Audit 3 Flashcards
Define audit sample
The selection and evaluation of less than 100 percent of the items in a population of relevant audit evidence selected in such a way that the auditor expects the sample to be representative of the population and thus likely to provide a reasonable basis for conclusions about the population.
How has technology changed audit samples?
Technological advances have reduced the number of times auditors need to apply sampling techniques to gather audit evidence:
1 ) Development of well-controlled, automated accounting systems.
2) Advent of powerful audit and business analytics software to download and examine data.
Define Sampling Risk
Sampling risk is the element of uncertainty that enters into the auditor’s conclusions anytime sampling is used. There are two types of sampling risk:
Define Nonsampling Risk
Nonsampling risk is the risk that the auditor reaches an erroneous conclusion for any reason not related to sampling risk:
- Judgment error
- Selecting inappropriate procedures
- Failing to detect a misstatement when applying an audit procedure
Why do auditors often use nonstatistical sampling?
Define Statistical vs. Nonstatistical Sampling
Nonstatistical sampling: Audit sampling that relies on the auditor’s judgment to determine sample size, select the sample, and/or evaluate the results for the purpose of reaching a conclusion about the population.
. There are two types of sampling risk:
Risk of incorrect rejection (Type I)
Risk of incorrect acceptance (Type II)
Confidence Level
is the complement of sampling risk (i.e. 100% - sampling risk (as a %) = confidence level (as a %)
The auditor may set sampling risk for a particular sampling application at 5 percent.
This results in a confidence level of 95 percent for the sampling application.
Tolerable and Expected Error:
Once the desired confidence level is established, the appropriate sample size is determined largely by how the tolerable error exceeds expected error. The smaller the difference between these two variables, the more precise the sample must be, and therefore the larger the sample size required.
Example:
Tolerable error (or deviation) rate: 5%
Expected error (or deviation) rate: 2%
What happens if the tolerable error rate declines to 2.5%?
Procedures performed that commonly involve sampling include…
inspection of tangible assets, inspection of records and documents, reperformance, recalculation and confirmation.
Procedures performed that do NOT commonly involve sampling include…
analytical procedures, scanning, inquiry and observation.
Controls Tests:
Determine from a
sample whether a control is operating
effectively for the entire population.
Tests of details:
Determine from
a sample if an account balance or
class of transactions is recorded
accurately for the entire population.
the types of audit sampling:
Sampling in tests of controls
Sampling in tests of details of transactions
Tests of Controls:
Table 8-2 on page 279
.
Tests of Details:
Table 9-1 on page 315
.
COSO’s definition of internal controls
Policies, processes and procedures, which are designed and effected by an entity’s board of directors, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives in the following categories:
(1) reliability of financial reporting;
(2) effectiveness and efficiency of operations; and
(3) compliance with applicable laws and regulations.
COSO’s 5 internal control components
the control environment risk assesment the AI and communication systems control activites monitoring
the control environment
Sets the tone of an organization, influencing the control consciousness of its people. The foundation for effective internal control, providing discipline and structure. “Tone at the Top”
elements of the control enviroment
Elements: (1) Communication and enforcement of integrity and ethical values; (2) commitment to competence; (3) participation of those charged with governance; management’s philosophy and operating style; (4) organizational structure; (5) assignment of authority and responsibility; (6) H/R policies and procedures
risk assessment
The process for identifying and responding to business risks and the results thereof. Given that an entity’s objectives are broader than those of the auditor, this risk assessment will include risks not relevant to the audit.
three examples of risk assessment
(1) New technology; (2) New or revamped information systems; (3) New accounting pronouncements
Accounting information and communication systems
The information system relevant to financial reporting objectives, which includes the accounting system, consists of procedures (automated or manual) and records established to (1) initiate, (2) record, (3) process, and (4) report entity transactions and to maintain accountability for related assets, liabilities, and equity.
Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting.
Accounting Information and Communication Systems Elements:
- Identify and record all valid transactions
- Describe on a timely basis, the transactions in sufficient detail to permit proper classification of transactions for financial reporting
- Measure the value of transactions in a manner that permits recording their proper monetary value
- Determine the time period in which transactions occurred to permit recording transactions in the appropriate period
- Properly present the transactions and related disclosures in the financial statements
control activites
The policies, processes and procedures that help ensure that management directives are carried out. In particular, these control activities are implemented to address the risks to achieving any of the entity’s objectives.