Engagement Planning, Obtaining an Understanding of the Client and Assessing Risks Flashcards
What statements pertain to Engagement Planning and Understanding of Client and Assessing Risks?
Statements on Auditing Standards
AU-C 200 - Responsbility and Functions of Ind. Auditor
210 - Relationship between the Auditor’s Appointment and Planning
220 - Quality Control for an Engagement Conducted in Accordance with GAAS
240 - Consideration of Fraud in a financial statement audit
250 - Illegal acts by clients
300 - Planning and supervision
314 - Substantive tests prior to the balance sheet date
315 - Understanding the entity and its environment and assessing the risks of material misstatement
510 - Communications between predecessor and successor auditors
520 - Analytical procedures
AT 101 - Attestation standards`
Who is responsible for the fair presentation of financial statements?
Management.
Implicitly or explicitly makes assertions relating to account balances at year-end (account balances), classes of transactions and events (transactions classes) and presentations and disclosures.
They are included in AU-C 500 and presented at the transaction class, account balance, and disclosure levels.
Transaction Classes: Occurrence
Transactions and events that have been recorded have occurred and pertain to the entity.
Transaction Classes: Completeness
All transactions and events have been recorded.
Transaction Classes: Accuracy
Amounts and other data relating to recorded transactions have been recorded appropriately
Transaction Classes: Cutoff
Transactions and events have been recorded in the correct accounting period
Transaction Classes: Classification
Transactions and events have been recorded in the proper accounts
Account Balances: Existence
Assets, liabilities, and equity interests exist
Account Balances: Rights and Obligations
The entity holds or controls the rights to assets, and liabilities are the obligations of the entity
Account Balances: Completeness
All assets, liabilities, and equity interests have been recorded.
Account Balances: Valuation and allocation
Assets, liabilities, and equity interests are included at appropriate amounts.
Disclosures: Occurrence
Disclosed events and transactions have occurred
Disclosures: Rights and obligations
Disclosed events pertain to the entity
Disclosures: Completeness
All disclosures that should have been included have been included.
Disclosures: Accuracy and valuation
Info is disclosed fairly and at appropriate amounts
Disclosures: Classification and understandability
Information is presented and described clearly
What are relevant assertions?
Those that have a meaningful bearing on whether an account balance, transaction, or disclosure is fairly stated.
E.g Valuation may not be relevant to the cash account unless currency translation is involved; however, existence and completeness are always relevant.
AU-C 200 - What does audit risk consist of?
- Risk that an account and its related assertions contains material misstatements (composed of two components, referred to as inherent risk and control risk)
- Risk that the auditor will not detect such misstatements (referred to as detection risk)
AU-C 200 - How is audit risk viewed mathematically?
Audit Risk = Risk of material misstatement * Risk auditor fails to detect misstatements
Audit RIsk = Inherent Risk * Control Risk * Detection Risk
What does inherent risk differ by and give an example.
The risk differs by account and assertion.
E.g. cash is more susceptible to theft than an inventory of coal.
How does inherent risk get assessed?
The risk is assessed using various analytical techniques, available information on the company and its industry, as well as, by using overall auditing knowledge.
How does control risk get assessed?
Assessed using the results of tests of controls.
How does detection risk get assessed?
Substantive procedures.
What is the relationship among inherent risk, control risk, and detection risk?
Inherent risk and control risk differ from detection risk in that they exist independently of the audit, whereas detection risk relates to the effectiveness of auditor’s procedures.
E.g. When a question asks for the relationship b/w control risk and detection risk, it would be inverse.
E.g. If control risk (or inherent risk) increases, detection risk must decrease
AU-C 320, 450 - What is materiality?
GAAP considers materiality to be the magnitude of an omission or misstatement of accounting info that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable personal relying on the info would have been changed or influenced by the omission or misstatement.
What does determining a materiality level help auditors with?
- Assess risks of material misstatements and plan the nature, timing, and extent of further audit procedures
- Evaluate audit results
What is performance materiality?
Set by auditors to reduce to an appropriately low level the possibility that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements - that is, performance materiality will ordinarily be set at an amount below the materiality level for the financial statements as a whole.
What is tolerable misstatement?
Function of performance measure as related to the auditor’s assessment of performance materiality and is normally set at or less than performance materiality.
What should audit documentation related to materiality include?
- Materiality for the financial statements as a whole.
- If applicable, materiality levels for particular accounts, classes of transactions, or disclosures.
- Performance materiality
- Any revisions of the above as the audit progressed.
Statements on Auditing Standards - Where is Errors and Fraud discussed?
AU-C 240.
What are two types of fraud considered in an audit?
- Fraudulent financial reporting that makes the financial statements misleading
- Misappropriation of assets (theft, defalcation)
Definition of errors, an example, detection responsibility, reporting responsibility, and the primary standards.
- Definition: Unintentional misstatements or omissions.
- Example: Mistakes in processing accounting data, incorrect accounting estimates due to oversight, mistakes in application of accounting principles
- Detection Responsibility: (1) Assess risk of misstatement (2) Based on assessment, design audit to provide reasonable assurance of detection of material misstatements (3) exercise due care in planning, performing, and evaluating results of audit procedures, and proper degree of professional skepticism to achieve reasonable assurance of detection
- Reporting Responsibility: (1) Modify audit report for remaining departures from GAAP or scope limitations (2) Report to audit committee (unless clearly inconsequential)
- Primary Standards: AU-C 240
Definition of fraud, an example, detection responsibility, reporting responsibility, and the primary standards.
- Definition: intentional misstatements or omissions
- Example: fraudulent financial reporting and misappropriation of assets (embezzlement)
- Detection Responsibility: (1) Assess risk of misstatement (2) Based on assessment, design audit to provide reasonable assurance of detection of material misstatements (3) exercise due care in planning, performing, and evaluating results of audit procedures, and proper degree of professional skepticism to achieve reasonable assurance of detection
- Reporting Responsibility: (1) Modify audit report for remaining departures from GAAP or scope limitations (2) Report to audit committee (unless clearly inconsequential)
- Primary Standards: AU-C 240
Definition of direct effect, an example, detection responsibility, reporting responsibility, and the primary standards.
- Definition: violations of laws or governmental regulations having a material and direct effect on financial statement amounts and disclosures
- Examples: tax laws, accrued revenue based on government contracts
- Detection Responsibility: (1) Assess risk of misstatement (2) Based on assessment, design audit to provide reasonable assurance of detection of material misstatements (3) exercise due care in planning, performing, and evaluating results of audit procedures, and proper degree of professional skepticism to achieve reasonable assurance of detection
- Reporting Responsibility: (1) Modify audit report for remaining departures from GAAP or scope limitations (2) Report to audit committee (unless clearly inconsequential)
- Primary Standards: AU-C 240, AU-C 250
Definition of other laws, an example, detection responsibility, reporting responsibility, and the primary standards.
-Definition: violations of laws or governmental regulations not having a material and direct effect on financial statement amounts and disclosures
-Examples: securities trading, occupational safety and health, food and drug administration, environmental protection, equal employment, price fixing
Detection Responsibility: (1) Be aware of possibility that they may have occurred (2) Inquire of management and those charged with governance re: compliance (3) inspect correspondence with licensing or regulatory authorities (4) if specific information comes to attention on an illegal act with a possible material indirect financial statement effect, apply audit procedures necessary to determine whether illegal act has occurred
-Reporting Responsibility: (1) Modify audit report for remaining departures from GAAP or scope limitations (2) Report to audit committee (unless clearly inconsequential)
-Primary Standards: AU-C 250
What happens during staff discussion of the risk of material misstatement?
Brainstorm; consider incentives/pressures, opportunities; exercise professional skepticism
What happens when there is need to obtain information needed to identify risks of material misstatement due to fraud?
Make inquiries of management and others; consider results of analytical procedures; consider fraud risk factors
What happens when identifying risks that may result in material misstatement due to fraud?
Consider type of risk that may exist; significance of risk (magnitude), likelihood of risk; and pervasiveness of risk
What happens when assessing the identified risks after considering programs and controls?
Consider understanding of internal control; evaluate whether programs and controls address the identified risks; assess risks taking into account this evaluation
What happens during the response to the results of the assessment?
As risks increases:
- Overall response: more experienced staff, more attention to accounting policies, less predictable procedures
- For specifically identified risks: consider need to increase nature, timing, and extent of audit procedures