MCQ 1 Flashcards
An overall response to address a high assessed risk of material misstatement at the financial statement level of a nonissuer may include
A.
Increasing reliance on results of internal control testing.
B.
Emphasizing the need for more accounting staff.
C.
Incorporating additional predictability into the selection of procedures.
D.
Providing more supervision of the audit team.
D
When planning and executing an audit, an auditor uses the audit risk model. As part of the process, the auditor identifies and assesses the risk of material misstatement (RMM) at the financial statement level and at the level of individual management assertions. RMM is the risk that the financial statements contain one or more material misstatements.
When the RMM at the financial statement level is high, the auditor responds by decreasing detection risk (ie, the risk that a misstatement will go undetected).
Detection risk can be reduced by:
Emphasizing professional skepticism
Assigning more experienced staff or specialists
Providing more supervision
Reducing predictability of procedures
Changing the nature, timing, and extent of procedures (eg, more substantive procedures)
(Choice A) If RMM is high because control risk is high, the auditor will decrease, not increase, reliance on controls. If RMM is high despite strong controls, relying on those controls cannot reduce detection risk.
(Choice B) Increasing the number of staff assigned to the engagement may allow the audit to proceed more quickly, but will not reduce the risk that a misstatement will go undetected. However, experienced staff or specialists might help detect a misstatement.
(Choice C) Making audit procedures more predictable will make it easier for unscrupulous client employees to mislead the auditor, increasing the risk that material misstatements will go undetected.
Which of the following factors would a CPA ordinarily consider in the planning of an audit engagement?
I. Financial statement accounts likely to contain a misstatement.
II. Conditions that require extension of audit tests.
A.
I only.
B.
II only.
C.
Both I and II.
D.
Neither I nor II
Choice C (Correct) and Choices A, B, D (Incorrect): When planning an audit engagement, the auditor will consider accounts likely to contain a misstatement (I) as those areas will require additional audit attention. The auditor will also consider conditions that require the extension of audit tests (II).
Which of the following factors most likely would cause a CPA not to accept a new audit engagement?
A.
Management reputation for failing to provide schedules to prior auditors on a timely basis.
B.
The CPA’s inability to review the predecessor auditor’s working papers.
C.
Management’s unwillingness to make all financial records available to the CPA.
D.
The CPA’s lack of understanding of the entity’s operations and industry.
C
Management must acknowledge its responsibility to provide auditors access to information (eg, financial records) relevant to the audit before the engagement is accepted. Unless required by law to accept the engagement, auditors should not accept if a client restricts access to information because it creates a client-imposed scope limitation. A scope limitation prevents auditors from obtaining sufficient evidence to form an opinion.
(Choice A) Although it may be difficult to work with clients when they don’t provide timely information, the auditor can plan around this issue and still perform the audit. It is not a reason to decline an engagement.
(Choice B) There are circumstances (eg, potential litigation, disciplinary proceedings) that may prevent the predecessor auditor from communicating with the successor. If this is the case, the predecessor must communicate the circumstance to the successor and the successor may still accept the engagement.
(Choice D) A client can be accepted if the auditor has the capability of obtaining an understanding of the entity’s operations or industry. Sometimes, auditors obtain this understanding after accepting the client by using specialists or during planning procedures.
Things to remember:
Unless required by law to accept the engagement, auditors should not accept if a potential client restricts access to relevant information (eg, financial records) because it creates a client-imposed scope limitation. A scope limitation prevents auditors from obtaining sufficient evidence to form an opinion.
When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor most likely would increase the
A.
Level of detection risk.
B.
Extent of tests of details.
C.
Level of inherent risk.
D.
Extent of tests of controls
Choice B (Correct) and Choices A, C, D (Incorrect): An increase in the assessed level of control risk results in an increase in the risk of material misstatement. To maintain an adequately low level of audit risk, the auditor must reduce, not increase, the level of detection risk. An increase in detection risk would cause the auditor to enhance the nature of audit procedures, using those that would be expected to be more effective, and increase the extent of procedures, such as tests of details. Inherent risk, which is beyond the control of the auditor, is the risk associated with the financial statement element and represents the risk that the item will be materially misstated if there are no controls in place to prevent it. Tests of controls are used to determine if controls can be relied upon to reduce control risk. These would only be increased if the auditor believed that more controls are potentially reliable than originally expected.
A person identified as an audit committee financial expert of an issuer generally must have acquired the attributes of a financial expert through any of the following experiences, except
A.
As a principal financial officer, principal accounting officer, controller, public accountant, or auditor.
B.
Serving on at least one other issuer’s audit committee or disclosure committee of the board of directors.
C.
Actively supervising a principal financial officer or principal accounting officer.
D.
Assessing the performance of public accountants with respect to preparation, auditing, or evaluation of financial statements.
B
Board of directors (BOD) members serve on functional committees such as the audit committee (A/C) to disburse the board’s responsibilities. The Sarbanes-Oxley Act requires that the A/C consist of independent members of the BOD. Independent members are not employed by the entity, are not shareholders, and have no financial relationship with the entity.
One member of the A/C must be a financial expert. Financial experts do not need to be CPAs; however, they must have (among other things) an understanding of the functions of the A/C and internal controls; an understanding of GAAP along with the ability to assess the application of GAAP to accounting estimates, accruals, and reserves; and experience auditing, preparing, analyzing, or evaluating comparable financial statements (F/S).
These requirements can be gained through experience:
as a principal financial or accounting officer, controller, public accountant, or auditor (Choice A).
in actively supervising any of the above positions (Choice C).
in overseeing or assessing companies or public accountants in the preparation, auditing, or evaluation of F/S (Choice D).
Serving on an audit committee or disclosure committee of the BOD does not provide an individual with the expertise necessary to serve as financial expert of an issuer. More in-depth experience, such as working as a controller, is required.
Things to remember:
The board of directors audit committee’s financial expert must understand GAAP and financial statements and has worked as a principal financial or accounting officer, controller, or public accountant.
An auditor uses the assessed level of control risk to
A.
Evaluate the effectiveness of the entity’s internal control policies and procedures.
B.
Identify transactions and account balances where inherent risk is at the maximum.
C.
Indicate whether materiality thresholds for planning and evaluation purposes are sufficiently high.
D.
Determine the acceptable level of detection risk for financial statement assertions.
Choice D (Correct): The auditor assesses control risk in order to set the level of detection risk to achieve the desired level of audit risk.
Choice A (Incorrect): The auditor evaluates the effectiveness of internal controls in order to determine the appropriate level of control risk.
Choice B (Incorrect): Inherent risk is the risk that an item will be materially misstated due to its nature, regardless of controls. It is not affected by the assessed level of control risk.
Choice C (Incorrect): The determination of materiality thresholds is done separately from the assessment of control risk.
Assessing control risk below the maximum level most likely would involve
A.
Performing more extensive substantive tests with larger sample sizes than originally planned.
B.
Reducing inherent risk for most of the assertions relevant to significant account balances.
C.
Changing the timing of substantive tests by omitting intermediate testing and performing the tests at year end.
D.
Identifying specific internal control policies and procedures relevant to specific assertions
D Control risk (CR) is the risk that a company's internal control (I/C) will not prevent or detect material misstatements. When deciding to test controls, auditors first obtain a general understanding of the control structure, policies, and procedures relevant to assertions (eg, completeness of revenue) they want to test. CR is initially set at maximum level but can be reduced if tests of controls indicate the control is effective. Thus, auditors may reduce, not increase, the number of substantive tests planned if effective controls are in place (ie, CR below maximum) because some risk is mitigated
(Choice C) Auditors would omit interim testing if CR were assessed at maximum level, not below maximum. A lower CR means that I/C can be relied on and auditors may perform more procedures at interim.
Which of the following matters is an auditor not required to communicate to an entity’s audit committee?
A.
Significant adjustments arising from the audit that were recorded by management.
B.
The basis for the auditor’s conclusions about the reasonableness of management’s sensitive accounting estimates.
C.
The level of responsibility assumed by the auditor under generally accepted auditing standards.
D.
The degree of reliance the auditor placed on the management representation letter
Choice D (Correct) and Choices A, B, C (Incorrect): The auditor would communicate with governance regarding significant adjustments arising from the audit as they may provide information about management’s integrity or competence, depending on whether the misstatements were considered intentional or unintentional. The auditor will communicate about the reasonableness of management’s estimates for similar reasons. The auditor will also communicate the level of responsibility being taken under GAAS to avoid a misunderstanding. The auditor will not, however, indicate the degree of reliance that will be placed on management’s representation letter, which is a matter of professional judgment.
Choose the correct statement(s), if any, regarding fraud risk factor(s) from the following:
I. Needlessly complex transactions present an opportunity for fraud.
II. Ineffective oversight by those charged with governance provides an incentive for fraud. III. Stock options that expire soon after the release of financial statements present an opportunity for fraud.
A.
I and III only
B.
I only
C.
I, II, and III
D.
None of the above
Choice B (Correct) and Choices A, C, D (Incorrect): When transactions are complex, many individuals within the entity will not understand the intricacies and, as a result, it becomes easier to deceive others, creating an opportunity to commit fraud. Ineffective oversight by governance also creates an opportunity for individuals to commit fraud but does not provide an incentive. When stock options are due to expire shortly after financial statements are issued, that creates an incentive to overstate results in order to increase the value of the options, but it does not provide an opportunity.
A CPA firm would best provide itself reasonable assurance of meeting its responsibility to offer professional services that conform with professional standards by
A.
Establishing an understanding with each client concerning individual responsibilities in a signed engagement letter.
B.
Assessing the risk that errors and fraud may cause the financial statements to contain material misstatements.
C.
Developing specific audit objectives to support management’s assertions that are embodied in the financial statements.
D.
Maintaining a comprehensive system of quality control that is suitably designed in relation to its organizational structure.
Choice D (Correct) and Choices A, B, C (Incorrect): The objectives of a system of quality control are to provide reasonable assurance that the CPA firm is in compliance with requirements of professional standards and that the firm issues reports that are appropriate under the circumstances. Establishing an understanding with the client, assessing the risk that errors and fraud may cause financial statements to contain material misstatements, and developing specific audit objectives to support management’s assertions are all specific requirements under GAAS that apply to a specific engagement while the system of quality control pertains to the firm as a whole.
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that
A.
Specified controls requiring segregation of duties may be circumvented by collusion.
B.
Entity policies may be overridden by senior management.
C.
Tests of controls may fail to identify procedures relevant to assertions.
D.
Material misstatements may exist in the financial statements.
Choice D (Correct): The primary objective of assessing control risk is to determine the risk that material misstatements exist in the financial statements that will not be prevented or detected and corrected on a timely basis by internal controls. The higher the control risk, the more likely financial statements are misstated.
Choice C (Incorrect): The possibility that tests of controls may fail to identify relevant procedures may be considered, but that is not the ultimate purpose of the assessment of control risk.
Which of the following is a correct statement regarding the nature and timing of communications between an accounting firm performing an initial audit of an issuer and the issuer’s audit committee?
A.
Prior to accepting the engagement, the firm must orally affirm its independence to the audit committee with all members present.
B.
The firm must address all independence impairment issues on the date of the audit opinion.
C.
Communications related to independence may occur in any form prior to issuance of the financial statements.
D.
Prior to accepting the engagement, the firm should describe in writing all relationships that, as of the date of the communication, may reasonably be thought to bear on independence.
D
Auditing standards of the PCAOB (Public Company Accounting Oversight Board) apply to audits of issuers (public entities). Auditors who provide auditing services to issuers must be independent. Independence means that the auditor is free from actual and perceived conflicts of interest. These interests can be financial or can be a result of a close relationship with the client.
PCAOB standards require that audit firms provide the audit committee with writteninformation about all relationships between the firm and the potential audit client that may impact the firm’s independence. This communication should be done prior to acceptance. Oral confirmation alone is not an acceptable means of communication (Choice A). In addition, discussions with the audit committee regarding independence must be documented and retained by the audit fir
Which of the following best describes what is meant by the term generally accepted auditing standards for a PCAOB audit?
A.
Rules acknowledged by the accounting profession because of their universal application.
B.
Pronouncements issued by the Auditing Standards Board.
C.
Measures of the quality of the auditor’s performance.
D.
Procedures to be used to gather evidence to support financial statements
Choice C (Correct) and Choices B, D (Incorrect): As implied by the term “standard”, generally accepted auditing standards (GAAS) represent benchmarks against which to measure the quality of the auditor’s performance. GAAS includes rules that are acknowledged by the accounting profession as well as procedures used to gather evidence, which enable the auditor to achieve quality. GAAS are communicated to the profession in the form of pronouncements issued by the Auditing Standards Board.
In assessing control risk, an auditor ordinarily selects from a variety of techniques, including
A.
Inquiry and analytical procedures.
B.
Reperformance and observation.
C.
Comparison and confirmation.
D.
Inspection and verification.
Choice B (Correct): Control risk is a function of the effectiveness of the client’s internal controls. The auditor assesses control risk by obtaining an understanding of internal control, observation to determine whether controls have been put into place and reperformance to verify that controls are effective.
Choice A (Incorrect): Inquiries are performed in obtaining an understanding of internal control and analytical procedures are used in planning, as substantive tests, and in evaluating the results of an audit, but not in the assessment of control risk.
Choice C (Incorrect): Comparison and confirmation are substantive tests and are not used in assessing control risk.
Choice D (Incorrect): Inspection of documents and verification are substantive procedures and are not used in assessing control risk.
Which of the following is(are) a correct definition of professional standards?
I. Procedures used by an auditor to gather evidence on which to base an opinion.
II. Measures of the quality of the auditor’s performance.
A.
I only.
B.
II only.
C.
Both I and II.
D.
Neither I nor II.
Choice B (Correct) and Choice C (Incorrect): Professional standards are measures of the quality of the auditor’s performance, not procedures used by an auditor to gather evidence.
An auditor may decide to assess control risk at the maximum level for certain assertions because the auditor believes
A.
Control policies and procedures are unlikely to pertain to the assertions.
B.
The entity’s control environment, accounting system, and control procedures are interrelated.
C.
Sufficient evidential matter to support the assertions is likely to be available.
D.
More emphasis on tests of controls than substantive tests is warranted/justified.
Choice A (Correct): When an auditor sets control risk at maximum, internal controls will not be relied upon and the opinion will be based entirely upon evidence gathered from substantive testing. The two primary reasons the auditor would not rely on controls are if the controls are weak, such as when policies and procedures are unlikely to pertain/relate to the relevant assertions, or if performing substantive tests is more efficient in conducting the audit.
Choice B (Incorrect): An entity’s control environment, accounting system, and control procedures should be interrelated/connected and, if effective, control risk might be set below the maximum level.
Choice C (Incorrect): Even if sufficient evidential matter is likely to be available, that does not necessarily mean performing substantive tests would be more efficient.
Choice D (Incorrect): A greater emphasis on tests of controls would be indicated when control risk is set below maximum, not at the maximum level.
If a statement from the Statements on Standards for Attestation Engagements (SSAE) provides that a procedure or action is one that the practitioner “should consider,” then which of the following interpretations is correct?
A.
The practitioner and management must agree on how the procedure will be performed.
B.
The consideration of the procedure is presumptively required, whereas carrying out the procedure is not required.
C.
The SSAEs use this term for special attestation engagements when referring to unusual situations outside the scope of the typical attestation engagements.
D.
Carrying out the procedure or action is required in all cases.
B
The Auditing Standards Board (ASB) has two levels of requirements for practitioners performing attestation services: unconditional and presumptively mandatory. These two requirements were established to provide clarity on how to interpret the standards.
The practitioner must always comply with unconditional requirements (Choice D). Presumptively mandatory requirements are those that the practitioner should consider but may depart from if irrelevant to the current circumstances, but the reason for departure should be documented.
(Choices A and C) The phrasing “should consider” indicates a presumptively mandatory requirement, not that the practitioner and management need to agree on how to perform the procedure. In addition, the phrase is not used to refer to unusual situations outside the scope of an attestation engagement.
According to the SEC, members of an issuer’s audit committee may not
A.
Establish procedures for employees to anonymously report fraud.
B.
Be responsible for the compensation of any registered public accounting firm employed by the entity to provide an audit report.
C.
Accept any consulting, advisory, or other compensation fee from the entity for services other than as a member of the board.
D.
Engage independent counsel as deemed necessary to carry out their duties
C
The audit committee (A/C) consists of independent members of the board of directors (BOD). Independent members are not employed by the entity, are not shareholders, have no financial relationship with the entity, and are otherwise unattached to the entity.
The Securities Exchange Act of 1934 specifies that an A/C member may receive compensation such as director fees, retainers, and meeting fees for serving on the board and/or committees but may not:
Accept any other consulting, advisory, or compensatory fee from the company.
Be affiliated with the company.
The A/C is responsible for overseeing the:
Financial reporting process, making certain that reliable information useful to stakeholders is available on a timely basis.
Appointment and compensation of the entity’s auditors (Choice B).
Establishment of appropriate internal controls, including programs for the prevention and detection of fraud.
Creation and publication of a code of ethics for senior financial officers.
Establishment of a process for employees to anonymously report concerns about accounting matters and/or fraud (Choice A).
Engagement of independent counsel as deemed necessary (Choice D).
Regarding a nonissuer’s compliance with laws and regulations, an auditor performing an audit of the entity’s financial statements is responsible for
A.
Obtaining a general understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with that framework.
B.
Preventing noncompliance with existing applicable laws and regulations that determine reported amounts and disclosures in the entity’s financial statements.
C.
Determining whether an act performed by the entity being audited constitutes noncompliance with existing applicable laws and regulations.
D.
Ensuring that the entity’s operations are conducted in accordance with the provisions of laws and regulations relevant to the entity’s financial statements.
A
Generally accepted auditing standards (GAAS) apply to audits of nonissuers (ie, private entities). The overall objectives of the independent auditor are to identify and assess risks, obtain sufficient evidence, and form an opinion. Auditing standards provide auditors with general guidelines for achieving these objectives, but it is up to the auditor to determine the appropriate procedures that will be performed.
The auditor is responsible for obtaining a general understanding of the client’s regulatory environment as part of the risk assessment procedures. This general understanding helps the auditor assess if applicable financial reporting laws and regulations are being followed. However, it is not the auditor’s responsibility to prevent noncompliance with existing laws and regulations (Choice B). Management is ultimately responsible for compliance.
(Choice C) Auditors are not responsible for determining whether an act constitutes noncompliance. The entity’s legal counsel makes that determination. The auditor is responsible only for a general understanding of the client’s regulatory environment to identify clear instances of noncompliance.
(Choice D) Management, not the auditor, is responsible for ensuring that the entity’s operations and reporting requirements are conducted in accordance with the provisions of laws and regulations.
Things to remember:
Independent auditors are responsible for obtaining a general understanding of an entity’s legal and regulatory environment in order to assess an entity’s compliance. However, it is management’s responsibility to ensure that the entity is operating and reporting its financial information in accordance with applicable laws and regulations.
Which of the following procedures would a CPA most likely perform in the planning of a financial statement audit?
A.
Obtain representations from management regarding the availability of all financial records.
B.
Communicate with the audit committee concerning the prior year’s audit adjustments.
C.
Make inquiries of the client’s attorney regarding pending and threatened litigation and assessments.
D.
Compare recorded financial information with anticipated results from budgets and forecasts.
Choice D (Correct) and Choices A, B, C (Incorrect): By comparing recorded financial information with expectations in the form of anticipated results from budgets and forecasts, the auditor can identify any unexpected amounts or relationships in determining the nature, timing, and extent of audit procedures to be applied. The auditor obtains representations about the availability of all financial records and makes inquiries of the client’s attorney near the conclusion of the audit, not during the planning. The auditor will communicate with those charged with governance regarding uncorrected misstatements related to prior periods on a timely basis, but not necessarily as part of the planning of the engagement.
As the acceptable level of detection risk decreases, the assurance directly provided from
A.
Substantive tests should increase.
B.
Substantive tests should decrease.
C.
Tests of controls should increase.
D.
Tests of controls should decrease.
Choice A (Correct): The auditor performs substantive tests to address detection risk. When detection risk is higher than acceptable, it is decreased by increasing substantive testing. Substantive testing can be decreased when the risk of material misstatement is low and a high level of detection risk is acceptable. Tests of controls are performed in the evaluation of control risk and are not related to detection risk.
Choose the incentive(s) for fraud, if any, listed below:
I. Promotions, compensation, or other rewards inconsistent with expectations.
II. Access to valuable inventory that is easy to resell. III. Known or anticipated layoffs.
A.
I and III only
B.
II only
C.
I, II, and III
D.
None of the above
Choice A (Correct) and Choices B, C, D (Incorrect): Incentives are the reasons that individuals commit fraud, which may be to make their performance appear better than it actually was to earn promotions, compensation, or other rewards; or to obtain resources in anticipation of layoffs. Access to valuable inventory creates the opportunity to commit fraud but would not be the incentive.
A successor auditor ordinarily should request to review the predecessor’s working papers relating to
Contingencies Internal controls
A.
Yes Yes
B.
Yes No
C.
No Yes
D.
No No
A
Successor auditors are required to initiate inquiries with predecessor auditors to obtain information that may help them determine whether to accept an initial audit engagement. The communications usually include a request to review the predecessor’s working papers to gain an understanding of significant events (eg, fraud, material weaknesses) relevant to client acceptance.
Working papers with details on contingencies and internal controls are useful to the successor because they have a direct impact on the effort needed to perform the audit. Contingencies are future events with uncertain outcomes and may lead to losses or liabilities for an entity (eg, litigation against an entity may result in a large financial settlement). Internal controls are rules or procedures used by an entity to ensure it achieves its objectives, including the prevention of fraud or material misstatements in financial statements.
A successor auditor is required to attempt communication with the predecessor auditor prior to
Making a proposal for the audit engagement Accepting the engagement
A.
Yes Yes
B.
Yes No
C.
No Yes
D.
No No
C
Because auditors need the potential client’s permission to communicate with the predecessor auditor, these inquiries normally occur after the audit proposal has been made. A proposal is not the same as an engagement letter, which confirms client acceptance.
Auditing standards require auditors to communicate with the predecessor auditor prior to accepting (but not proposing) an initial audit engagement. The purpose of the communication is to help the successor auditor determine whether to accept the initial audit engagement.