Week 8 Flashcards
ISA 402 ‘Audit considerations relating to an entity using service organisations’ deals with…?
the auditors responsibility to obtain sufficient appropriate audit evidence when a client outsources functions
examples of functions that may be outsourced to third parties?
payroll,
receivables,
the entire finance function
when a service organisation is used, what 4 things must an auditor do?
1) gain understanding of the services being provided
2) assess how the service provider implements their internal controls
3) visit the service provider and perform tests of control
4) contact the service provider’s auditor
define sampling
the application of audit procedures to less than 100% of a population
what must a sample be?
representative of the population
which two ways can audit risk be minimised?
- increase sample size
- stratification
define stratification
dividing a population into subpopulations
each subpopulation has similar characteristics
e.g., payroll can be divided into production staff, admin staff, management staff
statistical sampling methods?
computerised sampling methods
random selection (using randomised function)
systematic selection (randomising, but choosing every 1000th)
monetary selection (selecting only high value items)
non statistical sampling methods?
sampling methods by humans
haphazard selection (human picking randomly)
block selection
sequential selection (selecting every 5th item)
difference between deviation and misstatement?
deviation refers to issues identified during tests of control
misstatement refers to issues identified during substantive testing
if deviations are found, what happens?
more substantive testing will be needed
because the internal controls aren’t reliable, numbers will require more testing
if misstatements are found, what happens?
if it exceeds tolerable level threshold, the auditor will extend the sample size
if misstatement is isolated, it’ll be ignored
when a misstatement is found, is it extrapolated?
yes
e.g., 2% error in £1m sample (£20,000) = 2% error in £20m population (£400,000)
CAAT’s?
computer assisted audit techniques are used to test controls in a computerised environment
dummy data is put into a client’s system to assess if the system properly processes the data
advantages and disadvantages of CAAT’s?
advantages = can be cost effective as long as systems aren’t changed
disadvantages = may be inconvenient to use live client systems
define data analytics
the science of examining large datasets to draw conclusions
management expert?
auditor’s expert?
management expert = expert appointed by management to provide management with evidence which will be relied upon by auditor
auditor’s expert = expert appointed by auditor to help the audit in specialised situations
what are the effects of controls on the audit?
the better controls are, the more the auditor can rely on them and the less substantive testing that will be needed
- less procedures need to be conducted at year end
- less location visits are necessary
- more reliance can be placed on analytical review & management judgement
- less expert/3rd party evidence required
what are some inherent limitations of internal controls?
- human error
- collusion of staff circumventing controls
- management override
- use of management judgement
can auditors ever eliminate the need for substantive procedures?
no
what are the components of internal controls?
- control environment
- entity’s risk assessment
- information systems
- control activities
- monitoring
what are the two types of IT controls?
general controls = procedures that relate to many applications
application controls = procedures that apply to individual areas within the system
