MCQ 1 Flashcards
An overall response to address a high assessed risk of material misstatement at the financial statement level of a nonissuer may include
A.
Increasing reliance on results of internal control testing.
B.
Emphasizing the need for more accounting staff.
C.
Incorporating additional predictability into the selection of procedures.
D.
Providing more supervision of the audit team.
D
When planning and executing an audit, an auditor uses the audit risk model. As part of the process, the auditor identifies and assesses the risk of material misstatement (RMM) at the financial statement level and at the level of individual management assertions. RMM is the risk that the financial statements contain one or more material misstatements.
When the RMM at the financial statement level is high, the auditor responds by decreasing detection risk (ie, the risk that a misstatement will go undetected).
Detection risk can be reduced by:
Emphasizing professional skepticism
Assigning more experienced staff or specialists
Providing more supervision
Reducing predictability of procedures
Changing the nature, timing, and extent of procedures (eg, more substantive procedures)
(Choice A) If RMM is high because control risk is high, the auditor will decrease, not increase, reliance on controls. If RMM is high despite strong controls, relying on those controls cannot reduce detection risk.
(Choice B) Increasing the number of staff assigned to the engagement may allow the audit to proceed more quickly, but will not reduce the risk that a misstatement will go undetected. However, experienced staff or specialists might help detect a misstatement.
(Choice C) Making audit procedures more predictable will make it easier for unscrupulous client employees to mislead the auditor, increasing the risk that material misstatements will go undetected.
Which of the following factors would a CPA ordinarily consider in the planning of an audit engagement?
I. Financial statement accounts likely to contain a misstatement.
II. Conditions that require extension of audit tests.
A.
I only.
B.
II only.
C.
Both I and II.
D.
Neither I nor II
Choice C (Correct) and Choices A, B, D (Incorrect): When planning an audit engagement, the auditor will consider accounts likely to contain a misstatement (I) as those areas will require additional audit attention. The auditor will also consider conditions that require the extension of audit tests (II).
Which of the following factors most likely would cause a CPA not to accept a new audit engagement?
A.
Management reputation for failing to provide schedules to prior auditors on a timely basis.
B.
The CPA’s inability to review the predecessor auditor’s working papers.
C.
Management’s unwillingness to make all financial records available to the CPA.
D.
The CPA’s lack of understanding of the entity’s operations and industry.
C
Management must acknowledge its responsibility to provide auditors access to information (eg, financial records) relevant to the audit before the engagement is accepted. Unless required by law to accept the engagement, auditors should not accept if a client restricts access to information because it creates a client-imposed scope limitation. A scope limitation prevents auditors from obtaining sufficient evidence to form an opinion.
(Choice A) Although it may be difficult to work with clients when they don’t provide timely information, the auditor can plan around this issue and still perform the audit. It is not a reason to decline an engagement.
(Choice B) There are circumstances (eg, potential litigation, disciplinary proceedings) that may prevent the predecessor auditor from communicating with the successor. If this is the case, the predecessor must communicate the circumstance to the successor and the successor may still accept the engagement.
(Choice D) A client can be accepted if the auditor has the capability of obtaining an understanding of the entity’s operations or industry. Sometimes, auditors obtain this understanding after accepting the client by using specialists or during planning procedures.
Things to remember:
Unless required by law to accept the engagement, auditors should not accept if a potential client restricts access to relevant information (eg, financial records) because it creates a client-imposed scope limitation. A scope limitation prevents auditors from obtaining sufficient evidence to form an opinion.
When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor most likely would increase the
A.
Level of detection risk.
B.
Extent of tests of details.
C.
Level of inherent risk.
D.
Extent of tests of controls
Choice B (Correct) and Choices A, C, D (Incorrect): An increase in the assessed level of control risk results in an increase in the risk of material misstatement. To maintain an adequately low level of audit risk, the auditor must reduce, not increase, the level of detection risk. An increase in detection risk would cause the auditor to enhance the nature of audit procedures, using those that would be expected to be more effective, and increase the extent of procedures, such as tests of details. Inherent risk, which is beyond the control of the auditor, is the risk associated with the financial statement element and represents the risk that the item will be materially misstated if there are no controls in place to prevent it. Tests of controls are used to determine if controls can be relied upon to reduce control risk. These would only be increased if the auditor believed that more controls are potentially reliable than originally expected.
A person identified as an audit committee financial expert of an issuer generally must have acquired the attributes of a financial expert through any of the following experiences, except
A.
As a principal financial officer, principal accounting officer, controller, public accountant, or auditor.
B.
Serving on at least one other issuer’s audit committee or disclosure committee of the board of directors.
C.
Actively supervising a principal financial officer or principal accounting officer.
D.
Assessing the performance of public accountants with respect to preparation, auditing, or evaluation of financial statements.
B
Board of directors (BOD) members serve on functional committees such as the audit committee (A/C) to disburse the board’s responsibilities. The Sarbanes-Oxley Act requires that the A/C consist of independent members of the BOD. Independent members are not employed by the entity, are not shareholders, and have no financial relationship with the entity.
One member of the A/C must be a financial expert. Financial experts do not need to be CPAs; however, they must have (among other things) an understanding of the functions of the A/C and internal controls; an understanding of GAAP along with the ability to assess the application of GAAP to accounting estimates, accruals, and reserves; and experience auditing, preparing, analyzing, or evaluating comparable financial statements (F/S).
These requirements can be gained through experience:
as a principal financial or accounting officer, controller, public accountant, or auditor (Choice A).
in actively supervising any of the above positions (Choice C).
in overseeing or assessing companies or public accountants in the preparation, auditing, or evaluation of F/S (Choice D).
Serving on an audit committee or disclosure committee of the BOD does not provide an individual with the expertise necessary to serve as financial expert of an issuer. More in-depth experience, such as working as a controller, is required.
Things to remember:
The board of directors audit committee’s financial expert must understand GAAP and financial statements and has worked as a principal financial or accounting officer, controller, or public accountant.
An auditor uses the assessed level of control risk to
A.
Evaluate the effectiveness of the entity’s internal control policies and procedures.
B.
Identify transactions and account balances where inherent risk is at the maximum.
C.
Indicate whether materiality thresholds for planning and evaluation purposes are sufficiently high.
D.
Determine the acceptable level of detection risk for financial statement assertions.
Choice D (Correct): The auditor assesses control risk in order to set the level of detection risk to achieve the desired level of audit risk.
Choice A (Incorrect): The auditor evaluates the effectiveness of internal controls in order to determine the appropriate level of control risk.
Choice B (Incorrect): Inherent risk is the risk that an item will be materially misstated due to its nature, regardless of controls. It is not affected by the assessed level of control risk.
Choice C (Incorrect): The determination of materiality thresholds is done separately from the assessment of control risk.
Assessing control risk below the maximum level most likely would involve
A.
Performing more extensive substantive tests with larger sample sizes than originally planned.
B.
Reducing inherent risk for most of the assertions relevant to significant account balances.
C.
Changing the timing of substantive tests by omitting intermediate testing and performing the tests at year end.
D.
Identifying specific internal control policies and procedures relevant to specific assertions
D Control risk (CR) is the risk that a company's internal control (I/C) will not prevent or detect material misstatements. When deciding to test controls, auditors first obtain a general understanding of the control structure, policies, and procedures relevant to assertions (eg, completeness of revenue) they want to test. CR is initially set at maximum level but can be reduced if tests of controls indicate the control is effective. Thus, auditors may reduce, not increase, the number of substantive tests planned if effective controls are in place (ie, CR below maximum) because some risk is mitigated
(Choice C) Auditors would omit interim testing if CR were assessed at maximum level, not below maximum. A lower CR means that I/C can be relied on and auditors may perform more procedures at interim.
Which of the following matters is an auditor not required to communicate to an entity’s audit committee?
A.
Significant adjustments arising from the audit that were recorded by management.
B.
The basis for the auditor’s conclusions about the reasonableness of management’s sensitive accounting estimates.
C.
The level of responsibility assumed by the auditor under generally accepted auditing standards.
D.
The degree of reliance the auditor placed on the management representation letter
Choice D (Correct) and Choices A, B, C (Incorrect): The auditor would communicate with governance regarding significant adjustments arising from the audit as they may provide information about management’s integrity or competence, depending on whether the misstatements were considered intentional or unintentional. The auditor will communicate about the reasonableness of management’s estimates for similar reasons. The auditor will also communicate the level of responsibility being taken under GAAS to avoid a misunderstanding. The auditor will not, however, indicate the degree of reliance that will be placed on management’s representation letter, which is a matter of professional judgment.
Choose the correct statement(s), if any, regarding fraud risk factor(s) from the following:
I. Needlessly complex transactions present an opportunity for fraud.
II. Ineffective oversight by those charged with governance provides an incentive for fraud.
III. Stock options that expire soon after the release of financial statements present an opportunity for fraud.
A.
I and III only
B.
I only
C.
I, II, and III
D.
None of the above
Choice B (Correct) and Choices A, C, D (Incorrect): When transactions are complex, many individuals within the entity will not understand the intricacies and, as a result, it becomes easier to deceive others, creating an opportunity to commit fraud. Ineffective oversight by governance also creates an opportunity for individuals to commit fraud but does not provide an incentive. When stock options are due to expire shortly after financial statements are issued, that creates an incentive to overstate results in order to increase the value of the options, but it does not provide an opportunity.
A CPA firm would best provide itself reasonable assurance of meeting its responsibility to offer professional services that conform with professional standards by
A.
Establishing an understanding with each client concerning individual responsibilities in a signed engagement letter.
B.
Assessing the risk that errors and fraud may cause the financial statements to contain material misstatements.
C.
Developing specific audit objectives to support management’s assertions that are embodied in the financial statements.
D.
Maintaining a comprehensive system of quality control that is suitably designed in relation to its organizational structure.
Choice D (Correct) and Choices A, B, C (Incorrect): The objectives of a system of quality control are to provide reasonable assurance that the CPA firm is in compliance with requirements of professional standards and that the firm issues reports that are appropriate under the circumstances. Establishing an understanding with the client, assessing the risk that errors and fraud may cause financial statements to contain material misstatements, and developing specific audit objectives to support management’s assertions are all specific requirements under GAAS that apply to a specific engagement while the system of quality control pertains to the firm as a whole.
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that
A.
Specified controls requiring segregation of duties may be circumvented by collusion.
B.
Entity policies may be overridden by senior management.
C.
Tests of controls may fail to identify procedures relevant to assertions.
D.
Material misstatements may exist in the financial statements.
Choice D (Correct): The primary objective of assessing control risk is to determine the risk that material misstatements exist in the financial statements that will not be prevented or detected and corrected on a timely basis by internal controls. The higher the control risk, the more likely financial statements are misstated.
Choice C (Incorrect): The possibility that tests of controls may fail to identify relevant procedures may be considered, but that is not the ultimate purpose of the assessment of control risk.
Which of the following is a correct statement regarding the nature and timing of communications between an accounting firm performing an initial audit of an issuer and the issuer’s audit committee?
A.
Prior to accepting the engagement, the firm must orally affirm its independence to the audit committee with all members present.
B.
The firm must address all independence impairment issues on the date of the audit opinion.
C.
Communications related to independence may occur in any form prior to issuance of the financial statements.
D.
Prior to accepting the engagement, the firm should describe in writing all relationships that, as of the date of the communication, may reasonably be thought to bear on independence.
D
Auditing standards of the PCAOB (Public Company Accounting Oversight Board) apply to audits of issuers (public entities). Auditors who provide auditing services to issuers must be independent. Independence means that the auditor is free from actual and perceived conflicts of interest. These interests can be financial or can be a result of a close relationship with the client.
PCAOB standards require that audit firms provide the audit committee with writteninformation about all relationships between the firm and the potential audit client that may impact the firm’s independence. This communication should be done prior to acceptance. Oral confirmation alone is not an acceptable means of communication (Choice A). In addition, discussions with the audit committee regarding independence must be documented and retained by the audit fir
Which of the following best describes what is meant by the term generally accepted auditing standards for a PCAOB audit?
A.
Rules acknowledged by the accounting profession because of their universal application.
B.
Pronouncements issued by the Auditing Standards Board.
C.
Measures of the quality of the auditor’s performance.
D.
Procedures to be used to gather evidence to support financial statements
Choice C (Correct) and Choices B, D (Incorrect): As implied by the term “standard”, generally accepted auditing standards (GAAS) represent benchmarks against which to measure the quality of the auditor’s performance. GAAS includes rules that are acknowledged by the accounting profession as well as procedures used to gather evidence, which enable the auditor to achieve quality. GAAS are communicated to the profession in the form of pronouncements issued by the Auditing Standards Board.
In assessing control risk, an auditor ordinarily selects from a variety of techniques, including
A.
Inquiry and analytical procedures.
B.
Reperformance and observation.
C.
Comparison and confirmation.
D.
Inspection and verification.
Choice B (Correct): Control risk is a function of the effectiveness of the client’s internal controls. The auditor assesses control risk by obtaining an understanding of internal control, observation to determine whether controls have been put into place and reperformance to verify that controls are effective.
Choice A (Incorrect): Inquiries are performed in obtaining an understanding of internal control and analytical procedures are used in planning, as substantive tests, and in evaluating the results of an audit, but not in the assessment of control risk.
Choice C (Incorrect): Comparison and confirmation are substantive tests and are not used in assessing control risk.
Choice D (Incorrect): Inspection of documents and verification are substantive procedures and are not used in assessing control risk.
Which of the following is(are) a correct definition of professional standards?
I. Procedures used by an auditor to gather evidence on which to base an opinion.
II. Measures of the quality of the auditor’s performance.
A.
I only.
B.
II only.
C.
Both I and II.
D.
Neither I nor II.
Choice B (Correct) and Choice C (Incorrect): Professional standards are measures of the quality of the auditor’s performance, not procedures used by an auditor to gather evidence.
An auditor may decide to assess control risk at the maximum level for certain assertions because the auditor believes
A.
Control policies and procedures are unlikely to pertain to the assertions.
B.
The entity’s control environment, accounting system, and control procedures are interrelated.
C.
Sufficient evidential matter to support the assertions is likely to be available.
D.
More emphasis on tests of controls than substantive tests is warranted/justified.
Choice A (Correct): When an auditor sets control risk at maximum, internal controls will not be relied upon and the opinion will be based entirely upon evidence gathered from substantive testing. The two primary reasons the auditor would not rely on controls are if the controls are weak, such as when policies and procedures are unlikely to pertain/relate to the relevant assertions, or if performing substantive tests is more efficient in conducting the audit.
Choice B (Incorrect): An entity’s control environment, accounting system, and control procedures should be interrelated/connected and, if effective, control risk might be set below the maximum level.
Choice C (Incorrect): Even if sufficient evidential matter is likely to be available, that does not necessarily mean performing substantive tests would be more efficient.
Choice D (Incorrect): A greater emphasis on tests of controls would be indicated when control risk is set below maximum, not at the maximum level.
If a statement from the Statements on Standards for Attestation Engagements (SSAE) provides that a procedure or action is one that the practitioner “should consider,” then which of the following interpretations is correct?
A.
The practitioner and management must agree on how the procedure will be performed.
B.
The consideration of the procedure is presumptively required, whereas carrying out the procedure is not required.
C.
The SSAEs use this term for special attestation engagements when referring to unusual situations outside the scope of the typical attestation engagements.
D.
Carrying out the procedure or action is required in all cases.
B
The Auditing Standards Board (ASB) has two levels of requirements for practitioners performing attestation services: unconditional and presumptively mandatory. These two requirements were established to provide clarity on how to interpret the standards.
The practitioner must always comply with unconditional requirements (Choice D). Presumptively mandatory requirements are those that the practitioner should consider but may depart from if irrelevant to the current circumstances, but the reason for departure should be documented.
(Choices A and C) The phrasing “should consider” indicates a presumptively mandatory requirement, not that the practitioner and management need to agree on how to perform the procedure. In addition, the phrase is not used to refer to unusual situations outside the scope of an attestation engagement.
According to the SEC, members of an issuer’s audit committee may not
A.
Establish procedures for employees to anonymously report fraud.
B.
Be responsible for the compensation of any registered public accounting firm employed by the entity to provide an audit report.
C.
Accept any consulting, advisory, or other compensation fee from the entity for services other than as a member of the board.
D.
Engage independent counsel as deemed necessary to carry out their duties
C
The audit committee (A/C) consists of independent members of the board of directors (BOD). Independent members are not employed by the entity, are not shareholders, have no financial relationship with the entity, and are otherwise unattached to the entity.
The Securities Exchange Act of 1934 specifies that an A/C member may receive compensation such as director fees, retainers, and meeting fees for serving on the board and/or committees but may not:
Accept any other consulting, advisory, or compensatory fee from the company.
Be affiliated with the company.
The A/C is responsible for overseeing the:
Financial reporting process, making certain that reliable information useful to stakeholders is available on a timely basis.
Appointment and compensation of the entity’s auditors (Choice B).
Establishment of appropriate internal controls, including programs for the prevention and detection of fraud.
Creation and publication of a code of ethics for senior financial officers.
Establishment of a process for employees to anonymously report concerns about accounting matters and/or fraud (Choice A).
Engagement of independent counsel as deemed necessary (Choice D).
Regarding a nonissuer’s compliance with laws and regulations, an auditor performing an audit of the entity’s financial statements is responsible for
A.
Obtaining a general understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with that framework.
B.
Preventing noncompliance with existing applicable laws and regulations that determine reported amounts and disclosures in the entity’s financial statements.
C.
Determining whether an act performed by the entity being audited constitutes noncompliance with existing applicable laws and regulations.
D.
Ensuring that the entity’s operations are conducted in accordance with the provisions of laws and regulations relevant to the entity’s financial statements.
A
Generally accepted auditing standards (GAAS) apply to audits of nonissuers (ie, private entities). The overall objectives of the independent auditor are to identify and assess risks, obtain sufficient evidence, and form an opinion. Auditing standards provide auditors with general guidelines for achieving these objectives, but it is up to the auditor to determine the appropriate procedures that will be performed.
The auditor is responsible for obtaining a general understanding of the client’s regulatory environment as part of the risk assessment procedures. This general understanding helps the auditor assess if applicable financial reporting laws and regulations are being followed. However, it is not the auditor’s responsibility to prevent noncompliance with existing laws and regulations (Choice B). Management is ultimately responsible for compliance.
(Choice C) Auditors are not responsible for determining whether an act constitutes noncompliance. The entity’s legal counsel makes that determination. The auditor is responsible only for a general understanding of the client’s regulatory environment to identify clear instances of noncompliance.
(Choice D) Management, not the auditor, is responsible for ensuring that the entity’s operations and reporting requirements are conducted in accordance with the provisions of laws and regulations.
Things to remember:
Independent auditors are responsible for obtaining a general understanding of an entity’s legal and regulatory environment in order to assess an entity’s compliance. However, it is management’s responsibility to ensure that the entity is operating and reporting its financial information in accordance with applicable laws and regulations.
Which of the following procedures would a CPA most likely perform in the planning of a financial statement audit?
A.
Obtain representations from management regarding the availability of all financial records.
B.
Communicate with the audit committee concerning the prior year’s audit adjustments.
C.
Make inquiries of the client’s attorney regarding pending and threatened litigation and assessments.
D.
Compare recorded financial information with anticipated results from budgets and forecasts.
Choice D (Correct) and Choices A, B, C (Incorrect): By comparing recorded financial information with expectations in the form of anticipated results from budgets and forecasts, the auditor can identify any unexpected amounts or relationships in determining the nature, timing, and extent of audit procedures to be applied. The auditor obtains representations about the availability of all financial records and makes inquiries of the client’s attorney near the conclusion of the audit, not during the planning. The auditor will communicate with those charged with governance regarding uncorrected misstatements related to prior periods on a timely basis, but not necessarily as part of the planning of the engagement.
As the acceptable level of detection risk decreases, the assurance directly provided from
A.
Substantive tests should increase.
B.
Substantive tests should decrease.
C.
Tests of controls should increase.
D.
Tests of controls should decrease.
Choice A (Correct): The auditor performs substantive tests to address detection risk. When detection risk is higher than acceptable, it is decreased by increasing substantive testing. Substantive testing can be decreased when the risk of material misstatement is low and a high level of detection risk is acceptable. Tests of controls are performed in the evaluation of control risk and are not related to detection risk.
Choose the incentive(s) for fraud, if any, listed below:
I. Promotions, compensation, or other rewards inconsistent with expectations.
II. Access to valuable inventory that is easy to resell.
III. Known or anticipated layoffs.
A.
I and III only
B.
II only
C.
I, II, and III
D.
None of the above
Choice A (Correct) and Choices B, C, D (Incorrect): Incentives are the reasons that individuals commit fraud, which may be to make their performance appear better than it actually was to earn promotions, compensation, or other rewards; or to obtain resources in anticipation of layoffs. Access to valuable inventory creates the opportunity to commit fraud but would not be the incentive.
A successor auditor ordinarily should request to review the predecessor’s working papers relating to
Contingencies Internal controls
A.
Yes Yes
B.
Yes No
C.
No Yes
D.
No No
A
Successor auditors are required to initiate inquiries with predecessor auditors to obtain information that may help them determine whether to accept an initial audit engagement. The communications usually include a request to review the predecessor’s working papers to gain an understanding of significant events (eg, fraud, material weaknesses) relevant to client acceptance.
Working papers with details on contingencies and internal controls are useful to the successor because they have a direct impact on the effort needed to perform the audit. Contingencies are future events with uncertain outcomes and may lead to losses or liabilities for an entity (eg, litigation against an entity may result in a large financial settlement). Internal controls are rules or procedures used by an entity to ensure it achieves its objectives, including the prevention of fraud or material misstatements in financial statements.
A successor auditor is required to attempt communication with the predecessor auditor prior to
Making a proposal for the audit engagement Accepting the engagement
A.
Yes Yes
B.
Yes No
C.
No Yes
D.
No No
C
Because auditors need the potential client’s permission to communicate with the predecessor auditor, these inquiries normally occur after the audit proposal has been made. A proposal is not the same as an engagement letter, which confirms client acceptance.
Auditing standards require auditors to communicate with the predecessor auditor prior to accepting (but not proposing) an initial audit engagement. The purpose of the communication is to help the successor auditor determine whether to accept the initial audit engagement.
Which of the following disagreements between the auditor and management do not have to be communicated by the auditor to those charged with governance?
A.
Disagreements regarding management’s judgment about accounting estimates for goodwill.
B.
Disagreements about the scope of the audit.
C.
Disagreements in the application of accounting principles relating to software development costs.
D.
Disagreements of the amount of the LIFO inventory layer based on preliminary information
D
Effective and timely two-way communication between auditors and those charged with governance helps auditors plan and execute the audit. It also allows governance to take corrective action in response to problems identified by auditors.
Disagreements with management that, individually or in the aggregate, are significant to the financial statements or the audit report should be reported to governance in a timely manner, regardless of whether they are resolved. Such disagreements may be about issues including the scope of the audit, significant accounting estimates, or the application of accounting principles (Choices A, B, and C).
Disagreements over preliminary information will not have a significant effect on the auditor’s report or the financial statements. Such disagreements do not need to be communicated to governance unless they cannot be resolved when more information becomes available and audit procedures are performed.
In an engagement to examine management’s discussion and analysis (MD&A), which of the following best defines control risk?
A.
The risk that an assertion within the MD&A will lead to a material misstatement.
B.
The risk of detecting misstatements that are material to the MD&A presentation taken as a whole.
C.
The risk that the practitioner will not uncover a material misstatement within an MD&A assertion.
D.
The risk that material misstatements in the MD&A presentation will not be prevented in a timely manner.
Choice D (Correct): Control risk is the risk that internal controls will not prevent an error or fraud or will not detect and correct it in a timely manner.
The risk that an assertion will lead to a material misstatement is a form of inherent risk, not control risk.
The risk of detecting misstatements, or not detecting them, is detection risk, not control risk.
Which of the following statements is correct concerning materiality in a financial statement audit?
A.
Analytical procedures performed during an audit’s review stage usually decrease materiality levels.
B.
If the materiality amount used in evaluating audit findings increases from the amount used in planning, the auditor should apply additional substantive tests.
C.
The auditor’s materiality judgments generally involve quantitative, but not qualitative, considerations.
D.
Materiality levels are generally considered in terms of the smallest aggregate level of misstatement that could be considered material to any one of the financial statements.
Choice D (Correct): To minimize audit risk, the risk of issuing an unmodified report when the financial statements contain a material misstatement, the auditor will consider the smallest aggregate level of misstatement that could be considered material to any of the financial statements and measure materiality against that amount. Analytical procedures do not affect the judgment of materiality. As materiality amounts increase, larger errors become acceptable and the auditor will decrease, not increase, substantive testing. Materiality judgments involve both qualitative and quantitative considerations.
After fieldwork audit procedures are completed, a partner of the CPA firm who has not been involved in the audit performs a second or wrap-up working paper review. This second review usually focuses on
A.
The fair presentation of the financial statements in conformity with GAAP.
B.
Irregularities involving the client’s management and its employees.
C.
The materiality of the adjusting entries proposed by the audit staff.
D.
The communication of internal control weaknesses to the client’s audit committee.
Choice A (Correct) and Choices B, C, D (Incorrect): After fieldwork procedures and reviews of the engagement partner are completed, another partner of the CPA firm, known as a concurring partner, will perform a very high level review, focusing on the fair presentation of the financial statements in conformity with GAAP.
Each of the following is a function of an entity’s control risk, except
A.
The process for approving transactions.
B.
The process of implementing new business processes.
C.
The entity’s regulatory environment.
D.
Management’s risk assessment for financial reporting.
C
The risk of material misstatement (RMM) is made up of both inherent and control risk (CR). CR is the risk that an entity’s internal controls (I/C) will not prevent or detect a material misstatement. CR is a function of the effectiveness, design, implementation, and maintenance of I/C. Inherent risk is the RMM from conditions other than CR, such as the entity’s regulatory environment, technological environment, and other external factors.
(Choice D) Auditors evaluate management’s risk assessment to identify the risks related to financial reporting, including those related to I/C. Management’s assessment is part of monitoring and maintaining controls, which are functions of CR.
An audit client is deciding whether to prepare financial statements in accordance with a general purpose framework or a special purpose framework. Which of the following is a special purpose framework?
A.
A framework derived from Statements of Federal Financial Accounting Standards issued by the Federal Accounting Standards Advisory Board.
B.
A framework derived from Statutory Accounting Principles issued by a state regulatory agency of insurance companies.
C.
A framework derived from International Financial Reporting Standards issued by the International Accounting Standards Board.
D.
A framework derived from Statements of Governmental Standards issued by the Governmental Accounting Standards Board.
B
An accounting framework is the set of criteria (either rules or standards) that are required for financial items to be recognized, classified, and recorded within an entity’s financial statements. To adhere to auditing standards, auditors must be familiar with their client’s applicable reporting framework. Auditors will use the framework as a guide to help them assess if the client’s financial statements meet the framework’s requirements.
A general purpose framework is designed to meet the common financial information objectives of a wide range of users. In contrast, a special purpose framework is a non-GAAP framework designed to meet a specific purpose (ie, financial information requirements) of a specific group of users (eg, tax regulators). For example, a framework issued by a state insurance regulatory agency is applied to financial reporting so that the information provided meets the specific needs of the regulatory body.
(Choice A) A framework derived from Statements of Federal Financial Accounting Standards (SFFAS) issued by the Federal Accounting Standards Advisory Board is a general purpose framework. Generally, a broad governmental body, such as a federal board, will issue a general purpose, not special purpose, framework.
(Choice C) A framework derived from International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board is a general purpose framework. IFRS is the international version of GAAP, which is used in the United States, and is a framework for reporting information to a wide range of users.
(Choice D) A framework derived from Statements of Governmental Standards issued by the Governmental Accounting Standards Board (GASB) is a general purpose framework. This framework is applied to the financial reports of state and local governments to a wide range of users.
Things to remember:
A general purpose framework (eg, GAAP) is a set of criteria used to report financial information to a wide range of users. A special purpose framework (eg, tax accounting basis) is intended for a specific purpose and for a more narrowly defined set of users. Auditors must understand their client’s reporting framework since it will be used as the criteria to assess the fairness of financial statements.
Assessing control risk at below the maximum most likely would involve
A.
Changing the timing of substantive tests by omitting interim-date testing and performing the tests at year end.
B.
Identifying specific internal control structure policies and procedures relevant to specific assertions.
C.
Performing more extensive substantive tests with larger sample sizes than originally planned.
D.
Reducing inherent risk for most of the assertions relevant to significant account balances.
Choice B (Correct): If control risk is assessed below the maximum, the auditor intends to rely on internal controls and reduce the amount of substantive testing. The auditor assesses control risk below the maximum when there are specific, reliable internal controls that relate to specific management assertions.
Choice A (Incorrect): Assessing control risk below the maximum allows for an increase in interim testing and a more efficient audit, rather than reliance on testing exclusively at year end.
Choice C (Incorrect): Assessing control risk below the maximum allows for less substantive testing, not more.
Choice D (Incorrect): Inherent risk is the risk of misstatement due to factors other than a failure of relevant controls and is not affected by the assessment of control risk.
An auditor’s primary consideration regarding an entity’s internal control structure policies and procedures is whether the policies and procedures
A.
Affect the financial statements. (57%)
B.
Prevent management override. (10%)
C.
Relate to the control environment. (22%)
D.
Reflect management’s philosophy and operating style. (10%)
Choice A (Correct): All audit procedures contribute to the goal of expressing an opinion on the financial statements
An audit supervisor reviewed the work performed by the staff to determine whether the audit was adequately performed. The supervisor accomplished this by primarily reviewing which of the following?
A.
Checklists.
B.
Working papers.
C.
Analytical procedures.
D.
Financial statements.
Choice B (Correct) and Choices A, C, D (Incorrect): Working papers are designed to provide evidence of the work performed, the evidence evaluated, and the conclusions drawn. Working papers may include checklists, evidence of analytical procedures, and copies of the financial statements.
From the following, choose the statement(s) which describe an inherent risk in an audit:
I. The financial statements include assets which are highly susceptible to theft.
II. The financial statements include items which are complex or involve very high volumes of transactions.
III. The financial statements include assets which require significant estimates requiring high levels of judgement to determine their carrying values.
A.
II and III only
B.
I only
C.
I and II only
D.
I, II, and III
Choice D (Correct) and Choices A, B, C (Incorrect): Inherent risk is the risk that an item will be materially misstated if there are no internal controls in place. When assets are highly susceptible to theft, the entity may believe it has more on hand than is the case due to unidentified theft losses. When items are relatively complex or require a high volume of transactions, there is a higher likelihood of error, as would be the case when the valuation of assets is dependent on estimates involving high levels of judgment. Any of these risks can be mitigated by internal controls, but all represent risks of material misstatements if controls are not in place, making them all part of inherent risk.
Which of the following circumstances would permit an independent auditor to accept an engagement after the close of the fiscal year?
A.
Issuance of a disclaimer of opinion as a result of inability to conduct certain tests required by generally accepted auditing standards due to the timing of acceptance of the engagement.
B.
Assessment of control risk below the maximum level.
C.
Receipt of an assertion from the preceding auditor that the entity will be able to continue as a going concern.
D.
Remedy of limitations resulting from accepting the engagement after the close of the end of the year, such as those relating to the existence of physical inventory.
Choice D (Correct) and Choices A, B, C (Incorrect): An auditor would be able to accept an engagement after the close of the fiscal year if the auditor had a means of obtaining sufficient appropriate audit evidence regarding opening balances, such as developing a remedy for the inability to observe inventory by performing alternate procedures. The inability to obtain evidence regarding opening balances may result in a disclaimer of opinion in regard to the income statement, the statement of cash flows, and the statement of changes in equity, but it would not preclude the auditor from expressing an opinion on the balance sheet. The auditor does not assess control risk until after the engagement has been accepted. The auditor’s evaluation as to the ability of the client to continue as a going concern will be based on the auditor’s evaluation of evidence obtained during the course of the engagement, not a representation from the predecessor.
The phrase “generally accepted accounting principles” is an accounting term that
A.
Includes broad guidelines of general application but not detailed practices and procedures.
B.
Encompasses the conventions, rules, and procedures necessary to define accepted accounting practice at a particular time.
C.
Provides a measure of conventions, rules, and procedures governed by the AICPA.
D.
Is included in the audit report to indicate that the audit has been conducted in accordance with generally accepted auditing standards (GAAS).
B
Generally Accepted Accounting Principles (GAAP) is a general-purpose framework that includes both broad guidelines and detailed policies and procedures such as conventions and rules. The framework defines the accounting practice at a particular time; it is updated regularly to stay current with changes in the business environment. The FASB (Financial Accounting Standards Board), not the AICPA, maintains GAAP in one centralized codification (Choice C).
(Choice A) GAAP includes broad guidelines of general application and detailed practices and procedures (eg, accounting for leases, rules for revenue recognition).
(Choice D) Although GAAP is included in the audit report, it is used to address the responsibilities of management to prepare financial statements in adherence with the framework. It is not used to indicate that the audit has been conducted in adherence to GAAS.
An auditor has set the materiality level for the financial statements as a whole at $125,000. Which of the following misstatements would the auditor most likely consider material?
A.
The client did not record $47,000 in trade accounts payable at year end.
B.
The client did not disclose $45,000 of related party transactions in the footnotes.
C.
The client misclassified $42,000 of supplies expense as miscellaneous expense.
D.
The client’s estimate of the allowance for doubtful accounts is $40,000 more than the auditor’s estimate.
B
An entity’s related parties may include owners, managers, and their families, as well as other parties that can influence or be influenced by the entity. Related party transactions pose a heightened risk of fraud because the parties’ relationship provides greater opportunity for collusion and manipulation of transactions (eg, selling a building to the entity above market value).
Companies are required to disclose related party transactions regardless of materiality because financial statement users need to understand the nature of related party transactions and their effects on financial statements. Auditors are responsible for performing procedures that identify related parties and related transactions and for evaluating whether these transactions have been properly accounted for and disclosed.
(Choices A, C, and D) A misstatement is considered material if it meets either a quantitative threshold (eg, materiality of $125,000) or is qualitatively material (eg, related parties, fraud). Because none of these individual misstatements ($47,000, $42,000, and $40,000) meet either criteria (ie, below the threshold, not qualitatively material), none of them are considered material.
An auditor of a nonissuer is most likely to conclude that a misstatement identified during an audit that is below the quantitative materiality limit is qualitatively material if it
A.
Changes the company’s operating results from a net loss to a net income.
B.
Arises from a transaction cycle with controls that were determined to be operating effectively.
C.
Is the first time a misstatement has arisen from the relevant transaction cycle.
D.
Decreases management’s incentive compensation for the period.
Choice A (Correct) and Choices B, C, D (Incorrect): An item is material if it has the potential to influence the decisions of a financial statement user. When items are not large enough in amount to be quantitatively material, they may still be qualitatively material based on their relative importance. This would be the case, for example, if the recording of an item has the potential of determining if the entity reports a profit or loss. When a misstatement that is quantitatively not material arises from a system with effective controls, or when it is the first time a misstatement has arisen from the system, it is not likely that the misstatement is representative of numerous misstatements and they would not be considered qualitatively material either. A misstatement that decreases management’s incentive compensation is not likely to be a fraudulent misstatement, as would be the case if it increased compensation, and would not be qualitatively ma
Which of the following statements correctly defines the term reasonable assurance?
A.
A substantial level of assurance to allow an auditor to detect a material misstatement.
B.
A significant level of assurance to allow an auditor to detect a material misstatement.
C.
An absolute level of assurance to allow an auditor to detect a material misstatement.
D.
A high, but not absolute, level of assurance to allow an auditor to detect a material misstatement
D
Information asymmetry occurs when one person is better informed than another. For example, a used car salesman has more information about the true condition of a vehicle than a buyer. As a response, the buyer may hire a trained mechanic to inspect the vehicle prior to purchasing it. The mechanic is not expected to inspect every bolt and screw because that would be too expensive and time-consuming. The mechanic can provide only a reasonable assurance that the car is in working condition.
A high level of assurance (reasonable assurance) gives users of financial information confidence to rely on financial reports. Financial auditors (like the mechanic) try to provide users of financial reports with a reasonable level of assurance about management’s financial assertions. Assertions are management claims reported on the financial statements (ie, reported revenues), like the claims of the car salesman. Investors, creditors, and other lenders are like the car buyer because they provide resources to the company based on the reported claims.
(Choices A and B) “Substantial” and “significant” are not terms used under the General Accepted Auditing Standards (GAAS). GAAS uses the terms “reasonable” or a “high level” of assurance to describe the type of assurance that auditors provide. Reasonable is a legal term that describes the level of care an ordinarily prudent person (proficient auditor) would have used under similar circumstances. In legal proceedings, auditors may argue that reasonable assurance was achieved if they acted with the same care as other proficient auditors.
(Choice C) Auditors cannot be expected to provide absolute assurance because doing so would be too costly and time-consuming.
The audit program usually cannot be finalized until the
A.
Consideration of the entity’s internal control structure has been completed.
B.
Engagement letter has been signed by the auditor and the client.
C.
Internal control deficiencies have been communicated to the audit committee.
D.
Search for unrecorded liabilities has been performed and documented.
A
An audit program, required for every GAAS audit, is a step-by-step list of audit procedures. The procedures are designed to achieve specific audit objectives (eg, detect material misstatements) related to management assertions (claims). The program describes the nature, timing, and extent of:
Risk assessment procedures sufficient to assess the risk of material misstatement (eg, test of controls)
Further audit procedures at the relevant assertion level for each material class of transactions, account balances, and disclosures
Other procedures needed to comply with GAAS (eg, the use of specialists)
Auditors should consider key factors such as materiality, the risk of material misstatement (RMM), and business and industry factors before the audit program can be finalized. Understanding an entity’s internal control structure helps the auditor assess the risk of material misstatement.
(Choice B) The engagement letter is delivered and usually signed by the client during the client acceptance phase of an audit. Client acceptance should have already been completed by the time the auditor begins work on the audit program and is not part of the process needed to finalize it.
(Choice C) Internal control procedures and discovered deficiencies are communicated to the audit committee after the audit program is finalized.
(Choice D) A search for unrecorded liabilities is listed in the audit program and is performed after the program is finalized.
Things to remember:
An audit program is a step-by-step listing that describes the nature, timing, and extent of audit procedures used to detect material misstatements during field work. The audit program should be completed after the auditor has assessed the risk of material misstatement, which includes consideration of an entity’s internal controls.
Which of the following types of risks most likely would increase if accounts receivable are confirmed three months before year end?
A.
Inherent.
B.
Control
C.
Detection.
D.
Business
Choice C (Correct): Detection risk is the risk that a material misstatement due to error or fraud will not be detected by procedures performed by the auditor. When accounts receivable are confirmed three months prior to year end, there is ample time for an error or misappropriation or other defalcation to occur to cause the financial statements to be misstated. Inherent risk is the risk that an item will be materially misstated if no controls are in place, which is not affected by confirmations. Control risk is the risk that a material misstatement will not be prevented or detected and corrected on a timely basis as a result of controls in place, which is also not affected by confirmations. Business risk is the risk associated with the extending of credit in this circumstance, which is also not affected by confirmations.
Which of the following statements is correct regarding the auditor’s consideration of the possibility of noncompliance (illegal acts) by clients?
A.
The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance that no noncompliance (illegal acts) have been committed by clients.
B.
The auditor’s training, experience, and understanding of the client should be used to provide a basis for the determination as to whether noncompliance (illegal acts) has occurred.
C.
If specific information concerning noncompliance (illegal acts) comes to the auditor’s attention, the auditor should apply audit procedures specifically directed to ascertaining whether an illegal act has occurred.
D.
If an illegal act has occurred, the auditor should express a qualified opinion or an adverse opinion on the financial statements taken as a whole.
Choice C (Correct) and Choices A, B, D (Incorrect): When the auditor has reason to believe that an illegal act may have occurred, the auditor should perform procedures to determine if, in fact, it has and, if so, whether or not it is more than inconsequential/insignificant. The auditor is concerned about noncompliance (illegal acts) that are potentially consequential to the financial statements, not all illegal acts. Although the auditor’s qualifications may increase the likelihood that illegal acts will be detected, they alone are not a sufficient basis for evaluating whether or not illegal acts have occurred. The occurrence of an illegal act will only affect the auditor’s opinion if, as a result, the financial statements are materially misstated.
Upon obtaining an understanding of a client’s internal controls in relation to payroll, the auditor has assessed control risk as low on a preliminary basis. As a result, the auditor will likely:
A.
Reduce the extent of tests of control in relation to the payroll cycle.
B.
Decrease the number of payroll transactions selected for the application of substantive testing.
C.
Decrease the acceptable level of detection risk in designing substantive testing.
D.
Increase the amount that would be considered material for identifying exceptions when testing payroll.
Choice B (Correct): When control risk is assessed as low, the auditor can decrease substantive testing, such as by decreasing the number of transactions examined in the performance of substantive tests.
Tests of controls will be increased, not decreased, to make certain that the auditor is not placing too much reliance on internal control as result of the preliminary assessment. Reducing control risk reduces the risk of material misstatement, which allows the auditor to increase detection risk without increasing overall audit risk. The auditor’s assessment of internal control does not affect judgments as to materiality.
Which of the following factors most likely would lead a CPA to conclude that a potential audit engagement should be rejected?
A.
The details of most recorded transactions are not available after a specified period of time.
B.
Internal control activities requiring the segregation of duties are subject to management override.
C.
It is unlikely that sufficient appropriate audit evidence is available to support an opinion on the financial statements.
D.
Management has a reputation for consulting with several accounting firms about significant accounting issues.
C
A scope limitation is a restriction that prevents an auditor from obtaining sufficient (ie, quantity) and appropriate (ie, quality) audit evidence. It can be caused by the client (eg, limiting evidence given to auditor) or other events beyond the client’s control (eg, evidence lost in flood). When a scope limitation exists, the auditor may be required to issue a disclaimer or qualified opinion, depending on the nature and extent of the limitation. If a severe scope limitation is present, the auditor should not accept the engagement.
(Choice A) The auditor considers the availability of transaction details when planning the audit and may need to perform more testing throughout the year. However, this would not be a reason to decline an engagement.
(Choice B) Management’s ability to override internal controls is a control deficiency that may increase the risk of material misstatement and require modifications to audit procedures. However, auditors may accept this engagement because these circumstances do not prevent them from obtaining sufficient audit evidence to form an opinion.
(Choice D) If management consults with other firms regarding accounting issues, it does not necessarily result in a scope limitation. The auditor should be aware of the consulting activity and should determine if it impacts the ability to obtain sufficient audit evidence.
In assessing the tolerable rate of deviations of a test of controls that was performed using statistical sampling, an auditor should consider that
A.
Deviations from pertinent controls do not affect the risk of material misstatement in the accounting records.
B.
Deviations from pertinent controls at a given rate ordinarily result in misstatements at a lower rate.
C.
When the degree of assurance desired in a sample is high, the auditor should allow for a high level of sampling risk.
D.
Increasing the number of items selected for the test of controls usually increases the tolerable rate of deviations
B
Tests of controls are used to test the rate of deviation from a prescribed control. The tolerable rate (TR) is the maximum deviation rate an auditor is willing to accept before concluding the control is ineffective. If auditors decide the TR for a cash control tested is 10%, it means that in any given sample, the control is considered ineffective if the deviation is above 10%. However, even when the deviation rate for the control is above the TR, it does not mean the account balance is more than 10% misstated.
An accountant may not have followed a control 20% of the time but may have properly accounted for the cash. When considering the TR (ie, maximum rate) of deviation, auditors should consider that although a control deviation may be high, it does not necessarily imply the rate of misstatement is the same.
(Choice A) The deviation rate is used to determine whether the control is effective. The effectiveness of the control affects the assessed level of control risk, and therefore the risk of material misstatement.
(Choice C) If the desired assurance in a sample is high, the allowance for sampling risk is low, not high. Low allowance for sampling risk provides high confidence that the results of the sample represent the population.
(Choice D) There is an inverse relationship between the tolerable rate of deviation and sample size. Increasing the tolerable rate will decrease, not increase, the number of selected items
A group engagement team of a nonissuer should ask a component auditor to communicate whether it complied with
A.
Ethical requirements relevant to the group audit.
B.
State licensure requirements applicable to all group locations.
C.
Generally accepted accounting principles relevant to the group audit.
D.
Contract billing requirements related to the group audit.
A
A CPA firm that audits entities with smaller reporting segments may use component auditors to perform audits at those reporting segments. The group engagement team collects the component auditors’ work near the end of the audit engagement and uses it to form an opinion about the entity’s consolidated financial statements.
The group engagement team has the overall responsibility of overseeing the audit and ensuring that it adheres to the applicable standards. Therefore, the group engagement team should request that component auditors explicitly communicate whether they complied with ethical (eg, independence, professional competence) requirements that apply to the group; the group should document all responses.
(Choice B) Compliance with state licensing is not a required communication for group audits. All CPAs are responsible for complying with their state licensing requirements.
(Choice C) Auditors comply with GAAS (auditing standards), not GAAP (reporting framework). However, auditors must understand GAAP to make judgements about the fair presentation of the financial statements. The client, not the auditor, is responsible for complying with GAAP when preparing the financial statements.
(Choice D) Although the group engagement team may set billing requirements for component auditors, communicating compliance with these requirements is not required under GAAS.
In planning an audit, an auditor should document in the working papers the auditor’s risk assessment of a material misstatement of the financial statements due to fraud. Which of the following should be included in workpaper documentation if risk factors are identified as being present?
A.
A copy of the report of the risk factor to the company’s legal counsel. (1%)
B.
Discussion of the risk factor with the client. (17%)
C.
Investigation of the risk factor. (13%)
D.
Those risk factors identified
Choice D (Correct): The auditor is required to document the consideration of fraud, including, the brainstorming session; procedures performed to obtain information used to identify risks of material misstatement due to fraud; identified risks of material misstatement; reasons revenue recognition was not considered a fraud risk factor, if appropriate; results of procedures performed in response to risk of management override of controls; other factors drawing the auditor to the conclusion that additional procedures were required; and the nature of communication about fraud. An auditor generally does not report risk factors to the company’s legal counsel. In the planning stage particularly, discussion of risk factors with the client might not be warranted, especially if the auditor believes that management potentially is involved in fraud. Later, some identified risk factors may be considered immaterial or already understood by the client and thus not require discussion. While investigation of risk factors might be documented, identified risk factors must be documented. Further, risk factors might not be investigated.
