Lec 8 Flashcards
what does account and class of transaction refer to
balance sheet account and income statement accounts
what is the audit risk model (ARM) applicable to?
it is applicable to every account and class of transaction for every assertion made
what is the equation for audit risk
inherent risk x control risk x detection risk
when is desired audit risk determined and what is it based on
determined during the planning stages of the audit and is based on the amount of F/S users
what is the equation for risk of material misstatement (RMM)
inherent risk x control risk
1 - level of assurance = ?
audit risk
define inherent risk
risk that an account or class of transactions will be misstated BEFORE considering internal control measures - it is assuming there is not internal control
what other risk is inherent risk tied to and why
business risk because the issues popping up in inherent risk are typical business risks the company faces
define control risk
risk of accounts or class of transactions that can be misstated due to not being prevented or detected by any internal control systems
what is the difference between inherent and control risk
inherent risk is risk of misstatement before internal controls while control risk is risk of misstatement after inter control
what does it mean for assertions when internal controls are tight
when internal controls are tight it means that assertions made are more reliable
define detection risk
risk that an auditor will not detect the misstatement
how is detection risk tied to audit work
the more audit work that is done, the more sufficient and appropriate evidence is gathered, the smaller the detection risk
how does detection risk relate to the audit risk equation
it is the only thing that can be controlled by the auditor based on how much work they are willing to do and level of risk they willing to accept
what procedures does the detection risk depend on
substantive procedures
what is preventative control
control that prevents misstatements from happening
what is detective control
control that find misstatements after they’ve happened
what 2 risks make detection risk
sampling and non-sampling risk
sampling risk
risk that chosen sample is not representative of the population and it is one of the reasons why a misstatement might not be detected
non-sampling risk
essentially the risk that auditor is incompetent
- use of inappropriate audit procedures
- failure to detect even with use of proper procedures
- misinterpreting of audit results
what is an example of a sample risk
confirmation of A/R existence - we cannot send confirmation for all
can auditor affect inherent or control risk?
NO, the auditor can only assess them
examples of business risk
- significant changes in business
- significant changes in industry
- disruptive new products and services
- operation in unstable areas
what are the two types of business risk analysis and what do they determine
strategic analysis and business process analysis. determine weaknesses in client’s risk management and how they could lead to misstatements
what does business performance analysis consider
financial and non-financial data and how they are related
what are the 4 ways that risk can be managed
mitigating the risk (contingency plan), avoiding the risk, transferring the risk, accepting the risk
what is risk avoidance
when risk consequences are too high you could stop them by canceling the business endeavor
why would a company chose to accept the risk and give an example
when the risk is so insigignificant or unlinkely to occurr e.g. office being hit by a meteor
what are the two considerations in the risk assessment square
likelihood and magnitude
what part of the audit stage are tests done
in the implementation stage
what is the “standard” for internal control knowledge and testing during audit
testing is not required in every audit but knowledge of auditee control is MANDATORY
what is internal control walkthrough
when you pick a few transactions and follow them through the internal control system
what does the substantive approach include
only analytical procedures and tests of details of balances - does not include control test
control test requirements in canada and usa
up to auditor in canada and required in USA
what is the combined approach in testing
includes control tests and substantive tests
what is the 6th implicit assertion
assertion that company is compliant with reporting standards
what is an overall description of the control environement
- actions and policies that reflect the attitude of top management
- effectively controlled corp lies in attitude of management
- these factors are assessed as part of knowledge of business and build a client risk profile
what do the control environment components of HIPDOC mean
- HR policies
- Integrity
- management Philosophy
- board of Directors
- Organization structure
- Commitment to competence
components of control activities (SPAID)
- Segregation of duties
- adequate Physical controls
- proper Authorization
- Independent verification
- adequate Documents
Components of information and communication systems (IFSAI)
- Initiation
- Financial reporting process
- Significant classes of transactions
- Accounting records
- information Technology
