Chapter 10 - Risk Response: Putting it All Together Flashcards
What are the steps to risk response at the financial statement level?
- Identify the risk through understanding the entity.
- Assess the risk and develop an overall risk response at the overall financial statement level.
- Team Discussion
What are some topics that should be discussed on the “identifying the risk by understanding the entity level”?
- Industry factors
- Regulatory requirements
- Nature of the business - Operations and processes
- Business Model - Objectives, strategies, and related business risks.
- Performance measurements
- Accounting Policies
What are some topics to be discussed at the “assess the risk and develop an overall risk response at the overall financial statement level”
- With each of the risks identified in the first step (entity specific risks) , list them down in the working paper and indicate what impact it has on the OFSL risk. Then provide a response as to how you will improve it.
- Provide an evaluation of indirect controls and the related risks, indicating whether it increases or decreases the risk and if it increases what response would be necessary.
- Just provide an overall risk response and indicate what the overall impact is.
What should the overall financial statement level risk response include?
- Types and allocation of resources
- timing of the engagement
- Changes to the nature, timing, and extent of the audit procedures based on the risks identified.
- An audit team meeting to consider the fraud risk and discuss the potential for employee fraud and management override.
What are the 4 agenda items for the risk response team discussion?
- Review the risks and brainstorm fraud risks.
- Design a risk response
- Update the overall audit strategy, overall response, and detailed audit plans
- Discuss audit milestones, supervision, and communications required to those charged with governanceTCWG
What information is required to prepare the overall audit strategy?
Derived from understanding the entity and its environment, identifying inherent risk factors, and understanding and evaluating the internal controls system.
What is the overall audit strategy?
The scope (the accounting framework) , timing (reporting deadlines and when work will be performed), and factors significant in the direction of the engagement teams efforts.
The nature and extent of resources necessary and a more detailed audit plan is developed.
What are the four key planning decisions?
- Risk of material misstatement
- Approach
- Materiality
- Procedures
What should be included in the overall audit plan?
- Overview
- Planned scope and timing of the audit
- Materiality
- Significant Risks - Explanation
- Risk responses
- An audit time table for key activities in the audit plan
- Firm contacts
What must be assessed before developing a risk response at the assertion level? What is the purpose of these two steps?
- Perform an assessment of RMM at the OFSL
- Perform an assessment of RMM at the assertion level.
- Helps the auditor scope out where to focus the audit effort
What are the 2 conditions that affect the scope to focus the audit effort?
- Which accounts are material?
- Which accounts are high risk
What are the 3 key points to assess when developing an effective risk response at the assertion level?
- Performance Materiality
2, Understanding the entity - Nature of the assessed risk.
What are the two considerations in performance materiality?
- The account balances, classes of transactions, or disclosures are material
- Regardless of risk assessment, auditors are required to design and perform substantive procedures for each material class of transactions, account balance, and disclosure
What are two considerations in understanding the entity?
- Particular characteristics of the relevant class of transactions, account balances, and disclosures
- Experience in prior period audits
What are five considerations in the nature of assessed risk?
- Overall RMM at the assertion and OFSL
- Significant risks that require special audit attention
- Procedures performed before the end of period
- Assessed level of risks assume effective operation of controls
- Areas where substantive procedures alone are not sufficient audit evidence
What are the four parts to the summary of assessed risk at the assertion level document
- Summary of the significant assertion level risks
- Existence of relevant controls
- Relevant controls
- Risk response
What are further audit procedures?
- Test of controls
- Substantive testing (Test in details and substantive analytical procedures)
What are considerations when selecting an audit approach to perform the audit?
The OFSL control risk (If high cannot rely upon controls and substantive would be taken instead and if low can rely upon the controls and use the assessment of control risk to determine areas they believe are operating efficiently.
Why are analytical procedures effective?
- Provide evidence for multiple assertions.
- Identify audit issues that may not be apparent from detailed tests of transactions.
- Direct the auditors attention to areas requiring further audit procedures.
What happens if analytical procedures support that an account is reasonable?
- Some test of details can be eliminated
- Sample sizes for the test of details can be reduced.
What are the four types of possible audits?
- Significant Internal Controls
- Some controls
- Limited / No Controls
- Limited / No Controls and Switch in Audit Approach
Describe significant internal controls audit 1
Sophisticated internal controls exist, auditor performs extensive test of controls and relies heavily on internal controls to reduce test of details. In addition, more heavy focus on the substantive analytical procedures rather than test of details.
Describe the some control audit 2
Effective controls exist and auditor identified some effective controls at the assertion level. Combined audit approach taken, medium amount of test of controls, substantive analytical and test of details. More substantive testing done for areas with high RMM.
Describe limited / no controls audit 3
Few effective controls and significant RMM, management decided not to implement better internal controls. Test of controls are only performed to ensure auditors understanding of controls however not used to lower control risk assessment. Heavy emphasis on test of details as well as substantive analytical procedures. Cost likely to be high.
Describe limited / no control and switch in audit approach audit 4
Audit has planned to rely upon controls and follow a combined approach, however auditor found control test deviations and significant misstatements in substantive testing. Thus the auditor concludes that controls are not effective and reverts to a wholly substantive approach. Extensive test in details required and costs higher as they had performed test of controls that no longer can be used.
What situation would give rise to impossible audit procedures?
If there is a large firm that processes millions of transactions and is highly autonomous, and then the auditor concluded that controls were ineffective, it would be likely that the audit cannot be performed.
Based on the three types of audit procedures, what types of procedures do they encompass?
- Test of Controls - Inspection, observation, Inquiry with client, recalculation, and reperformance.
- Test of details - Inspection, inquiry with client, external confirmation, recalculation, and reperformance
- Substantive analytical - Inquiry and analytical
What are the 4 general rules for further audit procedures? Describe them
- Test of controls - Only test a control if you have reasonable expectation that the control has operated reliably throughout the period
- Dual Purpose Test - To improve audit efficiency, consider if dual purpose tests are possible
- Substantive Analytical procedures - Use these account balances or classes of transactions that can be reasonably predicted.
- Test of details - Design audit procedure that will obtain necessary audit evidence for the assertion being tested in the most efficient manner.
What are dual purpose tests? What is the planning consideration?
Procedures that consist of test of controls and substantive tests of details being performed concurrently on the same transaction. If you are going to perform test of controls, dual purpose tests can improve the efficiency.
What are unpredictable procedures? What is the planning consideration?
If fraud risk is high for a particular assertion, auditors are required to incorporate an element of unpredictability in developing procedure such as an unannounced visit for inventory counts. Consider what type of information to provide to the management client with regard to audit procedures and their timing
What are these following specific procedures and what are the planning considerations?
- Management Override
- Revenue Recognition
- Significant Risks
- Specific audit procedures designed to address the potential risk of management override.
- Auditors are required to assume that the risk of revenue recognition is high
- Audit procedures that are designed to address significant risks identified through Risk assessment procedures. Those with high RMM have significant risks
Planning Considerations:
- Auditors must develop specific procedures that account for management override and risk of revenue recognition fraud.
- Auditors cannot perform only substantive analytical procedures for significant risks
What are audit procedures for closing and what are its planning considerations?
These procedures address the clients closing financial processes. Regardless of the audit approach, auditors must perform procedures related to financial statement closing
What are test of controls and its planning considerations?
What is it:
- Identify relevant internal controls that could reduce the need / scope for other substantive procedures
- No requirement to perform test of controls unless substantive procedures are not available.
Planning Considerations:
- Required for highly automated processes that do not have an audit trail
- Sample size for control tests us significantly less than test of details for a transaction stream.
- Assuming relevant controls operate consistently and control deviations unlikely, test of controls can reduce work required to be performed.
What are test of details and its planning considerations?
- Examination of the details of a sample (or all) of the underlying transactions /balance for an account / group of accounts
- If RMM at assertion level states significant risk, planned audit response states substantive procedures, they must include a test of details.
What are substantive analytical procedures and its planning considerations?
- Total amount of a transaction stream or account balance can be reliably predicted and then compared to the actual amounts
- If inherent risk is low for a particular assertion, auditor may state that the substantive analytical procedure alone is sufficient audit evidence.
What are two circumstances when substantive procedures must be performed?
- Each material class of transaction, account balance, and disclosure (regardless of assessed RMM)
- Each significant risk at the assertion level. If the approach to significant risk is only substantive procedures, test of details must be included.
What are 5 other significant risks?
- Non routine related party transactions
- Estimates
- Non compliance with laws and regulations
- Going concern
- Subsequent events.
What is the clients period end financial process?
- Enter transactions into the general ledger
- Evaluate the accounting policies
- Record journal entries into the general ledger
- Record recurring and non recurring adjustments to the financial statements
What are the 2 procedures required by auditors in the closing financial
- Agree / reconcile the financial statements with the underlying accounting records.
- Examine material journal entries and other adjustments made when preparing the financial statements
How do we determine the number of items to test for controls and details?
Test of controls - Expected deviation rate (based on control risk) and how often the control is performed
Test of details - Determined by the outcome of substantive analytical procedures and RMM assertion. The higher the RMM the more testing needed.
Describe the timing of procedures for interim vs year end balances.
What is the impact if clients want to issue the statement soon after the balance sheet date?
Does this method provide much assurance?
- Since the test of controls and dual tests determine the extent of the substantive tests, these are done at interim 2-3 months prior to year end to ensure that auditors may revise the test of details audit program for unexpected results and complete the audit as soon as possible after the balance sheet date.
-The more time consuming test of details balances will be done at interim audit dates prior to the year end, with additional work being done to roll forward the audited interim date balances to year end, including journal entries and other activities during the period.
- no since you have done the significant testing 3 months before other available information and the internal controls have not been assessed to be effective.
What is roll forward?
Substantive work on journal entries and transactions from a date prior to the balance sheet date to the year end.
Describe throughout the year timing of procedures
For clients with highly sophisticated accounting systems. auditors will perform test of controls and substantive test of transactions throughout the year to identify significant or unusual transactions and determine whether any changes have been made to the clients computer system.
What is continuous auditing?
Any method used by auditors to perform audit related activities on a more continuous or continual basis.
What does the detailed audit plan outline?
- Different types of the test of details
- Extent of the testing
- The timing of the tests
