Chapter 10 - Risk Response: Putting it All Together Flashcards
What are the steps to risk response at the financial statement level?
- Identify the risk through understanding the entity.
- Assess the risk and develop an overall risk response at the overall financial statement level.
- Team Discussion
What are some topics that should be discussed on the “identifying the risk by understanding the entity level”?
- Industry factors
- Regulatory requirements
- Nature of the business - Operations and processes
- Business Model - Objectives, strategies, and related business risks.
- Performance measurements
- Accounting Policies
What are some topics to be discussed at the “assess the risk and develop an overall risk response at the overall financial statement level”
- With each of the risks identified in the first step (entity specific risks) , list them down in the working paper and indicate what impact it has on the OFSL risk. Then provide a response as to how you will improve it.
- Provide an evaluation of indirect controls and the related risks, indicating whether it increases or decreases the risk and if it increases what response would be necessary.
- Just provide an overall risk response and indicate what the overall impact is.
What should the overall financial statement level risk response include?
- Types and allocation of resources
- timing of the engagement
- Changes to the nature, timing, and extent of the audit procedures based on the risks identified.
- An audit team meeting to consider the fraud risk and discuss the potential for employee fraud and management override.
What are the 4 agenda items for the risk response team discussion?
- Review the risks and brainstorm fraud risks.
- Design a risk response
- Update the overall audit strategy, overall response, and detailed audit plans
- Discuss audit milestones, supervision, and communications required to those charged with governanceTCWG
What information is required to prepare the overall audit strategy?
Derived from understanding the entity and its environment, identifying inherent risk factors, and understanding and evaluating the internal controls system.
What is the overall audit strategy?
The scope (the accounting framework) , timing (reporting deadlines and when work will be performed), and factors significant in the direction of the engagement teams efforts.
The nature and extent of resources necessary and a more detailed audit plan is developed.
What are the four key planning decisions?
- Risk of material misstatement
- Approach
- Materiality
- Procedures
What should be included in the overall audit plan?
- Overview
- Planned scope and timing of the audit
- Materiality
- Significant Risks - Explanation
- Risk responses
- An audit time table for key activities in the audit plan
- Firm contacts
What must be assessed before developing a risk response at the assertion level? What is the purpose of these two steps?
- Perform an assessment of RMM at the OFSL
- Perform an assessment of RMM at the assertion level.
- Helps the auditor scope out where to focus the audit effort
What are the 2 conditions that affect the scope to focus the audit effort?
- Which accounts are material?
- Which accounts are high risk
What are the 3 key points to assess when developing an effective risk response at the assertion level?
- Performance Materiality
- Understanding the entity
- Nature of the assessed risk.
What are the two considerations in performance materiality?
- The account balances, classes of transactions, or disclosures are material
- Regardless of risk assessment, auditors are required to design and perform substantive procedures for each material class of transactions, account balance, and disclosure
What are two considerations in understanding the entity?
- Particular characteristics of the relevant class of transactions, account balances, and disclosures
- Experience in prior period audits
What are five considerations in the nature of assessed risk?
- Overall RMM at the assertion and OFSL
- Significant risks that require special audit attention
- Procedures performed before the end of period
- Assessed level of risks assume effective operation of controls
- Areas where substantive procedures alone are not sufficient audit evidence
What are the four parts to the summary of assessed risk at the assertion level document. Explain what each one does.
- Summary of the significant assertion level risks - Discussion of the asserion level risks, take into account revenue transactions.
- Existence of relevant controls - Controls that exists fir the relevant cycle.
- Risk response - Guides the development of further audit procedures.
- General procedures - For each audit cycle, basic substantive procedures will be used to address a particular assertion.
What are further audit procedures?
- Test of controls
- Substantive testing (Test in details and substantive analytical procedures)
What are considerations when selecting an audit approach to perform the audit?
The OFSL control risk (If high cannot rely upon controls and substantive would be taken instead and if low can rely upon the controls and use the assessment of control risk to determine areas they believe are operating efficiently.
Why are analytical procedures effective?
- Provide evidence for multiple assertions.
- Identify audit issues that may not be apparent from detailed tests of transactions.
- Direct the auditors attention to areas requiring further audit procedures.
What happens if analytical procedures support that an account is reasonable?
- Some test of details can be eliminated
- Sample sizes for the test of details can be reduced.
What are the four types of possible audits?
- Significant Internal Controls
- Some controls
- Limited / No Controls
- Limited / No Controls and Switch in Audit Approach
Describe significant internal controls audit 1
Sophisticated internal controls exist, auditor performs extensive test of controls and relies heavily on internal controls to reduce test of details. In addition, more heavy focus on the substantive analytical procedures rather than test of details.
Describe the some control audit 2
Effective controls exist and auditor identified some effective controls at the assertion level. Combined audit approach taken, medium amount of test of controls, substantive analytical and test of details. More substantive testing done for areas with high RMM.
Describe limited / no controls audit 3
Few effective controls and significant RMM, management decided not to implement better internal controls. Test of controls are only performed to ensure auditors understanding of controls however not used to lower control risk assessment. Heavy emphasis on test of details as well as substantive analytical procedures. Cost likely to be high.