Audit Risk Strategy in a Professional Engagement

Question 1

What are the different phases (or stages) of an audit?

Answer 1

1. The risk assessment phase
2. The risk response phase (where the detailed work is conducted)
3. The reporting phase (where the audit opinion is formed)

Question 2

Define engagement letter.

Answer 2

A letter that sets out the terms of the audit engagement, to avoid any misunderstandings between the auditor and the client.

Question 3

What will an auditor consider in assessing the integrity of a client?

Answer 3

The auditor will consider the reputation of the client, its management, directors, and key stakeholders. Auditors will consider a client’s reasons for switching audit firms, if the company was previously audited, and management’s’ attitude to risk exposure, and to the implementation and maintenance of adequate internal controls, the appropriateness of management’s interpretation of accounting rules, and willingness to allow the auditors full access to client personal, records, and information required to form their opinion.

Question 4

How does an auditor gather information about management integrity?

Answer 4

The auditor can communicate with the previous auditor (with client permission), client personnel, third parties such as lenders, industry peers, and read industry journals.

Question 5

What are the key components of an engagement letter?

Answer 5

Are an explanation and scope of the audit, the timing of the completion of various aspects of the audit, an overview of the client’s responsibility for the preparation of the financial statements, the requirement that the auditor have access to all information required to perform the audit, and independence consideration and fees.

Question 6

What happens in the risk assessment phase?

Answer 6

It involves gaining an understanding of the client, identifying factors that may impact the risk of a material misstatement occurring in the F/S, performing a risk and materiality assessment, and developing an audit strategy.

Question 7

What happens in the risk response phase?

Answer 7

It involves the performance of detailed tests of controls and detailed testing of transactions and account balances, called substantive testing.

Question 8

What happens in the reporting phase?

Answer 8

It involves an evaluation of the results of the detailed testing in the light of the auditor’s understanding of the client and forming an opinion on the fair presentation of the client’s F/S.

Question 9

Define audit risk

Answer 9

Is the risk that an auditor expresses an inappropriate audit opinion when the F/S are materially misstated.

Question 10

Why do auditors treat every audit as unique?

Answer 10

Because risks associated with two companies may be different even if they are in the same industry. For clients in different industries, laws and regulations will differ amongst industries.

Question 11

How does the risk assessment phase help improve the efficiency and effectiveness of the audit?

Answer 11

It optimizes efficiency and effectiveness when conducting an audit. It requires auditors to plan with a goal of minimizing audit risk, ensuring that appropriate attention is paid to the accounts and transactions most at risk of being materially misstated.

Question 12

Define materiality

Answer 12

The ability of information to influence decisions that users make on the basis of the financial information of a specific reporting entity.

Question 13

What is the concept of materiality?

Answer 13

It is used to quiet audit testing and assess the validity of information contained in the F/S and the notes.

Question 14

What is the difference between qualitative and quantitative materiality?

Answer 14

Information is considered qualitatively material if it affects a user’s decision-making process for a reason other than its magnitude.

Information is considered quantitatively material if it exceeds the magnitude of an auditor’s planning materiality assessment, which is a percentage of an appropriate benchmark.

Question 15

Define performance materiality

Answer 15

It is amount or amounts set by the auditors at less than materiality and is used to make decisions about the extent of audit procedures for a particular class of transaction, account balance, or disclosure.

Question 16

What are two key concepts that apply to all phases of the audit?

Answer 16

Performance skepticism and audit risk

Question 17

Define professional skepticism

Answer 17

It is an attitude adopted by auditors when conducting all phases of the audit. It means that auditors remain independent of the entity, its management, and its staff when completing the audit work.

It means auditors maintain a questioning mind and thoroughly investigate all evidence presented by the client.

Question 18

What is the first stage of audit risk assessment?

Answer 18

It involves the identification of accounts and related assertions most at risk of material misstatement. It is referred to as inherent risk.

Question 19

Define inherent risk

Answer 19

The susceptibility of an assertion to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.

Question 20

Define significant risk

Answer 20

An identified and assessed risk of material misstatement that, in the auditor’s judgement, requires special audit consideration

Question 21

What is the second stage of audit risk assessment?

Answer 21

Involves gaining an understand of the client’s system of internal controls.

Question 22

What is the final stage of audit risk assessment?

Answer 22

The assessed level of inherent and control risk for each assertion will guide auditors in developing their audit strategy to gather appropriate audit evidence.

Question 23

Define risk of material misstatement (RMM)

Answer 23

It is the risk that the F/S are materially mistated prior to the audit. It is a combination of inherent risk and control risk.

Question 24

Define detection risk

Answer 24

Is the risk that the auditor’s procedures will not be effective in detecting a material misstatement should there be one.

Question 25

What are the three types of audit risks?

Answer 25

1. Inherent risk (economic or industry factors)
2. Control risk (failure of an internal control)
3. Detection risk (failure of an audit procedure)

Question 26

What is the relationship between risk of material misstatement and detection risk?

Answer 26

An inverse relationship exists between the risk of material misstatement (RMM) and detection risk. When RMM is high, detection risk is low.

Question 27

Define audit strategy

Answer 27

The determination of the amount of time spent testing the client’s internal controls and conducting detailed testing of transactions and account balances.

Question 28

Define nature of an audit procedure

Answer 28

The determination of what type of audit procedure to use, such as tests of controls or substantive procedures

Question 29

Define tests of controls

Answer 29

Audit procedures designed to evaluate the operating effectiveness of controls in preventing or detecting and correcting, material misstatements at the assertion level

Question 30

The nature of the audit procedures refers to what type of procedure will be used. such as ____ and ______?

Answer 30

Tests of controls and substantive procedures

Question 31

Define substantive procedures

Answer 31

Audit procedures designed to detect material misstatements at the assertion level and gather evidence to support management assertions.

Question 32

Define extent of an audit procedure

Answer 32

The determination of the quantity of audit procedures to be performed.

Question 33

The extent of an audit procedure refers to _____?

Answer 33

How much testing will be done. For example, how large of a sample size to use.

Question 34

What influences the decision about sample sizes?

Answer 34

Detection risk. When detection risk is low, auditors will use larger sample sizes than when detection risk is high.

Question 35

Define timing of an audit procedure

Answer 35

The determination of when an audit procedure is to be performed.

Question 36

The timing of an audit procedure refers to_____?

Answer 36

When it will be performed. The determination of when procedures will be performed is dependent on the effectiveness of the client’s controls.

Question 37

What is the purpose of developing an overall audit strategy?

Answer 37

Is that the audit strategy provides the basis for developing the audit plan that details the nature, extent, and timing of audit procedures to be performed.

Question 38

When the auditor adopts a predominantly substantive approach, what is the audit strategy?

Answer 38

The strategy is to increase detailed substantive procedures performed at year end.

Question 39

Why would the auditors adopt a reliance on controls approach?

Answer 39

When internal controls are effective, and the auditors can perform less extensive detailed substantive procedures at year end.

Question 40

Define errors

Answer 40

Refers to an unintentional misstatement in amounts or disclosures in the F/S.

Question 41

Define fraud

Answer 41

It is an intentional act involving the use of deception that results in the misstatement of F/S that are being audited.

Question 42

What are the two types of fraud?

Answer 42

1. Fraudulent financial reporting (intentional misstating items or omitting important facts from the F/S)
2. Misappropriation of assets (involves some form of theft)

Question 43

What are fraud risk factors?

Answer 43

Conditions that indicate an incentive or pressure to commit fraud, provide an opportunity to commit fraud, or indicate rationalizations to justify fraudulent actions

Question 44

What are the responsibilities of the client and the auditor when it comes to fraud?

Answer 44

Management of the client has responsibility for preventing and detecting fraud. The auditor’s responsibility is to assess the risk of fraud and the effectiveness of a client’s attempt to prevent and detect fraud using internal controls.

Question 45

What are the four incentives and pressures that increase the risk of fraud.

Answer 45

1. The client operating in a highly competitive industry
2. A significant decline in demand for the client’s products and services
3. Failing profits
4. A threat of takeover

Pressures include: threat of bankruptcy, ongoing losses, rapid growth, poor cash flows, profit targets, meet market expectations, etc.

Question 46

Explain four opportunities that increase the risk of fraud.

Answer 46

1. Accounts that rely on estimates and judgements
2. A high volume of transactions at year end
3. Significant adjusting entries and reversals at year end
4. Significant related party transactions.

Question 47

Why is it important for auditors to understand a client’s business?

Answer 47

Because often inherent risk is related to underlying business risks. Auditors must approach each client as unique when gaining an understanding of the entity, even if some clients are in the same industry.

Question 48

What are entity-level risks?

Answer 48

Client risk that affects multiple F/S accounts, assertions, and transaction classes.

Question 49

What are transaction-level risks?

Answer 49

Client risk that affects only one transaction class, account, or assertion.

Question 50

What are factors that influence inherent risk?

Answer 50

1. Major customers and suppliers
2. Importer or exporter
3. Changes in technology
4. Warranties and discounts
5. Client reputation
6. Operations
7. Selection and application of accounting principles
8. Significant accounts and classes of transactions
9. Relations with employees
10. Sources of financing
11. Ownership structure

Question 51

What are industry factors that influence inherent risk?

Answer 51

1. Level of competition
2. Reputation
3. Legal, political, and regulatory environment
4. Demand
5. Economy

Question 52

What is a direct and material effect?

Answer 52

A situation in which noncompliance with laws and regulations impacts amounts and disclosures already included in the financial statements.

Question 53

What is an indirect effect?

Answer 53

A situation in which noncompliance with laws and regulations does not have a direct impact on amounts and disclosures in the F/S, but could require the creation of a contingent liability or an additional disclosure.

Question 54

What is the purpose of gaining an understanding of a client?

Answer 54

Is for the auditor to develop a knowledgeable perspective about the client and its business risks. Having knowledge of the client helps the auditor assess inherent risk.

Question 55

Given an example of an illegal act that could have a material but indirect effect on the F/S.

Answer 55

Is a health code violation by a restaurant. It doesn’t directly affect the F/S but the restaurant could be sued, which could lead to a contingent liability and related expenses.

Question 56

What is a related party?

Answer 56

An affiliate, principal owner, manager, or other party that is not independent of the entity. Related parties include affiliates of the entity, investments in other entities accounted for by the equity method, and trusts for employee benefit plans that are managed by or under the trusteeship of management.

Question 57

Why is an auditor interested in identifying related parties during the risk assessment phase of an audit?

Answer 57

Because the existence of related parties is a fraud risk factor because fraud is more easily committed by related parties.

Question 58

Are procedures to identify related parties only performed during risk assessment?

Answer 58

No, they may be performed outside of risk assessment because auditors should always be mindful of potential related parties. Client circumstances could change and new relationships could be created at any time during the client’s year.

Question 59

Define corporate governance

Answer 59

Refers to the people, systems, and processes within companies used to ensure that companies are well-managed and that risks are identified and controlled by management and entity personnel.

Question 60

What is an audit committee?

Answer 60

They are responsible for overseeing the accounting and financial reporting processes of the company and the audit of F/S.

Question 61

What is the purpose of a board of directors?

Answer 61

They are responsible for overseeing management. The BOD represents the shareholders and is responsible for ensuring the company is being run to benefit shareholders.

Question 62

What is the difference between executive directors and non executive directors?

Answer 62

Executive directors are part of the company’s management team, and they are full time employees.
Non-executive directors are not part of the company’s management team, and their involvement in the company is limited to preparing for and participating in board meetings and relevant board committee meetings.

Question 63

What are some duties of the audit committee of the BOD?

Answer 63

SOX says audit committee BOD is responsible for overseeing the accounting and financial reporting processes of the company and the audit of F/S. The audit committee appoints the auditors, resolves any disagreements between management and auditors, establishes procedures to receive complaints regarding accounting or internal control matters, and has authority to engage legal counsel.

Question 64

What are some of the risks associated with the use of IT?

Answer 64

1. Unauthorized access to computers, software, and data (can occur when there is insufficient security or poor password protection procedures)
2. Errors in applications (can occur if programs are not tested thoroughly.)
3. Lack of backup
4. Loss of data

Question 65

What are closing procedures?

Answer 65

Processes used by a client when finalizing the accounts for an accounting period.

Question 66

Explain how an auditor can assess the risk associated with the client’s closing procedures.

Answer 66

By reviewing monthly, quarterly, and/or semiannual F/S and assessing the accuracy of calculations used for adjusting and closing entries. Auditors can also look at earnings trends to assess whether reported income is in line with expectations.