Chapter 7 Flashcards
what is the key to conducting a quality audit
assessing and managing risk
overall goal of a quality audit is
determine the risk of material misstatement for overall statements and specific assertions related to classes of transactions, balances and disclosures
the risk of material misstatement exists at two levels
- overall financial statement level
2. assertion level
def: risk of material misstatement at overall financial statement level
risk that relate pervasively to the financial statements as a whole and potentially affect many assertions
which factors can increase the likelihood of material misstatements (5)
- lack of integrity or competence
- weak entity level controls
- inadequate accounting systems and records
- declining economic conditions
- changes in industry
risk of material misstatement at assertion level has two components
inherent risk and control risk
inherent risk is higher for valuation assertion related to accounts that require
complex calculations or accounting estimates that involve significant estimates or judgement
control risk may be higher for valuation assertion if internal controls fail to have
independent review and verification of complex calculations or estimates
from the assessment of risk of material misstatement the auditor will develop
- an overall risk response
2. risk response at assertion level with tests of controls and substantive audit procedures for specific assertions
if the risk is pervasive the risk response strategy could be (4)
- assign more experienced staff
- heighten professional skepticism
- increase involvement of audit partners and managers
- closer supervision and review
during risk assessment process these procedures are done
- inquiries of management and others
- analytical procedures
- observation and inspection
- discussion among engagement team
- others
with inquiries of management and personnel it is important to
get perspectives of different levels of authority
inquiries of those in charge of governance is good for
oversight provided by BofD and others, important aspect of internal control
inquiries to internal audit personnel can provide
information about key risks to business (financial reporting, operations and compliance) + design and operating effectiveness of internal controls
analytical two purposes
- understand the business
2. assess client business risk
how does analytical purpose happen?
identify unusual amounts, ratios or trends that might reveal unusual transactions
analytical procedures include financial or non-financial information?
both
the information used in analytical procedures is aggregated so
provide only a broad indication about if a material misstatement exists
what kind of documents to inspect
purchase orders, invoices, receiving reports with disbursements
what kind of other risk assessment procedures
information from client acceptance evaluation like discussing with predecessor or background checks
risk assessment procedures provide sufficient appropriate audit evidence to form an audit opinion
false
in all risk assessment procedures the auditor must find
the significant risks that require special audit consideration
the auditor must consider as significant risks (6)
- risk of fraud
- risk related to recent key economic, accounting or other
- complexity of transaction
- significant related party transactions
- subjectivity in measurement of financial info
- non-routine transactions
estimation uncertainty is often related to
assumptions about future events, which are difficult to preduct
examples of estimates that can be significant risks
fair value accounting unique or material hedging
how can transactions be unusual or non-routine
either due to size or nature and infrequent
why are non-routine transaction a significant risk?
involve greater extent of management intervention, manual data collection and processing, complex calculations or unusual accounting principles not subject to effective internal controls
risk of not detecting a material misstatement due to fraud is ___ than error
higher
the consideration of risk of material misstatement due to fraud is made at
financial statement level and assertion level
elements of fraud risk assessment
- discuss with audit team members risk fraud
- inquiries to management
- evaluate unusual or unexpected relationships
- evaluate the risk for revenue fraud and management override and understand period-end
what items should the audit team discuss?
- how and where financial statements might be susceptible
- how mgmt could perpetuate or conceal fraud
- how anyone might misappropriate entity assets
- how auditor might respond
CAS 240 requires that auditor make specific inquiries about
fraud in every audit (management and employees)
two kinds of analytical procedures
horizontal analysis and vertical analysis
def: horizontal analysis
account balance compared to previous period and the % change in the account balances for period is calculated
def: vertical analysis
numbers are converted into % of sales for income statement and of total assets for balance sheet
3 conditions for fraud
- incentives or pressure
- opportunity
- attitude and rationalization
def: attitude or rationalization
an attitude, character or set of ethical values that allow employees to intentionally commit a crime or dishonest act
examples of incentives/pressures (4)
- decline in company’s financials
- meet forecasts
- reputation
- wealth tied in options
examples of opportunities for fraud
- industries with significant judgement and estimates
2. turnover in accounting personnel or other processes
incentives/pressures for misappropriation of assets
- employees with financial pressures
2. dissatisfied ones
how to prevent pressure on employees with financial problems?
credit check on employees with access to assets
how to prevent pressure on employees who are dissatisfied?
dealing fairly and monitor employee morale
the opportunity for asset misappropriation is bigger in
companies with accessible cash or inventory or other valuable assets
OR weak internal controls
OR small business or not for profit (less segregation)
when risks are identified due to fraud the auditor must develop response on three levels
- overall response
- assertion level
- related to management override
def: overall response
relate to adjustments to overall audit strategy
examples of overall responses
more experienced personnel, increase professional skepticism, increase sensitivity
because fraud perpetrators are often knowledgeable about audit procedures auditors should
incorporate unpredictability in the audit strategy
examples of unpredictable strategy
visit locations or test accounts not tested before
response at assertion level may lead to changing
the nature, timing and extent of audit procedure
how would the nature be modified?
to obtain audit evidence that is more reliable and relevant
how would timing be modified?
end of period instead of during
how would extent be changed?
obtain more evidence in response to fraud risk at assertion level (increase sample size)
examples of responses to management override
- journal entries and adjustments for evidence of misstatements
- review accounting estimates for biases
- business rationale for significant unusual transactions
def: audit risk
risk that auditor will express an inappropriate audit opinion when financial statements are misstated
def: audit risk model
tool to develop audit strategy at assertion level (planning purpose)
detection risk formula
DR = AAR/IR * CR
the auditor must assess audit risk at three levels
- financial statement
- account balance
- disclosure
if things are good AAR can be
high
if things are bad AAR should be
low
the risk of material misstatement is a function of
detection risk
def: detection risk
the risk that the audit evidence for an audit assertion will fail to detect misstatements exceeding performance materiality
2 key points about DR
- determines the amount of substantive evidence needed
2. if DR reduced, auditor must accumulate more substantive evidence to get to reduced planned risk
if a high likelihood of misstatement, inherent risk is
high
when considering inherent risk we do not look at
internal controls
inherent risk is inversely related to
planned detection risk
inherent risk is directly related to
evidence
auditor performs control risk assessment at two levels
financial statement level and assertion level
the audit risk model shows there is a close relationships between
inherent risk and control risk
combination of IR and CR is referred to as
risk of material misstatement
relationship between control risk and detection risk is
inverse
relationship between control risk and substantive evidence is
direct
the auditor can increase planned DR if controls are
effective (low CR)
if CR is low then the auditor will
rely on internal controls therefore tests of controls > substantive testing
acceptable audit risk can also be referred to as
audit assurance
def: audit assurance
opposite of AAR so 1-AAR = audit assurance
factors that affect AAR
- degree reliance on statements by Users
- likelihood of Financial difficulties after report
- evaluation management Integrity
- new client
if users place heavy reliance you can ___ AAR
decrease AAR
3 factors that affect reliance of users on report
- client’s size
- distribution of ownership
- nature and amount of liabilities
if change of financial failure or loss is high you can ____ AAR
decrease AAR
factors to indicate of doubt about ability to continue as going concern
- liquidity position
- profit and losses in previous years
- method of financing growth
- nature of client’s ops
- competence of management
factors about management integrity that can lead to lower AAR
- prior criminal conviction
- frequent disagreements with prior auditors
- frequent turnover of key financial and internal audit personnel
to assess AAR the auditor will first consider factors related to
engagement risk
def: engagement risk
risk that the auditor or audit firm will suffer harm after the audit is finished even if it is correct
engagement risk is closely tied to
client business risk
most important concepts in auditing is about
the inclusion of inherent risk in the audit risk model
what does having IR in the model indicate?
auditors should attempt to predict where misstatements are most and least likely
the assessment of inherent risk begins at
planning stage
factors affecting inherent risk (14)
- nature of business
- results of previous audits
- related parties
- complex or non-routine transaction
- judgement required
- make up of population
- fraud risk
- management motivation and bias
- initial vs. repeat engagement
- accounting staff competency
- asset susceptible to theft
- change in tech and org
- economic conditions
- doubts about integrity
how do auditors respond to risk?
changing the nature and extent of testing and type of audit procedures + more experienced staff + reviewed more carefully
two factors to assess control risk
- quality of corporate governance processes
2. effectiveness of internal control procedures
risk is a measure of _____ where materiality is a measure of _____
uncertainty and magnitude/size
