Audit 3 - Engagement Acceptance, Planning, and Risk Assessment Flashcards
1
Q
What is the audit committee responsible for?
A
Selection and appointment of the independent external auditor
2
Q
Who does the auditor report to under SOX?
A
The client’s audit committee
3
Q
Who are ‘those charged with governance’ ?
A
Those who bear responsibility to oversee the obligations, financial reporting process, and strategic direction of an entity
4
Q
When engaged to audit after year-end, what should the auditor consider?
A
Whether the late appointment will pose limitations on the audit that may lead to a qualified or disclaimer of opinion, and should discuss such concerns with the client
5
Q
As a part of the PRE-ACCEPTANCE phase of the engagement, what should the auditor consider?
A
- Firm’s ability to meet reporting deadlines2. Firm’s ability to staff the engagement3. Independence4. Integrity of Client Management5. Group audits
6
Q
What are the PRECONDITIONS for an audit?
A
- Applicable financial reporting framework2. Management responsibilties
7
Q
What should the auditor do if the preconditions do not exist?
A
NOT ACCEPT the engagement, unless required to do so by law or regulation.
8
Q
What do precondition management responsibilities include?
A
- Prep and fair presentation of F/S2. DIM of I/C3. To provide the auditor with access to all information relevant to prep/fair presenation and unrestricted access to persons within the entity
9
Q
Management-Imposed Scope Limitation
A
Auditor should not accept engagement if, prior to acceptance, management/those charged with governance impose a scope limitation that will result in a disclaimer of opinion on F/S as a wholeIf scope limitation will result in a qualified opinion, or if the limitation is imposed by circumstances beyond management’s control, the auditor may still accept engagement
10
Q
Required contents of an engagement letter
A
- Objective & Scope of audit2. Responsibilities of the auditor3. Responsibilities of management4. Statement that because of the inherent limitations of an audit, an unavoidable risk exists that some material misstatements may not be detected5. Identification of the applicable financial reporting framework6. Reference to the expected form and content of any reports to be issued and statement that they may differ if circumstances arrive that demand so
11
Q
What is the purpose of an engagement letter?
A
To reduce the risk that either the auditor of the client may misinterpret to needs or expectations of the other party
12
Q
Other contents of an engagement letter
A
- Elaboration of scope2. Form of any other communication3. Arrangements regarding planning and audit performance4. Expectation that mgt will provide written representations5. Agreement of mgt to make info available in a timely matter6. Agreement of mgt to inform auditor of subsequent events7. Fees and billing arrangements8. Arrangements concerning involvement of other auditors/specialists/internal auditors/other entity staff9. Arrangements to be made with predecessor auditor10. Any restriction on auditor’s liability11. Obligations of the auditor to provide audit documentation to other parties12. Additional services to be provided
13
Q
Revising the terms of engagement on recurring audits
A
May need to revise if:1. Management misunderstands the objective/scope of audit2. Revised/special engagement terms3. Change in senior management4. Significant change in ownership5. Significant change in the nature or size of entity’s business6. Change in legal/regulatory requirements7. Change in financial reporting framework8. Change in other reporting requirements
14
Q
What is an initial audit?
A
Engagement in which the F/S for the prior period were not audited or were audited by a predecessor auditor
15
Q
Communication with predecessor auditor before engagement acceptance
A
REQUIRED in an initial audit. Client permission is required - if client is unwilling to agree, auditor should consider the implications and decide wither to accept the engagement
16
Q
What should the auditor inquire about to the predecessor auditor?
A
- Information that might bear on mgt integrity2. Disagreements with management over acctng principles, auditing procedures, or other significant matters3. Predecessor’s understanding as to the reasons for the change of auditors4. Communication to mgt, audit committee, and those changed w/governance regarding fraud, noncompliance, and matters relating to I/CMust review prior CPAs workpapers (evidence)
17
Q
What is the auditor’s responsibility regarding opening balances in an initial and reaudit engagement?
A
Whether:1. Opening balances contain misstatements that could materially affect the current period F/S2. Accounting policies reflected in the opening balances have been consistently applied in the current period F/S
18
Q
In order to obtain sufficient appropriate audit evidence regarding opening balances, the auditor should…(procedures)
A
- Read the most recent F/S and, if any, the predecessor auditor’s report (modified report - consider the effect on current period assessment of RMM)2. Request mgt to authorize the predecessor auditor to allow a review of his/her audit documentation related to the most recently completed audit
19
Q
Discovery of Material Misstatements in opening balnaces
A
If the auditor obtains evidence that opening balance contain misstatements, he/she should determine the effect on the current period F/S
20
Q
If current auditor determines that F/S reported on by the predecessor auditor require revision, the auditor should…
A
Ask the client to arrange a meeting (involving both auditors AND the client) to resolve the matter. If client’s mgt refuses or auditor is not satisfied with the resolution, the auditor should consider implications on current audit and wether to resign from engagement
21
Q
The inability of the auditor to obtain sufficient audit evidence regarding opening balances may result in…
A
A qualified or disclaimer of opinion
22
Q
If the opening balances contain a misstatement that materially affects the current period F/S…
A
A qualified or adverse opinion should be expressed
23
Q
If the current period’s accounting policies are not consistently applied regarding opening balances, the auditor should…
A
Express a qualified or adverse opinion
24
Q
If a change in accounting policy is not properly accounted for or adequately presented or disclosed, the auditor should…
A
Express a qualified or adverse opinion
25
During planning, the auditor is REQUIRED to..
1. Obtain a knowledge of the client's business and industry2. Develop the audit strategy3. Develop the audit plan4. Perform risk assessment procedures to obtain an understanding of the entity and its environment (including I/C) sufficient to assess the RMM and design further audit procedures
26
The auditor plans the audit to be responsive to the initial assessment of the RMM, but should...
be prepared to revise the audit strategy and audit plan based on the results of audit procedures
27
What is the engagement partner responsible for?
1. Planning the audit2. Supervising the work of engagement team members3. Compliance with relevant auditing standards
28
Why does GAAS require proper supervision of assistants during the course of an audit?
To ensure that the work performed is adequate to accomplish the objectives of the examination is consistent with conclusions presented in the report.Should be provided regarding both technical and personnel aspects of the audit.
29
What is the NET?
Nature, Extent, and Timing
30
What does the NET include?
1. Size and complexity of the entity2. Nature of the work assigned3. Assessed risks of material misstatement4. Qualifications of the assistants
31
What happens if there are disagreements between auditors?
If differences still exist among the team after consulting with the audit partner, dissenting staff members should be allowed to disassociate themselves from the resolution by documenting their disagreement.
32
Once engagement is accepted, the auditor must obtain an understanding of...
The client's industry and business.
33
Common sources of industry information
1. AICPA accounting and audit guides2. Trade pubs and professional trade associations3. Government pubs4. AICPA Accounting Trends and Techniques
34
To obtain knowledge of the client's business, the auditor may...
1. Tour client facilities2. Review the financial history of the client3. Obtain an understanding of client accounting4. Inquire of client personnel
35
Developing the Audit Strategy Components
1. Overall audit strategy2. Scope of the audit (extent)3. Reporting objectives, audit timing, and require communications (timing)4. Factors that determine the focus of the audit (nature)5. Materiality and tolerable misstatement6. Small Entities7. Communication w/those charged with governance
36
What does the overall audit strategy include?
NET. Also includes a preliminary assessment of materiality and tolerable misstatement.
37
Why should an auditor develop the strategy early in the audit process?
Helps auditor determine the resources needed to complete the audit, including:1. involvement of other auditors/specialists/internal auditors2. assignment of staff3. timing of testing4. budget house to assign5. extent, location, and timing of reviews of audit work
38
What defines the scope of the audit?
1. characteristics of the engagement, including the basis of reporting, reporting currency, and locations of entity2. Industry-specific, regulatory, and statutory reporting requirements3. Size and Complexity of entity4. Effect of IT on the audit5. knowledge gained from prior experience w/entity6. use of service organizations by the entity
39
What determines the focus of the audit?
1. Prelim. evals. of materiality, audit risk, and internal control2. material locations and account balances3. areas where there is a higher RMM4. significant business and industry developments and accounting changes5. mgt's commitment to the design/operation of I/C
40
PCAOB requirements on overall audit strategy include
1. knowledge of the company's I/C2. matters affecting the industry3. extent of recent changes in the company4. auditor's prelim judgments about materiality, and risk5. control deficiencies previously communicated6. legal or regulatory matters7. the relative complexity of the company's operations
41
At which levels must materiality be determined?
When establishing the audit strategy, auditor should determine materiality for the F/S as a whole, performance materiality, and (if necessary) materiality levels for particular classes of transactions, account balances, or disclosures
42
Definition of materiality:
If there is a substantial likelihood that the fact would have been viewed by the reasonable investor as having significantly altered the 'total mix' of information available - Supreme Court
43
Materiality for the F/S as a whole
The auditor should use the SMALLEST LEVEL of misstatement that could be material to any one of the F/S
44
Why would an auditor determine performance materiality?
for purposes of assessing the RMM and determining the NET of further audit procedures
45
What is the audit plan based on?
The audit strategy and outlines the NET of the procedures to be performed during the audit.A written plan is REQUIRED
46
What are audit procedures performed for?
to obtain evidence on which to base the audit opinion.
47
Categories of audit procedures
1. Risk assessment procedures2. Further audit procedures3. Other audit procedures4. Timing of audit procedures
48
Risk assessment procedures
used to obtain an understanding of the entity and its environment, including I/C, in order to assess the RMM. do not alone provide audit evidence sufficient to support an opinion
49
What do further audit procedures include?
Tests of the operating effectiveness of I/C and substantive procedures
50
Further audit procedures: tests of controls
used to evaluate the operating effectiveness of I/C in preventing or detecting material misstatements.necessary when auditors risk assessment is based to some extent on the operating effectiveness of I/C
51
Further audit procedures: substantive procedures
used to detect material misstatements. include tests of details and analytical procedures
52
At which level are further audit procedures performed?
Relevant assertion levels for each material account balance, transaction class, and disclosure item in the F/S
53
What are F/S?
Claims and assertions made implicitly or explicitly by mgt, about the recognition, measurement, presentation, and disclosure of information in the F/S
54
What are the six main F/S assertions?
COVER U;1. Completeness2. cutOff3. Valuation, allocation, and accuracy4. Existence and occurrence5. Rights and obligations6. Understandability and classification
55
Relevant assertions: transactions and events
Completeness, cutoff, accuracy, classification, and occurrence
56
Relevant assertions: account balances
completeness, allocation and valuations, rights and obligations, and existence
57
Relevant assertions: presentation and disclosure
completeness, understandability and classification, rights and obligations, and valuation and accuracy
58
PCAOB F/S assertions
CEO APROVED;1. Completeness2. Existence3. Occurrence4. Allocation5. Presentation6. Rights7. Obligations8. Valuation9. E10. Disclosure
59
Use of assertions in an audit
Auditor may use relevant assertions to form a basis for assessing risk and for the design and performance of further audit procedures.
60
When is the audit plan drafted?
after sufficient planning information has been gathered. REQUIRED to be written for EVERY audit.
61
Role of the internal auditors
Cannot share ANY of the responsibility for audit decisions, judgments, or assessments made as part of the audit
62
What should the external auditor consider regarding the role of internal auditors?
To whom they report. The higher the level, the more objectivity can be considered
63
RMM and the Internal Auditor's work
For assertions related to material F/S amounts with a high RMM or a high degree of subjectivity, the IA's work alone CANNOT eliminate direct testing by the CPAFor assertions related to less material F/S amounts with a low RMM or a low degree of subjectivity, direct testing by the CPA may not be necessary
64
Direct assistance by the IA
External auditor should supervise, review, evaluate, and test the work performed, and there should be communication between the auditors regarding responsibilities, objectives, and accounting/auditing issues
65
What may the external auditor use the for?
To provide direct assistance or use the work of the internal audit function in obtaining audit evidence
66
If the auditor plans to use the internal auditors to provide direct assistance...
The internal auditor's competence and objectivity must be assessed
67
How is competence reflected?
Education, professional certification, experience, performance evaluations, the audit plan, audit procedures, and the quality of internal audit documentation
68
Objectivity is reflected by...
The organizational level to which the internal auditor reports, as well as by policies prohibiting audits of areas where the internal auditor lacks independence
69
Who is a specialist?
A person or firm with special skills in an audit field other than accounting or auditingauditors/managements
70
When may a specialist be engaged?
Whenever the auditor believes it is desirable or necessaryExamples:1. Value restricted securities and works of art2. Determine physical characteristics3. Determine specialized estimates4. interpret technical standards or legal documents
71
Should the auditor understand the specialist's field of expertise? Why?
Yes - to enable the auditor to determine the nature, scope and objectives of the work of the specialist, and to evaluate the adequacy of the specialist's work for the auditor's purposes
72
Must the specialist be unrelated to the client?
No, but generally unrelated specialist's will provide the auditor with greater assurance of reliability.Auditor must be satisfied as to the professional competence, capabilities, and objectivity of the specialist.
73
What is the effect of a specialist's work on the auditor's report?
If work performed by the specialist results in the auditor expressing a modified opinion, the auditor may refer to the specialist in the report and should indicate that the reference to the specialist does not reduce the auditor's responsibility for the audit opinion.Unmodified opinion = no reference
74
If management's specialist is used...
The auditor should:1. Evaluate the competence, capabilities, and objectivity of the specialist2. Obtain an understanding of the work of the specialist3. Evaluate the appropriateness of the specialist's work as audit evidence for the relevant assertion
75
What is Audit Risk?
- The risk that the auditor may unknowingly fail to appropriately modify the opinion on F/S that are materially misstated- Arises because the auditor obtains only reasonable assurance about whether the F/S- Should be reduced to an appropriately low level before an opinion is expressed-May be assessed either quantitatively (%) or nonquantitatively (high/medium/low)
76
What is a material misstatement?
An omission or misstatement of accounting information that makes it probable that the judgment of a reasonable person relying on the info would have been changed or influenced by the omission or misstatement
77
Common misstatements include...
1. Inaccuracies2. Departures from GAAP3. Omissions4. Incorrect estimates or judgments5. Inappropriate selection or application of accounting policies
78
Types of misstatements
Factual, Judgmental and Projected
79
Factual Misstatements
Misstatements about which there is NO DOUBT
80
Judgemental Misstatements
Differences arising from the judgments of management concerning accounting estimates that the auditor considers unreasonable or the selection or application of accounting policies that the auditor considers inappropriate
81
Projected Misstatements
Auditor's best estimate of misstatements in populations, involving the projection of misstatements identified in audit samples to the entire population from which the samples were drawn.
82
What is the audit risk model?
AR = RMM (IRxCR) x DR
83
How does the auditor assess the RMM?
By performing risk assessment procedures and, where appropriate, tests of controls
84
What is inherent risk?
Susceptibility of a relevant assertion to a material misstatement assuming there are no related controlsTransactions with more complex calculations and high volume transactions have a higher inherent risk.
85
What is control risk?
Risk that the material misstatement that could occur in a relevant assertion will not be prevented or detected (and corrected) on a timely basis by the entity's internal control
86
What is detection risk?
Risk that the auditor will not detect a material misstatement that exists in a relevant assertion. This is controlled by the auditorMore risk - more workLess risk - less work
87
What overall effect does the level of risk have on the audit?
It will affect the staffing, level of supervision, and scope of the audit
88
How does the auditor change detection risk?
By varying the Nature, Extent, and Timing of audit procedures.As the acceptable level of DR decreases, the assurance provided by substantive procedures should increase
89
Substantive Procedures requirement
Always necessary for all relevant assertions related to material transaction classes, account balances, and disclosures.. even when RMM is low.
90
Audit Risk and Materiality
Affected by the size and complexity of the entity, as well as the auditor's experience with and knowledge of the entity, its environment and its internal control.Considered both at the account balance, individual transaction class, or disclosure item level
91
Fraud v. Error
Fraud is an INTENTIONAL act by one or more individuals among management, those charged with governance, employees or third parties, involving the use of deception that results in a misstatement of the F/SError is UNINTENTIONAL misstatements or omissions of amounts or disclosures in the F/S
92
Types of Fraud
1. Fraudulent Financial Reporting (lying)2. Misappropriation of Assets (stealing)3. Corruption (cheating)
93
Fraud risk factors
Pressure, opportunity, and rationalization
94
Fraud: Reasonable assurance
Due to the concealment aspects of fraud and the need to apply judgment in evaluating fraud risk, even a properly planned and executed audit may fail to detect fraud.Often difficult to detect because those engaged in fraud will generally try to conceal it.
95
Fraud: Management's Responsibility
To design and implement programs and controls to prevent, deter, and detect fraud
96
Fraud: Auditor's Responsibility
To plan and perform ("design") the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement whether caused by error of fraud
97
Fraud: Audit Procedures
1. Maintain professional skepticism2. Discuss fraud with engagement personnel (req'd as a part of planning)3. Obtain info to identify specific fraud risks4. Assess fraud risk and develop an appropriate response5. Evaluate audit evidence regarding fraud6. Make appropriate communications about fraud7. Document the auditor's consideration of fraud
98
Fraud: Entity Personnel Inquiry
Auditor should direct inquiries to management, employees involved in financial reporting, operating personnel, internal auditors, in-house legal counsel, and those charged with governanceInconsistent or otherwise unsatisfactory responses indicate a need for additional evidence
99
Existence of fraud risk factors
Existence of all 3 is not an absolute indication that fraud has occurred, and lack of observation of any or all risk factors does not imply that there is no fraud risk. One condition may be significant enough on its own
100
Attributes of fraud risk
1. Type of risk (lying/stealing/cheating)2. Significance of the risk3. Likelihood of the risk4. Pervasiveness of the risk
101
Presumption of risk
Presumption is that in every audit, two risks exist:1. improper revenue recognition2. management override of controls
102
Responding to assessed fraud risk
Required to respond on three levels.1. Overall/General2. Encompassing specific audit procedures3. Addressing risks related to management override
103
Overall, general response to assessed fraud risk
Auditor should consider:1. assigning personnel2. determining the level of supervision3. evaluation management's selection and application of accounting principles4. incorporation of an appropriate level of unpredictability in the selection of auditing procedures from year to year
104
Response to encompassing specific audit procedures
Respond by altering the NET of audit procedures
105
Response to addressing risks related to management override
1. Examine journal entries and other adjustments2. Review accounting estimates for biases3. Evaluate the business purpose for significant unusual transactions
106
Communications of fraud to management/those charged with governance
Generally, any indication of fraud (even immaterial) should be discussed with an appropriate level of management at least one level above those involved.
107
Communications of fraud which causes a MATERIAL misstatement on the F/S
Fraud which causes a MATERIAL misstatement on the F/S should be discussed with senior management and reported directly to those charged with governance
108
Communications of fraud which involve senior management
Should be reported directly to those charged with governance
109
Certain circumstances exist in which an auditor should report fraud to parties outside the entity...
1. To comply with legal and regulatory requirements2. To a successor auditor with client permission3. In response to a subpoena4. To a funding agency in accordance with requirements for the auditors of entities that receive governmental financial assistance5. To authorities when mgt and those charged with governance fail to take corrective action
110
Documentation requirements of the auditors risk assessment and response
REQUIRED.
111
Results of noncompliance
Fines, litigation, or other consequences that may have a material affect on the F/S
112
Responsibility for compliance: management
responsbile for ensuring that the entity's operations are conducted in accordance with applicable laws and regs
113
Responsibility for compliance: auditor
responsible for obtaining reasonable assurance that the F/S are free from material misstatement due to noncompliance and cannot be expected to detect noncompliance with all laws and regulations
114
Noncompliance: auditor procedures
obtain an understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with that frameworkdirect effect on F/S: auditor should obtain sufficient appropriate audit evidence regarding material amounts and disclosures in the F/S that are determined by the provisions of laws and regsindirect effect on F/S: auditor should inquire of mgt whether the entity is in compliance and inspect relevant licensing
115
What if the auditor suspects or identify's noncompliance?
Auditor should discuss the matter with management at least one level above those suspected of noncompliance and, when appropriate, those charged with governance
116
When to report noncompliance to those charged with governance?
Only when those charged with governance are not involved in management of the entity
117
Reporting noncompliance to regulatory and enforcement authorities
Not ordinarily part of auditor's responsibility unless:1. It's in response to inquiries from an auditor to a predecessor auditor2. In response to a court order3. In compliance with requirements for the audits of entities that receive federal financial assistance from a government agency
118
Reporting noncompliance in the auditor's report
Material effect on the F/S - qualified/adverse opinionInsufficient evidence - qualified/disclaimer of opinionClient refusal - withdraw
119
Assessing the risks of material misstatement
IM A CPA;- obtain an understanding of the entity and its environment including INTERNAL CONTROL- assess the risks of MATERIAL MISSTATEMENT- respond to the ASSESSED level of risk- test internal CONTROLS to evaluate their operating effectiveness- PERFORM substantive procedures- evaluate the sufficiency and appropriateness of AUDIT evidence obtained
120
What procedures would an auditor use to obtain an understanding of the entity and its environment?
1. Inquiries2. Analytical procedures3. Observation and Inspection4. Risk Assessment Discussion5. Other Procedures
