Audit 3 Flashcards
What should an auditor consider before accepting a new client or continuance with an old client?
- firm’s ability to meet reporting deadlines
- firm’s ability to staff the engagement
- independence
- integrity of client management
- group audits
Required contents of an audit engagement letter
- objective and scope of the audit
- responsibilities of the auditor
- responsibilities of management
- statement on inherent limitations of the audit
- identification of applicable reporting framework
- reference to expected form and content of reports
Inquiries that an auditor should make of a predecessor auditor BEFORE accepting an engagement
- info on management’s integrity
- disagreements with management
- reasons for change in auditor
- communication regarding fraud, noncompliance, or IC matters
Performance materiality
It’s less than the financial statement materiality and it reduces the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the FS as a whole.
Tolerable Misstatement
- The application of performance materiality to a particular sampling procedures
- Maximum amount that an account balance or class of transactions can be misstated without causing the FS to be misstated.
A written audit plan is…
REQUIRED
Tests of controls
-they are used to evaluate the OPERATING EFFECTIVENESS of internal controls in PREVENTING or DETECTING material misstatements
Substantive procedures
Used to detect material misstatements, they include:
- Tests of Details
- Substantive procedures
- Analytical procedures
What are the main financial statement assertions?
"These assertions COVER U" Completeness cutOff Valuation, allocation and accuracy Existence and occurrence Rights and obligations Understandability and classification
Completeness
“Land of reality to the land of accounting records”
All account balances, transactions, and disclosures that SHOULD HAVE been recorded HAVE BEEN
Cutoff
Transactions have been recorded in the CORRECT PERIOD
Valuation, allocation, and accuracy
Account balances, transactions, and disclosures are recorded FAIRLY at the APPROPRIATE AMOUNTS (and any adjustments are recorded
Existence and Occurrence
“Land of accounting records to land of reality”
Account balances EXIST and transactions that have been recorded and disclosed OCCURRED
Rights and Obligations
The entity holds or controls the rights to assets and liabilities are the obligations of the entity
Understandability and Classification
- Transactions have been recorded in the PROPER ACCOUNTS
- Financial info is APPROPRIATELY PRESENTED and DESCRIBED and disclosures are CLEARLY EXPRESSED
Assertions that relate to transactions/events
CCC-AO
completeness, cutoff, accuracy, classification, and occurrence
Assertions that relate to Account balances
CAVE-RO
completeness, allocation and valuation, rights and obligations, and existence
Assertions that relate to Presentation and Disclosure
CUC-ROVA
completeness, understandability and classification, rights and obligations, and valuation and accurancy
PCAOB standards say that financial statement assertions are…
"CEO APPROVED" Completeness Existence Occurrence Allocation Presentation Rights Obligations Valuation E (buy a vowel!) Disclosure
The internal auditor cannot share responsibility for…
- decisions
- judgments
- assessments
- issuing the report
What is audit risk?
the risk that the auditor may unknowingly fail to appropriately modify the opinion on financial statements that are materially misstated.
Factual misstatements
misstatements about which there is no doubt
Judgmental misstatements
differences arising from judgments of management that the auditor considers unreasonable or inappropriate
Projected misstatements
the auditor’s best estimate of misstatements in populations
Audit risk equation
AR = RMM x DR
audit risk = risk of material misstatement * detection risk
Risk of material misstatement
= Inherent risk * Control risk
Inherent risk
the susceptibility of a relevant assertion to a material misstatement assuming that there are no related controls
Control risk
the risk that a material misstatement will occur without being prevented or detected in a timely basis by the internal controls
Detection risk
the risk that the auditor will not detect a material misstatement that exists in a relevant assertion
Types of fraud
- Fraudulent financial reporting (lying)
- Misappropriation of assets (stealing)
- Corruption (cheating)
The characteristics of fraud (the fraud triangle)
- Incentive/pressure
- Opportunity
- Rationalization/attitude
What two risks are presumed to exist in every audit?
- improper revenue recognition (Analytical procedures are REQUIRED by PCAOB standards)
- management override of controls
When are analytical procedures required?
- Planning stage
2. Final review stage
When must a CPA communicate fraud with external parties?
- to comply with legal and regulatory requirements
- to the successor auditor (with permission)
- subpoena
- funding or other specified agency when entity receives governmental financial assistance
- to authorities in some cases
Assessing the risks of material misstatement
“IM A CPA”
Internal control, entity and environment (obtain understanding)
Material misstatement (assess risk)
Assessed level of risk response
Control testing
Perform substantive testing
Audit evidence (evaluate appropriateness and sufficiency)
The components of internal controls
"CRIME" Control environment Risk assessment Information and communication Monitoring Existing control activites
Control activities
“PAID TIPS”
Pre-numbering of documents
Authorization of transactions
Independent checks to maintain asset accountability
Documentation
Timely and appropriate performance reviews
Information processing controls
Physical controls for safeguarding assets
Segregation of duties
Segregation of duties
“segregation of duties is your ARC to protect against a flood of troubles”
Authorization
Record keeping
Custody of assets
Procedures to obtain evidence about design and implementation of internal controls
- Inquiry
- Observation of application of the controls
- Inspection of documents/records
- Observation of premises and plant facilities
- Walkthroughs
Documentation of the understanding of internal control
-The auditor must document this
-Documentation can include “FIND”
Flowchart
Internal control questionnaire or checklists
Narrative
Documentation from client
Common flowchart symbol is a diamond…
“A diamond is a big decision” = Decision symbol
Segregation of duties for IT
"COPAL" Control group Operators Programmers Analyst (system) Librarian
Note: if someone is a supervisor and they have control over more than one area of COPAL, it may look like an advantage, but really it’s a segregation problem
What are the main limitations of internal control?
- Management override
- Human error
- Collusion
Difference between Type 1 and Type 2 reports (Service auditor reports when the entity uses a service organization)
- Type 1 CANNOT be used to reduce the assessment of control risk while Type 2 can (sometimes)
- Type 2 actually reports on the operating EFFECTIVENESS of internal controls
Elements of audit procedures
“we cast our NET over the audit”
Nature
Extent
Timing