AUDIT Flashcards
Who created the International Auditing Standards?
The International Auditing and Assurance Standards Board (IAASB)
Member of the International Federation of Accountants (IFAC)
For whom were IAASB International Auditing Standards created?
IAASB standards are for countries that don’t have their own standards and help set the tone for the rest of the members who do have their own standards (AICPA)
IAASB doesn’t override member standards
What financial approach is used under IAASB audit standards?
IAASB standards are based on a risk assessment approach
How do IAASB audit standards compare to US audit standards?
IAASB - No Internal Control audits
IAASB - No Referencing another Audit Firm
IAASB - Less detailed documentation
IAASB - Required: obtain written fraud assessment
IAASB - Required: location of auditor’s home office
What are International Ethical Standards?
Standards set by International Ethics Standards Board for Accountants (IESBA)
Code of Ethics for Professional Accountants - Similar to AICPA Code of Professional Conduct
Which groups are covered under the three sections of the International Ethical Standards?
A) Covers all accountants
B) Covers Public accountants
C) Covers accountants in a business environment
What are the requirements for all accountants under the International Ethical Standards?
Accountants should have Integrity
Accountants should be Objective
Accountants should have Competence
Accountants should exercise Due Care
Accountants should maintain Confidentiality
Accountants should act Professionally
What questions should public accountants pose to themselves under the International Ethical Standards?
What are the threats/safeguards?
Does this new client threaten our ethics?
What are the conflicts of interest?
What are the threats/safeguards for offering a second opinion?
What are the threats/safeguards for receiving commissions or contingent fees?
Is our marketing truthful?
What are the threats/safeguards for receiving client gifts?
What are the threats/safeguards to objectivity?
What is the primary duty of an auditor?
To provide users of financial information with REASONABLE ASSURANCE that the financial statements are not materially misstated.
What is the auditor’s responsibility for detecting theft or fraud?
Auditors are not responsible for detecting theft or fraud.
Instead- they are responsible for providing REASONABLE ASSURANCE that the financial statements are not materially misstated.
When should an auditor be hired in relation to the balance sheet date for optimum audit planning and efficiency?
The earlier the auditor is hired- the better for audit planning and efficiency.
When can audit procedures be performed at interim dates?
If Control Risk for the accounts and/or transactions is low- audit procedures can be performed at interim dates.
The auditor then reviews changes in the balances at year-end.
When can an auditor accept an engagement offered after the year is already closed?
The auditor can take the engagement if they are able to overcome the limitations of the engagement.
For what does an auditor use professional skepticism?
To plan the scope of the audit
To plan the objectives of the audit
How can analytical procedures be performed in audit planning?
The auditor can compare actual versus forecasted numbers.
What must an auditor have in order to discuss issues relating to a predecessor auditor’s work?
If issues relating to predecessor auditor’s work on previous Financial Statements come up during the current audit- Auditor must have client’s permission to discuss the issue.
What questions must an auditor ask with respect to procedures carried out by assistants?
Were they adequately performed? (Review the working papers)
Are the results consistent with the audit report?
How is audit strategy mapped out?
Auditor determines what the reporting objectives are.
Auditor determines the scope of the audit.
Describe the key components of maintaining auditor independence.
Auditor must be independent in fact and appearance
Honesty
No direct financial interest
No indirect material financial interest
Describe Due Professional Care
Technical abilities mirror those held by peers in the profession
Follow GAAS Standards
Obtain a Reasonable Level of Assurance
Maintain Reasonable Level of Skepticism
Supervise Audit Staff
Review judgment at every level
What should an auditor do prior to accepting an audit engagement?
Review the previous financial statements
Speak to third parties
Contact predecessor auditor to evaluate whether engagement should be accepted (must have client permission)
What questions should be asked by an auditor prior to taking an engagement?
Note: must have permission of client to contact predecessor auditor (no permission = no engagement)
Why the Auditor Change?
Any Serious Discussions with Audit Committee?
How is Management Integrity? Disagreements?
How was Internal Control?
Understand Industry or Be Willing to Learn
Consider Scope Limitation - Limited evidence available = no engagement
What should be included in an audit engagement agreement?
Note: must be written
Objectives of Engagement
Limitations of Engagement
Responsibilities of Management - Provide written assertions
Responsibilities of Auditor - Limited error/fraud responsibility
Expectations of Access to Records
Financial Statements (and Disclosures) are Management’s Responsibility
Compliance with Laws
Internal Control
What is management’s responsibility with respect to the financial statements?
Management is responsible for financial statements and adequacy of disclosures.
Presentation & Disclosure
Existence (Tests Overstatements)
Rights & Obligations
Completeness (Tests Understatements)
Valuation & Allocation
What is the purpose of the Audit Committee?
Responsible for Hiring Auditor
Oversees Internal Control
Must Agree with Auditor on: Responsibility of the Parties- Audit Fee- Timing of the Audit- Audit Plan
Acts as Liaison Between Auditor and the Board
Auditor Communicates Concerns about: Internal Control Deficiencies- Errors- Fraud- Illegal Activities
How is Audit Risk calculated?
Inherent Risk x Control Risk x Detection Risk
Risk that material mistakes- errors- omissions- or fraud will result in an inaccurate audit report
Based on Auditor Judgment
Measured in both Qualitative and Quantitative
Describe Control Risk
Risk that internal control will not detect error or fraud
Auditor cannot control this.
Describe Inherent Risk.
Which transactions have a higher level of risk?
Auditor cannot control
Describe Detection Risk.
Will the auditor fail to detect a material misstatement?
Auditor CAN control
Do testing at year-end
Increase substantive testing
Run more effective tests
What responses should an auditor take based on different levels of acceptable detection risk (DR)? What type of tests should be performed?
Less Acceptable DR = Run More Substantive Tests
More Acceptable DR = Run Less Substantive Tests
More Substantive Tests (DR down) = Less Audit Risk; (AR = IR x CR x DR)
Less Substantive Tests (DR up) = More Audit Risk; (AR = IR x CR x DR)
What are quantitative measurements versus non-quantitative measurements with respect to risk?
Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of percentages
Non-Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of acceptable ranges
Whose responsibility is it to FIND and PREVENT fraud?
It is Management’s responsibility.
What is the auditor’s responsibility with respect to fraud and illegal acts?
Assess the RISK that such things will lead to material misstatements
Design the audit to provide reasonable assurance against fraud- illegal acts that directly and materially affect the financial statements
Report ALL management fraud to the audit committee (minor fraud by low-level employees not reported to committee)
Perform required inquiries and procedures (management inquiries- analytical procedures- discussions with audit personnel about fraud)
What are the three factors that affect/influence fraud?
Fraud is born out of:
Rationalization
Incentive
Opportunity
(RIO)
What is the difference between fraud and errors?
Errors are unintentional- fraud is intentional.
What red flags may indicate higher risk in an audit?
Management compensation tied to stock
Aggressive financial forecasting
Former auditor disagreed with Management
Records not available for audit
Current audit procedures may need to be reconsidered if red flags exist.
Describe the characteristics of a Fraud Risk Factor.
Has been observed in similar situations
Does NOT necessarily mean that there is a material weakness in internal control
Leads to an auditor taking action
What does an examination of internal control accomplish with respect to illegal acts?
Internal control analysis can result in the conclusion that IC is weak- but probably won’t identify illegal acts
What is the purpose of adjusting audit procedures in light of fraud risk factors identified during an audit?
Strives to make audit engagement procedures less patterned and predictable
Re-evaluates management’s application of accounting procedures
Finds and assigns audit personnel with relevant skills in this area
What should be documented with respect to fraud risk factors in an audit?
Any fraud risks identified that could lead to material misstatement
Audit procedures performed to assess risks
Nature of communication made to audit committee and company management
Disclosure to third parties regarding fraud not normally the auditor’s responsibility
Fraud by management should normally be reported to the audit committee- NOT the SEC.
What was the effect of the SOX Act of 2002?
Created PCAOB
Designates Officer responsibility for internal control
Must disclose significant internal control weaknesses to auditor and audit committee
Must disclose any level of fraud discovered by employees with internal control responsibilities
What is the Hierarchy of Authoritative Literature?
- Statements on Auditing Standards (SAS)
- Auditing Interpretations- AICPA Guides & SOPs
- Industry Articles (no authority)
What quality control activities are undertaken by CPA firms with audit practices?
Firm Leadership exhibits quality and leads by example and sets the tone for the organization
Firm should Monitor and document that its policies and procedures are being followed
Firm should have Relevant Ethical Requirements
Acceptance and continuance of client engagements should continue to be evaluated for client integrity- auditor competency- and legality
Firm should have competent and ethical personnel
Firm engagements are performed- supervised- and reviewed in accordance with professional standards and regulations.
Which literature governs Compilation services?
SSARS - Statements on Standards for Accounting and Review Services
These govern reporting for non-public entities only
What is the independence requirement for Compilations?
Independence NOT required for Compilations
No Internal Control work allowed
No assurance given
What type of assurance is provided by a Compilation?
Compilations are not an assurance service. No assurance is provided.
What type of assurance is provided by Review services?
Reviews provide NEGATIVE assurance.
What is the independence requirement for a Review?
Reviews require independence.
No Internal Control work allowed
Performs analytical procedures
No material indirect financial interest allowed
No immaterial direct financial interest allowed
For compilations and reviews- what knowledge must a service provider have?
Must have an understanding of the client industry.
What are attestation services?
CPA expresses a conclusion about an assertion - Compliance with laws
NOT considered a Consulting engagement
Independence Required
What is the independence requirement for consulting services?
Independence is not required for consulting services.
Describe the limitations on Prospective Financial Statements?
Report is restricted to specified users.
Agreed-upon procedures are implemented.
What is the role of the Group Engagement Team?
Develop Audit Strategy; Communicate with Component Auditors; Perform work on the Consolidation Process; Evaluate Audit Conclusions; Understand work of Component Auditors;
Who is on the Group Engagement Team?
Firm Partners; Group Engagement Partner; Audit Staff
Who establishes the Materiality threshold for the Component Auditor?
The Group Engagement Team; The Materiality threshold must be lower than the Group Materiality threshold
What is the Group Engagement Partner responsible for?
Group Audit Engagement Direction - Supervision - Performance and the Audit Report
What is the role of a Component Auditor
Audit a component of the entity
What should the Group Engagement Team do if a Component Auditor audits a Significant Component due to Financial Materiality?
Audit the Financial Information
What should the Group Engagement Team do if a Component Auditor audits a Significant Component due to Risk of Material Misstatement?
Perform Audit Procedures
What should the Group Engagement Team do if a Component Auditor audits a Non-Significant Component?
Analytical Procedures performed at Group Level
Why does an Auditor do if they suspect legal proceedings could contribute to a Material Misstagement?
Contact Client external counsel through a Letter of Inquiry
What is the majority of an auditor’s work in determining an audit opinion?
Collection of evidence to support the opinion.
Of what does audit Evidence consist?
Evidence consists of client accounting data and supporting documentation from client or from third parties.
What is the relationship between Evidence and Detection Risk?
Evidence has an inverse relationship with Detection Risk
The one aspect of Audit Risk an auditor can control through (N)ature (T)iming (E)xtent of audit procedures.
Inherent Risk and Control risk are outside of auditor’s control.
Which aspects of Audit Risk can an auditor control?
Detection Risk which is decreased by gathering evidence.
Which aspects of Audit Risk can an auditor NOT control?
Inherent Risk and Control Risk are outside of an auditor’s control.
How does a high level of acceptable Detection Risk affect an audit?
Less Evidence collected. Opens door for incremental audit risk - Internal Control should be strong.
Business and transactions should be relatively stable and predictable.
(N) Less-competent Evidence collected
(T) Interim testing acceptable
(E) Fewer transactions are verified.
What should occur when a low level of Detection Risk is acceptable?
More Evidence collected
(N) More-competent Evidence collected
(T) End of year balance testing
(E) More transactions are verified
What are the primary risks in an audit for a typical for-profit company?
Auditors are there to verify that
Assets & Revenues are not overstated
Expenses & Liabilities are not understated
Exception - if the CPA Exam states that it is a tax-driven company flip them around
What is the primary constraint on audit evidence?
Cost vs. Benefit is a primary constraint.
What characteristics should audit evidence have?
Sufficient (quantity)
Appropriate: Relevant & Reliable (Quality)
How does the quality of audit evidence vary depending on who has provided it?
Best evidence: Observation of activity by auditor.
2nd Best: Originates from External Parties and is sent directly to auditor (or failing that items are generated by third party and provided to auditor by the client such as a bank statement)
Weakest: Oral evidence from management.
Which documents are the most persuasive and credible?
Third party documents are more persuasive and credible than internally-prepared docs
Auditor Knowledge = Most Persuasive
3rd Party info given to auditor
3rd Party info given to client
Internally-prepared doc
What are Substantive Procedures?
Test substance/amounts/values. They help to reduce the risk of material misstatements. They only test accuracy of financial statements and dollar amounts - they don’t test internal controls.
What are the substantive tests that are most often performed?
Trace (or Vouch) Reconcile Analytical Procedures Confirmations Examine evidence that supports management assertions.
(T.R.A.C.E.)
When performing audit procedures what should auditors focus on?
Auditors focus first on Balance Sheet Accounts then associated Income Statement items
How is Cash audited?
Assurance Level is High.
Acceptable Detection Risk is Low.
How is Accounts Receivable audited?
If Acceptable DR is High - Negative Confirmation is used - Customer only responds if balance is materially wrong.
If Acceptable DR is Low - Positive Confirmation is used - Customer asked to confirm by telling auditor the balance.
Corresponding Income Statement Account - Revenue
How is Accounts Payable audited?
Review purchase orders/invoices
Confirm with Vendors
Corresponding Income Statement Account - Various Expenses
How is Inventory audited?
Examine purchase agreements
Look at Board Minutes
Is Inventory held as collateral?
Corresponding Income Statement Account - COGS
How are beginning balances audited?
Should match last year’s ending balance.
What is the general presumption for auditing Ending Balances?
If Beginning Balance Additions Subtractions are OK then Ending Balances should also be OK.
How is a Statement of Cash Flows audited?
Foot all balances - Check the Math
Trace Cash Flow items to other Financial Statements
Check classifications - Operating Activities Investing Activities Financing Activities
Under the Indirect Method what must be disclosed on a Statement of Cash Flows?
Interest Paid
Income Taxes Paid
Non-cash Transactions
Cash and Cash Equivalents Definitions
Under the Direct Method what must be disclosed on a Statement of Cash Flows?
Results as if you had used Indirect Method
Non-cash Transactions
Cash and Cash Equivalents Definition
What are Subsequent Events and what do they require?
Subsequent events occur after the Balance Sheet Date but before the audit report is issued.
Auditor needs to make inquiries and assess if they affect the audit report.
What should occur if the audit report has already been issued and the auditor becomes aware of a situation that was present as of the Balance Sheet date (a subsequent event)?
If audit report has already been issued and auditor becomes aware of a situation that was present as of the BS date client should issue a disclosure to financial statement users and/or revise the financial statement.
Regulatory agencies might need to get involved under some circumstances.
What should an auditor do if they discover they have forgotten to perform a substantive procedure?
If auditor discovers that they forgot to perform a substantive procedure auditor should determine if other substantive procedures performed served as a substitute.
Otherwise support for their audit opinion could be jeopardized.
When are Analytical Procedures required?
REQUIRED When planning the audit (preliminary)
REQUIRED When reviewing the audit (final)
Analytical procedures may be also performed optionally along with the substantive testing.
Use of Analytical Procedures in the audit must be documented.
How do Analytical Procedures assist the auditor?
Helps the Auditor:
Determine if Management Assertions are reasonable
Develop audit plan
Develop some expectations about the financial statement and hopefully bring to light any glaring errors on financial statement
What is the focus of Analytical Procedures?
Analytical Procedure focus is on dollar amounts (not internal controls)
Analyzes Financial Data: Do Financial Statements Make Sense?
Comparison of data between years
How is the Current Ratio calculated?
Current Ratio = Current Assets / Current Liabilities
How is the Quick Ratio calculated?
Quick Ratio = Liquid Assets / Current Liabilities
How is the Asset Turnover calculated?
Asset Turnover = Net Sales / Average Assets
How is the Inventory Turnover calculated?
Inventory Turnover = COGS / Average Inventory
How is Gross Margin % calculated?
Gross Margin % = Gross Margin / Sales
What type of testing are ratios?
Ratios are Analytical Procedures
What type of procedure is a Budget vs. Actual comparison?
Budget vs. Actual comparisons are Analytical Procedures.
List Common Types of Analytical Procedures
Ratio analysis
Budget vs. Actual comparison
Comparison of data between years
Use of non-financial data to predict expected values for financial data
How do management assertions affect the audit?
Management assertions help the auditor to plan the audit and select substantive tests.
What assertions do auditors test?
Presentation - Cutoff Classification - Is it in the right period and category?
Existence/ Occurrence - Did it happen? Does it exist?
Rights & Obligations - Does the company own them?
Completeness - Was everything recorded?
Valuation - Are they worth the amount at which they are recorded?
(PERCV)
What assertions are tests for transaction classes?
Occurrence
Cutoff
Classification
Completeness
Accuracy
For which assertions are disclosures tested?
Occurrence
Completeness
Classification
Accuracy
Is testing the validity of direct evidence a basic audit procedure?
No it is an extended procedure.
For example you don’t have to take a loan covenant document and go search out that it’s a valid loan covenant. Instead you consider the source - if it’s externally prepared it’s more persuasive.
How are Management Estimates audited?
First and foremost you need to understand management’s rationale and methods for developing estimates before you can judge reasonableness.
Next Auditor should formulate their own opinion on what a good estimate should be and compare it.
Finally determine if subsequent events affect the estimate.
Whose property are audit documentation (audit workpapers)? In what form must they be?
Audit workpapers are the property of the auditor.
They can be paper or electronic.
They must include a WRITTEN audit program (either paper or electronic).
What is the Current File?
Information pertaining to the current year’s audit.
What is the Permanent File?
Information used for this audit and future audits which is updated as needed.