Audit 3 Flashcards

1
Q

Define audit sample

A

The selection and evaluation of less than 100 percent of the items in a population of relevant audit evidence selected in such a way that the auditor expects the sample to be representative of the population and thus likely to provide a reasonable basis for conclusions about the population.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How has technology changed audit samples?

A

Technological advances have reduced the number of times auditors need to apply sampling techniques to gather audit evidence:

1 ) Development of well-controlled, automated accounting systems.

2) Advent of powerful audit and business analytics software to download and examine data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Sampling Risk

A

Sampling risk is the element of uncertainty that enters into the auditor’s conclusions anytime sampling is used. There are two types of sampling risk:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Nonsampling Risk

A

Nonsampling risk is the risk that the auditor reaches an erroneous conclusion for any reason not related to sampling risk:

  • Judgment error
  • Selecting inappropriate procedures
  • Failing to detect a misstatement when applying an audit procedure

Why do auditors often use nonstatistical sampling?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Statistical vs. Nonstatistical Sampling

A

Nonstatistical sampling: Audit sampling that relies on the auditor’s judgment to determine sample size, select the sample, and/or evaluate the results for the purpose of reaching a conclusion about the population.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

. There are two types of sampling risk:

A

Risk of incorrect rejection (Type I)

Risk of incorrect acceptance (Type II)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Confidence Level

A

is the complement of sampling risk (i.e. 100% - sampling risk (as a %) = confidence level (as a %)

The auditor may set sampling risk for a particular sampling application at 5 percent.

This results in a confidence level of 95 percent for the sampling application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Tolerable and Expected Error:

A

Once the desired confidence level is established, the appropriate sample size is determined largely by how the tolerable error exceeds expected error. The smaller the difference between these two variables, the more precise the sample must be, and therefore the larger the sample size required.
Example:
Tolerable error (or deviation) rate: 5%
Expected error (or deviation) rate: 2%
What happens if the tolerable error rate declines to 2.5%?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Procedures performed that commonly involve sampling include…

A

inspection of tangible assets, inspection of records and documents, reperformance, recalculation and confirmation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Procedures performed that do NOT commonly involve sampling include…

A

analytical procedures, scanning, inquiry and observation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Controls Tests:

A

Determine from a
sample whether a control is operating
effectively for the entire population.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Tests of details:

A

Determine from
a sample if an account balance or
class of transactions is recorded
accurately for the entire population.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

the types of audit sampling:

A

Sampling in tests of controls

Sampling in tests of details of transactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tests of Controls:

Table 8-2 on page 279

A

.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Tests of Details:

Table 9-1 on page 315

A

.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

COSO’s definition of internal controls

A

Policies, processes and procedures, which are designed and effected by an entity’s board of directors, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives in the following categories:

(1) reliability of financial reporting;
(2) effectiveness and efficiency of operations; and
(3) compliance with applicable laws and regulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

COSO’s 5 internal control components

A
the control environment
risk assesment 
the AI and communication systems
control activites
monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

the control environment

A

Sets the tone of an organization, influencing the control consciousness of its people. The foundation for effective internal control, providing discipline and structure. “Tone at the Top”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

elements of the control enviroment

A

Elements: (1) Communication and enforcement of integrity and ethical values; (2) commitment to competence; (3) participation of those charged with governance; management’s philosophy and operating style; (4) organizational structure; (5) assignment of authority and responsibility; (6) H/R policies and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

risk assessment

A

The process for identifying and responding to business risks and the results thereof. Given that an entity’s objectives are broader than those of the auditor, this risk assessment will include risks not relevant to the audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

three examples of risk assessment

A

(1) New technology; (2) New or revamped information systems; (3) New accounting pronouncements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Accounting information and communication systems

A

The information system relevant to financial reporting objectives, which includes the accounting system, consists of procedures (automated or manual) and records established to (1) initiate, (2) record, (3) process, and (4) report entity transactions and to maintain accountability for related assets, liabilities, and equity.

Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Accounting Information and Communication Systems Elements:

A
  • Identify and record all valid transactions
  • Describe on a timely basis, the transactions in sufficient detail to permit proper classification of transactions for financial reporting
  • Measure the value of transactions in a manner that permits recording their proper monetary value
  • Determine the time period in which transactions occurred to permit recording transactions in the appropriate period
  • Properly present the transactions and related disclosures in the financial statements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

control activites

A

The policies, processes and procedures that help ensure that management directives are carried out. In particular, these control activities are implemented to address the risks to achieving any of the entity’s objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

types of control activities

A

(1) Performance reviews; (2) Information processing controls, including authorization and document-based controls; (3) Physical controls; and (4) Segregation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Monitoring of controls

A

A process to assess the quality of internal control performance over time, which involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions, where required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

highlights of monitoring controls

A

(1) Risks change over time, controls should too; (2) Monitoring relates to each of the other four control components; (3) Monitoring can be done through (a) ongoing, or recurring, activities and/or (b) separate evaluations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Consideration of Internal Control includes…

A
  • Develop an understanding of internal control

- Decided whether you (the auditor) intend to rely on the internal controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Develop an understanding of internal control by…

A

(a) evaluating their design and (b) determining whether they have been implemented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Decided whether you (the auditor) intend to rely on the internal controls:
if yes…
if no…

A

If no, set control risk at a maximum, document the level of control risk and perform substantive tests (substantive strategy)
If yes, plan and perform tests of controls to evaluate the operating effectiveness; set control risk based on the tests of controls; compare achieved control risk to preliminary control risk and change audit programs as necessary; perform substantive tests (reliance strategy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

The auditor may elect to pursue a substantive strategy for some or all of the management assertions because of one or more of the following factors:

A

The implemented controls do not pertain to the assertion the auditor is considering
The implemented controls are assessed as ineffective
Testing the operating effectiveness of the controls would be inefficient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

The auditor obtains an understanding of internal control in order to:

A

Identify the types of potential misstatement
Pinpoint the factors that affect the risk of material misstatement
Design tests of controls and substantive procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Factors to consider include for an IT specialist:

A

The complexity of the entity’s I/T systems and controls and the manner in which they are used to conduct business
The significance of changes made to existing systems , or the implementation of new systems
The extent to which data are shared among systems
The extent of the entity’s participation in e-commerce
The entity’s use of emerging technologies
The significance of audit evidence that is available only in electronic form

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Procedure manuals and organizational charts (client-prepared)

A

Preliminary documents used to obtain an understanding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Flowcharts (client- or auditor-prepared)

A

Provide a “picture” of the client’s accounting system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Narrative Description (client- or auditor-prepared)

A

Provides a written summary of controls – more useful when the entity has a simple internal control system

37
Q

Internal Control Questionnaires (auditor-prepared)

A

Provide a systematic means for the auditor to investigate a series of areas and topics (“memory jogging tool”) through inquiries; the questionnaire responses should be validated/verified using alternative audit procedures as appropriate

38
Q

Limitations to Internal Control Include:

A

Management override of internal control

Human errors or mistakes

Collusion

39
Q

Scope of Audit Procedures includes…

A

nature timing extent

40
Q

nature

A

Primarily impacts the reliability of audit evidence. Bear in mind that more reliable procedures are typically more costly. However, the auditor must also ensure the tests correspond with the relevant assertion.

41
Q

timing

A

Tests performed after year-end are deemed more reliable, but an auditor will typically need to perform some tests at an interim period.

42
Q

extent

A

The quantity of evidence to be collected (e.g. limited or extensive testing; sample 5% of the population or 50% of the population; etc.)

43
Q

What is a control deficiency

A

A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis.

44
Q

material weakness

A

A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented, or detected and corrected.

45
Q

significant deficientcy

A

A Significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

46
Q

IT controls 2 parts

A

general controls

application controls

47
Q

general controls

A

Data center and network operations
System software acquisition, change, and maintenance
Access security
Application system acquisition, development, and maintenance

48
Q

application controls

A
Data capture controls
Data validation controls
Processing controls
Output controls
Error controls
49
Q

major sections of SOX

A

Creation of the PCAOB
Corporate Responsibility (e.g. Section 302)
Enhanced Financial Disclosures (Sections 404a and 404b)
Corporate and Criminal Fraud Accountability
White Collar Crime Penalty Enhancement

50
Q

SOX MGMT requirements

A

Certify the integrity of their F/S (Section 302)
Issue a report on internal controls and explicitly take responsibility for maintaining adequate internal control over financial reporting (Section 404a)

51
Q

SOX auditor requirements

A

Must perform an audit of an entity’s internal controls for all accelerated filers (Section 404b) – known as the “integrated audit”

52
Q

Internal Control Over Financial Reporting (“ICOFR”) is defined as …

A

as a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with GAAP

53
Q

ICOFR includes procedures that:

A

Pertain to the maintenance of records that fairly reflect the transactions and dispositions of the assets of the company
Provide reasonable assurance that transactions are recorded in accordance with GAAP
Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets

54
Q

The Integrated Audit topics

A

2-in-1: Internal Controls & Financial Statement Audit
Top-down Risk-based Approach
Identifying Significant Accounts
Evaluating Control Deficiencies
Opining on Internal Controls and Related Reports
Remediation of Control Weaknesses

55
Q

An integrated audit definition

A

is composed of the audits of internal control and the financial statements. The control testing impacts the planned substantive procedures. Also, the results of the substantive procedures are considered in the evaluation of internal control.

56
Q

Identifying significant accounts

A

Size and composition of the account

Susceptibility to misstatement due to errors or fraud

Volume of activity, complexity, and homogeneity of the individual transactions processed through the account or reflected in the disclosure

Nature of the account or disclosure

Accounting and reporting complexities associated with the account or disclosure
Exposure to losses in the account

Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure

Existence of related-party transactions in the account

Changes from the prior period in account or disclosure characteristics

57
Q

Evaluating control deficientcy

A

As discussed previously, the auditor must consider the likelihood and magnitude of the control deficiency.

If a deficiency, or combination of deficiencies, prevents the auditor from having reasonable assurance that transactions are recorded properly, then the auditor should treat the deficiency as an indicator of a material weakness.

58
Q

remediation of control weaknesses

A

Remediation is the process of correcting a material weakness in the ICFR

If a material weakness is corrected before the “as of” date, there must be sufficient time for both management and the auditor to test the operating effectiveness of the control – if not, an adverse opinion is still issued.

59
Q

In a financial statement audit:

A

No requirement that an auditor confirm the client has effective ICOFR. The auditor may elect to test NO controls and set control risk at the maximum level (substantive approach) or may test controls to assess control risk at less than the maximum level (reliance strategy).

60
Q

In an integrated audit:

A

When an entity has effective ICOFR, the auditor should be able to perform sufficient testing of controls to assess control risk for all relevant assertions at a low level.

61
Q

management assertions

A

Completeness

Existence / Occurrence

Accuracy (Numerical / Classification / Cutoff or Timing)

Valuation / Allocation

Obligations / Rights / Authorization

Presentation

62
Q

Three important concepts pertaining to audit evidence:

A

Nature of audit evidence*
——–Accounting records and other available information
Sufficiency and appropriateness of audit evidence (Objective 5  Reliability)**
——–Quantity and quality (relevance and reliability)
Evaluation of audit evidence
———“Trust but verify” (professional skepticism)

63
Q

journal or ledger—->source docs

A

vouching(occurance)

64
Q

source docs—–>journal or ledger

A

tracing (completeness)

65
Q

Generally, audit evidence is more reliable if it is:

A

Obtained from knowledgeable sources outside the client company
Generated internally through a system of effective internal controls
Obtained directly by the auditor rather than indirectly or by inference
Documentary in form rather than an oral representation
Provided by original documents rather than photocopies or facsimiles

66
Q

Specific actsperformed by the auditorto gather evidence about whether specific assertions
are being met.
(3)

A

Risk assessment procedures
Test of controls
Substantiveprocedures

67
Q

Audit procedures (actions):

A
Inspection of records or documents
Inspection of physical/tangible assets
Observation
Inquiry
Confirmation
Recalculation
Reperformance
Analytical Procedures (Planning, substantive, and final analytical procedures)
Scanning
68
Q

Audit documentation has two primary functions:

A

To provide support for the audit report.
To support the auditor’s compliance with applicable
standards.

69
Q

– Audit Documentation (Secondary purposes)

A

Assist continuing and new audit team members in planning and performing the audit
Serves as a record of matters of continuing audit interest (permanent file)
Assists in supervision and review of the audit
Demonstrates the accountability of audit team members
Assists internal reviewers, external peer/PCAOB reviewers and successor auditors in performing their required duties

70
Q

Audit documentation should have the following characteristics:

A

Enable an experienced auditor to understand the work performed and the significant conclusions reached
Identify who performed and reviewed the work
Show that the accounting agrees or reconciles to the financial statements

Audit documentation should include all significant audit findings and the actions taken to address them.

71
Q

Current Files:

A

The auditors’ report in a given year is supported by the working papers contained in the current file. It is typical to organize this file based around the accounts in the client’s financial statements, or around the client’s business cycles. (Examples?)

72
Q

Permanent Files:

A

Serves three purposes: (1) to refresh the auditors’ memories on items applicable over a period of many years; (2) to provide new staff members with a quick summary of policies and organization of the client; (3) to preserve working papers on items that show relatively few or no changes from year-to-year. (Examples?)

73
Q

Ownership:

A

The audit documentation is the property of the auditor, including those files completed by the client at the auditor’s request. SOX requires that audit documentation be retained for seven years from the completion date of the audit.

74
Q

Format:

topics

A

heading
Indexing and cross-referencing
Tickmarks

75
Q

heading

A

Date, Completed by, Client’s name, Reference number, Title

76
Q

Indexing and cross-referencing

A

Notations that provide a trail from the F/S to the supporting workpapers

77
Q

tickmarks

A

Notations made next to workpaper items denoting auditor/reviewer actions

78
Q

Risk Assessment Procedures

A

Used to assist the auditor to better understand the business and to plan the nature, timing, and extent of audit procedures.

79
Q

Substantive Analytical Procedures

A

Used to obtain evidential matter about particular assertions related to account balances or classes of transactions.

80
Q

Final Analytical Procedures

A

Used as an overall review of the financial information in the final review stage of the audit.

81
Q

Steps for Analytical Procedures

A

Develop expectation of account (or ratio) balance
Determine amount of difference that can be accepted without investigation
Compare the company’s account (ratio) with the expectation
Investigate and evaluate significant differences (must do so for substantive analytical procedures and final analytical procedures)

82
Q

Expectations may be developed using:

A

Prior period information (historical)
Anticipated results (forecasts)
Relationships among elements of financial information
Industry information
Relationships between financial information and relevant non-financial data

83
Q

Type of expectations:

A

Trend analysis – analyze changes in accounts of a company over time
Ratio analysis – compare relationships between two or more financial statement accounts and/or non-financial data

84
Q

Short-term Liquidity

A

Current Ratio, Quick Ratio, Operating Cash Flow Ratio

85
Q

Activity Ratios:

A

Receivables turnover, inventory turnover, days inventory on hand

86
Q

Profitability Ratios:

A

Gross profit percentage, profit margin, return on assets, return on equity

87
Q

Coverage Ratios:

A

Debt to equity, times interest earned

88
Q

common validation controls

A
limit test
range test
sequence check
existence validity test
field test 
sign test
check digit verification
page 214