Audit 3 - Engagement Acceptance, Planning, and Risk Assessment Flashcards
Main Financial Statement Assertions
C.O.V.E.R.U.
C. - Completeness O.- CutOff V.- Valuation, allocation, accuracy E. -Existence & Occurrence R. - Rights & Obligations U. - Understandability & Classification
Inherent Risk
Susceptibility of a relevant assertion to a material misstatement, assuming there are no related controls. Assertions with high volume transactions, complex calculations, estimates, have higher inherent risk.
Control Risk
Risk that MM could occur in a relevant assertion will not be prevented or detected (and corrected) on a timely basis by the entity’s internal control.
Assessed by Auditor
Controlled by Auditor
Risk of Material Misstatement
Detection Risk
Inherent Risk & Control Risk
Exist independently of the audit, and the auditor generally cannot change them.
Detection Risk
Risk auditor will not detect a MM that exists in a relevant assertion. Function of effectiveness of audit procedures and of manner in which they are applied. Can be changed by varying N.E.T. of audit procedures. Controllable by auditor.
Relationship of RMM to Detection Risk
Inverse relationship:
RMM high = Detection Risk should be set at low level.
Relationship between RMM and assurance required from substantive procedures.
Direct Relationship: Greater risk requires more persuasive evidence, a larger sample size, and/or a shift from interim to year-end testing.
Auditor’s Responsibility
Auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the FS are free of material misstatement, whether caused by error or fraud.
Pass Key - Assessing Risks of MM
RRM is function of inherent risk and control risk. The process of obtaining an understanding of the entity and its environment, including its internal control, is the process of assessing the entity’s inherent risk and control risk. Once inherent risk and control risk have been assessed, the auditor determines the overall risk of MM and the acceptable level of detection risk. The acceptable level of detection risk is used to determine the N.E.T. of further audit procedures (tests of controls and substantive procedures)
Steps in Assessing RMM and Responding
I.M.A. C.P.A.
I. - Internal Control - Understanding of entity & envi
M. MM - assess risks of it
A. Assessed level of risk- respond, design proc
C.- Controls, test internal controls oper effectiv
P. - Perform substantive procedures
A.- Audit evidence
Control Activities in Strong System of IC
P.A.I.D. T.I.P.S.
P.- Pre-numbering documents
A. - Authorization of transactions
I.- Inde. checks to maintain asset accountability
D.- Documentation
T.- Timely and appropriate performance reviews
I.- Information processing controls
P.- Physical controls for safeguarding assets
S.- Segregation of duties
Segregation of Duties
A.R.C. - to protect against a flood of trouble
A.- Authorization
R.- Record keeping
C.- Custody of related assets
Client’s IC should separate these functions
During planning, if audit procedures performed before year-end, what must auditor assess?
Incremental risk involved and determine whether sufficient alternative procuedures exist to extend the interim conclusions to year-end.
Regardless of assessed level of control risk, what must auditor still do?
Perform some level of substantive tests to restrict detection risk for significant transaction classes.
What does auditor’s understanding of entity’s IC allow auditor to make a preliminary assessment on?
Entity’s Control Risk
What should auditor of a nonissuer design tests of detail for?
To ensure sufficient audit evidence supports planned level of assurance at the relevant assertion level.
Components of Internal Control
C.R.I.M.E.
C.- Control Environment - tone of org R.- Risk assessment by management I.- Info and Comm Systems M.- Monitoring: assessment of IC performance E.- Existing control activities
What must auditor do when evaluating a client’s IC?
First obtain an understanding of the design of the controls and then determine if the controls have been implemented.
Nature of test of controls
AKA tests of operating effectiveness of controls, to test control risk:
Inquiries
Observation
Inspection
Reperformance
What should N.E.T. of substantive procedures be responsive to?
Assessed risks of MM, including results of tests of controls and planned level of detection risk. Substantive procedures follows tests of controls.
How is evidence regarding proper segregation of duties generally obtained?
Through inspection and observation
Assessing risk based on the effective operation of controls involves:
- Identifying specific internal controls relevant to specific assertions that are likely to prevent or detect MM in those assertions.
- Performing tests of such controls to evaluate their effectiveness.
Why would an auditor decide to reduce tests of details for a particular audit objective?
If analytical procedures have revealed no unusual or unexpected results.