Audit Initial Items/ Control Testing Flashcards
Client IC and evidence needed relationship
Inverse
Initial Meeting with client
identify scope, timing, and observation (spefically inventory)
Risk Assessment Steps
1 - inquires with management
2 - analytical procedures
3 - observation and inspection
How to determine risk
Liquidity increase risk
Detection Risk is inverse to
Materiality
To reduce detection risk
1 - increase effective procedures
2 - increase year end procedures
3 - increase extent of testing
Deciding to continue with a client you need
1 - internal audit report 2 - interim statements 3 - quarterly reports 4 - board minutes 5 - materiality check
Substantive procedures used are based on
UNDERSTANDING of IC
Analytical Procedures
1 - part of risk assessment - mandatory
2 - used to form an audit conclusion
3 - can be used to decide on substantive procedures - not mandatory
Substantive Procedures are used to
Find material misstatements at the assertion level
Include:
1 - Analytical Procedures
2 - test of details
Analytical Comparisons
BEST USED
1 - Account Balances
2 - Ratios
3 - Budgetary Expectations from auditor
Income statement items is best use
Analytical Procedures used and audit risk relationship
DIRECT
What is a significant variance for analytical comparison
Changes of 10% or more
Analytical Procedures aid in risk assessment by
1 - overall entity understanding
2 - comparisons
3 - development of a conclusion
Strongest Audit Procedure carried out by analytical
Substantive procedures because misstatements at the assertion level can be detected
Noncurrent assets and liabilities
integral to OVERALL PROFITABILITY
Immaterial Fraud in IC
Must follow to a conclusion
Factors that increase Fraudulent reporting
1 - Complexity of systems
2 - management overrides
3 - inability to generate CF
4 - high MGMT turnover
IC fraud risk is identified by
Evaluation of IC designs and implementation
Responses to Fraud Risk
1 - Assessing overall risk
1a- assign more experienced staff
1b - unpredictable audit procedures
1c - applications of accounting principles on a cum. basis
2 - changes in timing nature and extent based on risk
3 - address MGMT override
3a - retrospective review of significant accounting estimates
Fraud detection and misstatement detection
not the same thing
Auditors responsibility for FS
in conformity with REPORTING STANDARDS
Fraud
ALTERATION OF RECORD to benefit the company as a whole financial position
Misappropriation of Assets
Employees are altering records because they are stealing for their own personal gain
Liquid Assets are at highest risk
Bearer bonds negotiable by delivery are at high risk
Most difficult level to detect fraud
Highest Level
Fraud
1 - always easily identified
2 - can be detected through correct procedures
1 - management override
2 - improper revenue recognition
Management refusal to change MATERIAL item
1 - auditor notifies the board of resignation & consult legal advice
2 - board takes no action auditor must go to the SEC
Noncompliance risk factors
unexpected or large cash payments
ISA and noncompliance
Direct and indirect bear the same effect
Non Compliance Excludes
1 - internal control
2 - manipulation records
3 - info and communication
RELATES TO OPERATING RATHER THEN ACCOUNTING
Compliance audit
opinions are expressed
Auditor can rely on internal assertions of
Cash
Prepaid
Fixed Asset Additions
Management specialist
assist client in F/S prep
Auditor related party transactions responsibility
1 - evaluation of management’s substantiation/assertions
Can have an emphasis of matter paragraph
Related party transactions should be
arms length
Related party transactions require minimal testing on
Authorization (found in confirm)
Approval
Related party evidence
1 - mtg minutes 2 - filing with regulators 3 - conflicts of interest stmt 4 - transactions w/ major entities 5 - large reoccurred transactions 6 - compensating balance & legal confirms
Risk Analysis/ Reasonableness
1st step
understanding of management
Estimates are based on
Collective amounts
Objective
Subjective
Test Management Overrides of Fraud by
Analytical procedures
Comparison of actual to budgeted
IC development Criteria
Cost Benefit
IC Decentralized versus centralized
Decentralized is more effect
Centralized is easier to identify deficiencies
IC
Understanding
Effectiveness
1 - what controls have been implemented ; NEEDED FOR GAAS
2 - test of controls if auditor feels like controls can be relied on ; MANAGEMENT MAKES ASSERTION ON EFFECTIVENESS
Client Lines of Reporting
Determination of management’s ability to circumvent IC which is a part of risk assessment
Detection Risk relates to
SUBSTANTIVE PROCEDURES
Narrative Memorandum
Process of Flow Documents and control points
Assurance on what
test are being preformed to corroborate management assertion
IC materiality versus F/S material
SAME
IC reports
Issuers
Nonissuers
Issuers required to provide an assessment of IC
not required if desired:
1 - included in management rep letter and/or
2 - seperate report to be put into auditors report
IC Opinion Time Frame
Issuer
Nonissuer
1 - as of specific date based on criteria
2 - over a period of time
Section 404 SOX requires
1 - attest report on managements assertions of IC
Integrated audit begins at
Top - down
Statement Level
Entity Level Control - specific accounts
Sufficient Evidence of IC
1 - Inquire along w/ (not sufficient alone)
2 - Observation
3 - Tracing Reports
Reliance of Controls (similar to test of effectiveness)
1 - identify and understand controls
2 - perform test of controls
3 - assess test of controls by determining scope for sub procedures
Test of Controls Efficiency
Not required under GAAS unless it is determined that IC cannot be trusted then evaluation effectiveness
General Controls
Application Controls
1 - ALL
2 - SPECIFIC
Timing of substantive tested related to controls is based on
1 - availability
2 - retrievability
Checks received from customers should be
RESTRICTIVELY ENDORSED
Fidelity Bonds
protect employers from against fraudlent acts by employees
When do you test effectiveness of IC
when substantive procedures are not efficient ; if sub procedures are efficient then do not TEST
EX automated system with no documentation
Changes in IC
test before relied upon
IC is ineffective then
Risk of material misstatement is heightened
Response to ineffective IC
increase substantive procedures
Substantive procedures are a response to
Misstatement @ assertion level
Lower Audit Risk more testing
Testing of Controls Effectiveness
1 - Inquire W/
2 - Observation - strongest
3 - Inspection - sub
4 - Recalculation - sub
Writing to audit committee restriction
Can only give in writing that significant deficiencies and material weakness
If none don’t write
Reduction in materiality requires
greater assurance from SUB procedures
Analytical Procedure
1st Step
Develop and expectation
Compare accounting records or ratios with expectation
Auditors Responsibility to Non-Compliance
responsible to identifying material and direct interest only
NO ASSURANCE RESPONSIBILITY
What comes before assessing CONTROL risk
UNDERSTANDING OF INTERNAL CONTROL
Audit Plan
1 - description of risk assessment procedures
Risk Assessment Procedures
a - analytical
b - inquires/observation/inspections
2 - description of further & other audit procedures
Inherent Risk is higher
amounts derived from estimates
amounts that are uncertain
EX hedging
precondition of an audit
management acknowledges its responsibility for IC
complete audit plan is developed
after
1 - understanding IC
2 - assessing risk to material misstatement
Preliminary Materiality
judgement of auditor based on many factors; can be used to assess materiality
Planning material
does not relate to one financial statement; but the audit as a whole
Fraud AND NONCOMPLIANCE keywords
MATERIAL MISSTATEMENT
ANALYTICAL PREFERENCE
FINANCIAL OVER NON-FINANCIAL
Auditor relies on the competence of another; unless
for inventory auditor ALWAYS OBSERVE PHYSICAL INV
WHO SUBSTANTIATES RELATED PARTY at arms length
MANAGEMENT
For the following items made by management the auditor should:
Assumptions
Assertions
evaluate individually and as a whole form a reasonable basis
obtain sufficient evidence to express and opinion
Routine related party transactions auditor should evaluate
whether transactions would have occurred if parties were not related
Consulting include
analysis
review
prep of certain docs
Audit Engagement Plans
Financial Statement Plans
need understanding of IC
need to known overrall audit strategy
Internal control preformance review
Activities used my MANAGEMENT to SUPERVISE IC
information system keyword
HOW INFO IS PROCESSED
RISK A MATERIAL MISSTATMENT ASSESSES
FURTHER CONTROLS
AUDIT PLAN YOU NEVER
DOCUMENT
IC STEPS
1 - EVALUATE
2 - ASSESS RISK
3 - FURTHER AUDIT
4 - TEST - NOT PLANNING
UNDISCLOSED ITEMS
Significant deficiency
nonissuer ic auditor can examine if the following conditions are met
1 - client makes a seperate IC report
2 - client representation letter
no test of controls
high risk
nature
test changed due to risk assessment
extent
additional procedures
management override
operational
test controls
test monitoring
simulate
observe
Risk Assessment
Before risk assessment you must have procedures to get there to assess the risk:
procedures include:
analytical
inquiry
observation
WHICH HELP GAIN AN UNDERSTANDING OF THE ENVIRONMENT
ANALYTICAL PROCEDURES USED AS
PROCEDURES FOR RISK ASSESSMENT
PROCEDURES FOR SUB. TESTING
