Unit 4 - Audit Risk Strategy in a Professional Engagement

Question 1

Define Audit Risk.

Answer 1

The risk (probability) that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.

Question 2

Which of the following audit risk components may be assessed in nonquantitative terms?

Control Risk
Detection Risk
Inherent Risk

Answer 2

Control Risk - Yes

Detection Risk - Yes

Inherent Risk - Yes

Question 3

What do professional standards identify as the two types of F/S related fraud?

Answer 3

Fraudulent financial reporting

Misappropriation of assets

Question 4

What are the 3 categories of risk factors in the “fraud triangle?”

Answer 4

Opportunities

Incentives/Pressures

Attitudes/Rationalizations

Question 5

What are fraud risks categorized as Incentives/Pressures?

Answer 5

Financial stability/profitability is threatened by economic conditions

Excessive pressure to meet the expectation of outsiders

Question 6

What are fraud risks categorized as Opportunities?

Answer 6

Major financial statement elements that involve significant estimates by management that are difficult to corroborate

Ineffective monitoring of management (e.g., domination of management by a single person or small group without compensation controls; ineffective board of directors or audit committee oversight

Complex or unstable organizational structure

Internal controls are deficient

Question 7

What are fraud risks categorized as Attitudes/Rationalizations?

Answer 7

Lack of commitment to establishing and enforcing ethical standards

Previous violations of securities laws or other regulations

Excessive focus by management on the entity’s stock price

Question 8

What are incentives/pressures to commit misappropriation of assets?

Answer 8

Employees who have access to cash or other assets have personal financial problems

Employees have adverse relationships with the entity under audit, including anticipated future layoffs or recent changes to benefits or compensation levels

Question 9

What are opportunities to commit misappropriation of assets?

Answer 9

When assets are inherently vulnerable to theft

Inadequate internal control over assets

Question 10

What are attitudes/rationalizations to commit misappropriation of assets?

Answer 10

Auditors may not be in a position to assess these.

Employee’s behavior indicates dissatisfaction with the entity under audit

Changes in employee’s behavior or lifestyle is suspicious

Employee exhibits disregard for internal control related to assets by overriding existing controls or failing to correct known deficiencies

Question 11

What are red flags from fieldwork that may affect the risk assessment?

Answer 11

Discrepancies in the accounting records - lack of support or suspicious errors

Conflicting or missing evidence - missing documents (or only available as copies)

Problematic relationship between the auditor and client personnel - undue time pressures or lack of access to records, etc.

Question 12

What are two elements that make up a firm’s quality control system?

Answer 12

Acceptance & continuance of clients and engagements. - Important for firm to have policies and procedures to do risk assessment and decide when to accept a new engagement opportunity as well as when to continue an existing client relationship

Relevant ethical requirements (with emphasis on independence). - Firm must have policies and procedures to establish that all personnel associated with the engagement meet AICPA ethics requirements.

Question 13

What are 5 matters that must be addressed (written or oral) with a predecessor auditor?

Answer 13

1. Information bearing on the integrity of management
2. Disagreements with management about accounting or auditing issues
3. Communications to those charged with governance about fraud and/or noncompliance with laws or regulations
4. Communications to management or those charged with governance about significant deficiencies in I/C
5. Predecessor’s understanding about reason for the change in auditors

Question 14

What are the 3 main phases of an audit?

Answer 14

Risk Assessment Phase - involves gaining an understanding of the client, identifying factors that may impact the risk of a material misstatement occurring in the financial statements, performing a risk and materiality assessment, and developing an audit strategy

Risk Response Phase - involves performing detailed tests of controls and substantive tests of transactions and accounts.

Reporting Phase - involving evaluating results of the detailed testing in light of the auditor’s understanding of the client, and forming an opinion as to the fair presentation of the client’s financial statements.

Question 15

What are three main areas involved in the Risk Response phase of an audit?

Answer 15

-Perform detailed tests of controls

-Perform substantive tests of transactions and accounts and make decisions about the extent and timing of detailed testing of account balances and transactions

-Determine whether they plan to rely on the client’s system of internal controls

Question 16

What is the concept of materiality?

Answer 16

The concept of materiality is used to guide audit testing and assess the validity of information contained in the financial statements and the notes to the financial statements.

Information is considered material if it impacts the decision-making process of users of the financial statements.

Materiality is a key auditing concept that is first assessed during the risk assessment phase of every audit.

Materiality guides audit planning and testing for the financial statements as a whole.

Question 17

What is the difference between qualitative and quantitative materiality?

Answer 17

Information is considered qualitatively material if it affects a user’s decision-making process for a reason other than its magnitude. Examples include: illegal actions, fraud, related parties, and going concern issues.

Information is considered quantitatively material if it exceeds the magnitude of an auditor’s planning materiality assessment. Auditors use their professional judgment to arrive at an appropriate planning materiality amount for each client (commonly a percentage).

Question 18

What is the difference between planning materiality and performance materiality?

Answer 18

Performance materiality is an amount set by the auditor that is less than planning materiality and is used to make decisions about the extent of audit procedures for a particular class of transaction, account balance, or disclosure.

Planning materiality is determined in the planning phase and is at an overall audit view. Performance materiality is more at an account level and should be less than the planning materiality.

The use of performance materiality should reduce the probability that the sum of immaterial and/or undetected misstatements in the financial statements is greater than materiality for the financial statements as a whole.

Question 19

Define Professional Skepticism?

Answer 19

Auditors must maintain a questioning mind and thoroughly investigate all evidence presented by the client.

Professional skepticism is an objective and inquisitive attitude adopted by auditors when conducting all phases of the audit.

Question 20

Au-C 200.A22 states auditors should be skeptical if any of the following arise during the audit:

Answer 20

Audit evidence recently gathered is contradictory to other evidence previously gathered

New information brings into question the reliability of client documents or responses to auditor inquiries

Conditions provide evidence of possible fraud

Situations indicate the need for additional audit procedures beyond what is required by generally accepted auditing standards or PCAOB standards

Question 21

Define inherent risk.

Answer 21

The first stage in audit risk assessment involves identifying accounts and related assertions most at risk of material misstatement. This is referred to as inherent risk.

Question 22

What is an assertion?

Answer 22

An assertion is a statement or representation, explicit or implied, made by management regarding the recognition, measurement, presentation, and disclosure of items included in the financial statements and notes.

Question 23

What is considered a significant risk?

Answer 23

A significant risk is an identified and assessed risk of material misstatement that, in the auditor’s judgment, requires special audit consideration. Risks may be classified as significant, when the risk:
-involves fraud
-is related to significant economic or accounting developments
-involves complex transactions
-involves significant related-party transactions
-involves significant subjectivity in measurement of financial information
-involves significant transactions outside the client’s normal course of business

Question 24

Define Control Risk.

Answer 24

Control risk is the risk that a client’s internal controls will not prevent or detect a material misstatement on a timely basis.

Auditors assess control risk to determine whether the client has controls in place that are designed to minimize the risk of material misstatement for each account and related assertion identified as being high risk by the auditors.

Question 25

What risks can auditors evaluate and what risks can auditors control?

Answer 25

Auditors can only evaluate the level of inherent and control risks.

Auditors can control detection risk by planning to perform more or less detailed audit procedures.

Question 26

Obtaining positive results from testing controls means that:

Answer 26

the auditor can plan to reduce the reliance on detailed substantive testing of transactions and account balances.

Question 27

Describe the audit strategy known as the predominantly “substantive approach”

Answer 27

The auditor will spend minimum effort testing the client’s system of internal controls.

With a substantive approach, the focus is on details rather than internal controls.

Question 28

What are the two components that make up risk of material misstatement?

Answer 28

1) the inherent risk of the company to make a misstatement

2) the control risk which determines the risk that the company’s internal controls will not prevent or detect a material misstatement

RMM = IR x CR

Question 29

DFG, PC is auditiing Plairtrack, Inc., a long-term audit client. Plairtrack has devoted substantial resources into its new division as it enters the high-tech pharmaceutical industry. DFG has determined that the inherent risk, due to Plairtrack’s new arrival to the industry, is 80%, but it’s control risk is a low 10% because they’ve been in business for 20 years. Due to DFGs familiarity with both the industry and Plairtrack, they have set the detection risk at 2%. What is Plairtrack’s risk of material misstatement?

Answer 29

RMM = IR x CR
Risk of Material Misstatement = Inherent Risk x Control Risk

RMM = 0.8 x 0.1 = 8%

Question 30

How is overall audit risk calculated?

Answer 30

Overall audit risk is calculated by considering the risk of material misstatement by the client and the risk that the auditor may not detect the misstatement (aka detection risk).

AR = RMM x DR

Question 31

When an auditor is investigating fraud associated with misappropriation of assets, what kind of fraudulent activity are they investigating?

Answer 31

Investigating misappropriation of assets typically involves some form of theft

Question 32

In terms of an audit, define a related party.

Answer 32

One party has the ability to influence the conduct of the other party

ex. buyer and seller

Question 33

In terms of an audit, define an arms-length transaction

Answer 33

A transaction conducted on such terms and conditions between a willing buyer and a willing seller who are unrelated and are acting independently of each other and pursuing their own best interests

Question 34

What are the procedures to identify the existence of related parties?

Answer 34

-Inquire of management

-Review prior year’s audit documentation

-Review SEC filings (for public companies)

-Review stockholder listings (for private companies)

Question 35

What are the procedures to identify transactions with related parties?

Answer 35

-Inquire of management

-Review minutes of meetings of those charged with governance

-Inspect documents related to large, unusual transactions (review debt agreements) ex. suspiciously low interest rates

Question 36

An audit committee of a publically traded company should be composed of:

Answer 36

members of the board of directors who are independent directors

Question 37

Which group of a company’s board of directors is an auditor likely to meet with throughout the audit?

Answer 37

Executive directors. The executive directors are employees of the company and have a deeper understanding of the company and its workings.

Question 38

Which benefit does an auditor realize from applying a reliance on a controls approach for an audit strategy?

a) The auditor can perform more substantive procedures at an interim date.

b) The auditor can increase sample sizes for substantive procedures.

c) The auditor eliminates the need for substantive procedures.

d) The auditor is relieved of requirements to consider the potential for fraudulent activities.

Answer 38

a) The auditor can perform more substantive procedures at an interim date.

A reliance on controls approach decreases the reliance for substantive procedures, so an auditor can perform substantive testing of certain accounts at an interim date instead of the balance sheet date.