Audit 3 Flashcards
Define audit sample
The selection and evaluation of less than 100 percent of the items in a population of relevant audit evidence selected in such a way that the auditor expects the sample to be representative of the population and thus likely to provide a reasonable basis for conclusions about the population.
How has technology changed audit samples?
Technological advances have reduced the number of times auditors need to apply sampling techniques to gather audit evidence:
1 ) Development of well-controlled, automated accounting systems.
2) Advent of powerful audit and business analytics software to download and examine data.
Define Sampling Risk
Sampling risk is the element of uncertainty that enters into the auditor’s conclusions anytime sampling is used. There are two types of sampling risk:
Define Nonsampling Risk
Nonsampling risk is the risk that the auditor reaches an erroneous conclusion for any reason not related to sampling risk:
- Judgment error
- Selecting inappropriate procedures
- Failing to detect a misstatement when applying an audit procedure
Why do auditors often use nonstatistical sampling?
Define Statistical vs. Nonstatistical Sampling
Nonstatistical sampling: Audit sampling that relies on the auditor’s judgment to determine sample size, select the sample, and/or evaluate the results for the purpose of reaching a conclusion about the population.
. There are two types of sampling risk:
Risk of incorrect rejection (Type I)
Risk of incorrect acceptance (Type II)
Confidence Level
is the complement of sampling risk (i.e. 100% - sampling risk (as a %) = confidence level (as a %)
The auditor may set sampling risk for a particular sampling application at 5 percent.
This results in a confidence level of 95 percent for the sampling application.
Tolerable and Expected Error:
Once the desired confidence level is established, the appropriate sample size is determined largely by how the tolerable error exceeds expected error. The smaller the difference between these two variables, the more precise the sample must be, and therefore the larger the sample size required.
Example:
Tolerable error (or deviation) rate: 5%
Expected error (or deviation) rate: 2%
What happens if the tolerable error rate declines to 2.5%?
Procedures performed that commonly involve sampling include…
inspection of tangible assets, inspection of records and documents, reperformance, recalculation and confirmation.
Procedures performed that do NOT commonly involve sampling include…
analytical procedures, scanning, inquiry and observation.
Controls Tests:
Determine from a
sample whether a control is operating
effectively for the entire population.
Tests of details:
Determine from
a sample if an account balance or
class of transactions is recorded
accurately for the entire population.
the types of audit sampling:
Sampling in tests of controls
Sampling in tests of details of transactions
Tests of Controls:
Table 8-2 on page 279
.
Tests of Details:
Table 9-1 on page 315
.
COSO’s definition of internal controls
Policies, processes and procedures, which are designed and effected by an entity’s board of directors, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives in the following categories:
(1) reliability of financial reporting;
(2) effectiveness and efficiency of operations; and
(3) compliance with applicable laws and regulations.
COSO’s 5 internal control components
the control environment risk assesment the AI and communication systems control activites monitoring
the control environment
Sets the tone of an organization, influencing the control consciousness of its people. The foundation for effective internal control, providing discipline and structure. “Tone at the Top”
elements of the control enviroment
Elements: (1) Communication and enforcement of integrity and ethical values; (2) commitment to competence; (3) participation of those charged with governance; management’s philosophy and operating style; (4) organizational structure; (5) assignment of authority and responsibility; (6) H/R policies and procedures
risk assessment
The process for identifying and responding to business risks and the results thereof. Given that an entity’s objectives are broader than those of the auditor, this risk assessment will include risks not relevant to the audit.
three examples of risk assessment
(1) New technology; (2) New or revamped information systems; (3) New accounting pronouncements
Accounting information and communication systems
The information system relevant to financial reporting objectives, which includes the accounting system, consists of procedures (automated or manual) and records established to (1) initiate, (2) record, (3) process, and (4) report entity transactions and to maintain accountability for related assets, liabilities, and equity.
Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting.
Accounting Information and Communication Systems Elements:
- Identify and record all valid transactions
- Describe on a timely basis, the transactions in sufficient detail to permit proper classification of transactions for financial reporting
- Measure the value of transactions in a manner that permits recording their proper monetary value
- Determine the time period in which transactions occurred to permit recording transactions in the appropriate period
- Properly present the transactions and related disclosures in the financial statements
control activites
The policies, processes and procedures that help ensure that management directives are carried out. In particular, these control activities are implemented to address the risks to achieving any of the entity’s objectives.
types of control activities
(1) Performance reviews; (2) Information processing controls, including authorization and document-based controls; (3) Physical controls; and (4) Segregation of duties
Monitoring of controls
A process to assess the quality of internal control performance over time, which involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions, where required
highlights of monitoring controls
(1) Risks change over time, controls should too; (2) Monitoring relates to each of the other four control components; (3) Monitoring can be done through (a) ongoing, or recurring, activities and/or (b) separate evaluations
Consideration of Internal Control includes…
- Develop an understanding of internal control
- Decided whether you (the auditor) intend to rely on the internal controls
Develop an understanding of internal control by…
(a) evaluating their design and (b) determining whether they have been implemented
Decided whether you (the auditor) intend to rely on the internal controls:
if yes…
if no…
If no, set control risk at a maximum, document the level of control risk and perform substantive tests (substantive strategy)
If yes, plan and perform tests of controls to evaluate the operating effectiveness; set control risk based on the tests of controls; compare achieved control risk to preliminary control risk and change audit programs as necessary; perform substantive tests (reliance strategy)
The auditor may elect to pursue a substantive strategy for some or all of the management assertions because of one or more of the following factors:
The implemented controls do not pertain to the assertion the auditor is considering
The implemented controls are assessed as ineffective
Testing the operating effectiveness of the controls would be inefficient
The auditor obtains an understanding of internal control in order to:
Identify the types of potential misstatement
Pinpoint the factors that affect the risk of material misstatement
Design tests of controls and substantive procedures
Factors to consider include for an IT specialist:
The complexity of the entity’s I/T systems and controls and the manner in which they are used to conduct business
The significance of changes made to existing systems , or the implementation of new systems
The extent to which data are shared among systems
The extent of the entity’s participation in e-commerce
The entity’s use of emerging technologies
The significance of audit evidence that is available only in electronic form
Procedure manuals and organizational charts (client-prepared)
Preliminary documents used to obtain an understanding
Flowcharts (client- or auditor-prepared)
Provide a “picture” of the client’s accounting system
