FINAL EXAM Flashcards
An independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. Also, helps organization by evaluating and improving the effectiveness of risk management, control, and governance processes. Considered a management control which measures the effectiveness or other controls.
Internal Auditing
Evaluates performance as measured by management objectives. Focuses on efficiency, effectiveness, and economy of operations.
Operational Auditing
Requirements for Internal Auditors relating to independence?
Are employees of the organization and thus cannot have perceived (independence in appearance) independence of external auditor. However, internal auditors must maintain an impartial, objective attitude and avoid conditions that threaten carrying out work in an unbiased manner. They must be independent of the activities that they are assigned to audit. Ideally, internal audit director should report directly to the audit committee.
Requirements for External Auditors relating to independence?
must be independent in fact and in appearance. External auditor is an independent contractor to the organization being auditing. Must avoid relationships with organizations – financial interest, employment relationships, etc. which appear to cause a conflict of interest.
Whose responsibility in regards to detecting fraud: Have sufficient knowledge of fraud to be able to identify indicators that fraud may have been committed. This knowledge includes the need to know the characteristics of fraud, the techniques used to commit fraud, and the types of frauds associated with the activities audited.
Internal Auditors
Whose responsibility in regards to detecting fraud: Internal auditors are not expected to have knowledge equivalent to that of a person whose primary responsibility is detecting and investigating fraud
Internal Auditors
Whose responsibility in regards to detecting fraud: Be alert to opportunities, such as control weaknesses, that could allow fraud. If significant control weaknesses are detected, additional tests conducted by internal auditors should include test directed toward identification of other indicators of fraud. Some examples of indicators are unauthorized transactions, override of controls, unexplained pricing exceptions, and unusually large product losses
Internal Auditors
Whose responsibility in regards to detecting fraud: The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatements, whether caused by error or fraud.
External Auditor
Whose responsibility in regards to detecting fraud: Assess risk of material misstatement that may be caused by fraud or other activities.
External Auditor
Whose responsibility in regards to detecting fraud: Exercise professional skepticism and due care.
External Auditor
Whose responsibility in regards to detecting fraud: Auditing standards (SAS 99) require audit staff to hold a brainstorming session to assess possibility of fraud.
External Auditor
Audit Objective of internal or external auditor: Reviewing and evaluating all types of internal controls. Internal auditors are concerned with all controls, regardless of whether they are financial, compliance, or operational.
Internal Auditor
Audit Objective of internal or external auditor: Evaluating the organization’s risk assessment processes.
Internal Auditor
Audit Objective of internal or external auditor: Making recommendations regarding the organization’s system of governance.
Internal Auditor
Audit Objective of internal or external auditor: Performing other assurance and consulting services for the benefit of management.
Internal Auditor
Audit Objective of internal or external auditor: To perform an audit of the organization’s financial statements and to express an opinion on those statements.
External Auditor
Audit Objective of internal or external auditor: To obtain reasonable assurance about whether the financial statements are free of material misstatements.
External Auditor
Audit Objective of internal or external auditor: For a public company, they may also be engaged to examine the management’s assertion about the reliability of internal controls over financial reporting and express an opinion on their effectiveness.
External Auditor
What are the 3 levels of audits involved under GAS - Govt Auditing Standards - Audits?
(1) GAAS (2) GAAS + GAS (3) GAAS + GAS + Specific Requirements
1 of 3 Levels of audit under GAS audits - What must be reported on for a GAAS level audit?
Must report on Financial Statements
1 of 3 Levels of audit under GAS audits - What must be reported on for a GAAS + GAS level audit?
Must report on Financial Statements, Compliance with various laws and regulations, and entity’s Internal Control
1 of 3 Levels of audit under GAS audits - What must be reported on for a GAAS + GAS + Specific Requirements level audit?
Must report on Financial Statements, Compliance with various laws and regulations, entity’s Internal Control, and Specific Requirements (Single Audit Act)
Term: Purpose - grant by grant audits abandoned and replaced by 1 audit of each governmental unit receiving federal assistance.
Single Audit Act
Coverage of the Single Audit Act?
Applies to all governmental units and non-profit organizations that receive any federal assistance, although the reporting requirements of the Act apply generally to governments receiving $500,000 or more within a fiscal year.
What are the 3 separate reports required by the Single Audit Act
(1) Report on the general purpose financial statements required by GAAS (2) Reports on compliance with laws and regulations and on internal control required by GAS (3) Report on Major Program Compliance with Specific Requirements. *Four reports if illegal acts are detected
Internal auditing can best be described as:
A control function.
The independence of the internal auditing department will most likely be assured if it
Audit committee of the board of directors.
When performing an operational audit, the purpose of a preliminary survey is to:
Identify areas that should be included in the audit pt program.
Operational auditing is primarily oriented toward:
Future improvements to accomplish the goals of management.
The organization that administers the Certified Internal Auditor program is the:
The Institute of Internal Auditors.
3 requirements to become a Certified Internal Auditor (CIA)?
(1) Hold a Bachelors degree (2) 2-year work experience in internal auditing or its equivalent (3) Complete 2 day exam
What Statute required public companies to establish and maintain effective internal control?
Foreign Corrupt Practices Act of 1977
Definition: Process of obtaining information about an entire population or universe by examining only part of it.
Sampling
Purpose: To estimate characteristic of group without complete examination of all items constituting the group.
Sampling
Definition: A technique or methodology for (1) Determining Sample Size (2) selecting items to be tested and of (3) evaluating the results of the test on the basis of mathematical laws of probability.
Statistical Sampling
Major limitation – provides no mathematical basis for projecting sample results to the entire population.
Non-Statistical Sampling
Used where statistical sampling will not satisfy the audit purpose.
Non-Statistical Sampling
Use of samples which are chosen without regard for the statistical requirements that govern the sample size and the method of selection.
Non-Statistical Sampling
The “allowable margin of sampling error.” Also, referred to the “Allowance for sampling risk.” Range set by + or – limits from the sample results, within which the true characteristics of the population are likely to lie.
Precision
Also, referred to as the “Risk of Sampling.” Expresses the proportion of cases in which the actual value will be somewhere within the stated precision limits.
Reliability
Attribute sampling – Maximum rate of deviation from prescribed internal control structure that auditor would be willing to accept without altering planned assessed level of control risk.
Tolerable Rate
Variable sampling – When planning a sample for a substantive test, how much monetary misstatement may exist in the account balance without causing financial statements to be misstated?
Tolerable Mistatement
Sampling Technique: Selection of a sample from a population of items in such a manner that each item in the population has an equal chance of being chosen for examination. 1. Random number table or random number generators are generally used for applying this selection approach.
2. Population items must be numbered.
Unrestricted random sampling
an unbiased sample must be obtained before statistical sampling can be used to evaluate and interpret the results of sample data.
Selection of Sample Items
Sampling Technique: sample items are selected according to some predetermined fixed interval (selection of every nth item). The first sample item is selected at random thus establishing the sequential pattern. 1. Population items should be arranged in random order or the auditor should use multiple random starts.
2. Population items do not need to be numbered.
Systematic Selection
Sampling Technique: Population is divided into classes or strata which are more homogeneous than the population as a whole.1. Generally used to control variability in the population and reduce sample size.
2. Enables auditor to relate sample selection to materiality.
Stratified Selection
risks due to factors not related to sampling. Failure to recognize error in a document or transaction or failure to apply appropriate audit procedures.
Nonsampling Risk
Risk that sample results may not be representative of population. Sample risk varies inversely with sample size.
Sampling Risk
Sample Efficiency or Effectiveness? The risk of under reliance on internal control and the risk of incorrect rejection of the account or population.
Sample Efficiency
Sample Efficiency or Effectiveness? Risk of assessing control risk too high
Sample Efficiency
Sample Efficiency or Effectiveness? Risk of incorrect rejection of the account
Sample Efficiency
Sample Efficiency or Effectiveness? Risk of assessing control risk too low
Sample Effectiveness
Sample Efficiency or Effectiveness? Risk of incorrect acceptance of the account
Sample Effectiveness
Sample Efficiency or Effectiveness? The risk of overreliance on internal control and the risk of incorrect acceptance of the account or population
Sample Effectiveness
Important Concepts: Concerned with “How Much” or Dollar Amounts – Primarily used in substantive testing
Variable Sampling
Important Concepts: Concerned with “How Many” – Used to “Test (Internal) Controls” – Are controls working?
Attribute Sampling
Important Concepts: “Allowable margin of sampling error” “Allowance for sampling risk” +/- Range from sample mean
Precision
Important Concepts: Risk of Sampling
Confidence or reliability
Important Concepts: Risk of incorrect Acceptance
Sample Effectiveness
Important Concepts: Risk of incorrect Rejection
Sample Efficiency
Important Concepts: Risk that sample is not representative of the population. – Controlled by Sample Size
Sampling Risk
Important Concepts: Examples: Miscalculation of sample results, selection of incorrect audit procedures
Non-Sampling Risk
Important Concepts: Selection of every nth item in the population. Used where population items are not numbered
Systematic Selection
Important Concepts: Used to control variability of population and reduce sample size. Divide population into sub-groups reducing variability which is measured by Standard Deviation
Stratification
Important Concepts: Used to audit for OVERSTATEMENT. Used to estimate max amount of Error in population
Dollar Unit Sampling
Important Concepts: Used to measure and control sampling risk. Based on Mathematical Laws of Probability
Statistical Sampling
Important Concepts: Judgment Sampling – Provides no basis for measuring sampling risk
Non-Statistical Sampling
Important Concepts: Size of misstatement is independent of book value (B/V) of population
Difference Estimation
Important Concepts: Size of misstatement is proportional to B/V of the population
Ratio Estimation
Important Concepts: Used to locate an example of a critical error, deviation or event (may be fraud). Estimated deviation rate is expected to be near 0
Discovery Sampling
Important Concepts: Classical variable technique/method used to estimate audited value of population
Mean per unit estimation
A form of attribute sampling designed to locate at least one critical deviation or exception in the population. May be used to locate one example of fraud (example-fraudulent disbursement transaction). Used when estimate of occurrence rate is near 0 percent.
Discovery Sampling
Characteristics of which Sample Plan: a. Used to estimate the frequency or rate of occurrence of a particular attribute in a population.
b. Concerned with the question of “How Many.”
c. Primarily use to test controls-Are internal control procedures being carried out properly?
Attribute Sampling
Factors to determining sample size in attribute sampling
a. Risk of assessing risk too low (the converse of confidence or reliability level
b. Tolerable deviation rate (estimated deviation rate + upper precision.
c. Expected pop deviation rate
d. Population size
Characteristics of which Sample Plan: a. Used to provide the auditor with an estimate of a numerical quantity, such as the dollar amount of an account balance or the estimated error amount in an account balance.
b. Concerned with the question of “How Much.”
c. Primarily used by auditors to perform substantive procedures.
Classical Variable Sampling
Characteristics of which Sample Plan: a. An alternative to classical variable sampling and is used for performing substantive tests of account balances.
b. Each dollar in the population is view as a sample unit.
c. Permits the auditor to state, with a certain level of confidence, that the dollar amount of error in the account does not exceed a certain amount.
d. The amount of error in any item cannot be more than the book value of the item.
Probability-proportional-to-size (PPS) sampling (dollar-unit sampling)
Variable Sampling Plan: Used to estimate the mean audited value of the items in a population by determining the mean audited value of the items in a sample. The estimated audited value of the population equals the average audited value of the sample (sample mean) multiplied by the number of items in the population.
Mean-per-unit estimation
Variable Sampling Plan: Used to estimate the projected amount of error in an account balance (population) or the audited value of the account (population). Used when the size of misstatements is nearly proportional to the book values of the items (larger accounts have large misstatements and smaller accounts have small misstatements.
Ratio Estimation
Variable Sampling Plan: Used to estimate the average difference between the audited value and book value of item in a population. Most appropriate when the size of the misstatements is independent of the book values of the items.
Difference Estimation
Section 404 of the Sarbanes-Oxley Act consists of two distinct sections: What are they?
Section 404 (a) requires that each annual report filed with the SEC include an internal control report prepared by management. Section 404 (b) requires the CPA firm, which audits the annual financial statements, to audit internal control and express an opinion on the effectiveness of internal control
Section 404 (a) of the Sarbanes-Oxley Act requires management to include what 2 things in its internal control report?
- Acknowledges its responsibility for establishing and maintaining adequate internal control and 2. Provides an assessment of internal control effectiveness as of the end of the most recent year.
What Act exempts small public companies (less than $75 million in market capitalization) from having to obtain an audit report on the effectiveness of internal control over financial reporting?
Dodd-Frank Act
When the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis
Control Deficiency
A control deficiency, or combination of control deficiencies, that is less severe than a material weakness yet important enough to ment attention
Significant Deficiency
A control deficiency, or combination of control deficiencies, in internal control over financial reporting, where there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis.
Material Weakness
Indicators of Material Weakness
(1) Identification of fraud on the part of senior management. (regardless whether material or not) (2) Restatement of previously issued financial statements to correct material misstatement. (3) Ineffective oversight of the company’s external financial reporting and internal control by audit committee. (4) Identification by the auditors of a material misstatement that would not have been detected by company’s internal control.
