Exam 2 (5-7)

Question 1

Financial statement assertions relevancy

Answer 1

Without regard for controls, have a reasonable possibility of containing a material misstatement

Question 2

Three types of relevant financial statement assertions

Answer 2

1. About classes of transactions and events
2. Assertions about account balances
3. Assertions about presentation and disclosures

Question 3

Existence or occurrence

Answer 3

Assets, liabilities, and equity interests exist and recorded transactions have occurred

Question 4

Rights and obligations

Answer 4

The company holds rights to the assets, and liabilities are the obligation of the company

Question 5

Completeness

Answer 5

All assets, liabilities, equity interest, and transactions that should have been recorded are recorded

Question 6

Cutoff

Answer 6

Transactions and events have been recorded in the correct accounting period

Question 7

Valuation, allocation and accuracy

Answer 7

All transactions, assets, liabilities and equity interests are included in the financial statements at proper amounts

Question 8

Presentation and disclosure

Answer 8

Accounts are described and classified in accordance with generally accepted accounting principles, and financial statement disclosures are complete, appropriate and clearly expressed

Question 9

Audit risk =

Answer 9

Risk of material misstatement x risk that auditors fail to detect the misstatement

Question 10

Risk of material misstatement =

Answer 10

Inherent risk x control risk

Question 11

Inherent risk

Answer 11

Risk of a material misstatement occurring in an assertion assuming no related internal controls (without regard for them)

Question 12

Control risk

Answer 12

Risk that a material misstatement in an assertion will not be prevented or detected on a timely basis by the company’s internal control

Question 13

Detection risk

Answer 13

Risk that the auditors’ procedures will lead them to conclude that a material misstatement does not exist in an assertion when in fact such misstatement does exist

Question 14

Assertions with high inherent risk

Answer 14

1. Difficult to audit transactions or balances
2. Complex calculations
3. Difficult accounting issues
4. Significant judgment by management
5. Valuations that vary significantly based on economic factors

Question 15

Three types of transactions

Answer 15

Routine, no routine, estimated

Question 16

Routine transaction

Answer 16

Recurring financial statement activities recorded in the accounting records in the normal course of business, lower inherent risk

Question 17

Nonroutine transaction

Answer 17

Involve activities that only occur periodically such as the taking of physical inventories, high inherent risk

Question 18

Estimation transactions

Answer 18

Activities that create accounting estimates, higher inherent risk

Question 19

Appropriate audit evidence must be

Answer 19

1. Relevant
2. Reliable

Question 20

Audit evidence is more reliable when

Answer 20

1. Obtained from knowledgeable independent sources outside the company rather than nonindependent sources
2. Generated internally through a system of effective controls rather than ineffective controls
3. Obtained directly by the auditor rather than indirectly or by inference
4. Documentary in form rather than oral
5. Provided by original documents rather than copies

Question 21

7 types of audit evidence and examples

Answer 21

1. Accounting info system, JEs/ledgers
2. Documentary evidence, checks/invoices
3. Third-party reps, confirms/lawyer letters
4. Physical evidence, physical inventory
5. Computations, recompute EPS
6. Data interrelationships, headcount + sales
7. Client representations, client rep letter re SOX

Question 22

Risk assessment procedures

Answer 22

To obtain an understanding of the client and it’s environment, including it’s internal control to assess the risk of material misstatement

Question 23

Compliance tests (tests of controls)

Answer 23

When appropriate, to test the operating effectiveness of controls in preventing material misstatements

Question 24

Substantive procedures

Answer 24

To detect material misstatements at relevant assertion level, include analytical procedures and tests of details of account balances, transactions and disclosures

Question 25

One may change the scope of audit procedures by changing

Answer 25

1. Nature (type and form)
2. Extent (quantity of evidence contained)
3. Timing (when performed)

Question 26

Steps involved in analytical procedures

Answer 26

1. Develop expectation of account or ratio balance
2. Determine amount of difference that can be accepted without investigation
3. Compare the company’s account or ratio with the expectation
4. Investigate and evaluate significant differences

Question 27

Four approaches to ratio analysis

Answer 27

1. Horizontal
2. Cross sectional
3. Vertical
4. Other methods

Question 28

Horizontal analysis

Answer 28

Review ratios over time

Question 29

Cross sectional analysis

Answer 29

Analyze ratios of similar forms at a point in time

Question 30

Vertical analysis

Answer 30

Analyze relationships within a period

Question 31

Vertical analysis

Answer 31

Analyze relationships within a period, “common size” statements prepared

Question 32

Data analytics

Answer 32

The process of using related and unrelated data sets to provide insights into decisions

Question 33

Fair value

Answer 33

The price that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants

Question 34

Three auditing approaches

Answer 34

1. Review and test management’s processes
2. Independently develop an estimate
3. Review subsequent events

Question 35

Primary functions of audit documentation

Answer 35

Support the auditors’ compliance with auditing standards, support the auditors’ opinion

Question 36

Secondary functions

Answer 36

Assist continuing and new audit team members in planning and performing the audit, serves as a record of matters of continuing audit interest, assists in supervision and review of the audit, demonstrates the accountability of team members, assists internal reviewers, external peer reviewers, PCAOB inspectors, and successor auditors in performing their roles

Question 37

Audit documentation should be sufficient to

Answer 37

1. Enable an experienced auditor to understand the work performed and the significant conclusions reached
2. Identify who performed and reviewed the work
3. Show that the accounting agrees or reconciles to the financial statements

Question 38

9 types of working papers

Answer 38

1. Audit administrative
2. Working trial balance
3. Lead schedules
4. Adjusting journal entries and reclassification entries
5. Supporting schedules
6. Analysis of a ledger account
7. Reconciliations
8. Computational
9. Corroborating documents

Question 39

2 types of working files

Answer 39

1. Current files
2. Permanent files

Question 40

Current files

Answer 40

Current year working papers, index and cross-referencing

Question 41

Permanent files

Answer 41

Items of continuing audit interest

Question 42

6 steps of audit process

Answer 42

1. Plan the audit
2. Obtain an understanding of the client and it’s environment, including internal control
3. Assess the risks of material misstatement and design further audit procedures
4. Perform further audit procedures
5. Complete the audit
6. Form an opinion and issue the audit report

Question 43

Plan the audit

Answer 43

Establish an understanding with the client through an engagement letter, determine firm meets independence requirements, no management integrity issues, client understands terms

Question 44

Items in engagement letters

Answer 44

1. Name of the entity
2. Management responsibilities
3. Auditor responsibilities

Question 45

Obtain and understanding of the client and it’s environment

Answer 45

Perform risk assessment procedures

Question 46

Two types fraud risks

Answer 46

1. Fraudulent financial reporting (management fraud)
2. Misappropriation of assets (defalcations)

Question 47

Audit trail

Answer 47

Evidence that links source documents journal entries and ledger entries

Question 48

5 examples of internal control

Answer 48

1) time clock
2) payroll register
3) bank reconciliation
4) employee profile setup - HRIS
5) payroll service

Question 49

internal control

Answer 49

a process, effected by the entity’s board of directors, management, and other personnel designed to provide reasonable assurance regarding, achievement of (the entity’s) objectives on:

1) effectiveness and efficiency of operations
2) Reliability of financial reporting
3) Compliance with applicable laws & regulations

Question 50

Foreign Corrupt Practices Act

Answer 50

1) FCPA
2) Passed in 1977 in response to American corporation practice of paying bribes and kickbacks to officials in foreign countries to obtain business
3) requires an effective system of internal control
4) makes illegal payment of bribes to foreign officials

Question 51

Federal Sentencing Guidelines

Answer 51

1) sets standards for the sentencing of individuals and corporations for the commission of a felony
2) requires companies to have elements of an effective compliance program to help mitigate the security of the sentencing

Question 52

7 elements of a compliance program

Answer 52

1) implementing written policies, procedures and standards of conduct
2) designating a compliance officer and compliance committee
3) conducting effective training and education
4) developing effective lines of communication
5) conducting internal monitoring and auditing
6) enforcing standards through well-publicized disciplinary guidelines
7) responding promptly to detected offenses and undertaking corrective action

Question 53

preventative controls over financial reporting

Answer 53

aimed at avoiding the occurrence of misstatements in the financial statements

Question 54

2 examples of preventative controls

Answer 54

1) segregation of duties
2) access to computer center

Question 55

2 examples of detective controls

Answer 55

1) monthly bank reconciliations
2) account reconciliations

Question 56

detective controls over financial reporting

Answer 56

designed to discover misstatements after they have occurred

Question 57

corrective controls over financial reporting

Answer 57

needed to remedy the situation uncovered by detective controls

Question 58

example of a corrective control

Answer 58

backups of master file

Question 59

3 controls overlap

Answer 59

1) complementary
2) redundant
3) compensating

Question 60

complementary controls overlap

Answer 60

function together

Question 61

redundant controls overlap

Answer 61

address same assertion or control objective

Question 62

compensating controls overlap

Answer 62

reduces risk existing weakness will result in misstatement

Question 63

2 examples of complementary controls overlap

Answer 63

1) cash approvals
2) bank recs

Question 65

example of redundant controls overlap

Answer 65

computer & program login

Question 66

example of compensating controls overlap

Answer 66

post transaction review: IT master file @ WAM

Question 67

5 components of internal control (from the COSO)

Answer 67

1) the control environment
2) risk assessment
3) control activities
4) the accounting information and communication system
5) monitoring activities

Question 68

7 key factors of the control environment

Answer 68

1) integrity and ethical values
2) commitment to competence
3) board of directors or audit committee
4) management philosophy and operating style
5) organizational structure
6) human resource policies and practices
7) assignment of authority and responsibility

Question 69

risk

Answer 69

the possibility that an event will occur and adversely effect the achievement of objectives

Question 70

risk assessment

Answer 70

involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives

Question 71

6 factors indicative of increased financial reporting risk

Answer 71

1) changes in the regulatory or operating environment
2) changes in personnel
3) implementation of a new or modified information system
4) rapid growth of the organization
5) changes in technology affecting production processes or information systems
6) introduction of new line of business, products or processes

Question 72

control activities

Answer 72

the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out

Question 73

4 key factors of control activities

Answer 73

1) annual performance reviews of personnel
2) information processing
3) physical controls
4) segregation of duties

Question 74

annual performance reviews of personnel

Answer 74

assure competency of workforce

Question 75

2 activities under information processing

Answer 75

1) general control activities
2) application control activities

Question 76

general control activities

Answer 76

preventative and detective

Question 76

application control activities

Answer 76

SOX critical IT systems (systems that interface to financial data), logical controls (passwords, two factor authentication)

Question 77

segregation of duties

Answer 77

segregate authorization, recording and custody of assets

Question 78

accounting information system

Answer 78

The means by which financial information is communicated internally to employees and externally to shareholders and other interested parties. The integrity of this system is critical in order to assure completeness and accuracy of the reported information.

Question 79

5 key factors of the accounting information system

Answer 79

1) Identify and record valid transactions
2) Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions
3) Measure the value of transactions appropriately
4) Determine the time period in which the transactions occurred to permit recording in the proper period
5) Present properly the transactions and related disclosures in the financial statements

Question 80

Monitoring

Answer 80

Ongoing evaluations to ascertain whether each of the five components of internal control is present and functioning. Findings are communicated to management and the board of directors as appropriate

Question 81

2 key factors of monitoring

Answer 81

1) ongoing monitoring activities
2) separate evaluations

Question 82

ongoing monitoring activities

Answer 82

regularly performed supervisory and management activities

Question 83

example of ongoing monitoring activities

Answer 83

continuous monitoring of customer complaints

Question 84

separate evaluations

Answer 84

performed on non-routine basis

Question 85

separate evaluations example

Answer 85

periodic audits by internal audit

Question 86

4 limitations of internal control

Answer 86

1) Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc.
2) Controls that depend on the segregation of duties may be circumvented by collusion
3) Management may override the structure
4) Compliance may deteriorate over time

Question 87

enterprise risk management (erm)

Answer 87

COSO issued a new framework that compliments the COSO Internal Control model. Goes beyond internal control to focus on how organizations can effectively manage risks and opportunities.
The new “helix” or “DNA model” approach replaces the cube design and tries to illustrate how this needs to be interwoven into business strategy development much like DNA is embedded in human cells

Question 88

5 Lines of Defense Implicit in COSO Internal Control Framework

Answer 88

1) Tone of the organization
2) Business unit management and process owners
3) Independent risk management and compliance functions
4) Internal assurance providers
5) Board risk oversight and executive management

Question 89

5 control environment warning signs

Answer 89

1) Significant turnover of key executives; inappropriate performance pressures or compensation structure that encourages improper behavior; overly dominate chief executive who “kills the messenger” for delivering bad news
2) Middle and functional (grass roots) managers are not aligned to the company’s core values, mission or strategy
3) Risk is an afterthought to the business strategy
4) No clear escalation policy exists to bring items of concern to the appropriate levels of management or to the board of directors
5) Company has a high tolerance for risk and conflicts of interest

Question 90

6 steps of an audit

Answer 90

1. Plan the audit
2. Obtain an understanding of the client and its environment, including internal control
3. Assess the risks of material misstatement and design further audit procedures
4. Perform further audit procedures
5. Complete the audit
6. Form an opinion and issue the audit report

Question 91

Which steps of an audit relate most directly to the role of internal control in financial statement audits

Answer 91

steps 2-4

Question 92

The understanding of internal control is used to help the auditor to (3)

Answer 92

1) Identify types of potential misstatements
2) Consider factors that affect the risks of material misstatement.
3) Design tests of controls (when applicable) and substantive procedures

Question 93

4 procedures to obtain understanding

Answer 93

1) Inquiring of entity personnel – process “Walk-Through”
2) Observing the application of specific controls
3) Inspecting documents and reports
4) Tracing transactions through the information system relevant to financial reporting

Question 94

4 ways to document the understanding of internal control

Answer 94

1) questionnaires
2) written narratives
3) flowcharts
4) walk-through

Question 95

questionnaires

Answer 95

typically standardized by firm

Question 96

written narratives

Answer 96

memos that describe flow of transactions

Question 97

flowcharts

Answer 97

aka process map

Question 98

walk-through

Answer 98

trace one or two transactions through cycle

Question 99

4 general approaches to assess the risk of material misstatement

Answer 99

1) Identify risks while obtaining an understanding of the client and its environment, including its internal control
2) Relate the identified risks to what can go wrong at the relevant assertion level
3) Consider whether the risks are of a magnitude that could result in a material misstatement
4) Consider the likelihood that the risks could result in a material misstatement

Question 100

3 examples of routine transactions

Answer 100

1) revenue
2) purchases
3) cash receipts & disbursements

Question 101

2 examples of non-routine transactions

Answer 101

1) counting inventory
2) calculating depreciation expense

Question 102

example of estimation transaction

Answer 102

determining the allowance for doubtful accounts

Question 103

what type of transaction typically has the strongest controls

Answer 103

routine

Question 104

4 responses to high risks

Answer 104

1) Assigning more experience staff or those with specialized skills
2) Providing more supervision and emphasizing the need to maintain professional skepticism
3) Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed
4) Increasing the overall scope of audit procedures, including the nature, timing or extent

Question 105

2 approaches to perform further audit procedures and test controls

Answer 105

1) Identify controls likely to prevent or detect material misstatements
2) Perform tests of controls to determine whether they are operating effectively

Question 106

3 things tests of controls address

Answer 106

1) How controls were applied
2) The consistency with which controls were applied
3) By whom or by what means (e.g., electronically) the controls were applied

Question 107

4 things tests of controls include

Answer 107

1) Inquiries of appropriate client personnel
2) Inspection of documents and reports
3) Observation of the application of controls
4) Re-performance of the controls

Question 108

What are the results of the tests of controls used to determine

Answer 108

the nature, extent, and timing (NET) of substantive procedures

Question 109

audit decision aids

Answer 109

Checklist, standard form or computer program that helps auditors make a decision by ensuring that they have all relevant information or by assisting them in combining the information

Question 110

Auditors of public companies must report on (2)

Answer 110

1) Financial statements
2) Internal control over financial reporting (ICFR)

Question 111

404(a) Sarbanes Oxley

Answer 111

1) requires annual report filed with SEC to include an internal control report
2) Management acknowledges responsibility for establishing and maintaining adequate internal control
3) Provides assessment of internal control effectiveness at end of fiscal year

Question 112

404(b) Sarbanes Oxley

Answer 112

requires CPA firm to audit internal control and express an opinion on effectiveness of internal control (required for companies with a capitalization in excess of $75M)

Question 113

Control deficiency

Answer 113

Exists when the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis

Question 114

Material weakness

Answer 114

1) Reasonable possibility that a material misstatement will not be prevented or detected; audit report modification required
2) Reported to the AC and in Financial Statements

Question 115

Significant deficiency

Answer 115

1) Less severe than material weakness yet important enough to merit attention; no audit report modification
2) Reported to the Audit Committee (AC) of Board

Question 116

3 levels of severity of control deficiencies

Answer 116

1) Material weakness
2) Significant deficiency
3) Less than a significant deficiency

Question 117

What is the only risk that can be controlled by the auditor?

Answer 117

detection risk