Audit Lecture 5

Question 1

What is the difference between nonstatistical sampling and statistical sampling?

Answer 1

Statistical sampling:

• Uses laws of probability for selection and evaluation of a sample.
• Allows for quantification of audit risk and sufficiency of audit evidence.

Nonstatistical sampling:

• Does not utilize statistical models in calculations.
• Auditors use their judgement to determine sample sizes, and sample results are evaluated judgmentally.

Question 2

When is professional judgment necessary in the use of statistical or nonstatistical sampling by an auditor?

Answer 2

The auditor must use professional judgment to:

• Define the population and sampling unit.
• Select the appropriate sampling method.
• Evaluate whether the audit evidence is appropriate.
• Evaluate te nature of deviations or errors.
• Consider sampling risk.
• Evaluate sample results and project to the population.

Question 3

Define sampling risk.

Answer 3

Sampling risk is the risk that the auditor’s conclusion based on a sample is different from the conclusion that would have been reached if the tests had been applied to all items in the population.

Question 4

Define the two aspects of sampling risk for tests of controls.

Answer 4

Risk of assessing control risk too low:

Deciding the control is more effective/reliable than it really is; affects audit effectiveness.

Risk of assessing control risk too high:

Deciding the control is less effective/reliable than it really is; affect audit efficiency.

Question 5

Identify two aspects of sampling risk that the auditor should be concerned with when performing substantive testing.

Answer 5

Risk of incorrect acceptance:

Deciding from the sample that the balance is correct when it is really materially misstated; affects audit effectiveness.

Risk of incorrect rejection:

Deciding from the sample that the balance is materially misstated when it is really correct; affects audit efficiency.

Question 6

What is the relationship between sampling risk and reliabilty (confidence level)?

Answer 6

Sampling risk + Confidence level = 100%

Question 7

What is attribute sampling?

Answer 7

Attribute sampling is a statistical sampling method used to estimate a rate of occurrence in a sample. It is used in tests of controls.

Question 8

Define tolerable deviation rate (for attribute sampling) and tolerable misstatement (for variable sampling).

Answer 8

• Tolerable deviation rate*: The maximum rate (%) of deviation from a control procedure that the auditor is willing to accept while still relying on the control.
• Tolerable misstatement*: The largest amount of misstatement the auditor believes can exist in a balance or class of transactions without causing the financial statements to be materially misstated.

Question 9

What factors affect sample size for an attribute sampling application?

Answer 9

The following factors affect sample size in an attribute sampling application:

• Risk of assessing control risk too low (inverse relationship)
• Tolerable deviation rate (inverse relationship)
• Expected deviation rate (direct relationship)

Question 10

What rates are compared in drawing a conclusion about an attribute sampling application?

Answer 10

The auditor compares the upper deviation rate to the tolerable deviation rate in drawing conclusions about an attribute sampling application. If the upper deviation rate exceeds the auditor’s tolerable deviation rate, the auditor will not rely on the control. (The upper deviation rate is the sample deviation rate plus an allowance for sampling risk.)

Question 11

What factors affect sample size for a variables sampling application?

Answer 11

The following factors affect sample size in a variables sampling application:

• Standard deciation or population variability (direct relationship)
• Tolerable misstatement (inverse relationship)
• Acceptable level of risk (inverse relationship)
• Expected size and frequency of misstatements (direct relationship)
• Assessed level of risk (direct relationship)

Question 12

Describe variables sampling.

Answer 12

Variables sampling is a statistical sampling method used to estimate the numerical amount of a population. Variable sampling is used primarily in substantive testing.

Question 13

What is stratification and why would an auditor stratify a population?

Answer 13

Stratification separates the sample into relatively homogenous groups. Each group is treated as a separate population.

Stratification is typically used when a population has highly variable amounts. Stratification usually results in a smaller sample size.

Question 14

What amounts are compared in drawing a conclusion about a variables sampling application?

Answer 14

The auditor compares the client’s book value to the calculated range in variables sampling application. If the recorded book value is with in the acceptable range, the book value is considered fairly stated. (The calculated range is the point estimate, as determined from the sample, plus/minus an allowance for sampling risk.)

Question 15

What is discovery sampling?

Answer 15

Discovery sampling is a type of attribute sampling used when the expected deviation rate is zero or near zero. It is used when the auditor is looking for a very critical characteristic (e.g., fraud).

Question 16

What are the sampling plans commonly used for variables estimation?

Answer 16

• Mean-per-unit estimation: The sample mean is multiplied by the number of items in the population to estimate population value.
• Ratio estimation: The ratio between book value and audited value (from a sample) is used to estimate population value.
• Difference estimation: The difference between book value and audited value (from a sample) is used to estimate population value.

Question 17

Define Probability-Proportional-to-Size (PPS) sampling.

Answer 17

Probability-Proportional-to-Size (PPS) sampling is a hybrid sampling technique that uses attribute sampling theory to express a conclusion in dollar amounts rather than as a rate of occurrence. The sampling unit is defined as an individual dollar in a population, which creates the effect of stratified sampling (the unit’s chance of being selected increases as its amount increases).

Question 18

What are the advantages and disadvantages of using PPS sampling?

Answer 18

Advantages:

• Automatic stratification
• Efficient (smaller sample)

Disadvantages:

• May require special considerations for negative, zero, and understated balances.

Question 19

How is the sampling interval determined in a PPS sampling application?

Answer 19

Sampling interval =

Tolerable misstatement
Reliability factor

(The reliability factor comes from a table and is based on the risk of incorrect acceptance.)

Question 20

How is the sample size determined in a PPS sampling application?

Answer 20

Sample size =

Recorded amount of the population
Sampling interval

Question 21

What is a control deficiency?

Answer 21

A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect/correct misstatements on a timely basis.

Question 22

What is a significant deficiency?

Answer 22

A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit the attention of those charges with governance (responsible for oversight of the company’s financial reporting).

Question 23

What is a material weakness?

Answer 23

A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected/corrected on a timely basis.

Question 24

What is the auditor’s responsibility with respect to control deficiencies identified during a financial statement audit of a nonissuer?

Answer 24

• The auditor has a responsibility to evaluate control deficiencies identified during the audit to determine whether they represent significant deficiencies or material weaknesses.
• Significant deficiencies and material weaknesses should be communicated in writing to management and those charged with governance within 60 days of the report release date.
• The communication with management and those charged with governance should be restricted use.

Question 25

What is an integrated audit? When is an integrated audit required?

Answer 25

An integrated audit requires the auditor to audit both the financial statements and internal control over financial reporting. The two audits must be performed together, and two opinions (one on the financial statements and one on the effectiveness of internal control) will be rendered. An integrated audit is required:

1. For all audits of issuers.
2. When an auditor is engaged to examine the internal control of a nonissuer.

Question 26

Describe the top-down approach used to select controls to test for issuer/nonissuer clients.

Answer 26

The top-down approach includes the following chronological levels:

• Financial Statement level–the auditor evaluated overall risks.
• Entity level–the auditor identifies and tests controls pertaining to:
  
  • The control environment
  • Management override
  • Monitoring the results of operations and other controls
  • Period-end financial reporting
  • Centralized operations
• Accounts, Disclosure, and Assertions level–the auditor evaluates qualitative and quantitative risk factors to identify significant accounts, disclosures, and assertions for which there is a reasonable possibility of material misstatement. Once identified, the controls are tested.

Question 27

What is the accountant’s responsibility with respect to control deficiencies identified during an engagement to examine the internal control of a nonissuer?

Answer 27

Significant deficiencies and material weaknesses should be communicated in writing to management and those charges with governance by the report release date.

Control deficiencies that are not significant deficiencies or material weaknesses should be communicated in writing to management within 60 days of the report release date.

A material weakness results in an adverse opinion.

Question 28

How are control deficiencies, significant deficiencies, and material weaknesses communicated by the auditor to the issuer in an integrated audit?

Answer 28

All internal control deficiencies over financial reporting that were identified during the audit should be communicated to management in writing. The audit committee should be informed when the communication was made.

Any significant deficiencies identified during the audit should be communicated in writing to the audit committee.

Any material weaknesses identified during the audit should be communicated in writing to both management and the audit committee prior to the issuance of the auditor’s report on internal control over financial reporting.

Question 29

What standards are referenced in the auditor’s report that provides an opinion on the operating effectiveness of internal control for:

1. Issuers?
2. Nonissuers?

Answer 29

The auditor’s report that provides an opinion on the operating effectiveness of internal control for:

1. Issuers must reference that the audit was conducted in accordance with the standards of the Public Company Accounting Oversight Board (United States).
2. Nonissuers must reference that the examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants.

Question 30

What is included in the inherent limitations paragraph in the auditor’s report that provides an opinion on the operating effectiveness of internal control?

Answer 30

Because of its inherent limitations, internal control over financial reporting may not prevent or detect and correct misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or because the degree of compliance with the policies or procedures may deteriorate.

Question 31

Is the report that contains an opinion on the operating effectiveness of internal control restricted?

Answer 31

Generally, the report that contains an opinion on the operating effectiveness of internal control is not restricted.

Question 32

May an auditor who is engaged to perform an integrated audit provide a report stating that all control deficiencies or all significant deficiencies have been identified?

Answer 32

An auditor should not issue a report stating that all control deficiencies have been identified.

Question 33

May an auditor issue a report stating that no material weaknesses were identified when engaged to perform an integrated audit?

Answer 33

An auditor should not issue a report stating that no material weaknesses were identified. Because the auditor’s objective in an examination of internal control is to form an opinion on the effectiveness of the entity’s internal control, the auditor should not issue a report indicating that no material weaknesses were identified during the integrated audit.

Question 34

Is it possible for an auditor to render an unmodified opinion on the financial statements and an adverse opinion on internal control over financial reporting?

Answer 34

Yes, an auditor may render an unmodified opinion on the financial statements and an adverse opinion on internal control over financial reporting. For example, the internal controls may not be operating effectively, but the financial statements may be fairly stated.

Note: The auditor should consider the effect his or her adverse opinion on internal control has on the opinion on the financial statements. The auditor should disclose whether the opinion on the financial statements was affected by the adverse opinion on internal control over financial reporting.

Question 35

How does the extent of testing of internal control differ between a financial statement audit and an examination of internal control for nonissers?

Answer 35

The extent of testing of internal controls for a financial statement audit is more limited than in an internal control examination.

When rendering an opinion on internal control for an examination of internal controls, the auditor should obtain evidence regarding the effectiveness of selected controls over all relevant assertions. This level of testing is not required for a financial statement audit.

Question 36

List the items that an auditor is required to communicate to those charged with governance.

Answer 36

The auditor is required to communicate with those charges with governance regarding:

• The auditor’s responsibilitt under GAAS.
• The planned scope and timing of the audit.
• Signficant audit findings, including:
  
  • Significant accounting policies.
  • Management judgments and accounting estimates.
  • The auditor’s judgment about the quality of the entity’s accounting principles.
  • Difficulties encountered in performing the audit; disagreements with management.
  • Uncorrected misstatements.
  • Management issues discussed prior to retention.
  • Audit adjustments.
  • Consultation (by management) with other accountants.
  • Other items required by the AICPA standards of the Sarbanes-0xley Act.

Note: The communication can be oral or written, but must be documented in the audit documentation (working papers).

Question 37

What are the functions of the audit committee?

Answer 37

The audit committee typically:

1. Selects and appoints the independent auditor and sets the audit fee.
2. Reviews the nature and details of the audit engagement.
3. Reviews the quality of the auditor’s work.
4. Reviews the scope of the audit.
5. Determines that any recommendations made by the auditor are given proper attention.
6. Maintains lines of communication between the auditor and the board of directors.
7. Helps to solve any disagreements related to the accounting treatment of material items in the financial statements.
8. Evaluates the internal control of the company with the help of the independent auditor.
9. Makes reports to the board of directors and the stockholders when necessary.
10. Assures that the auditor is independent of the company.

Note: The audit committee has additional responsibilities under Sarbanes-Oxley.

Question 38

What are the three primary purposes for obtaining written representations from management?

Answer 38

• To confirm representations explicitly or implicitly given to the auditor.
• To indicate and document the continuing appropriateness of such representations.
• To reduce the possibility of misunderstanding concerning matters that are the subject of such representations.

Question 39

What general types of items are included in a management representation letter, and who should sign it?

Answer 39

A management representation letter generally includes information related to:

• The financial statements
• The completeness of information
• Fraud
• Related party transactions
• Recognition, measurement, and disclosure
• Subsequent events
• Issues specific to a particular entity

The management representation letter should be signed by the CEO, CFO, and any other members of management who are responsible for and knowledgeable about the items contained in the letter.