Unit 5 - ENGAGEMENT PLANNING Flashcards
When developing engagement objectives, what other factors must internal auditors consider?
The probability of Significant errors
Fraud
Noncompliance
Other exposures
Engagement scope defines
What will or will not be included in the engagement.
When establishing engagement scope, what factors do internal auditors generally consider?
Boundaries, subprocesses, and components of the area or process under review
In-scope versus out-of-scope locations
Time frame
Internal auditors must determine appropriate and sufficient resources to achieve engagement objectives. Define appropriate and sufficient.
Appropriate
Refers to the mix of knowledge, skills, and other competencies needed to perform the engagement.
Sufficient
Refers to the quantity of resources needed to accomplish the engagement with due professional care.
Engagement resource allocation is the responsibility of
Internal auditors.
Evidence is gathered during an audit engagement. What is the most persuasive form of evidence? What type of evidence is the least persuasive?
Most persuasive – Auditor’s physical examination
Least persuasive – Client oral testimony
Who makes assertions about the recognition, measurement, presentation, and disclosure of information in the financial statements?
Management.
Who performs procedures that test the validity of assertions made and assesses the risks of material misstatement?
Internal auditors.
List and define: Assertions about classes of transactions and events for the period.
Occurrence – recorded transactions and events actually occurred
Completeness – all transactions and events that should have been recorded were recorded
Accuracy – amounts and other data were recorded appropriately
Cutoff – transactions and events were recorded in the proper period
Classification – transactions and events were recorded in the proper accounts
List and define: Assertions about account balances at period end.
Existence – assets, liabilities, and equity interest exist
Rights and obligations – entity holds or controls the rights to assets, and liabilities are its obligations
Completeness – all assets, liabilities, and equity interests that should have been recorded were recorded
Valuation and allocation – assets, liabilities, and equity interests are included at appropriate amounts, and any adjustments appropriately recorded’
Match the assertion with the correct statement(s).
Assertion Statement Presentation and disclosure Balance Sheet Account balances Income
Statement
Transactions and events
Statement of Cash Flows
Notes to the financial statements
Assertion
Statement
Presentation and disclosure
Notes to the financial statements
Account balances
Balance Sheet
Transactions and events
Income Statement and Statement of Cash Flows
Explain why risk assessment procedures are performed.
To obtain an understanding of the entity and its environment, including internal control.
Define tests of controls as an audit procedure.
Tests the operating effectiveness of controls in preventing, or detecting and correcting, instances of noncompliance.
When are tests of controls required?
When the auditor’s risk assessment is based on an expectation of the operating effectiveness of controls
or
Substantive procedures alone do not provide sufficient appropriate evidence
What are substantive procedures used for?
To detect material misstatements at the relevant assertion level (transaction class, account balance, disclosure).
What are the three basic procedures performed by internal auditors to gather information?
Observing conditions
Interviewing people
Examining records
The internal auditors procedure of observation is effective for verifying whether
Particular assets exist
A certain process or procedure is being performed appropriately at a moment in time
For what purpose is interviewing especially helpful?
To obtain an understanding of client operations.
What are some of the predominant methods used to examine or inspect records in the audit activity?
Inspection of records or documents
Inspection of tangible assets
Verification
A direct, written response to the auditor from a third party used for audit evidence is called
Confirmation.
Explain the difference between a positive confirmation and a negative confirmation.
Positive confirmation – used when the amounts being confirmed are material. The recipient is asked to sign and return the letter with a positive assertion that the amount is either correct or incorrect.
Negative confirmation – used when the amounts being confirmed are immaterial or when controls are deemed to be functioning extremely well. It requires no response from the recipient unless the amount is disputed.
Describe tracing and vouching, and for which assertion it is used to gain assurance.
Definition Assertion Tracing Follows a transaction forward from the triggering event to a resulting event, ensuring that the transaction was accounted for properly. Completeness assertion
Vouching
Tracks a result backward to the originating event, ensuring that a recorded amount is properly supported.
Existence assertion
Define reperformance/recalculation.
Consists of duplicating the client’s work and comparing the results.
Define analytical procedures.
Evaluations of financial information made by an analysis of relationships among financial and nonfinancial data.
Why are analytical procedures used in the planning phase of an audit?
To identify the (1) existence of unusual transactions and events, (2) amounts, (3) ratios, and (4) trends that might indicate matters which require further investigation.
List common analytical procedures.
Analysis of common-size financial statements Ratio analysis Trend analysis Analysis of future-oriented information Internal and external benchmarking
Describe maturity models.
Maturity models provide the criteria for assessing the current state of a business process by establishing a systematic basis of measurement for describing the ‘as is’ state of a process.
A primary result of engagement planning is the preparation of the engagement work program. What is an engagement work program?
A document that lists the procedures (methods) to be followed during an engagement, designed to achieve the engagement plan.
What matters should be considered in preparing the engagement work program?
Engagement scope Management’s operating goals and objectives Means of achieving objectives A risk and control matrix Availability of essential resources Sample sizes Conclusions and judgments during planning Prior engagement communications
An internal auditing engagement consists of
Planning
Performing procedures
Communicating results
Monitoring progress
Describe Performance Standard 2200, Engagement Planning.
Internal auditors must develop and document a plan for each engagement, including the engagement’s objectives, scope, timing, and resource allocations. The plan must consider the organization’s strategies, objectives, and risks relevant to the engagement.
Describe Performance Standard 2201, Planning Considerations.
In planning the engagement, internal auditors must consider
The strategies and objectives of the activity being reviewed and the means by which the activity controls its performance.
The significant risks to the activity’s objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level.
The adequacy and effectiveness of the activity’s governance, risk management, and control processes compared to a relevant framework or model.
The opportunities for making significant improvements to the activity’s governance, risk management, and control processes.
List components of a survey.
Input from stakeholders Analytical procedures Questionnaires Interviews Observations Prior audit reports Other relevant documentation Process mapping Checklists
Why is input from stakeholders a survey component?
Stakeholders may be sources of information for the formulation of engagement objectives.
List some disadvantages of using checklists.
Providing a false sense of security that all relevant factors are addressed
Inappropriately implying that equal weight is given to each item
The difficulty of translating the observation represented by each item
Treating a checklist as a rote exercise rather than part of a thoughtful understanding of the unique aspects of the audit
Describe engagement objectives.
Broad statements developed by internal auditors that define intended engagement accomplishments.
How do objectives differ between assurance and consulting engagements?
Engagement
Objectives
Assurance
Must reflect the results of the preliminary assessment of risks relevant to the activity under review.
Consulting
Must address governance, risk management, and control processes to the extent agreed upon with the client.
