Engagement Planning, Obtaining an Understanding of the Client and Assessing Risks Flashcards
What statements pertain to Engagement Planning and Understanding of Client and Assessing Risks?
Statements on Auditing Standards
AU-C 200 - Responsbility and Functions of Ind. Auditor
210 - Relationship between the Auditor’s Appointment and Planning
220 - Quality Control for an Engagement Conducted in Accordance with GAAS
240 - Consideration of Fraud in a financial statement audit
250 - Illegal acts by clients
300 - Planning and supervision
314 - Substantive tests prior to the balance sheet date
315 - Understanding the entity and its environment and assessing the risks of material misstatement
510 - Communications between predecessor and successor auditors
520 - Analytical procedures
AT 101 - Attestation standards`
Who is responsible for the fair presentation of financial statements?
Management.
Implicitly or explicitly makes assertions relating to account balances at year-end (account balances), classes of transactions and events (transactions classes) and presentations and disclosures.
They are included in AU-C 500 and presented at the transaction class, account balance, and disclosure levels.
Transaction Classes: Occurrence
Transactions and events that have been recorded have occurred and pertain to the entity.
Transaction Classes: Completeness
All transactions and events have been recorded.
Transaction Classes: Accuracy
Amounts and other data relating to recorded transactions have been recorded appropriately
Transaction Classes: Cutoff
Transactions and events have been recorded in the correct accounting period
Transaction Classes: Classification
Transactions and events have been recorded in the proper accounts
Account Balances: Existence
Assets, liabilities, and equity interests exist
Account Balances: Rights and Obligations
The entity holds or controls the rights to assets, and liabilities are the obligations of the entity
Account Balances: Completeness
All assets, liabilities, and equity interests have been recorded.
Account Balances: Valuation and allocation
Assets, liabilities, and equity interests are included at appropriate amounts.
Disclosures: Occurrence
Disclosed events and transactions have occurred
Disclosures: Rights and obligations
Disclosed events pertain to the entity
Disclosures: Completeness
All disclosures that should have been included have been included.
Disclosures: Accuracy and valuation
Info is disclosed fairly and at appropriate amounts
Disclosures: Classification and understandability
Information is presented and described clearly
What are relevant assertions?
Those that have a meaningful bearing on whether an account balance, transaction, or disclosure is fairly stated.
E.g Valuation may not be relevant to the cash account unless currency translation is involved; however, existence and completeness are always relevant.
AU-C 200 - What does audit risk consist of?
- Risk that an account and its related assertions contains material misstatements (composed of two components, referred to as inherent risk and control risk)
- Risk that the auditor will not detect such misstatements (referred to as detection risk)
AU-C 200 - How is audit risk viewed mathematically?
Audit Risk = Risk of material misstatement * Risk auditor fails to detect misstatements
Audit RIsk = Inherent Risk * Control Risk * Detection Risk
What does inherent risk differ by and give an example.
The risk differs by account and assertion.
E.g. cash is more susceptible to theft than an inventory of coal.
How does inherent risk get assessed?
The risk is assessed using various analytical techniques, available information on the company and its industry, as well as, by using overall auditing knowledge.
How does control risk get assessed?
Assessed using the results of tests of controls.
How does detection risk get assessed?
Substantive procedures.
What is the relationship among inherent risk, control risk, and detection risk?
Inherent risk and control risk differ from detection risk in that they exist independently of the audit, whereas detection risk relates to the effectiveness of auditor’s procedures.
E.g. When a question asks for the relationship b/w control risk and detection risk, it would be inverse.
E.g. If control risk (or inherent risk) increases, detection risk must decrease
AU-C 320, 450 - What is materiality?
GAAP considers materiality to be the magnitude of an omission or misstatement of accounting info that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable personal relying on the info would have been changed or influenced by the omission or misstatement.
What does determining a materiality level help auditors with?
- Assess risks of material misstatements and plan the nature, timing, and extent of further audit procedures
- Evaluate audit results
What is performance materiality?
Set by auditors to reduce to an appropriately low level the possibility that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements - that is, performance materiality will ordinarily be set at an amount below the materiality level for the financial statements as a whole.
What is tolerable misstatement?
Function of performance measure as related to the auditor’s assessment of performance materiality and is normally set at or less than performance materiality.
What should audit documentation related to materiality include?
- Materiality for the financial statements as a whole.
- If applicable, materiality levels for particular accounts, classes of transactions, or disclosures.
- Performance materiality
- Any revisions of the above as the audit progressed.
Statements on Auditing Standards - Where is Errors and Fraud discussed?
AU-C 240.
What are two types of fraud considered in an audit?
- Fraudulent financial reporting that makes the financial statements misleading
- Misappropriation of assets (theft, defalcation)
Definition of errors, an example, detection responsibility, reporting responsibility, and the primary standards.
- Definition: Unintentional misstatements or omissions.
- Example: Mistakes in processing accounting data, incorrect accounting estimates due to oversight, mistakes in application of accounting principles
- Detection Responsibility: (1) Assess risk of misstatement (2) Based on assessment, design audit to provide reasonable assurance of detection of material misstatements (3) exercise due care in planning, performing, and evaluating results of audit procedures, and proper degree of professional skepticism to achieve reasonable assurance of detection
- Reporting Responsibility: (1) Modify audit report for remaining departures from GAAP or scope limitations (2) Report to audit committee (unless clearly inconsequential)
- Primary Standards: AU-C 240
Definition of fraud, an example, detection responsibility, reporting responsibility, and the primary standards.
- Definition: intentional misstatements or omissions
- Example: fraudulent financial reporting and misappropriation of assets (embezzlement)
- Detection Responsibility: (1) Assess risk of misstatement (2) Based on assessment, design audit to provide reasonable assurance of detection of material misstatements (3) exercise due care in planning, performing, and evaluating results of audit procedures, and proper degree of professional skepticism to achieve reasonable assurance of detection
- Reporting Responsibility: (1) Modify audit report for remaining departures from GAAP or scope limitations (2) Report to audit committee (unless clearly inconsequential)
- Primary Standards: AU-C 240
Definition of direct effect, an example, detection responsibility, reporting responsibility, and the primary standards.
- Definition: violations of laws or governmental regulations having a material and direct effect on financial statement amounts and disclosures
- Examples: tax laws, accrued revenue based on government contracts
- Detection Responsibility: (1) Assess risk of misstatement (2) Based on assessment, design audit to provide reasonable assurance of detection of material misstatements (3) exercise due care in planning, performing, and evaluating results of audit procedures, and proper degree of professional skepticism to achieve reasonable assurance of detection
- Reporting Responsibility: (1) Modify audit report for remaining departures from GAAP or scope limitations (2) Report to audit committee (unless clearly inconsequential)
- Primary Standards: AU-C 240, AU-C 250
Definition of other laws, an example, detection responsibility, reporting responsibility, and the primary standards.
-Definition: violations of laws or governmental regulations not having a material and direct effect on financial statement amounts and disclosures
-Examples: securities trading, occupational safety and health, food and drug administration, environmental protection, equal employment, price fixing
Detection Responsibility: (1) Be aware of possibility that they may have occurred (2) Inquire of management and those charged with governance re: compliance (3) inspect correspondence with licensing or regulatory authorities (4) if specific information comes to attention on an illegal act with a possible material indirect financial statement effect, apply audit procedures necessary to determine whether illegal act has occurred
-Reporting Responsibility: (1) Modify audit report for remaining departures from GAAP or scope limitations (2) Report to audit committee (unless clearly inconsequential)
-Primary Standards: AU-C 250
What happens during staff discussion of the risk of material misstatement?
Brainstorm; consider incentives/pressures, opportunities; exercise professional skepticism
What happens when there is need to obtain information needed to identify risks of material misstatement due to fraud?
Make inquiries of management and others; consider results of analytical procedures; consider fraud risk factors
What happens when identifying risks that may result in material misstatement due to fraud?
Consider type of risk that may exist; significance of risk (magnitude), likelihood of risk; and pervasiveness of risk
What happens when assessing the identified risks after considering programs and controls?
Consider understanding of internal control; evaluate whether programs and controls address the identified risks; assess risks taking into account this evaluation
What happens during the response to the results of the assessment?
As risks increases:
- Overall response: more experienced staff, more attention to accounting policies, less predictable procedures
- For specifically identified risks: consider need to increase nature, timing, and extent of audit procedures
What happens during evaluation of audit evidence?
Assess risk of fraud throughout audit; evaluate analytical procedures performed as substantive procedures and at overall review stage; evaluate risk of fraud near completion of field work; respond to misstatements that may be due to fraud
What happens during communication about fraud?
Communication all fraud to an appropriate level of management;
Communicate all management fraud to audit committee
Communicate all material fraud to management and audit committee
Determine if significance deficiencies have been identified
What happens during documentation of fraud?
Document the process and if improper revenue recognition not considered a risk, describe why.
Why is an audit planned and performed?
To obtain reasonable, not absolute, assurance, even a properly performed audit may miss material misstatements.
What is professional skepticism?
An attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence.
What might impede application of professional skepticism?
Long-term relationships, completing the audit too quickly to meet client demands, keeping audit costs low.
What is fraudulent financial reporting?
Financial statements are intentionally misstated (cooked books)
What is misappropriation of assets?
When its assets are stolen
What are 3 conditions that are generally present when individuals commit fraud?
- Incentive/pressure
- Opportunity
- Attitude/rationalization
What are two presumptions in an audit?
- Fraud exists in revenue recognition (ordinarily overstated)
- Risk of management override of internal control is present.
What is the response for management response?
- Testing the appropriateness of journal entries and adjustments
- Reviewing accounting estimates for biases
- Evaluating the rationale for significant unusual transactions
What is fraud communication responsibility?
- All fraud involving management should be communicated to the audit committee
- All material fraud should be communicated to the audit committee
- Auditor should reach an understanding with audit committee regarding other communications
What does AU-C 250 pertain to?
Laws and regulations.
Auditor responsibility with respect to identifying client noncompliance with laws and regulations.
What are the 2 types of laws?
- Those with a direct effect on the financial statement amounts and disclosures
- Others
What are examples of laws have a direct effect on financial statement amounts and disclosures?
Accounting for transactions under government contracts and the accrual of income tax and pension costs.
What are examples of other laws that do not have a direct effect in the determination of amounts and disclosures?
Those relating to securities trading, occupational safety and health, food and drug admin, environmental protection, equal employment and price fixing or other anti-trust violations.
What are additional procedures when noncompliance is identified or suspected?
- Obtain an understanding of the act and the circumstances in which it has occurred.
- Obtain further info to evaluate the possible effect on financial statements
What is the audit report effect on noncompliance with a material effect on financial statements not properly disclosed.
Departure from GAAP - qualified or adverse opinion.
What is the audit report effect when auditor is unable to obtain sufficient appropriate evidence on whether noncompliance may have a material effect on financial statements or they are unable to determine whether noncompliance has occurred due to limitations imposed by the circumstances.
Scope limitation - qualified opinion or disclaimer of opinion.
What does AU-C 510 refer to?
Communicate with predecessor auditors
What communication is required is required prior to client acceptance?
- Initiating communication is responsibility of the successor
- If the prospective client refuses or limits predecessor’s response, consider implications in deciding whether to accept the engagement
What should the successor’s inquiries of the predecessor include?
- Information bearing on integrity of management
- Disagreements with management as to accounting principles, auditing procedures or other similarly significant matters
- Communications to audit committee regarding fraud, illegal acts, and internal control related matters
- Predecessor’s understanding of the reasons for the change in auditors
How to establish an understanding with the client?
Engagement Letter. It is written communication with the client and is sent to the client, who normally indicates approval through returning a signed copy to the CPA.
What are the four general topics of establishing understanding with the client?
- Objectives of the engagement
- Management’s responsibilities
- Auditor’s responsibilities
- Limitations of the audit
What is the difference between AICPA and PCAOB requirements for recurring audits?
AICPA: Auditor remind management of the terms of audit and document reminder in working papers
PCAOB: requires an understanding be obtained for each engagement (documented in working papers, preferably through written communication (engagement letter) with client
What is the audit plan?
The auditor should develop and document an audit plan in which the auditor determines the audit procedures to be used that, when performed, are expected to reduce audit risk to an acceptably low level.
What should the audit plan include?
- Risk assessment procedures
- Further audit procedures (test of controls and substantive tests) at the relevant assertion level
- Other audit procedures (e.g. seeking direct communication with entity’s lawyers.
What is the audit program?
A written audit program should be developed and used to implement audit plan.
What is the timing of audit procedures?
They are often performed at an interim period, and subsequently updated through year-end.
What factors should be considered when planning the timing of substantive tests?
- Factors to be considered before applying tests at an interim date before year-end
- Auditing procedures to be followed for the remaining period (the period after the interim date through year-end)
- Coordination of the timing of audit procedures
Give an example of applying procedures at an interim date.
A substantive test applied at an interim date, consider the confirmation of receivables as of November 30, one month prior to the client’s year end
What is the effect on substantive tests, when control risk is assessed at a level below the max?
Auditor might be able to perform only limited substantive tests during the remaining period to obtain the assurance needed as of the balance sheet date.
What are 3 items that the auditor should consider for applying audit tests at an interim date?
- Significant unusual transactions
- Other causes of significant fluctuation (or expected fluctuations that did not occur)
- Changes in the composition of the account balances
What does coordination of the timing of procedures apply to?
- Related-party transactions
- Interrelated accounts and cutoffs
- Negotiable assets
What is the auditor concerned about regarding interrelated accounts and negotiable assets?
Concerned that one might be substituted for another to allow the double counting of a given resource
E.g. sale of securities after they have been counted at year-end and inclusion of proceeds in year-end cash.
What are risk assessment procedures?
The procedures followed to obtain an understanding of the entity.
What do risk assessment procedures include?
- Inquiries of management and others within the entity
- Observation and inspection
- Analytical procedures
- Other procedures, such as inquiries of others outside entity and reviewing information from external sources
What does AU-C 510 deal with?
Communicating with predecessor auditors.
What does documentation generally include?
- Planning
- Internal Control
- Audit results
4/ Other matters of continuing accounting and auditing significance such as analyses of balance sheet accounts
When would a re-audit be necessary?
When a change in auditors has occurred and the predecessor refuses to reissue his or her audit report on previous year financial statements that are to be reissued.
In all audits, what should a CPA obtain an understanding of?
Internal control sufficient to assess the risk of material misstatement of the financial statements and to design the nature, timing, and extent of further audit procedures.
Why should the work of each assistant be reviewed?
- To determine whether it was adequately performed
2. To evaluate whether the results are consistent with the conclusions to be presented in the audit report
What does AU-C 315 require?
Analytical procedures be performed as a risk assessment procedure
What do analytical procedures help with?
- Enhance the auditor’s understanding of the client business and significant transactions and events that have occurred since the prior audit
- Help the auditor to identify the existence of unusual transactions or events and amounts, ratios, and trends that might indicate matters that have audit implications.
What is a limitation to analytical procedures?
Use data aggregated at a high level and they may provide only a broad initial indication about possible existence of material misstatements.
What is the accounts receivable turnover?
Net credit sales/average accounts receivable.
An accounting measure used to quantify a firm’s effectiveness in extending credit as well as collecting debts.
By maintaining accounts receivable, firms are indirectly extending interest-free loans to their clients. A high ratio implies either that a company operates on a cash basis or that its extension of credit and collection of accounts receivable is efficient.
A low ratio implies the company should re-assess its credit policies in order to ensure the timely collection of imparted credit that is not earning interest for the firm.
Explain what increases or decreases positive ratios.
-Increasing the numerator of a ratio always increases the ratio
-Increasing the denominator of a ratio always decreases the ratio
-Increasing the numerator and denominator of a ratio by the same amount
-Note: It will decrease the ratio if the ratio is greater than
1
-Note: it will increase the ratio if the ratio is less than 1
Why does the auditor perform risk assessment?
To identify and assess the risks of material misstatement at the financial statement level and at the relevant assertion level for classes of transactions, account balances, and disclosures.
Routine, noncomplex transactions that are subject to systematic processing are less likely to give rise to significant risks because:
they have lower inherent risks.
What should the auditor consider when evaluating risks?
- Whether the risk is a risk of fraud
- Whether the risk is related to recent significant economic, accounting or other developments
- The complexity of transactions
- Whether the risk involves significant transactions with related parties
- The degree of subjectivity in the measurement of financial information
- Whether the risk involves significant nonroutine transactions and judgmental matters
What do the Statements on Quality Control Standards apply to?
To the auditing and accounting (compilation and review) practice of CPA firms.
Note: The Code of Professional Conduct is primarily directed at the individual practitioner level
Who should have their accounting compilations and reviews reviewed by?
Members of the AICPA who are in public practice and have financial reporting responsibilities.
What are the two types of peer reviews?
System and engagement review.
What is system review?
Involves peer reviewers’ study and appraisal of a CPA firm’s system of quality control to perform accounting and auditing work.
The quality control standards serve as a criteria for a system review.
What is the approach of a system review?
TO obtain understanding of the CPA firm through inquiry of CPA firm personnel, review of documentation of QC, and selection of a sample of CPA firm’s engagements for review.
What are the 3 types of reports a peer reviewer can issue for a system review?
A pass rating report.
A pass with deficiencies report.
A fail.
What is the approach of an engagement review?
Select a sample of a CPA firm’s actual accounting work; including accounting reports issued and CPA firm documentation to evaluate whether they appropriate.
This form of review is only available for CPA firms that do not do audits, but perform accounting work, including compilations and/or reviews.
What are the two reports that a peer reviewer can issue for an engagement review?
Pass and Pass with deficiencies which include only limited (negative) assurance.
What is the goal of a system of quality control?
To provide reasonable assurance that
- The firm and its personnel comply with professional standards and applicable legal and regulatory requirements
- Reports issued by firm or engagements partners are appropriate.
What are the 6 elements of a firm’s system of quality control?
- The tone at the top; leadership responsibilities for quality with the firm
- Relevant ethical requirements
- Acceptance and continuance of client relationships and specific engagements
- Human Resources
- Engagement performance
- Monitoring
How often should firm obtain written confirmation of compliance with independence policies and procedures from firm personnel?
At least annually.
What should human resource policies address?
Recruiting
Performance evaluation, compensation, and advancement
Determining competencies and capabilities
