Test 1 Flashcards
Purpose of Auditing
Complexity ( a lot of mistakes can happen)
Remoteness ( Oversees the Owners)
Consequences
Financial Statements are presented fairly, with the framework ( GAAP)
Levels of Auditing ( Strong to Weak)
- Audit ( an opinion on the F/S are presented fairly )
- Attestation ( mini audit, written conclusion on a subject matter, primarily financial information)
- Assurance ( independent professional services that improve quality )
Types of Audit Opinions ( Strong to Weak)
Unmodified ( AICPA ), Unqualified ( PCAOB)
Qualified ( OK, except for )
Adverse ( Not Okay)
Disclaimer ( No comment)
Sarbanes Oxley Act
Requirement of CEO/CFO certification of financial statements
Requirement of auditor examination of company internal controls
Creation of the Public Company Accounting Oversight Board
Prohibition of Certain Client Services by firms conducting a client’s audit
Audit Practice Standards
Public Entities ( Issuers)
- Rule Making Body (PCAOB)
- Standards ( AS, modified by Dockets)
Private Entities ( Non-Issuers)
- Rule Making Body ( AICPA)
- Standards ( AU )
Quality Control Standards for Accounting Firms
Leadership Responsibilities for Quality on Audit
- Rest With The Top ,
Relevant Ethical Requirements
- Code of Conducts
Acceptance and Continuance of Clients
-Client Integrity , Trash - In - Trash - Out
Human Resources
- Hiring training evaluations
Engagement Performance
- Supervision of Staff & Review of Workpapers
Monitoring
- Firm Must Monitor the items listed above
Public Company Accounting Oversight Board ( PCAOB)
Monitors Firms through Inspections
- Firm Auditing > 100 Public Entities ( every year)
- Firm Auditing < 100 Public Entities ( every 3 years)
Materiality
The magnitude of an Omission or misstatement of account information relies on Professional Judgement
-Quantitative Factors
- Qualitative Factors
Materiality Types
Materiality for Financial Statements as Whole
Performance Materiality ( AICPA)
Tolerable Misstatement
Materiality to certain transactions
Materiality for Financial Statements
Often to be used a % of revenues
- Used in Planning as well as evaluating the results of the audit
Performance Materiality
AICPA
- One or more accounts , set to reduce the probability that the aggregate of uncorrected and undetected misstatements in the financial statements exceeds materiality for the financial statements as a whole
- Tells us “ What” to do and “ Why”
Tolerable Misstatements
Is the application of performance materiality to a particular sampling procedure
Qualitative Factors of Materality
Discovery of Fraud, Loan covenant violation, Concealment of a change in an earnings trend
- CEO using company card for daughter airfare.
Audit Risk Model
AR = IR x CR x DR
- Inherent Risk x Control Risk x Detection Risk
Audit Risk
Risk that the audit may fail to modify the opinion on financial statements that are materially misstated
- Given but determines
Inherent Risk
In the absence of internal controls, the susceptibility of an account to misstatement
Measurable
- dollar size
- Volume of Transactions
-Compexity
Control Risk
The likelihood that a material misstatement would not be caught by the client’s internal controls
Factors affecting control risk include - existence ( or lack thereof)
High Internal Controls - Mean low risk
Detection Risk
Risk that a material misstatement would not be caught by audit procedures
Factors that auditors can use to affect detection risk include: NET
Plug Number in the Function
Nature
Type of Mix , Individuals Performing
Extent of Procedures
Sample Size, Number of Procedures
Timing
Performed Near Year-End or performed before year-end
Lowering Detection Risk
Nature - More Effective Test
Extent - More Test/ Samples
Timing - At Year End
Risk of Material Misstatement
A combination of Inherent Risk and Control Risk ( ROMM possibly)
Definition of Auditing
Systematic Process of objectively obtaining and evaluating evidence regarding assertions
PCAOB Management Assertions & Obligations
Existence or Occurrence
Rights & Obligations
Completeness
Valuation & Allocation
Presentation & Disclosure
Existence or Occurrence
Assets or Liabilities of an entity exist at a given date or the recorded transactions
Rights & Obligations
Assets are the rights of the entity, and liabilities are Obligations
Completeness
All transactions and accounts that should be presented in the financial statements are included
Valuation & Allocation
Transactions are recorded at the correct amount
Presentation & Disclosure
The components of the financial statements are properly classified, described, and disclosed
AICPA Management Assertions - Balance Assertions
Existence
Rights & Obligations
Completeness
Accuracy, Valuation & Allocation
Classifications
Presentations
Accuracy, Valuation & Allocation
Items are recorded at appropriate amounts, and any resulting valuation or allocation adjustments are appropriately recorded
Classifications
Assets, Liabilities, and equity have been recorded in proper accounts
Transaction Assertions
Income Statement
Occurrence
Completeness
Cutoff
Accuracy
Classifications
Presentations
Cut Off
Transaction have been recorded in the correct accounting period
Audit Procedures
Inspection
Observation
Inquiry
External Confirmation
Recalculation
Reperformance
Analytical Procedures
Inspection
Vouch
- From F/S to source documents
Trace
- From source documents to F/S
Observation
Looking at the process or procedure
Inquiry
Seeking Information from knowledgeable persons in financial roles
3 types of Procedures
Risk Assessment Procedures ( addresses IR)
Tests of Controls ( Addresses CR)
Substantive Procedures ( Address DR)
Evidence Appropriate
Reliability
Relevance ( assertion objective )
Evidence : Sufficent
Persuasive vs Convincing ( Persusaivve better)
Better Quality of Evidence less you need
As you lower $, you need more evidence ( proving 1 dollar vs 1000)
Client Acceptance
-Pre-engagement Planning / Client Acceptance
- Communication with Predecessor
-Engagement Letter
Engagement Letter
Agreed Upon Terms of the Audit
- Objective and Scope of the Audit ( GAAS)
-Responsibility of the Auditor ( Opinion)
- Responsibility of Mgt. ( internal controls )
- Inherent Limitations of an audit, internal controls, and risk material misstatements
-Applicable financial reporting framework ( GAAP)
-Expected form and content of any reports and circumstances may cause a different report
- Expectation management will provide representations
Risk Assessment - Overview
- Measures IR & CR
- Consider info from client acceptance
-Understand the company and its environment
-Perform planning analytical procedures
-Understand Internal Controls - Fraud Risk Assessment
-Identify Risk of Material Misstatement
-Identify Significant Accounts & Relevant Assertions
-Identify “ Significant Risk”
Analytical Procedures
” Smoke Detectors “
Study of Plausible Relationships among financial and non financial data and make expectations to gauge against.
Internal Control (COSO)
A process, effected by an etity’s board of directors, maanggement, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories
COSO
Control Environment
Risk Assessment
Information & Communication
Monitoring
Control Activities
Control Environment
- Demonstrates commitment to integrity and ethical values
- Exercises oversight responsibility ( and independence from management)
- Establishes structure, authority and responsibility
-Demonstrates commitment to competence
-Enforces Accountability
Risk Assessment ( COSO)
Specifies Suitable Objectives
-Identifies and Analyzes Risk
-Assesses Fraud Risk
-Identifies and Analyzes significant change
Information & Communication
- Communications Internally
- Communicates Externally
- Uses Relevant Information
Control Activities
-Selects and develops control activities
-Selects and develops general controls over technology
-Deploys through policies and procedures
Selects and Develops Control activities
-Physical Control over Assets
- Segregation of Duties
-Information Processing
-Performance Reviews
-Preventive v Detective Controls`
Segregation of Duties
- Custodial
-Recording
-Authorization
Monitoring
- Conducts ongoing and/ or separate evaluations
- Evaluate and Communicates deficiencies
Entity Level Controls
High Level Controls
Related to Management like overrides and period end financial statements
Walkthrough
Following a transaction from origination to financial records/statements
- Use the same documents that the company uses.
- Combination of inquiry, observation, inspection, and re-performance of controls ( need all )
WCGW
What could go wrong
- found during the walkthrough
Practices for Walkthrough
Need screen shots, documents, thorough interviewing
- Keep the perspective of the client. Understand the process.
Distinguish between process ( how you record a transaction) / control ( make sure it is accurate)
Fraud Overview
Fraudulent Financial Reporting ( External Audit)
Misappropriation of Assets ( internal Audit )
Financial Statements ( things to look for )
Errors
Management Fraud
Act of Noncompliance
Errors
Are unintentional misstatements or omissions
Management Fraud
Intentional misstatements or omissions
Act of Noncompliance
Violations of laws or government regulations by the company or its management or employees that produce direct and material effects on dollar amounts ( violation of FDA)
Brainstorming Session
” What could go wrong in relation to fraud?”
- Emphasize professional skepticism
-Identify fraud risk factors ( presume improper revenue recognition ) - Consider pressure, opportunity, rationale
- Consider risks of mgt. overrides
Fraud Triangle
Rationale
Pressure
Opportunity
Opportunity
Most Important aspect
- can be protected against by proper controls
Additional Procedures to Identify Fraud Risk Factors
Inquiry
- Management
-Those charged with governance
-Internal Audit
-In-house legal counsel
Planning Analytical Procedures
Different Types of Risk
Risk of Misstatement
Risk of Material Misstatement
Significant Risk
Risk of Misstatement
Simple mistakes
- failure to adjust prepaid insurance
Risk of Material Misstatement
Consider likelihood & magnitude.
At the financial level and assertion level
- receive goods just before year-end and fail to record payable
Significant Risk
Intentionally record sales in 20X1 that truly occurred in 20X2
Identify Significant Accounts
” If fraud could happen there m it has risk “
There is a reasonable possibility that a material misstatement could be associated with it
Volume , Dollar Size, Complexity, etc
Significant Risk
Risk that require special audit consideration because of the nature of the risk
Based on inherent risk without regard to controls
Test Controls
Design Effectiveness
Operating Effectiveness
Design Effectiveness
- Is it Set Up Right *
Determines whether the controls over financial reporting, if operating effectively
Operating Effectiveness
If the control is operating as designed and if the person operating it has the proper authority and qualifications
Different Deficiencies
Internal Control Deficiencies ( least severe)
Significant Deficiencies
Material Weakness ( Worst One)
Control Deficiencies
When the design or operation of a control does not allow the entity’s management or employees to detect or prevent misstatements in a timely fashion
Significant Deficiencies
Defined as conditions or combinations of conditions, that could adversely affect the organization’s ability to initiate record, process, and report financial data in F/S
- Not material but important to bring up to governance
( absence of appropriate separation of duties for example)
Material Weakness
A deficiency or combination of deficiencies that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis.
Examples of Significant Decencies
- Absence of appropriate separation of duties
-Absence of appropriate reviews and approvals of transactions
-Evidence of failure of control procedures
Examples of Material Weakness
-Restatement of previously issued financial statements to reflect the correction of a misstatement
-Evidence of material misstatements ( caught by the audit team) that were not prevented or detected by client’s internal controls
- Ineffective Oversights of Financial reporting process by entity’s audit committee
Indication of fraud ( either material or immaterial ) by senior management
Opinions on Internal Controls
Unqualified ( no material weaknesses found)
Disclaimer of Opinion ( cannot perform all of the procedures considered necessary )
Adverse Opinion ( one or more material weaknesses)
Reporting On Internal Controls
- Management Responsible
- Management’s Responsibility for internal control
-Identification of the framework ( usually COSO) - Management assessment of the effectiveness of internal control
- Auditors must provide opinion on the effectiveness of client’s internal control ( not a separate engagement )
Test of Controls
- Test of Design and Operating Effectiveness
- Assess Control Risk ( CR)
- Auditor Examines Payroll Summary Authorization for client manager’s signature or approval form
Substantive Testing
- Set Detection Risk ( DR)
-Supports the Balance or can propose AJE ( adjusted through NET)
Testing Controls ( Non Issuer v Issuer )
- Non Issuer can use Substantive Method ( just going straight to testing)
- Issuer has to use Internal Control Method ( relies on the internal controls of the clients and collect the rest through substantive testing ) m
Requirements for Issuers
- Opinion on Internal Controls ( Non- Issuers not required)
- Document Understanding of Internal Controls ( COSO)
- Top Down Approach (Non-Issuers not required by often given)
- Entity Level Controls (Non-Issuers not required by often given)
- Significant Accounts ( Non- Issuers not required by often given)
- Significant Risk
- Walkthroughs ( Issuers not required but often given)
- Test of Design
-Test Of Operating Effectiveness (Non-Issuers Not required but could be efficient)
- Identifying Significant Deficiencies & Material Weaknesses ( Non Issuers, Not required to find, but required to communicate)
Limitations of Internal Controls
- Human Error
- Collusion ( blocks segregation of duties )
- Management override
- Cost/ Benefit Analysis ( is it worth it to invest heavily to them)
Reliable Evidence
- Obtained from independent sources
- generated internally under effective internal controls
- obtained directly from auditor
- Is in documentary form
- Consists of Orginal Documents
Definition of an Audit
Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between the assertions and established criteria and communicating the results to interested users
