Exam 2 Flashcards
What are the 8 types of audit evidence?
- Examination of physical assets
- Examination of documentation
- Confirmation
- Inquiries
- Reperformance
- Recalculation
- Observation
- Analytical Procedures
Audit evidence must depend on evidence that is ______ than convincing.
Persuasive
What are the 2 audit procedures and their possible sub procedures?
- Risk assessment procedures
- Further audit procedures
- Test Controls
- Substantive Procedures
Audit evidence, to be persuasive, must have two determinates:
- Appropriateness
- Sufficiency
Items of continuing interest over the audits of several periods. (Updated each audit)
Permanent Files
Items of general interest for each yearly audit. (regenerated for each yearly audit)
General Binder
What are 3 current year work papers?
- Working Trial Balance
- Lead Schedules
- Supporting Schedules
Repository for numerous “clean” confirmation requests.
Bulk Files
Repository for obsolete permanent file material.
Non-current Permanent File
For items not needed to support the audit opinion. (Must destroy within 60 days report release day)
Hold Files
(Type of evidence) The assessment of documents and files. Called vouching.
Examination of Documents
(Type of evidence) The inspection or count of tangible assets with inherent value. Reliable evidence of existence, but not ownership.
Examination of Physical Assets
(Type of evidence) Written response from an outside party verifying info. Reliable, but costly.
Confirmation
(Type of evidence) To look at the condition of inventories, processes, procedures, or compliance with controls.
Observation
(Type of evidence) To ask clear questions of knowledgeable, qualified people.
Inquiry
(Type of evidence) Rechecking math, extensions of docs, and records.
Recalculation
(Type of evidence) An auditors independent execution of a client’s procedures or controls.
Reperformance
(Type of evidence) The study of PLAUSIBLE relationships among finance and nonfinance data. Involves scanning of journals and ledgers.
Analytical Procedures
Analytical procedures must be involved in the _______ and ________ phases.
- Planning
- Final Completion
Controls over preparation of information is designed to ensure 3 things….
- Completeness
- Accuracy
- Validity
General rule of the trial balance: if fluctuation equals or is over ____%, its considered ______.
- 10
- Material
___________ of information reduces risk.
Disaggregation
What are 5 ways to develop plausible expectations?
- Compare information with prior years
- Examine results from estimates or forecasts
- Compare entity ratios (A/R to sales and gross margin with industry)
- Vertical analysis
- Regression analysis
_____ and _____ data leads to more expectations.
- Predictable
- Reliable
When auditor’s deal with management, there needs to be ______ __________ for proper inquiries and document transfers.
Two-way Communication
SAS No.61 Establishes that……
There must be communication between auditors and entities if the entities have an audit committee or equivalent financial oversight board.
CEO and CFO MUST sign representation letter on the _________ day. If they decline, it is a departure in _________, and can change the opinion to _________.
- Report issue
- Scope
- Disclaimer
Related party transactions involve 3 inherent attributes…
- Presumed not arms-length
- Quality of reported earnings is suspect
- Economic substance vs. Literal or Legal form
Economic substance or literal or legal form?
(Substantive information [reality] or legality of posting of a transaction)
Economic Substance (substantive information)
Give 4 examples of portions of an engagement letter.
- Responsibilities of auditors/managers
- Objective and scope of the audit
- Identification of AFRF
- Fees, billings, etc.
Shifts the cost of liability from one contractual party to the other. In the context of an accountant/client relationship, it can shift the accountant’s potential liability to third parties, such as the client’s bank, from the accountant to the client.
Limited Indemnification Clause
An individual or organization possessing expertise in a field other than accounting or audit, who’s work helps an auditor obtain audit evidence.
Auditor Specialist
An individual or organization possessing expertise in a field other than in accounting or auditing, who helps the entity in preparing F.S. (Hired by audit client)
Management’s Specialist
Where are related parties supposed to be disclosed in the F.S.?
The footnotes
What copies of workpapers does the successor firm need from the predecessor firm regarding a clients audit information?
Balance Sheet Account Analyses
True or False.
The successor firm doesn’t need predecessor approval through the client to access previous audit files.
False
The successor firm asks the client for predecessor information to inquire about access to the clients previous audit documentation. If predecessor says no, the successor cannot access those documents.
What type of letter does the predecessor firm need to sign that enables the client to show audit documentation to the successor firm?
Consent and Acknowledge letter
Overall approach to the audit that considers the nature of the client, risk of significant misstatements, and other factors such as the number of client locations and past effectiveness of client controls.
Audit Strategy
Risk that a material misstatement that might occur in a relevant assertion that will not be prevented or detected, in a timely basis, by internal controls.
Control Risks
Probability of a relevant assertion to material misstatement, individual or aggregate, ignoring internal controls. Set at 50%-100%
Inherent Risks
Risk the auditor might unknowingly fail to modify the audit report when the F.S. are materially misstated.
Audit Risk
Inherent Risk (IR) + Control Risk (CR) + Acceptable Detection Risk (DR) = ???
Audit Risk
Risk that the auditor tests will not detect material misstatement in a relevant assertion, which eludes internal controls.
Detection Risk
Which risk is the ONLY risk assessment the auditor can respond to?
Detection Risk
What is the formula for Detection Risk?
Acceptable Audit Risk (AR)/Risk of Material Misstatement (RMM)
Both inherent risk and control risk combined is called…
Risk of Material Misstatement (RMM)
What should an auditor do when RMM is high? (4 things)
- Look at larger samples
- Consider auditing 100% compared to sampling
- Apply more effective tests closer to B.S. date
- Use more experienced staff
What are 4 important parts of using planning materiality?
- Client must book proposed changes or issue a qualified opinion
- items <2% of PM = waived as trivial (don’t record)
- > 2% of PM, client needs to adjust. If not, then record on AJE passed work paper
- PM = Basis for defining scope
Why does the successor firm need a copy of balance sheet account analyses from the predecessor firm?
To see consistency of previous audits and real accounts that are carrying over.
True or False.
A successor can reference a predecessor’s report in their own report as supporting evidence.
False
What are the 5 components of internal control?
- Control environment
- Information and communication
- Control activities
- Entities risk assessment
- Monitoring
What are the 5 aspects of an entity?
- External factors
- Internal factors
- Objectives, strategies, and related business risks
- Measurement and review of financial performance
- COSO internal control components
The auditor should not test controls when… (3 things)
- Procedures do not pertain to an assertion
- Procedures are most likely ineffective
- Cost to test controls > cost of applying substantive procedures
An auditor should perform tests of controls when their risk assessment… (2 things)
- Includes expectation of operating effectiveness, or
- Substantive procedures alone don’t provide evidence of relevant assertion level.
Tests of operating effectiveness of controls = _________
No substantive amounts directly
What are 4 ways to test operating effectiveness of controls?
- Inquiries of personnel
- Inspection of documents
- Observation of applications
- Reperformance of applications
No more default to setting control risk at _______ without support.
Maximum Level
True or False.
If assessed RMM is low, the auditor doesn’t have to design and perform substantive procedures for all relevant assertions.
False.
The auditor MUST ALWAYS perform substantive procedures because…
1. assessed risk is judgmental
2. inherent limitations
3. control risk cannot be zero
What are 3 types of substantive procedures?
- Test of details of classes and transactions
- Test of details of account balances and related disclosures
- Analytical procedures
If it is obvious that controls are overall ineffective, an auditor should…
1. Test controls more
2. Test controls less
- Test Controls less
If RMM at relevant assertion level is a significant risk, then the auditor must… (3 things)
- Perform substantive procedures for that risk
- Test operating effectiveness for that risk
- Don’t use prior year evidence
How many transactions should an IT auditor sample for manual controls?
45 - 60 transactions
How many transactions should an IT auditor sample for automated controls?
1 transaction
It is extremely important for an auditor to 1._______ processes with follow up 2._______ of management.
- observe
- inquiries
Who usually oversees functions regarding custody involved in segregation of duties?
Treasurer
A control is missing or a process of control is not effective.
Deficiency
Significant deficiencies or material weaknesses should be communicated through…
writing
Other deficiencies should be communicated through….
oral or writing
Who must an auditor communicate to regarding internal control related matters?
Higher level management (C-suite)
True or false.
You should issue written communication of no significant deficiencies.
False
Impossible due to absolute issues
What are 4 indicators of material weaknesses in ICs?
- Identification of fraud at senior management level
- Restatement of prior F.S. to reflect correction
- Identification of misstatements that aren’t detected or corrected by ICs
- Ineffective governance
True or false.
Nonfixed material weaknesses and deficiencies listed on prior reports don’t need to be reiterated on the current report.
False.
Nonfixed material weaknesses and deficiencies must be reiterated on subsequent reports
True or False.
Nonfixed other deficiencies listed on prior reports have to be reiterated on the current report.
False.
Other deficiencies do not have to be reiterated, unless management change.
IMPORTANT
The auditor must include __________ of internal controls, including management override.
General inherent limitations
True or False.
If there is no material weaknesses and deficiencies, the auditor can add 3rd parties to the restricted use paragraph.
False.
The auditor CANNOT add 3rd parties to the restricted use paragraph, whether there are material weaknesses and deficiencies or not.
Using one customer’s cash payment to pay another’s A/R and pocketing the extra.
Lapping
What is the calculation for gross profit margin?
Gross profit/Sales revenue
If the auditor risk assessment includes expectation of operating effectiveness of controls, the controls are _______ and _______.
- Well designed
- Implemented
(Descriptor of operating effectiveness of controls) Controls would prevent or detect and correct misstatements in a timely manner.
Well designed
(Descriptor of operating effectiveness of controls) Controls exist and entity is using it.
Implemented
What is the benefits and reasons for using 60 transactions for a sample when testing controls?
- 95% confidence level
- The entity has a high control reliance
- No deviations from internal controls
- Reduced year end substantive testing
What is the benefits and reasons for using 45 transactions for a sample when testing controls?
- 90% confidence level
- The entity has medium control reliance
- No deviations from internal controls
- Increased year end substantive testing
If internal controls are weak, then there should be a ________ level of substantive testing at year end.
Maximum
Tests that are part substantive procedures of transaction details and part tests of controls.
Dual tests
What is the primary objective of dual testing?
Testing controls over substantive testing
If there are NO control deviations, then control risk is ______ than _______. Thus, allowing _______ year end substantive testing.
- Less
- Maximum
- Reduced
Vouching from a recorded entry (F.S.) to a source document (relevant audit evidence).
Occurrence Assertion
Occurrence, when handling the Sales and Collection cycle, always works from…….
Up to down
Tracing from a source document (relevant audit evidence) to a recorded entry (F.S).
Completeness Assertion
Completeness, when handling the Sales and Collection cycle, always works from…….
Down to up
What are the 5 layers of the Sales and Collection Cycle?
Largest = 1
Smallest = 5
- F.S.
- General Ledger (sales account)
- Sales journal or file
- Sales invoice
- Shipping documents
Starts with a number on the financial statement and then you find the original document that supports that number.
Vouching
Looks at a financial document and traces the path of that document all the way to the financial statements.
Tracing
The greater risk for public companies regarding the Sales and Collection cycle is an _______ sales and receivables. What two assertions?
Overstated.
Occurrence and Existence
The greater risk for private companies regarding the Sales and Collection cycle is an _______ sales and receivables. What two assertions?
Understated
Occurrence and Completeness
Where sales and receivables is overstated, test transaction controls for ________ assertion. Must _______ sales invoices. Also, must enact more _________________, like gross profit margin.
- Occurrence
- Vouch
- Analytical procedures
Where sales and receivable is understated, test transaction control for ________ assertion. Must ________ shipping documents. Also, must enact more ________________, like gross profit margin.
- Completeness
- Trace
- Analytical procedures
The objective of ______ _________ is to identify such things as the existence of unusual transactions and events, and amounts, ratios, and trends that might indicate matters that have financial statement and audit planning ramifications
Analytical Procedures.
What is the control risk usually set at for small companies??
100%
True or False.
Control risk and Inherent risk is evaluated together for transaction cycles.
False.
Both may fluctuate individually, therefore they must be evaluated seperately.
