Audit Section 2 Flashcards
Which of the following would an auditor most likely consider in evaluating the control environment of an audit client?
Management’s operating style.
According to COSO, each of the following is a principle relating to the risk assessment component of internal control
1) The organization considers the potential for fraud in assessing risks to the achievement of objectives.
2) The organization identifies and assesses changes that could significantly impact the system of internal control.
3) The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
obtain and use information is applied when
the organization obtains or generates and uses relevant, high-quality information to support the functioning of the control. In this case, management is using the exception report (information) to support the control of monitoring overtime costs.
Objectives of an entity include
1) Reliable Financial Reporting
2) Effective and Efficient Operations
The monitoring component of internal control is
1) Assessing information derived from external parties.
2) Assessing the quality of control performance over time.
3) Improving controls that are not operating effectively.
Risk assessment component of internal control
An auditor evaluates an entity’s risk assessment to understand how management addresses risks relevant to financial reporting
Audit Strategy includes:
1) Provide a preliminary assessment of materiality and tolerable misstatement.
2) Outline reporting objectives.
3) Provide the scope of the
Required documentation in an audit in accordance with generally accepted auditing standards?
An audit plan setting forth in detail the procedures necessary to accomplish the engagement’s objectives.
Substantive procedures and tests of controls at the relevant assertion level to test a client’s
significant account balances, transaction classes, and disclosure items in the financial statements.
What is substantive procedures
test a client’s financial statement assertions
Test of controls is
audit procedure to test a client’s financial statement assertions
Auditor most likely to rely on work done by internal auditors?
For financial statement amounts judged by the auditor to require little or no subjectively evaluated audit evidence.
When an audit specialist is used for a client audit
Make no reference to the specialist in the audit report.
An auditor of a nonissuer intends to reference the work of an auditor’s external specialist in the audit report because the reference was relevant to understanding a modification to the auditor’s opinion. In this case, the auditor should indicate in the report
The reference to the auditor’s external specialist does not reduce the auditor’s responsibility for that opinion.
Auditor’s use of the work of an actuary in assessing a client’s pension obligations?
The auditor is required to understand the objectives and scope of the actuary’s work.
The company being audited has an internal auditor that is both competent and objective. The independent auditor wants to assign tasks for the internal auditor to perform. Under these circumstances, the independent auditor may:
Allow the internal auditor to perform tests of internal controls.
Under which of the following circumstances would an auditor be considered to be using the work of a specialist?
The auditor engages a lawyer to interpret the provisions of a complex contract.
An internal auditor’s work would most likely affect the nature, timing, and extent of an independent CPA’s auditing procedures when the internal auditor’s work relates to assertions about the:
Existence of fixed asset additions.
Testing the existence of contingencies, intangiable assets, related party transactions involves
much subjectivity, and should, therefore, be performed by the auditor.
The work of internal auditors may affect the independent auditor’s:
1) Procedures performed in obtaining an understanding of the system of internal control.
2) Procedures performed in assessing the risk of material misstatement.
3) Substantive procedures performed in gathering direct evidence.
Use in determining the auditor’s preliminary judgment about materiality?
The entity’s financial statements of the prior year.
Regard to the consideration of materiality when an auditor is planning and performing a financial statement audit of an issuer?
When determining a tolerable misstatement threshold, an auditor should take into account the amount of misstatements that were accumulated in prior periods.
Materiality should be reevaluated when:
1) There is a substantial likelihood that misstatements of amounts less than the materiality level established for the financial statements as a whole would influence the judgment of a reasonable investor.
2) Materiality levels and tolerable misstatement were originally based on estimated or preliminary financial statement amounts that differ significantly from actual amounts.
3) Changes that occurred after the materiality levels were originally set are likely to affect investor’s perceptions about the company’s financial statements.
What is being considered when establishing materiality
1) Both quantitative and qualitative factors are considered.
2) Materiality is based on the smallest level of misstatement for any one financial statement.
3) The auditor uses his or her professional judgment when assessing materiality.
If new information becomes available that could require a reevaluation of the quantitative level of materiality applied during an audit of an issuer, then the auditor should
Raise or lower the materiality level as appropriate to the situation.
Materiality levels are generally considered in terms of
the smallest aggregate level of misstatement that could be considered material to any one of the financial statements.
How to Calculate Materiality
Overall materiality = Applicable benchmark × Applicable percentage
Overall materiality = $4,200,000 (annualized revenue = $2,100,000 × 2) × 0.01
Inherent risk that an auditor should consider
Technological developments that may render inventory obsolete.
An appropriate response to an increase in risk of material misstatement is to
perform testing at year-end.
Should an auditor consider confirming the terms of a large complex sale
When the combined assessed level of inherent and control risk over the sale is high.
Would heighten an auditor’s concern about the risk of material misstatements in an entity’s financial statements?
The entity’s industry is experiencing declining customer demand.
In an audit of financial statements for which an auditor’s assessment of risk is judgmental and may not be sufficiently precise to identify all risks of material misstatement, the auditor should take which of the following actions?
Perform substantive procedures for all relevant assertions related to each significant class of transactions.
As the acceptable level of detection risk decreases, an auditor may:
Postpone the planned timing of substantive tests from interim dates to the year-end.
Which of the following matters relating to an entity’s operations would an auditor most likely consider as an inherent risk factor in planning an audit?
The entity enters into derivative transactions as hedges.
On the basis of audit evidence gathered and evaluated, an auditor decides to increase the assessed risk of material misstatement from that originally planned. To achieve an overall audit risk level that is substantially the same as the planned audit risk level, the auditor would:
Decrease detection risk.
Detection risk is inversely related to
the risk of material misstatement. Therefore, an increase in the risk of material misstatement would cause a decrease in allowable detection risk.
A reduction in control risk would result in a
lower substantive testing sample size.
As the acceptable level of detection risk increases, an auditor may change the:
Timing of substantive tests from year-end to an interim date.
The auditor should design the audit to provide reasonable assurance of
detecting material errors and fraud.
Evidence (photocopy of vendor invoices)
The auditor should reevaluate the risk of fraud and design alternate tests for the related transactions as the evidence (photocopy of vendor invoices) is not reliable.
Fraud encountered during an audit engagement of a nonissuer
It is often difficult to detect fraudulent intent in matters involving accounting estimates and the application of accounting principles.
Given the auditor’s preliminary assessment of potential control weaknesses, the auditor would be most concerned with the
opportunity for employees to commit fraud within the organization.
Audit documentation is required to include a
description of the discussion among engagement personnel regarding the risk of material misstatement due to fraud.
When the auditor has obtained evidence that fraud exists, it is important that the matter be brought to the attention of
the appropriate level of management as soon as practicable. This is true even if the matter is considered inconsequential.
Although documentation that is lost may be a result of error (e.g., the client misplaced the document), the auditor should approach lost documentation with a
heightened risk that fraud may have occurred (e.g., the client intentionally destroyed the documentation).
Missing or unavailable documents or electronic evidence may be indicative of
an intentional material misstatement in the entity’s financial statements (fraud).
The average duration of unemployment is a lagging
Lagging economic indicators
Lagging economic indicators tend to follow
economic activity if the average duration of unemployment increases, it is likely a result of employers being reluctant to hire due to economic results.
Building permits for new residences and new unemployment claims is an example of
leading economic indicator. Leading indicators tend to occur before the fact or predict economic activity. A decrease in the number of new building permits is one factor that would tend to signal the economy is heading toward a downturn.
Manufacturing and trade sales are
coincident indicators and occur contemporaneously with economic activity. Industrial production is another example of a coincident indicator.
Performed during the planning phase of the audit:
1) Obtaining selected client financial ratios and comparing to industry averages.
2) Comparing the client’s current year’s same-store sales with budgeted amounts.
3) Comparing current year’s sales per store square foot with the prior year.
Leading economic indicators of business cycles
Manufacturers’ new orders for consumer goods in constant dollars, number of new building permits, and change in manufacturers’ unfilled orders for durable goods in constant dollars.
An inherent limitation to a system of internal control is the fact that
controls can be circumvented by management override.
A continuous activity that an auditor would be expected to perform throughout an audit engagement
1) Understanding the entity and its environment
2) Assessing the risk of material misstatement
3) Considering client continuance
An auditor would most likely perform risk-assessment procedures to evaluate
the design of relevant controls when obtaining an initial understanding of the system of internal control sufficient to assess the risk of material misstatement of the financial statements.
General controls are
policies and procedures that relate to many applications and support the effective functioning and proper operation of the information system.
General controls include procedures to ensure appropriate
systems software acquisition
If a budgetary reporting system provides adequate reports, but the reports are not analyzed and acted upon:
The control has been implemented but is not operating effectively.
In performing interviews and examining documents related to preliminary work in a financial statement audit of a nonissuer, an auditor identifies a business risk associated with plans for a new product line by
analyzing the newly identified risk and consider whether there is an immediate consequence for the risk of material misstatement at various levels of the audit.
A client maintains a large data center where access is limited to authorized employees. How may an auditor best determine the effectiveness of this
The auditor’s direct personal observation provides the most reliable evidence about whether access to the data center is being appropriately limited.
A senior auditor conducted a dual-purpose test on a client’s invoice to determine whether the invoice was approved and to ascertain the amount and other terms of the
Tests of controls and tests of details
What is the most likely course of action that an auditor would take after determining that performing substantive tests on inventory will take less time than performing tests of
Perform only substantive tests on inventory. Test of controls is time consuming and not necessary.
While performing interim audit procedures of accounts receivable, numerous unexpected errors are found resulting in a change of risk assessment.
Use more experienced audit team members to perform year-end testing.
Which of the following factors should prompt an auditor to seek a larger sample size for tests of details?
High assessed level of control risk and high assessed level of inherent risk
An overall response to address a high-assessed risk of material misstatement at the financial statement level of a nonissuer may include:
Providing more supervision of the audit team.
An auditor of a nonissuer most appropriately respond to a heightened assessed risk of material misstatement by
By assigning more experienced staff or those with specialized skills to high-risk areas
After performing risk assessment procedures, an auditor decided not to perform tests of controls. The auditor most likely decided that
It would be inefficient to perform tests of controls that would result in a reduction in planned substantive tests
An auditor of a nonissuer is required to give special consideration to related party transactions because they
Could cause the financial statements to fail to achieve fair presentation
Related party transactions
should always be considered whether significant or not since it has affect on financial statements
The auditor considers any of management’s plans that might serve to mitigate the adverse effects of particular conditions and events.
Increase ownership equity, to borrow money, to restructure debt, to sell assets, and/or to reduce or delay expenditures might all be considered mitigating factors.
The auditor may accept the letter from external counsel even though
The CPA did not get a specific amount of loss.
Audit procedure that an auditor would most likely perform concerning litigation, claims, and assessments
Discuss with management the controls adopted for evaluating and accounting for litigation, claims, and assessments
Procedures would most likely assist an auditor in identifying related party transaction
Review the minutes of the meetings of the board of directors and its committees
A client is a defendant in a patent infringement lawsuit against a major competitor. What are potential wording that is included in the attorney’s response to the auditor’s letter of inquiry
1) A description of potential litigation in other matters or related to an unfavorable verdict in the patent infringement lawsuit.
2) A discussion of case progress and the strategy currently in place by client management to resolve the lawsuit.
3) An evaluation of the probability of loss and a statement of the amount or range of loss if an unfavorable outcome is reasonably possible.
What is not a possible response to the auditors letter from a legal firm?
An evaluation of the ability of the client to continue as a going concern if the verdict is unfavorable and maximum damages are awarded. This is because lawyers are not responsible for evaluation.
If specific information concerning a possible act of noncompliance with laws and regulations comes to the auditor’s attention
the auditor should apply additional audit procedures to determine whether an act of noncompliance with laws and regulations has in fact occurred
If the entity’s financial statements adequately disclose its financial difficulties, the auditor’s report is required to include a separate section that specifically uses the phrase
“going concern” not “Reasonable period of time, not to exceed one year”
In evaluating accounting estimates, one of the auditor’s responsibilities is to determine whether
the estimates are reasonable in the circumstances
In an audit of a nonissuer’s defined benefit pension plan, the best procedures to effectively test that benefit payments to plan participants are paid in accordance with the plan document is by
Recalculating benefits for selected participants based on the plan provisions using relevant service and salary history to support the recorded benefits paid to the participants
If the objective of a test of details is to detect overstatements of sales, the auditor should trace transactions
Accounting records (i…, sales journal) to the source documents (e.g., customer order, sales order, shipping documents, etc.).
To determine whether transactions have been recorded (completeness assertion),
the auditor should trace from the source documents to the accounting records (general ledger, trial balances, etc.).
Analytical procedures performed in the final review stage of an audit generally would include:
Considering the adequacy of the evidence gathered in response to unexpected balances identified in planning.
Because the auditor has determined that there were few transactions impacting the Treasury Stock account during the year
he or she would most likely test the transaction details pertaining to this account.
Procedures an auditor most likely perform to test controls relating to management’s assertion about the completeness of cash receipts for cash sales at a retail outlet by
Observe the consistency of the employees’ use of cash registers and tapes.
Auditors try to identify predictable relationships when using analytical procedures. Relationships involving transactions from which of the following accounts most likely would yield the highest level of evidence?
Interest expense because relationships among income statement accounts tend to be more predictable than balance sheet accounts (accounts receivable, accounts payable) because they represent transactions over a period of time rather than at one point in time.
An auditor wants to determine the accuracy of a given account balance on a client’s financial statements. To test the valuation, allocation, and accuracy assertion, the auditor may perform all of the following audit procedures
1) Performing a recalculation of the estimates made by the client pertaining to the account balance.
2) Footing and cross-footing the account balance to supporting schedules.
3) Reconciling the supporting schedules to the account items reported in the general ledger.
If some customers provide confirmation responses in electronic form, what is the most effective way for the auditor to improve the reliability of these electronic responses?
Directly contact the customer to validate identity and accuracy of information received
Analytical procedures are most appropriate when testing which of the following types of transactions?
Operating expense transactions… because relationships among income statement accounts tend to be more predictable
Unrealized gains on available-for-sale securities should properly be recorded in other comprehensive income.
If such gains were erroneously recorded in the income account for trading securities, this might be discovered through comparison of the current year and prior year revenues and expenses (assuming the error occurred only in the current year, and not in the prior year).
Analytical procedure that an auditor most likely would use while auditing a company’s notes payable
Multiplying the average outstanding loan balance by the interest rate and comparing the result to interest expense actually recorded.
Analytical procedures are not required to be used as
a substantive test and are more likely to be used for accounts that are predictable.
If an auditor of an issuer examines purchase orders obtained from the issuer to verify proper authorization of transactions, then the auditor is conducting
An inspection
Type 1 report aids the user auditor with
obtaining an understanding of controls at the service organization, but does not provide the user auditor with evidence that the controls are operating effectively at the service organization.
Type 2 report
obtain audit evidence related to the operating effectiveness of a service organization’s controls when the risk assessment includes an expectation that the controls are operating effectively.
DP Service Center to process its payroll. DP’s service auditor is Blue, CPA, who recently issued a SOC 1® report on DP’s internal controls. In considering whether Blue’s report is satisfactory for Green’s purposes, Green should
Make inquiries concerning Blue’s competence.
When a service organization provides services that affect the initiation, execution, processing, or reporting of a user company’s transactions, those services are considered to be part of
user company’s information system
Service auditor’s responsibility with regard to other information presented in a document containing management’s description of its system and the service auditor’s report
To read the other information in order to identity material inconsistencies or misstatements.
Quick Service Center processes the payroll for James Industries. Adams, CPA, is Quick’s auditor, while Robinson, CPA, is the auditor for James Industries.
1)Issuing a report that describes the scope and nature of the procedures performed.
2) Making inquiries regarding the professional reputation of Adams, CPA.
3) Inquiring of management regarding subsequent events that might significantly affect user organizations such as James
Industries.
4)Obtaining a letter of representation from the management of Quick Service Center.
Calculating accounts receivable balances is relevant for
gathering data on the service organization’s internal controls
The SOC 1® Type 2 report provides
a user auditor with assurance about the design, implementation, and operating effectiveness of a service organization’s internal controls and therefore may provide evidence that would allow a reduction in the assessed level of control risk for areas of the entity’s accounting
The SOC 1® Type 1 report provides
a user auditor with assurance about the design and implementation of internal controls at a service organization but does not include the testing of operating effectiveness. It may aid the user auditor in obtaining an understanding of controls but cannot be used as a basis for reducing assessed risk.
The SOC 2® Type 1 report provides
assurance over the design and implementation of controls in place at a service organization related to security, availability, processing integrity, confidentiality, and privacy. As it is not specifically related to the internal control over financial reporting (SOC 1), it is not as useful to the user auditor when assessing risk of material misstatement.
The SOC 2® Type 2 report provides
assurance over the design, implementation, and operating effectiveness of controls in place at a service organization related to security, availability, processing integrity, confidentiality, and privacy. As it is not specifically related to the internal control over financial reporting (SOC 1), it is not as useful to the user auditor when assessing risk of material misstatement.
CPA should include in his or her report
a description of the scope and nature of the procedures performed.
An accountant is most likely required to follow Statements on Standards for Accounting and Review Services (SSARS) when the accountant has:
Used the information in a general ledger to prepare financial statements outside of an accounting software system.
preparation engagement
Using information in the general ledger to prepare financial statements outside an accounting software system
SSARS
apply when an accountant prepares, compiles, or reviews financial statements.
A compilation of financial statements in accordance with Statements on Standards for Accounting and Review Services is limited to presenting
Information in the form of financial statements that is the representation of management
SSARS requires
compiled financial statements to be accompanied by a compilation report
SSARS applies to the
preparation of financial statements that are presented “alongside” the entity’s tax return.
Statements on Standards for Accounting and Review Services (SSARS) establish standards and procedures for an engagement to
compile an individual’s personal financial statements to be used to obtain a mortgage.
SSARS has to do with
Compiling financial statements
generated through the use of computer software but not drafting financial statement notes for the client because it doesnt count as preparation
The accounting and review services committee is the authoritative body designated to
promote standards concerning an accountant’s association with unaudited financial statements of a nonissuer
An accountant performing a compilation or review of the financial statements of a nonissuer should
Be able to justify departures from SSARS
To comply with SSARS
1) Prepare trial balance
2) Prepare standard monthly journal entries
Preparing written personal financial plans are excluded from
SSARS requirements.
GAGAS, address the topics of
serving the public interest, integrity, objectivity, proper use of government information, resources and positions, and professional behavior.
Professional behavior includes
an auditor’s honest effort in the performance of professional services in accordance with the relevant technical and professional standards.
A government internal audit function is presumed to be free from organizational independence impairments for reporting internally when the head of the organization
Is removed from political pressures to conduct audits objectively, without fear of political reprisal
The Generally Accepted Government Auditing Standards Framework for Independence identifies an inappropriate influence on auditor judgment or behavior caused by a financial or other interest as a
Self-interest threat
A critical component of the determination of whether providing a nonaudit service would create a threat to independence is
consideration of management’s ability to effectively oversee the nonaudit service to be performed.
Developing program policies impairs a CPA’s independence because
the CPA is acting in a management capacity.
If an auditor were to assume management responsibilities for an audited entity, the management participation threat created would be
so significant that no safeguards could reduce the threat to an acceptable level.
According to the U.S. Department of Labor, an auditor of an employee benefit plan would be considered independent if
An actuary associated with the auditor’s firm renders services to the plan
Independence would not be impaired when
a member of the auditor’s firm was a voting trustee of the plan in a prior year but has since disassociated from the plan and did not participate in auditing the financial statements of the plan.
The DOL requires
auditor independence when auditing and providing an opinion on the financial information submitted annually to the DOL
Management Participation Threat
The assumption of accounting duties and taking possession of the books and records
The Sarbanes-Oxley Act of 2002 requires that the officers of a corporation make any number of representations that will accompany their quarterly and annual financial statements including
Internal control is the responsibility of the signing officers.
The Public Company Accounting Oversight Board consists of:
exactly two CPAs and three non-CPAs.
How many audits of public companies per year does a CPA firm that is registered with the Public Company Accounting Oversight
Board (PCAOB) have to perform before it receives an annual inspection from the PCAOB
More than 100 audits
Organizations was established by the Sarbanes-Oxley Act of 2002 to control the auditing profession is
PCAOB to oversee public company and broker/dealer audits.
A CPA firm must do which of the following before it can participate in the preparation of an audit report of a company registered with the Securities and Exchange Commission (SEC)
Register with the Public Company Accounting Oversight Board
Sarbanes-Oxley Act of 2002, the PCAOB has the legal authority to perform each of the following
1) Process, review, and approve the registration of public accounting firms that audit issuers.
2) Inspect and review selected audit engagements of registered public accounting firms.
3) Establish auditing, quality control, and independence standards for audits of issuers.
The U.S. Department of Justice, not the PCAOB, has the legal authority to
prosecute suspected criminal violations by registered public accounting firms. (However, the PCAOB has the right to impose civil monetary penalties.)
A registered public accounting firm is conducting an audit of an issuer. Which of the following services may the auditor provide to the client while maintaining independence?
Preparing an organizational chart of the accounting department. They are prohibited from bookkeeping, appraisal, valuation, or actuarial services, or management functions.
An auditor of an issuer is permitted to provide
factual accounts in testimony explaining positions taken during the performance of any services provided to the client. This does not impair the auditor’s independence.
Reviewing Partner must rotate off audit every
5 years
Lead Partner must rotate off audit every
7 years
Audit committee of an issuer is responsible for
- Preapproving all audit and nonaudit services provided by the company’s auditor.
- Establishing procedures for the receipt, retention, and treatment of complaints received by the company regarding accounting, internal control, and auditing matters.
- The appointment, compensation, and oversight of the work of the registered public accounting firm employed by the company.
The evaluation of and reporting on the effectiveness of a company’s internal controls is the job of the
accounting firm employed by the company to perform the audit. The audit committee is not responsible for this function
Experience with internal accounting controls is criteria for
audit committee financial expert
According to the Sarbanes-Oxley Act of 2002, an issuer must disclose whether or not it has adopted a code of ethics for
The issuer’s senior financial officers, but not for other employees of the issuer.
Section 404 of the Sarbanes-Oxley Act of 2002 requires the company’s external auditors to attest to, and report on
the internal control assessment made by management of the issuer
According to the COSO, the presence of a written code of conduct provides for a control environment that can
Encourage teamwork in the pursuit of an entity’s objectives
A person identified as an audit committee financial expert of an issuer generally must have acquired the attributes of a financial expert through any of the following experiences
- As a principal financial officer, principal accounting officer, controller, public accountant, or auditor
- Actively supervising a principal financial officer or principal accounting officer
- Assessing the performance of public accountants with respect to preparation, auditing, or evaluation of financial statements
A CPA in charge of the external audit of a nonissuer received an unexpected inheritance that includes 100 shares of the audit client’s common stock.
The CPA must sell or donate the stock within 30 days after receipt of ownership rights. Also a spouse must sell or donate the stock within 30 days as well.
An auditor’s independence is not impaired if
the auditor has a cash balance in a brokerage account that is fully covered by the Securities Investor Protection Corporation.
The firm recommends a human resources software system to the issuer and receives a commission from the software vendor.
Independence would be impaired in this circumstance because the auditor has indirectly earned a financial benefit because of actions taken by the client based on the recommendation of the auditor. Direct or material indirect business relationships between a firm and an audit client impairs independence.
Auditor independence is impaired if
certain non-audit services are provided during the audit including bookkeeping and other services related to the accounting records or financial statements of the audit client. This would include the preparation of the client’s footnote disclosures, which are a part of the overall financial statements of the client.
The tax service of reviewing a proposed transaction and informing the client of the tax consequences may be provided
jointly with the audit of an issuer’s financial statements without impairing independence.
The provision of services involving contingent fee arrangements impairs
Example that impairs the auditor’s independence
Sarbanes-Oxley Act of 2002 says
1) The auditor must discuss with the audit committee the potential effects of the proposed tax services on the firm’s
independence.
2) The auditor must communicate to the audit committee, in writing, regarding the proposed tax services and related fees.
