Performing Procedures in response to assessed risks Flashcards
Responsibilities for Auditors under AICPA Professional Standards
Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement.
Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained.
Assessing the Risk of Material Misstatement
A; Auditors Responsibility
The auditor should identify and assess the risks of material misstatement
1) At the financial statement level; and
2) At the relevant assertion level related to classes of transactions, account balances, and disclosures.
Responses to the Risks of Material Misstatement at the Relevant Assertion Level
Responses to the risks of material misstatement at the relevant assertion level- involve decisions regarding the nature, time, extent of further audit procedures.
- *Three types of audit procedures
1) Risk assessment procedures
2) Tests of control
3) Substantive procedures
Tests of control
To determine the operating effectiveness of controls
1) The auditor should perform tests of controls when the auditor’s risk assessment includes an expectation of the operating effectiveness of controls. (Note that this is frequently referred to as “relying” on internal control as a partial basis for the auditor’s conclusions, or “assessing control risk at less than the maximum level.”)
2) The auditor should also perform tests of control when substantive procedures alone do not provide sufficient appropriate evidence at the relevant assertion level. For example, when the entity uses IT extensively and no audit trail exists.
Evaluating the Sufficiency and Appropriateness of the Audit Evidence Obtained
1) An audit is an iterative process, so the planned audit procedures may need to be modified; for example, identified misstatements from substantive procedures may alter the auditor’s judgment about the effectiveness of controls.
2) Consider all relevant audit evidence—The auditor should consider all relevant audit evidence, whether it appears to corroborate or contradict the relevant assertions.
Documentation—The auditor should document the following:
1) The overall responses to address the assessed risk of misstatement at the financial statement level;
2) The nature, timing, and extent of the further audit procedures;
3) The linkage of those procedures with the assessed risks at the relevant assertion level;
4) The results of the audit procedures; and
5) The conclusions reached in the current audit about the operating effectiveness of controls tested in a prior audit.
Purpose of SAS
This Statement on Auditing Standards addresses the auditors responsibility to design and implement responses to the risks of material misstatement identified and assessed by the auditor in accordance with the clarified SAS and to evaluate the audit evidence obtained in an audit of F/S
When the operating effectiveness of a control is not evidenced by written documentation, an auditor should obtain evidence about the control’s effectiveness by
Inquiry and observation may be useful in evaluating the effectiveness of internal controls, including those that are undocumented.
When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor’s best course of action in such situations?
When evidence is available only in electronic form, the auditor may find that generalized audit software is the best and most efficient means of extracting evidence from client databases. Generalized audit software consists of programs that enable an auditor to perform tests on client computer files and databases.
When an auditor assesses control risk below the maximum level, the auditor is required to document the auditor’s
The auditor must always document his/her understanding of the entity’s internal control components as well as the basis for assessing control risk below maximum.
The objective of tests of details of transactions performed as tests of controls is to
EVALUATE whether an internal control structure policy or procedure operated effectively
Which of the following auditor concerns most likely could be so serious that the auditor concludes that a financial statement audit cannot be performed?
There is a substantial risk of intentional misapplication of accounting principles
