can analytical procedures be performed in audit planning?
The auditor can compare actual versus forecasted numbers.
What should occur when a low level of Detection Risk is acceptable?
More Evidence collected (N) More-competent Evidence collected (T) End of year balance testing (E) More transactions are verified
What is a Relational Database?
Group of related spreadsheets Retrieves information through Queries
What are the 5 components of Internal Control?
Control Environment Risk Assessment Information and Communication Monitoring Control Activities
What are the requirements for all accountants under the International Ethical Standards?
Accountants should have Integrity Accountants should be Objective Accountants should have Competence Accountants should exercise Due Care Accountants should maintain Confidentiality Accountants should act Professionally
What are the requirements for a Covered Member?
No direct financial interest No Material indirect financial interest Firm personnel who are not Covered Members cannot own more than 5% of stock Covered Member’s immediate family cannot own more than 5% of stock or be employed in Key positions. If Covered member is aware of this- it will impair independence. Cannot make management decisions. All requirements apply during the period of the professional engagement- and as long as they are a client.
What is included in an unqualified opinion paragraph with an emphasis?
Includes: Immaterial GAAP issues Going Concern worries Auditor shares responsibility Emphasizing a particular aspect of Financial Statements Unqualified Opinion/Assurances not affected Explanatory paragraph added after opinion
What is the risk of assessing Control Risk too low?
A risk of Control Testing - Complement to Confidence Level Inverse relationship to Sample Size Higher accepted risk of assessing Control Risk too low = Smaller Sample Lower accepted risk of assessing Control Risk too low = Larger Sample
What must an auditor have in order to discuss issues relating to a predecessor auditor’s work?
If issues relating to predecessor auditor’s work on previous Financial Statements come up during the current audit- Auditor must have client’s permission to discuss the issue.
What are the primary risks in an audit for a typical for-profit company?
Auditors are there to verify that Assets & Revenues are not overstated Expenses & Liabilities are not understated Exception - if the CPA Exam states that it is a tax-driven company flip them around
What is a Data Definition Language?
A language that defines a database and gives information on database structure. It maintains tables- which can be joined together. It establishes database constraints.
What is the purpose for a Control Environment assessment?
Sets tone for the entire company
What questions should public accountants pose to themselves under the International Ethical Standards?
What are the threats/safeguards? Does this new client threaten our ethics? What are the conflicts of interest? What are the threats/safeguards for offering a second opinion? What are the threats/safeguards for receiving commissions or contingent fees? Is our marketing truthful? What are the threats/safeguards for receiving client gifts? What are the threats/safeguards to objectivity?
What happens when a Covered Member disagrees with a Supervisor?
If Supervisor’s position is still GAAP/GAAS- defer to Supervisor If Supervisor’s position is not GAAP/GAAS- report to higher levels of management If management ignores you- consider leaving the firm
What is the effect of a qualified opinion?
A qualified opinion creates reduced assurances. It results from scope limitations or major inconsistencies. It includes material problems with GAAP- disclosures- or segment reporting. If there is an issue that causes a Qualified Opinion- the explanatory paragraph goes after the Scope and before the Opinion paragraphs and the Opinion paragraph refers to the issue as well.
What are the risks if the auditor concludes controls are operating effectively based on the sample and Control Risk is set too low?
Leads to higher Detection Risk - Fewer substantive tests Sample understates Control Risk This error leads to over-reliance on internal control- under-testing- and overall audit ineffectiveness. Does NOT necessarily mean that the Financial Statements are materially misstated - it does mean that if there is one- you are less likely to find it
What questions must an auditor ask with respect to procedures carried out by assistants?
Were they adequately performed? (Review the working papers) Are the results consistent with the audit report?
What is the primary constraint on audit evidence?
Cost vs. Benefit is a primary constraint.
What functions are performed by a Data Manipulation Language?
Maintains and queries a database Auditor needs information- so client uses DML to get the information needed
What are the components of the Control Environment?
Integrity/Ethics of Management Competence of Management Organizational Structure Human Resource Policies Assignment of Authority/Responsibility Management’s Style (riskier with a dominant/aggressive individual) Board/Audit Committee involvement
When is independence required?
Audit Review Attestation Engagement
How is the Audit Report changed if there is Scope Limitation?
Qualified opinion is issued. Scope paragraph modified Explanatory paragraph between Scope and Opinion paragraphs Opinion paragraph points out scope limitation
What is the risk of Incorrect Acceptance?
A risk of Substantive Testing - Auditor accepts a balance as fairly stated- when in fact it is not fairly stated Hurts audit effectiveness Wrong conclusion reached Efficient- but not effective
How is audit strategy mapped out?
Auditor determines what the reporting objectives are. Auditor determines the scope of the audit.
What characteristics should audit evidence have?
Sufficient (quantity) Appropriate: Relevant & Reliable (Quality)
What functions are performed by a Data Control Language?
A Data Control Language controls a database and restricts access to the database.
What does an auditor’s assessment of Detection Risk determine?
Detection Risk determines nature- timing- and extent of audit procedures.
What are the requirements for Non-attest engagements?
Agreement must be in writing. Independence not required - Must state if you are not independent Applicable engagements: Consulting- Compilation
How is the Audit Report modified for major inconsistencies found during the audit?
Qualified opinion is issued. Scope paragraph remains unchanged Explanatory paragraph between Scope and Opinion paragraphs Opinion paragraph points out inconsistency
What is the risk of Incorrect Rejection?
A risk of Substantive Testing - Auditor rejects balance as fairly stated when in fact it is fairly stated Hurts audit efficiency Wrong recommendations given Effective- but not efficient
What are the foundations of Generally Accepted Audit Standards (GAAS)?
Materiality and Audit Risk
How does the quality of audit evidence vary depending on who has provided it?
Best evidence: Observation of activity by auditor. 2nd Best: Originates from External Parties and is sent directly to auditor (or failing that items are generated by third party and provided to auditor by the client such as a bank statement) Weakest: Oral evidence from management.
What are Check Digits?
A numerical character consistently added to a set of numbers. It makes it more difficult for a fraudulent account to be set up or go undetected.
What determines the acceptable level of Detection Risk?
Risk of material misstatement determines acceptable level of Detection Risk
Which standards apply to consulting engagements?
Consulting engagements are covered by Statements on Standards for Consulting Services (SSCS) Requirements: Competence- Due Care- Planning- Supervision- Obtain Sufficient Data- Must Serve Client Interest- Must have written or oral agreement- must communicate with client.
How does a Disclaimer of Opinion affect the Audit Report?
States that an opinion cannot be issued. Includes severe Scope limitation
What is Non-Sampling Risk?
Risk of human (auditor) missing an error Also called exception- error or deviation.
What are the General Standards for auditing?
Training and Proficiency (Education and Audit Experience) Independence Due Professional Care (TIP)
Which documents are the most persuasive and credible?
Third party documents are more persuasive and credible than internally-prepared docs Auditor Knowledge = Most Persuasive 3rd Party info given to auditor 3rd Party info given to client Internally-prepared doc
What is the purpose of a Code Review?
A Code Review tests a program’s processing logic. Advantageous because auditor gains a greater understanding of the program.
What items could increase the risk of material misstatement?
Rapid growth in the company. The methods management uses to identify risk- estimate its significance and assess the likelihood of occurrence Major changes to operations- personnel- systems- IT- products- corporate organization- and foreign operations.
List some common consulting engagements.
Advisory Services Transaction Services Management Consulting Implementation Services
What would cause an Adverse Opinion?
Very material GAAP and Disclosure issues would cause an Adverse Opinion. If there is an issue that causes an Adverse Opinion- the explanatory paragraph goes after the Scope and Before the Opinion paragraphs and the Opinion paragraph refers to the issue as well
How does Sampling Risk compare to Non-Sampling Risk?
Sampling Risk deals with the chance that your audit sample is flawed Non-Sampling risk deals with the chance that your human decisions/conclusions are flawed
Describe the key components of maintaining auditor independence.
Auditor must be independent in fact and appearance Honesty No direct financial interest No indirect material financial interest
What are Substantive Procedures?
Test substance/amounts/values. They help to reduce the risk of material misstatements. They only test accuracy of financial statements and dollar amounts - they don’t test internal controls.
What is the purpose of a Limit Test?
Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range. Did anyone score higher than 100%?
What happens when Control Risk is assessed to be at the maximum level?
No Internal Control testing is performed. All audit procedures are increased in intensity to compensate for increased risk.
What is the rule concerning contingent fees for a covered member?
Not allowed if Member also performs services where independence is required Commissions or referral fees for Covered Members are not allowed Example - Audit firm gets a commission for recommending to Client that they implement a new A/P System…NOT Allowed If a firm performing non-attest work doesn’t also perform Covered Member services (aka - Independence not required)- then Firm can get a commission on referring products/services- but they must disclose to the Client Tax Preparation - Payment according to refund amount is disallowed
How is division of auditor responsibility disclosed?
Disclosed in Introductory Paragraph. Doesn’t name the other auditor without permission. Referenced in Opinion paragraph and division of responsibility indicated If other auditor is not referenced- then you take responsibility for their conclusions- so consideration of independence- experience- credentials- etc required
What is Attribute Sampling?
Looking at Control Procedures - Were invoices approved when paid? Errors are stated in terms of %- not dollar amounts For example- 5 invoices out of 100 were not properly paid. Error rate is 5% Hint: If you see Error Rate on the Exam- they are referring to Attribute Sampling.
Describe Due Professional Care
Technical abilities mirror those held by peers in the profession Follow GAAS Standards Obtain a Reasonable Level of Assurance Maintain Reasonable Level of Skepticism Supervise Audit Staff Review judgment at every level
What are the substantive tests that are most often performed?
Trace (or Vouch) Reconcile Analytical Procedures Confirmations Examine evidence that supports management assertions. (T.R.A.C.E.)
What is the Test Data Method?
Auditor processes data with client’s computer - fake transactions are used to test program control procedures. Each control needs to only be tested once Problem with this method - fake data could combine with real data.
What happens when Control Risk is below the maximum level?
Auditor tests Internal Controls. Auditor evaluates Control Risk based on tests Auditor adjusts substantive tests accordingly Weaker Internal Control - More substantive tests Stronger Internal Control - Less substantive tests
When are contingent fees allowed?
When fees are structured relative to judicial proceedings. Example: IRS audit- or filing an amended tax return subject to tax case with a different taxpayer.
What standards govern SSARS engagements?
Compilations are governed by SSARS (Statements on Standards for Accounting and Review Services)