Lecture 4 Flashcards
Under ISA 315, what must an auditor do first to identify and assess the risks of material misstatement in the financial statements?
Understand the entity’s internal control system.
Understand the applicable financial reporting framework.
Understand the entity’s business and its environment (e.g., industry, operations, regulations).
Why is it important for auditors to have knowledge of the client’s business?
Helps identify complex accounting treatments.
Recognize incentives for management to manipulate accounts.
Determine resources needed to complete the audit (staff, expertise).
Guides the risk assessment and overall audit strategy.
What is materiality, and how is it generally set?
Materiality is a threshold where misstatements could influence users’ economic decisions.
It is set using relevant benchmarks (e.g., % of profit before tax, revenue, assets).
Helps auditors decide scope and significance of potential misstatements.
What is the purpose of a formal risk assessment during audit planning?
Identifies high-risk areas using prior-year or draft financials and other data.
Recognizes the impracticality of checking everything (audit sampling).
Determines the nature, timing, and extent of tests to perform.
Focuses audit efforts where material misstatements are most likely.
Why must auditors set the staff budget, select the audit team, and consider using experts?
Ensures the right level of expertise is assigned to areas of higher risk or complexity.
Helps plan audit hours and costs effectively.
Experts (IT specialists, valuation experts) may be required for complex transactions or systems.
Aligns audit resources with identified risks to maximize audit effectiveness.
What factors must auditors consider when identifying and coordinating the work to be performed at year end?
The volume and complexity of testing required.
The grade and experience level of staff needed.
The team’s overall capacity and expertise in specific areas.
The timing and logistics of on-site or remote audit work.
How do auditors decide whether to perform stock counts or other physical investigations at year end?
Evaluate the risk of material misstatement related to inventory or fixed assets.
Assess whether internal controls over inventory are reliable.
Consider timing and operational factors (e.g., when the client’s inventory count takes place).
Check industry norms (e.g., high inventory turnover in retail vs. manufacturing).
Which audit ‘tests’ or ‘procedures’ do auditors typically plan, and how do they decide when and how to perform them?
Substantive tests (e.g., detailed transaction testing, analytical procedures).
Tests of controls (if relying on internal control effectiveness).
Decided based on the risk assessment and materiality thresholds.
The timing (interim vs. year-end) depends on the nature and availability of evidence.
When might auditors rely on work done by client staff, management experts, or independent experts?
Client staff: For basic schedules, internal audit work (if deemed sufficiently rigorous).
Management experts: Valuations or technical areas if they have appropriate qualifications and objectivity.
Independent experts: Complex valuations (e.g., derivative financial instruments), actuarial services, or specialized IT systems reviews.
Why would auditors write to customers and banks for ‘external confirmations’?
To obtain evidence directly from third parties (ISA 505).
Confirm account balances (e.g., receivables) and outstanding loans or deposits.
Reduce detection risk by verifying information independently of management.
What special requirements might the client need to be informed about in advance?
IT system access for data extraction or controls testing.
Site visits to verify assets, inventory, or review local processes.
Correspondence with the client’s legal advisors or experts.
Any logistical or security considerations (e.g., NDAs, access permissions).
Why must auditors consider relevant laws and regulations based on the client’s industry?
Certain industries (e.g., banking, healthcare, energy) have special rules affecting financial statements.
Non-compliance could lead to material misstatements, fines, or going concern issues.
ISA 250 requires auditors to understand and consider laws and regulations that have a direct effect on the financial statements.
What is the purpose of interim or other work performed during the year rather than solely at year end?
Spread out audit work to manage busy seasons and reduce year-end pressure.
Test controls in real time rather than only after year-end.
Identify issues early, giving the client time to make corrections before final statements are prepared.
Why must auditors consider the nature of audit evidence when planning an audit?
To decide how much they can rely on the client’s internal controls vs. tests of detail (substantive testing). Different evidence sources (client documents, external confirmations) have varying reliability. Ensures the audit opinion is based on sufficient, appropriate evidence (ISA 500).
How do auditors determine whether to rely on internal controls or use more tests of detail?
They assess control risk: if internal controls are strong, reliance is possible, reducing substantive testing. If controls are weak, more tests of detail are performed to detect material misstatements. The decision is based on risk assessment (ISA 315 and ISA 330).
What is audit risk, and how is it calculated using the audit risk model?
Audit risk: The risk of expressing an inappropriate opinion on materially misstated financial statements. Formula: Audit Risk = Inherent Risk × Control Risk × Detection Risk. Auditors aim to keep audit risk as low as possible.
How do inherent risk, control risk, and detection risk relate to each other?
Inherent Risk: Susceptibility of an assertion to material misstatement before considering controls. Control Risk: Likelihood that a material misstatement will not be prevented or detected by internal controls. Detection Risk: Risk that audit procedures fail to detect a material misstatement. Together, they form the audit risk equation, guiding the audit strategy and testing approach.
Why must control risk be evaluated during audit planning?
Control risk directly impacts how much substantive testing is needed. If control risk is high, the auditor reduces reliance on controls and performs more detailed testing. Identifying high control risk areas early ensures efficient and effective allocation of audit resources.
How can auditors test the effectiveness of a client’s internal controls?
Investigate the client’s IT systems (e.g., access controls, system logs).
Observe the controls in action (e.g., watch employees follow procedures).
Inspect documents (e.g., approvals, reconciliations, evidence of reviews).
Why might auditors perform fewer tests of detail if the client’s controls are strong?
Strong internal controls reduce the risk of material misstatement.
Auditors can rely on these controls more, leading to fewer or less intensive substantive tests.
This helps keep the audit efficient without compromising quality.
What is segregation (division) of duties and why is it important?
Definition: Splitting tasks among different people so that no single individual controls an entire transaction process (e.g., one person records transactions, another approves, a third reconciles).
Why It’s Important: Reduces the risk of fraud and errors, as collusion would be required to manipulate accounts.
What is a physical control, and can you give an example?
Definition: Measures taken to protect assets and information (e.g., locks, security systems, passwords).
Example: Storing cash in a locked safe, restricting system access with secure passwords, or having swipe card entry to sensitive areas.
What are account reconciliations, and how do they function as a control?
Definition: Comparing two independent sets of records (e.g., bank statements vs. cashbook) to identify and correct discrepancies.
Function: Ensures accuracy and completeness of financial data; catches errors or unauthorized transactions.
Describe authorisation as an internal control.
Definition: Requiring approval from a responsible person before a transaction is processed (e.g., manager signature on large purchases).
Benefit: Prevents unauthorized or inappropriate spending and ensures accountability for key financial decisions.
