Upgrade to remove ads
Terms in this set (10)
The risks of material misstatement (RMMs) should be assessed in terms of
Financial statement assertions.
bc: The auditor's objective is to identify and assess the RMMs, whether due to fraud or error, at the financial statement and relevant assertion levels. This objective is achieved through understanding the entity and its environment, including its internal control. The understanding provides a basis for designing and implementing responses to the assessed RMMs (AU-C 315 and AS 2110).
The ultimate purpose of understanding the entity and its environment and assessing the risks of material misstatement is to contribute to the auditor's assessment of the risk that
Material misstatements may exist in the financial statements.
bc: The auditor's objective is to identify and assess the RMMs, whether due to fraud or error, at the financial statement and relevant assertion levels. This objective is achieved through understanding the entity and its environment, including its internal control. The understanding provides a basis for designing and implementing responses to the assessed RMMs (AU-C 315 and AS 2110). Moreover, the auditor's overall objectives in an audit include obtaining reasonable assurance about whether the statements as a whole are free from material misstatement (AU-C 200).
The auditor should perform tests of controls when the auditor's assessment of the risks of material misstatement includes an expectation of the operating effectiveness of internal control or when
Substantive procedures alone cannot provide sufficient appropriate audit evidence at the relevant assertion level.
bc: Answer (D) is correct.
For some RMMs, the auditor may determine that it is not feasible to obtain sufficient appropriate audit evidence only from substantive procedures. These RMMs may relate to routine, significant transactions subject to highly automated processing with no documentation except what is recorded in the IT system. In such circumstances, the controls over the RMMs are relevant to the audit. Thus, the auditor should obtain an understanding of, and test, the controls.
When assessing the risks of material misstatement at a low level, an auditor is required to document the auditor's
Understanding of the Entity's Control Environment
Overall Responses to Assessed Risks
bc: The understanding of the components of internal control, including the control environment, should be documented regardless of the degree of risk (AU-C 315). The overall responses to the assessed RMMs at the financial statement level also should be documented (AU-C 330).
Samples to test controls are intended to provide a basis for an auditor to conclude whether
The controls are operating effectively.
bc: Tests of controls obtain evidence about the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. Tests of controls address (1) how they were applied at relevant times during the period, (2) by whom or by what means they were applied, and (3) the consistency of their application during the period. Prior to performing tests of controls, the auditor evaluates whether they are suitably designed to prevent, or detect and correct, material misstatements in relevant assertions (AU-C 330).
After obtaining an understanding of internal control, an auditor of a nonissuer's financial statements may place no reliance on controls for some assertions because the auditor
Believes the controls are unlikely to be effective.
bc: The assessment of risks is a basis for choosing the audit approach. A substantive audit approach is based only on substantive procedures. A combined audit approach applies tests of controls and substantive procedures. For example, the risk assessment procedures may not identify effective controls for the relevant assertion, or testing controls may be inefficient, e.g., because client documentation is not available. The result is that controls are not a factor in the risk assessment. In these cases, if the auditor adopts the substantive audit approach, (s)he needs to be satisfied that it will be effective in reducing audit risk to an acceptable level. For example, the substantive audit approach may not be feasible when the processing of routine transactions is highly automated with little manual intervention. In this case, the combined audit approach is chosen.
The portion of the audit plan for a financial statement audit that describes further audit procedures usually cannot be developed until the
Understanding of the entity's internal control has been completed.
bc: The audit plan develops over the course of the audit. Thus, planning for risk assessment procedures occurs early in the audit. However, the nature, timing, and extent of further audit procedures cannot be determined until the auditor has performed risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the statement and assertion levels.
Which of the following procedures is considered a test of controls?
An auditor interviews and observes appropriate personnel to determine segregation of duties.
bc: When the auditor observes the operation of a control, (s)he can evaluate its effectiveness at a moment in time. Observing that different personnel perform appropriate duties provides evidence of proper segregation.
An auditor who decides not to rely on controls should
Document the further audit procedures performed.
bc: The auditor performs further audit procedures in response to the assessed risks of material misstatement at the assertion level. The auditor should document the nature, timing, and extent of further audit procedures. Documentation is necessary even if the auditor emphasizes substantive procedures and does not use tests of controls. For example, (1) risk assessment procedures may not have identified any effective controls relevant to the assertion, or (2) testing controls might be inefficient (AU-C 330).
If an auditor is obtaining an understanding of an issuer's information and communication component of internal control, which of the following factors should the auditor assess?
The classes of transactions in the issuer's operations that are significant to the issuer's financial statements.
bc: According to AS 2110, the auditor should obtain a sufficient understanding of each component of internal control over financial reporting to (1) identify the types of misstatements, (2) assess the factors that affect the risks of material misstatement, and (3) design further audit procedures. Thus, the auditor should obtain an understanding of the information system, including the related business processes, relevant to financial reporting. This understanding includes the classes of transactions in the issuer's operations that are significant to the issuer's financial statements.
This set is often in folders with...
Audit Exam 2 Chapter 5
Chapter 5: Internal Control Concepts and IT
You might also like...
Chp 7 (exam 2)
Audit Chapter 12
Other sets by this creator
BLAW 461 - Final
BLAW 461 Mid-Term
BLAW 461 Midterm
Other Quizlet sets
GLEIM EXAM 2
Audit SU 3
Gleim 5 - Chapter 7