II. Assessing Risk and Developing a Planned Response Flashcards
Developing Overall Engagement Strategy
ID Characteristics of audit scope Assess reporting objectives Plan Timing and communications Significant factors for audit team Analyze the results of preliminary procedures Assess the NET of resources necessary
Materiality means
the amount that if missing or misstated on the FS would lead a reasonable person to be influenced to make different decision than if correct
Audit Risk
risk or probability that the auditor expresses a clean opinion when there is actually a material misstatement
Procedures for override of controls
Examining adjusting journal entries
JE close to beginning and end of reporting period
Evaluate estimates for bias
authorization for unusual transactions
Communication if fraud is found
those charged with governance when senior management is involved
those charged with governance and management for material misstatement
When to report fraud to outside parties
Subpoena
SEC client changing auditors
Government audit standards
Preceding auditor
If the auditor decides to rely on internal controls to reduce substantive procedures
The auditor will perform a test of controls to make sure that the design effectiveness of the controls is also working
Internal control consists of
Control Environment Risk Assessment Information and communication systems Control Activities Monitoring
Risk assessment procedures
Inquiries of Management Observation and inspection Analytical planning procedures Review of prior period Audit team discussions
Key difference between SOC1 and SOC2 reports
SOC1 reports on service org’s controls around financial information
SOC2 reports on a service org’s cloud and data security controls
SOC Type 1 vs Type 2 report
Type 1 covers service org’s system and design of controls
Type 2 covers service org system and design of controls AND operating effectiveness of controls
