Audit 3 - Engagement Acceptance, Planning, and Risk Assessment Flashcards
Main Financial Statement Assertions
C.O.V.E.R.U.
C. - Completeness O.- CutOff V.- Valuation, allocation, accuracy E. -Existence & Occurrence R. - Rights & Obligations U. - Understandability & Classification
Inherent Risk
Susceptibility of a relevant assertion to a material misstatement, assuming there are no related controls. Assertions with high volume transactions, complex calculations, estimates, have higher inherent risk.
Control Risk
Risk that MM could occur in a relevant assertion will not be prevented or detected (and corrected) on a timely basis by the entity’s internal control.
Assessed by Auditor
Controlled by Auditor
Risk of Material Misstatement
Detection Risk
Inherent Risk & Control Risk
Exist independently of the audit, and the auditor generally cannot change them.
Detection Risk
Risk auditor will not detect a MM that exists in a relevant assertion. Function of effectiveness of audit procedures and of manner in which they are applied. Can be changed by varying N.E.T. of audit procedures. Controllable by auditor.
Relationship of RMM to Detection Risk
Inverse relationship:
RMM high = Detection Risk should be set at low level.
Relationship between RMM and assurance required from substantive procedures.
Direct Relationship: Greater risk requires more persuasive evidence, a larger sample size, and/or a shift from interim to year-end testing.
Auditor’s Responsibility
Auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the FS are free of material misstatement, whether caused by error or fraud.
Pass Key - Assessing Risks of MM
RRM is function of inherent risk and control risk. The process of obtaining an understanding of the entity and its environment, including its internal control, is the process of assessing the entity’s inherent risk and control risk. Once inherent risk and control risk have been assessed, the auditor determines the overall risk of MM and the acceptable level of detection risk. The acceptable level of detection risk is used to determine the N.E.T. of further audit procedures (tests of controls and substantive procedures)
Steps in Assessing RMM and Responding
I.M.A. C.P.A.
I. - Internal Control - Understanding of entity & envi
M. MM - assess risks of it
A. Assessed level of risk- respond, design proc
C.- Controls, test internal controls oper effectiv
P. - Perform substantive procedures
A.- Audit evidence
Control Activities in Strong System of IC
P.A.I.D. T.I.P.S.
P.- Pre-numbering documents
A. - Authorization of transactions
I.- Inde. checks to maintain asset accountability
D.- Documentation
T.- Timely and appropriate performance reviews
I.- Information processing controls
P.- Physical controls for safeguarding assets
S.- Segregation of duties
Segregation of Duties
A.R.C. - to protect against a flood of trouble
A.- Authorization
R.- Record keeping
C.- Custody of related assets
Client’s IC should separate these functions
During planning, if audit procedures performed before year-end, what must auditor assess?
Incremental risk involved and determine whether sufficient alternative procuedures exist to extend the interim conclusions to year-end.
Regardless of assessed level of control risk, what must auditor still do?
Perform some level of substantive tests to restrict detection risk for significant transaction classes.
What does auditor’s understanding of entity’s IC allow auditor to make a preliminary assessment on?
Entity’s Control Risk
What should auditor of a nonissuer design tests of detail for?
To ensure sufficient audit evidence supports planned level of assurance at the relevant assertion level.
Components of Internal Control
C.R.I.M.E.
C.- Control Environment - tone of org R.- Risk assessment by management I.- Info and Comm Systems M.- Monitoring: assessment of IC performance E.- Existing control activities
What must auditor do when evaluating a client’s IC?
First obtain an understanding of the design of the controls and then determine if the controls have been implemented.
Nature of test of controls
AKA tests of operating effectiveness of controls, to test control risk:
Inquiries
Observation
Inspection
Reperformance
What should N.E.T. of substantive procedures be responsive to?
Assessed risks of MM, including results of tests of controls and planned level of detection risk. Substantive procedures follows tests of controls.
How is evidence regarding proper segregation of duties generally obtained?
Through inspection and observation
Assessing risk based on the effective operation of controls involves:
- Identifying specific internal controls relevant to specific assertions that are likely to prevent or detect MM in those assertions.
- Performing tests of such controls to evaluate their effectiveness.
Why would an auditor decide to reduce tests of details for a particular audit objective?
If analytical procedures have revealed no unusual or unexpected results.
Outline of Audit Strategy
Written, outlines:
1. Scope of audit engagement - Extent
2. Reporting objectives - Timing
3. Timing of audit- Timing
4. Required communications- Timing
5. Factors that determine focus of audit - Nature
Also includes preliminary assessment of materiality & tolerable misstatement
Factors Determining Focus of the Audit
Nature
Prelminary evaluations of:
Materiality
Audit Risk
Internal Control
Tolerable Misstatement
Maximum error in a population that the auditor is willing to accept. Tolerable misstatement is the application of performance materiality to a particular sampling procedure.
Tests of Controls
Used to evaluate operating effectiveness of IC in preventing or detecting MM.
Needed if risk assessment based to some extent on operating effectiveness of IC & substantive procedures alone are deemed to be insufficient.
Substantive Procedures
Used to detect MM. Include tests of details (applied to transaction classes, account balances, and disclosures and substantive analytical procedures.
Risk of MM Equals
Inherent Risk x Control Risk
Audit Risk Equals
RMM (IR x CR) x Detection Risk
Detection Risk subdivided into:
- Tests of Details Risk
2. Substantive Analytical Procedures Risk
Detection Risk Assessment & Relationship
View it as acceptable level of detection risk:
If detection risk set to low level then you will be increasing substantive procedures (test of details, substantive analytical procedures)
If detection risk set to high level, assurance provided from substantive tests decreases, and provides for less testing.
Relationship between Detection Risk and Substantive Procedures
Inverse
Low detection risk - more procedures
High detection risk - less procedures
Risk Assessment Procedures
To obtain understanding of entity & environment including IC
- Inquiries
- Analytical Procedures
- Observation & Inspection
- Risk Assessment Discussion - with audit team
Auditor of nonissuer design test of details to ensure sufficient audit evidence supports?
Ensure tests of details supports planned level of assurance at the relevant assertion level.
Requirement of auditor in understanding of an entity’s internal control
Obtain knowledge about the design of controls and whether they have been implemented.
Analytical Procedures during planning stage of audit.
Should focus on enhancing auditor’s understanding of the transactions and events that have occurred since the last audit.
What should auditor of nonissuer design tests of details to ensure?
Sufficient audit evidence supports the planned level of assurance at the relevant assertion level.
Test of details
To support relevant assertions or to detect material misstatements.
