Planning

Question 1

When should a client preferably appoint an independent auditor?

Answer 1

Well before year-end, to give him time to analyze everything

Otherwise, it might cause him to give a lesser opinion

Question 2

What are some examples of management’s responsibilities as mentioned in an engagement letter?

Answer 2

• financials and accounting policies
• protection from fraud
• internal controls
• making financial info available to auditor
• correcting material misstatements

Question 3

As mentioned in the engagement letter, what is one important thing an audit is not designed to do?

Answer 3

Search for significant deficiencies in internal control (although the auditor should report any that he finds)

Question 4

What is optional to be included in an engagement letter?

Answer 4

Audit strategies, fees, additional services to be provided, etc.

Question 5

What planning procedures should be done at the beginning of the engagement?

Answer 5

• procedures for continuing the client relationship and for the particular engagement
• analyzing the client’s compliance with ethical rules

Question 6

What are some important things to consider for an overall audit strategy?

Answer 6

• factors that determine scope (e.g. basis of accounting, industry)
• deadlines
• factors that determine focus (e.g. areas with higher RMM)

Question 7

What does the auditor develop after specifying an audit strategy (i.e. auditing objectives)?

Answer 7

An audit plan (i.e. audit programs)

Plan and strategy can overlap and can change one another

Question 8

What is the purpose of an audit plan?

Answer 8

To map out audit procedures designed to reduce audit risk

Question 9

What procedures should be included in an audit plan?

Answer 9

Risk assessment procedures (determine RMM)

Further procedures following from these, including tests of controls and substantive procedures

Question 10

What should the auditor consider regarding involving a specialist?

Answer 10

Whether:

• it is necessary (especially for IT specialists)
• he will officially be part of the audit team

Question 11

What is the auditor required to do when supervising assistants?

Answer 11

Communicate with them about objectives, questions, MM, etc.

Review their work

Resolve disagreements

Question 12

When is a misstatement considered material?

Answer 12

If it would affect the judgment of a reasonable person relying on the financials

Factors can be quantitative or qualitative

Question 13

What are the two types of misstatements?

Answer 13

Known - actually found during the audit

Likely - based on an extrapolation of audit evidence (but also includes info based on accounting estimates the auditor deems unreasonable)

Question 14

What are the causes of misstatements?

Answer 14

Errors or fraud

Auditor should report fraud even if immaterial

Question 15

What are two kinds of fraud?

Answer 15

Fraudulent financial reporting

Misappropriation of assets (theft)

Question 16

What are two financial-statement-level considerations an auditor should make in determining audit risk and materiality level?

Answer 16

Pervasive risks (not strictly identifiable with particular assertions)

Whether to perform audit procedures at different locations

Question 17

What is the relationship between audit risk and materiality at the individual account level?

Answer 17

Inverse

E.g., risk of large misstatement is generally lower

Question 18

What would generally be required to reduce audit risk?

Answer 18

• more effective auditing procedure
• greater extent of procedure
• perform procedure closer to year-end

These are: nature, extent, and timing

Question 19

Should auditors have procedures to detect qualitatively material misstatements?

Answer 19

No, as it is impractical

Question 20

What are the two components of RMM?

Answer 20

Inherent Risk (IR) and Control Risk (CR)

Question 21

What is inherent risk?

Answer 21

Vulnerability of an assertion to misstatement by its nature, or irrespective of controls

E.g. cash can be stolen, complex calculations and difficult estimates can be wrong

Question 22

What is control risk?

Answer 22

Vulnerability of an assertion to misstatement due to a control not preventing it

Question 23

What is detection risk (DR)?

Answer 23

Risk that the auditor will not detect a material misstatement that exists

Relates to substantive procedures

Question 24

What are the two components of detection risk (DR)?

Answer 24

• Tests of Details (TD) Risk
• Analytical Procedures (AP) Risk

These are the risks when doing the two different kinds of substantive tests

Question 25

What is the “formula” for audit risk (AR)?

Answer 25

AR = RMM x DR
or
AR = IR x CR x DR

DR = TD x AP

These are all judgments, not strict mathematical formulas

Question 26

How is detection risk (DR) related to the RMM?

Answer 26

They are inversely related

E.g. if RMM is high, and the auditor wants a given audit risk (AR), then he should decrease DR by planning more auditing

Question 27

What is the main difference between RMM and DR?

Answer 27

RMM is the risk within the company itself, which the auditor analyzes but cannot change

DR is the risk within the audit procedures, so the auditor can control it

Question 28

How does the amount of substantive testing relate to DR?

Answer 28

Inversely

E.g. if the auditor decreases the level of acceptable DR, then more substantive testing is required

Question 29

When should an auditor perform substantive procedures for all relevant assertions?

Answer 29

Always, regardless of the level of DR desired

Question 30

How are benchmarks used in assessing materiality?

Answer 30

Auditor can pick out a measure suitable for the client, and use a % as a reference – though not a strict rule

E.g. net assets for an investment company, or total revenues, or gross profit

Question 31

How might the auditor determine the percentage of a benchmark for materiality?

Answer 31

• prior period numbers
• period-to-date numbers
• budgets or forecasts

Question 32

What is a tolerable misstatement?

Answer 32

The maximum amount of permissible misstatement for a given account or transaction-group

Usually set lower than the materiality level, in order to prevent an aggregate material misstatement for the whole financials

Question 33

What should the auditor do if discovered misstatements in aggregate are near the materiality level?

Answer 33

He should determine the risk that undetected misstatements could cause the aggregate to exceed the materiality level

Question 34

What must an auditor do if he discovers material misstatements?

Answer 34

Speak of them to management and TCWG

Question 35

What should an auditor request of management if he discovers a likely misstatement?

Answer 35

Depending on the type of likely misstatement, he should request mgmt:

• to analyze the whole population and make additional corrections
• to re-analyze assumptions for estimates
• to determine the amount of a misstatement that is likely to exist

Question 36

What should an auditor look for when analyzing individual misstatements?

Answer 36

• whether misstatements might offset each other

- whether prior-period misstatements might have been immaterial but have a material effect

Question 37

What are some factors involved in the qualitative evaluation of misstatements?

Answer 37

• changing a loss into income
• effect of misstatement on compensation or bonus
• effect on loan covenant arrangement
• legal requirements
• implications of fraud
• relevance to user needs

Question 38

What are inquiries?

Answer 38

Risk assessment procedures that involve requesting info from management and others

Question 39

What are analytics?

Answer 39

A risk assessment procedure that assesses ratios and other relationships

Ratios/relationships should be predicted first, so that deviant numbers are easier to identify

Question 40

What are other risk assessment procedures besides inquiries and analytics?

Answer 40

Observation and inspection

Prior period info

Fraud risk

Question 41

What are the different areas about the entity and its environment that the auditor should understand?

Answer 41

(1) Industry, regulatory, and external factors
(2) Nature of entity (e.g. governance, structure, financing, subsidiaries)
(3) Strategies and business risks (i.e. how the entity responds to external factors)
(4) Financial performance (esp. pressure on mgmt)
(5) Internal control

Question 42

What should the auditor document regarding the discussion of RMM in the financials?

Answer 42

• how and when the discussion occurred
• what was discussed
• who discussed it
• what was decided in response
• sources of info
• procedures performed

Question 43

What is the difference between a user organization and a service organization?

Answer 43

If an entity uses another organization to process transactions, the former is the user org. and the latter the service org.

Guidance for auditing these entities is in AU 324

Question 44

How independent should a service auditor be?

Answer 44

Should be independent of service organization, but not necessarily of users

Question 45

For a service audit, how are the type of engagement and type of report determined?

Answer 45

Determined by the service organization

Question 46

What are the two different kinds of reports that can be prepared by a service auditor?

Answer 46

Report on Controls Placed in Operation - determines whether controls are properly designed and implemented as of a given date

Reports on Controls Placed in Operation and Tests of Operating Effectiveness - like the above, but also tests whether controls provide reasonable assurance of effectiveness

Question 47

When are a service organization’s services considered part of the user’s information system?

Answer 47

If they affect:

• how transactions begin or are processed
• accounting records
• how financial statements are prepared

Question 48

How should the user auditor utilize the service auditor’s report on the service organization?

Answer 48

He should consider the service auditor’s reputation and the report’s quality and request additional procedures if necessary

The user auditor should not reference the service auditor’s report in his own opinion on the user’s financials

Question 49

Do auditors make legal determinations of whether fraud has occurred?

Answer 49

No, they are concerned foremost with material misstatement

Question 50

What is a primary area of concern for detecting fraudulent financial reporting?

Answer 50

Revenue – can be overstated or understated

Question 51

What is another term for misappropriation of assets (i.e. theft)?

Answer 51

Defalcation

Question 52

What are the three conditions conducive to fraud?

Answer 52

Incentive (pressure)

Opportunity

Attitude (rationalization)

Question 53

How should an auditor respond to a significant RMM for fraud?

Answer 53

Assign skilled personnel

Look closely at accounting principles and estimates selected by mgmt

Have some unpredictability in auditing procedures

Question 54

What are some further audit procedures that address possible fraud through management’s override of controls?

Answer 54

Examining journal entries, accounting estimates, and unusual transactions

Question 55

Is the auditor ordinarily allowed to disclose possible fraud to outside parties?

Answer 55

No, as client confidentiality forbids it

But there are exceptions (e.g. if legally required, successor auditor, subpoena)

Question 56

How does the RMM affect the timing of audit procedures?

Answer 56

Generally, for a higher risk, procedures should be performed nearer to period-end

Unpredictability helps too

Question 57

What does not count as an illegal act for auditing purposes?

Answer 57

Illegal activities done by personnel unrelated to the business’s activities

Question 58

What is the auditor’s main responsibility concerning illegal acts?

Answer 58

To discover the direct and material effect of illegal acts on the financials (same as for fraud)

Illegal acts with indirect effects are less important

Question 59

How might illegal acts have an indirect effect on financial statements?

Answer 59

Usually, if there is some violation of a regulation of the entity’s operations (e.g. OSHA, FDA), then the effect is indirect

Indirect effects are usually contingent liabilities because of some penalty

Question 60

Does a GAAS audit typically include procedures designed to discover illegal acts?

Answer 60

No

They do not provide any assurance that illegal acts or their contingent liabilities will be discovered

Question 61

What should the auditor do if he discovers an illegal act with a material effect on the financial statements, but the client has not accounted for it properly?

Answer 61

Express either a qualified or adverse opinion

Question 62

What 1995 legislation affects audits?

Answer 62

Private Securities Litigation Reform Act of 1995

Requires auditors to plan procedures that:

• detect illegal acts with a direct and material effect
• identify related-party transactions with a material effect
• discern an issuer’s ability to be a going concern

Question 63

What does the Private Securities Litigation Reform Act of 1995 require entities to do if an auditor notifies them of illegal activity?

Answer 63

Report it to the SEC within one business day

If not, then the auditor should do so and/or withdraw

Question 64

What 1977 legislation affects audits?

Answer 64

Foreign Corrupt Practices Act of 1977 (FCPA)

Forbids U.S. persons and foreign persons operating in the U.S. (and companies) from bribing foreign gov’ts

Question 65

Who is generally included in “those charged with governance” (TCWG)?

Answer 65

Board of directors and audit committee

Question 66

What should the auditor communicate to TCWG?

Answer 66

• Opinion
• Responsibilities of TCWG
• Issues related to independence
• Overview of audit
• Significant discoveries
• Discussions with management

Question 67

How should the auditor document communications with TCWG?

Answer 67

If in writing, he should retain them as such

If orally, he should document them