Test 2 Flashcards
PROBLEM I: What are the two Purposes of Internal Controls?
- Assess risk of material misstatement in financial statements
- Design nature, extent, and timing (NET) of audit procedures
PROBLEM I: What are the Limitations of Internal Controls? (LIST 4)
COCOC
1. Competence (unintentional; human error; misunderstanding of instructions; mistakes of judgment; fatigue)
- Obsolescence (error; change in operating environment)
- Collusion (fraud; failure to use segregation of duties that causes two or more people to collude)
- Override by Management (fraud; e.g. bonus tied to performance, “cook the books” to get results)
- Cost vs Benefit Constraints (e.g. small company)
PROBLEM II: List and Describe the COSO Internal Control Components (“C”)
CRIME
1. Control Environment (“Tone at the Top;” auditor obtains a detailed understanding of Co’s internal controls; CHOPPER)
PROBLEM II: List and Describe the COSO Internal Control Components (“R”)
CRIME
2. Risk Assessment (affected by internal and external circumstances; e.g. changes in personnel, rapid growth of organization, corporate restructuring; expansion/acquisition of foreign operations)
PROBLEM II: List and Describe the COSO Internal Control Components (“I”)
CRIME
3. Information and Communication System (relating to AIS)
e.g. identify and record all valid transactions, ensure proper recording of transactions in appropriate time period, measure proper monetary value of transactions
PROBLEM II: List and Describe the COSO Internal Control Components (“M”)
CRIME
4. Monitoring (assess the quality of internal controls performance over time)
-Ongoing Monitoring (regularly performed supervisory and management activities)
-Separate Evaluations (non-routine basis)
PROBLEM II: List and Describe the COSO Internal Control Components (“E”)
CRIME
5. Existing Control Activities (policies and procedures; PIPS/ARCC)
-performance reviews, information processing (IT), physical controls, segregation of duties
-authorization of transactions, recording of transactions, custody and security
What is the difference between Attribute and Variable sampling?
Attribute = used to estimate the extent to which a characteristic exists within a population
-used in the auditor’s testing of INTERNAL CONTROLS)
Variable = used to estimate the amount (or value) of some characteristic of a population
-used in the auditor’s SUBSTANTIVE PROCEDURES
PROBLEM III (MATCHING): Is the following Attribute or Variable Sampling?
Auditors conclude that internal controls are functioning effectively when they are actually not (incorrect decision)
Attribute (Risk of Overreliance)
PROBLEM III (MATCHING): Is the following Attribute or Variable Sampling?
Audit risk is not reduced to sufficient level
Attribute (Risk of Overreliance)
PROBLEM III (MATCHING): Is the following Attribute or Variable Sampling?
Effectiveness loss
Attribute (Risk of Overreliance)
PROBLEM III (MATCHING): Is the following Attribute or Variable Sampling?
Auditors conclude that internal controls are not functioning effectively when they actually are (incorrect decision)
Attribute (Risk of Underreliance)
PROBLEM III (MATCHING): Is the following Attribute or Variable Sampling?
Perform more effective substantive procedures than necessary (efficiency loss)
Attribute (Risk of Underreliance)
PROBLEM III (MATCHING): Is the following Attribute or Variable Sampling?
Auditors concluded that the account is not materially misstated when it actually is
Variable (Risk of Incorrect Acceptance)
PROBLEM III (MATCHING): Is the following Attribute or Variable Sampling?
Issue incorrect opinion on misstated financial statements (effectiveness loss)
Variable (Risk of Incorrect Acceptance)
PROBLEM III (MATCHING): Is the following Attribute or Variable Sampling?
Auditors concluded that the account is misstated when it actually is not
Variable (Risk of Incorrect Rejection)
PROBLEM III (MATCHING): Is the following Attribute or Variable Sampling?
Perform more effective substantive procedures than necessary (efficiency loss)
Variable (Risk of Incorrect Rejection)
What is the audit risk formula?
AR = IR x CR x DR
Inherent and Control Risk x Detection Risk
In pre-engagement planning, what is a requirement of an auditor before communicating with predecessor auditors to accept the engagement?
Must get company management approval to be able to “attempt” to communicate with previous auditors
What is an Engagement Letter?
contract with the client to ensure a clear understanding of the services that the CPA provides
-objectives
-responsibilities of management
-inherent limitations of an audit
-applicable financial reporting framework
-expected form and content of reports issued
-the timing of procedures
-arrangements of fees and billing
What is the Audit Plan/Program?
REQUIRED comprehensive list of the specific audit procedures that the audit team needs to perform to gather sufficient appropriate evidence on which to BASE THEIR OPINION on the financial statements
What is Materiality?
amount at which judgment or decisions based on financial statements may be altered
-use professional judgment
-Quantitative ($ amount) - 3-5% of net income
-Qualitative
What is Materiality used in?
-planning the audit (used as a guide)
-evaluating audit evidence (used as a guide)
-making decisions about the audit report (used as a guide)
What is the purpose of Audit Procedures?
- gain an understanding of the client and risks associated with them
- test the OPERATING EFFECTIVENESS of client’s internal controls
- produce evidence about management’s assertions
What are Tests of Controls and when are they used?
test the operating effectiveness of controls in preventing or detecting material misstatement
used at interim date = before/close to year-end)
What are Substantive Procedures and when are they used?
designed to detect material misstatements of relevant assertions
used after year-end
What are examples of Substantive Procedures?
-Inquiry
-Inspection of records or document (audit trail)
-Inspection of tangible assets
-Observation
-External conformation
-Recalculation
-Reperformance
-Analytical procedures
What is Tracing?
from source document to G/L
tests COMPLETENESS
What is Vouching?
from G/L to source document
tests EXISTENCE
What is the primary purpose of Audit documentation?
represent that audit was performed in accordance with GAAS and expresses the auditors’ opinion
How should the audit documentation be treated?
Confidential (NOT privileged)
Who has ownership of the audit working papers?
the auditors (not the client)
What is the audit documentation retention period for public companies? Private?
Public (issuers) = 7 years
Private (non-issuers) = 5 years
When must audit documentation be completed for both public and nonpublic companies?
Public = 45 days
Private = 60 days
What is Audit Risk?
the risk that the auditors may UNKNOWINGLY fail to appropriately modify their opinion on financial statements that are materially misstated
What is Inherent Risk?
risk of material misstatement of an assertion BEFORE considering client’s internal controls
Which transactions have higher inherent risk? Lower?
Routine = lower
Non-routine = higher
Estimation = higher
What is Control Risk?
risk of material misstatement of a relevant assertion that is not prevented or detected by client’s internal controls
What is Detection Risk?
risk that the auditors will fail to detect a material misstatement of a relevant financial statement assertion
How is audit risk reduced?
Increasing scope of audit procedures by:
-selecting a more effective procedure
-performing procedures closer to balance sheet date
-increasing extent of tests
What is the relationship between audit risk and audit tests?
Higher audit risk = increased substantive procedures
Lower audit risk = decreased substantive procedures
What is Fraud Risk?
intentional distortions of financial statements by company’s management
What can be done to determine Inherent Risk?
-nature of industry
-business structure
-development of technology
-plant tour
-major contracts
-code of conduct
When is it required that analytical procedures be performed?
planning phase and also during substantive phase
TRUE OR FALSE: Must management disclose any material weakness
TRUE
What does SOX require auditors to report of a public company?
effectiveness of internal controls, which is conducted along with financial statement audit (INTEGRATED AUDIT)
What are the objectives of COSO (“ACE”)
Accurate and reliable GAAP F/S
Compliance with laws and regulations
Effectiveness and efficiency of operations
How are the client’s internal controls documented and understood? (“FIN”)
Flowcharts
Internal control questionnaires
Narrative
If I/C is high, what about CR and DR, and what must happen regarding testing?
CR = low
DR = high
less substantive testing
If I/C is low, what about CR and DR, and what must happen regarding testing?
CR = high
DR = low
more substantive testing
What is a Management Letter?
provides input to client management for suggestions on internal controls, operational efficiencies, etc.
What is Sampling?
process of making a statement about a population of interest by examining a subset of that population
What causes sampling risk?
selecting a nonrepresentative sample
What type of sampling do auditors use their judgment in determining sample size
nonstatistical sampling
