Engagement Planning Flashcards
Who has the responsibility of preventing and detecting fraud?
Management has the responsibility of preventing and detecting fraud?
When is the best time to engage an auditor?
The earlier the auditor is hired- the better for audit planning and efficiency.
When can audit procedures be performed at interim dates?
If Control Risk for the accounts and/or transactions is low- audit procedures can be performed at interim dates.
The auditor then reviews changes in the balances at year-end.
What is the purpose of the Audit Committee? what should be communicated?
Responsible for Hiring Auditor
Oversees Internal Control
Matters to be communicated:
- fraud, illegal acts
- significant matters on IC
- significant adjustments
- disagreements with mgt
- serious difficulties with mgt related to the audit
- consultation mgt had with other cpas about accounting and auditing matters
- major issues discussed regarding initial or recurring retention of auditor
communication should be in writing (by product reports) and restricted to those charged with governance
what is audit risk and How is it calculated?
risk that an auditor unknowingly may fail to modify then opinion on financial statements that are materially misstated (the risk the auditor could render the wrong opinion)
(Inherent Risk x Control Risk )x Detection Risk
Risk that material mistakes- errors- omissions- or fraud will result in an inaccurate audit report
Measured in both Qualitative and Quantitative
Describe Control Risk
risk the IC structure will not PDCMM on a timely basis
cannot be controlled by the auditor
Describe Inherent Risk.
the susceptibility of an assertion to a material misstatement, assuming there are no related controls
cannot be controlled by the auditor
Describe Detection Risk.
the risk that the auditor will not detect a material misstatement. it is a function of effectiveness of the procedure and the application by the auditor
inverse relationship with RMM
can be controlled by the auditor by modifying the NET of substantive procedures
What are the three factors that affect/influence fraud?
Rationalization (ability to)
Incentive/Pressure
Opportunity
(RIO)
The presence of the fraud risk factors does not guarantee that fraud has taken place
What are quantitative measurements versus non-quantitative measurements with respect to risk?
Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of percentages
Non-Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of acceptable ranges
What is the auditor’s responsibility with respect to fraud and illegal acts?
Assess the RISK that such things will lead to material misstatements
Design the audit to provide reasonable assurance against fraud- illegal acts that directly and materially affect the financial statements
Report ALL management fraud to the audit committee (minor fraud by low-level employees not reported to committee)
Perform required inquiries and procedures (management inquiries- analytical procedures- discussions with audit personnel about fraud)
what are the elements of quality control (undertaken by the cap firm)?
Human resources Engagement and continuance of the client Leadership Performance of engagement Monitoring Ethical requirements
What is the difference between fraud and errors?
Errors are unintentional- fraud is intentional.
What red flags may indicate higher risk in an audit?
Management compensation tied to stock
Aggressive financial forecasting
Former auditor disagreed with Management
Records not available for audit
Current audit procedures may need to be reconsidered if red flags exist.
What does an examination of internal control accomplish with respect to illegal acts?
Internal control analysis can result in the conclusion that IC is weak- but probably won’t identify illegal acts
What is the purpose of adjusting audit procedures in light of fraud risk factors identified during an audit?
Strives to make audit engagement procedures less patterned and predictable
Re-evaluates management’s application of accounting procedures
Finds and assigns audit personnel with relevant skills in this area
What should be documented with respect to fraud risk factors in an audit?
Any fraud risks identified that could lead to material misstatement
Audit procedures performed to assess risks
Nature of communication made to audit committee and company management
Disclosure to third parties regarding fraud not normally the auditor’s responsibility
Fraud by management should normally be reported to the audit committee- NOT the SEC.
What was the effect of the SOX Act of 2002?
Created PCAOB
Designates Officer responsibility for internal control
Must disclose significant internal control weaknesses to auditor and audit committee
Must disclose any level of fraud discovered by employees with internal control responsibilities
What type of assurance is provided by a Compilation?
Compilations are not an assurance service. No assurance is provided.
What type of assurance is provided by Review services?
Reviews provide NEGATIVE assurance.
What is the independence requirement for a Review?
Reviews require independence.
No Internal Control work allowed
Performs analytical procedures
No material indirect financial interest allowed
No immaterial direct financial interest allowed
For compilations and reviews- what knowledge must a service provider have?
Must have an understanding of the client industry.
What is the independence requirement for consulting services?
Independence is not required for consulting services.
What are the types of fraud considered in an audit?
fraudulent financial reporting (misstatements or omissions intended to deceive)
- manipulation, falsification or alteration of records
- misrepresentation or omission of events, transactions, etc.
- intentional misapplication of accounting principles
misappropriation of assets (theft of assets)
- embezzling receipts
- stealing assets
- causing an entity to pay for goods and services not received
- using entity assets for personal use
Describe the overview of the audit process?
Planning
- establish understanding with the client
- obtaining understanding of entity, environment and IC
- assessing RMM
Gather and evaluate evidence
- design and perform procedures to address RMM
- evaluate the audit evidence
Form Opinion and Issue Report
What is required to establish an understanding with the client?
engagement letter (written documentation) that describes:
- management responsibilities
- auditor responsibilities
- nature, scope and limitation of services
what is management’s responsibilities in an audit?
- financial statement and application of accounting policies
- establishing and maintaining IC
- prevent and detect fraud
- compliance with laws and regulations
- making all records available
- corrections of MM in the financials
- representations letter (confirms mgt.’s representations at the conclusion of the audit)
what is the auditor’s responsibility in an audit?
- express an opinion of the financials
- conduct the audit in conformity with GAAS
- what is included in the audit:
- understanding of entity, environment and IC
- sufficient understanding to assess the RMM
- design the nature, extent and timing of audit procedures
- audit is NOT designed to provide assurance about IC or identify significant deficiencies
- ensure that those charged with governance aware of significant deficiencies that come to auditor’s attention
what is the audit strategy?
-game plan of the audit determine/define: -the scope of the audit -reporting objectives, timing of fieldwork, communications -materiality levels -areas of higher RMM -material locations and balances -plans to perform test of controls -assign personnel -specific industry or financial reporting developments
what is the audit plan?
- detailes set of audit programs that address specific audit objectives
- document the nature, timing and extent of audit procedures
what is the audit program?
- designed to show the audit precedes selected achieve the audit objectives
- evidence gathered supports the conclusions reached
what is the audit planning documentation?
audit strategy, audit plan and the audit program
How doe the auditor evaluate the RMM?
evaluate RMM by performing risk assessment procedures while obtaining an understanding of the entity
what are further audit procedures?
test of controls - optional (depends on IC)
substantive test - required
what will preclude an auditor from taking on an audit engagement?
if the auditor is not able to gather sufficient evidence to support an opinion
what is the purpose of test of controls?
to determine is internal controls are operating effectively
control will PDCMM on a timely basis
RIIO (reperformance, inspection, inquire, observation)
what are substantive tests? which are required?
detect material misstatements, $ misstatements
test of details of transactions and account balances
what is a material misstatement?
errors and fraud which cause the financial statements to not be presented fairly in conformity with GAAP
what is the effect of decreasing the tolerable level of misstatement?
- perform auditing procedures closer to the B/S date
- select more effective auditing procedures
- increase the extent of a particular auditing procedure
what does the auditor consider when making judgements about materiality?
- considers the needs of a reasonable person who will rely on the financial statements
- considers materiality in terms of the smallest aggregate level of misstatements that could be material to any one of the financial statements
what is a tolerable misstatement?
the amount of misstatement we are willing to tolerate
what is the risk of material misstatement?
the risk that the relevant assertions (related to balances, transactions, disclosures) contain misstatements that could be material to the financial statement when aggregated with other misstatements
what is the relationship between RMM, DR and substantive tests?
increase in RMM(IR*CR), DR decreases, substantive test increases
decrease in RMM(IR*CR), DR increases, substantive test decreases
what should be considered when continuing a client relationship?
- the integrity of the client
- determining is the firm is competent to perform the engagement
- determining that the firm can comply with legal and ethical requirements
what is required before accepting an engagement? what must be done?
communication with the predecessor auditor
must ask:
- integrity of client management
- any disagreements with mgt on principles, auditing procedures or other significant matters
- predecessor’s understanding of the change in auditors
- communications with the audit committee regarding IC, illegal acts and fraud
communication may be written or oral
when should an auditor reject an engagement?
- client unwilling to make all records available
- mgt disregards IC
- no sufficient evidence to support opinion
what are the risk factors of fraud due to fraudulent financial reporting?
management attributes and control environment:
- high turnover of mgt
- strained relationship with auditors
- overworked internal auditors
- no support for IC
- nonfinancial mgt involved with selecting accounting methods
- history of violations
industry conditions
- declining or competitive industry
- industry with rapid changes
operating characteristics/financial stability
- significant related party transactions
- unusual or complex transactions
- declining cash flows while showing growth
- operating in tax-haven jurisdictions
- unrealistic incentives
- hostile takeover
- poor financial condition
what are the risk factors of fraud due to misappropriation of assets?
susceptibility of assets to misappropriation (inherent risk)
inadequate/ineffective controls
- segregation of duties
- background checks of personnel w/access to assets
- recordkeeping for assets
- authorization of transactions
- reconciliation of assets
- documentation of transactions
- no requirements for mandatory vacation
- access controls over automated records
- mgt understanding of IT
is the auditor responsible for detecting illegal acts?
mgt is responsible for detecting illegal acts
auditor is only responsible for detecting illegal acts that have a direct and material impact on the financial statements
what is the approach of the clarity standards?
use a principles based approach
- responsibilities of the audit team (competent, ethical, maintain professional skepticism, professional judgement)
- performance of the audit (reasonable assurance)
- reporting the results (express an opinion)
is a new engagement letter required for a recurring audit?
PCAOB - yes - engagement letter every year
GAAS - no - auditor should remind client of terms and document - may written or oral, if oral - document
what is fraud?
an intentional act involving the use of deception that results in a misstatement in the financial statements
what are the factors that will not allow the detection of fraud?
- concealment (sophisticated and carefully organized schemes)
- collusion
mgt fraud is worse than employee fraud because mgt is in a position to directly or indirectly impact accouting records, financial information and internal control
