Upgrade to remove ads
ACC456: Exam 2
Terms in this set (161)
Who has primary responsibility for the audit?
What does audit engagement supervision entail? (3)
Informing team members of their responsibilities
Directing team members to escalate significant accounting/auditing issues
Reviewing the work of team members to determine the quality of work done
What does the extent of audit supervision depend on? (4)
Nature of the company, including size and complexity
Nature of assigned work
Risks of material misstatement
Knowledge, skill, and ability of each team member
What does the engagement quality reviewer do?
Evaluates significant judgements and the related conclusions reached in forming the overall conclusion and opinion
(partner level, within or outside of the firm)
How long do you have to wait before a person can serve as an EQR for a past client?
When does the EQR give approval?
They give concurring approval when they are not aware of any significant engagement deficiencies
( gives negative assurance)
When would an EQR not give concurring approval? (4)
Sufficient appropriate evidence not obtained
Inappropriate overall conclusion reached
Report is inappropriate, given the circumstances
Firm is not independent
When ma the audit report be used?
Only after the EQR grants approval
Written record of the basis for the auditor's conclusions that provides the support for the auditor's representations, whether those representations are contained in the auditor's report or otherwise
What are the objectives of audit documentation? (6)
Integral part of audit quality
Documents NET of work performed
Evidence of due care (i.e. GAAS)
Basis for conclusion
Facilitates planning, performance, and supervision
Provides basis for review
Who can audit documentations be reviewed by? (5)
What should any audit documentation communicate? (3)
What is the function of audit documentation? (4)
Provide a clear link to significant findings/issues
Demonstrate compliance with professional standards
Support basis for conclusions for each relevant assertion
Demonstrate that accounting records agree with financial statements
What is the required level of detail for audit documentation?
Sufficient detail to enable an experienced auditor having no previous connection with the engagement to:
Understand the NET of procedures, results, and evidence, and conclusions
Determine who performed the work, date of work, reviewer, and date of review
Permanent files (central repository)
Information of continuing audit significance
What are examples of permanent files? (4)
Includes the entire engagement file for the year under audit
Includes all documentation sufficient to support audit conclusions
Who owns audit work papers?
When can auditors disclose work papers without the client's permission? (5)
Investigation by the state board of accountancy/PCAOB/Peer review
To comply with legal/regulatory requirements
If client sues auditors, the auditor's attorney can ask for the work papers
Required by funding agency if client receives government funding/financial assistance
How long do you have to retain documentation for an issuer?
Finalize within 45 days and retain for 7 years from report release date
If no report, retain from last day of fieldwork (when work is substantially complete)
How long do you have to retain documentation for a non-issuer?
Finalize within 60 days and retain for at least 5 years
What changes are you allowed to make to audit documentation once it has been finalized?
May add information but must not remove any documentation
(need to include date added, person, and reason)
Why do auditors perform procedures? (3)
To gain an understanding of the client and the risks associated with the client (risk assessment procedures)
To understand and test the operating effectiveness of client's internal control activities (test of controls)
To obtain evidence about management's assertions related to accounts and disclosures in the F/S (substantive procedures)
What do risk assessment procedures require?
Consideration of external and company-specific factors
What are the two approaches to substantive procedures?
Substantive analytical procedures
Tests of details
What are the two kinds of tests of details?
Test of balances
Test of transactions
Which kind of substantive procedure is more effective?
Test of details
In general, how do risks need to be identified and assessed?
At the F/S and assertion levels
In general, how do auditors perform risk assessment procedures? (6)
Use information obtained from performing risk assessment procedures
Evaluate the types of potential misstatements that could result from identified risks and how things could be affected
Identify significant accounts and disclosures and their relevant assertions
Determine whether any of the identified/assessed risks of material misstatement are significant risks
Evaluate whether the identified risks are pervasive
Assess the magnitude/likelihood of potential misstatements
What does magnitude refer to?
What does likelihood refer to?
What is the general approach to risk assessment procedures?
What components should be considered when gaining an understanding of the client's business/environment for risk assessment purposes? (5)
Industry, regulatory, and other external factors
Nature of the company
Selection and application of accounting principles/disclosures
Company objectives, strategies, and related business risks
Company's measurement and analysis of financial performance
What are good information sources for risk assessment context? (2)
General business sources
What is the audit objective regarding related parties?
To determine if related parties and RPT have been identified, accounted for, and disclosed in the F/S
Why are RPT important?
Because they impact RMM and have fraud implications
What should auditors do regarding RPT? (5)
Obtain an understanding of related parties (nature of relationship) and RPT
Make inquiries of management, audit committee, knowledgeable others
Communicate to audit team
Test the accuracy and completeness of RP, RP nature, and RPT
Communicate critical matters about RP and RPT to the audit committee
What should auditors understand regarding related parties and RPT? (2)
The client's process for identifying RP and RPT, authorizing, accounting for, and disclosing RPT
The business purpose (or lack) of the transactions
How can auditors test the accuracy and completeness of RP, RP nature, and RPT? (4)
Read minutes of meetings
Read related documents, proxy statements, SEC filings, etc
Evaluate uncollected amounts, loan commitments, guarantees, etc
Read the F/S notes and verify the appropriateness of the RP and RPT disclosures
What is the auditor's responsibility regarding accounting estimates? (4)
Evaluate the reasonableness of the accounting estimates in the F/S as a whole and more specifically ensure:
All estimates that could be material to the F/S have been developed
Accounting estimates are reasonable in the circumstances
Estimates align with GAAP and are properly disclosed
How do auditors evaluate accounting estimates?
Determine the need for estimates
Understand how estimates are developed and test related controls
Test the process used, develop an independent expectation, or review subsequent events relating to the estimate
Consider key factors and assumptions
Look at client's experience with estimates (biases, deviations)
Why would an accounting estimate be needed? (2)
Uncertainty (i.e. outcome of a future event)
Data not readily available
What is management responsible for regarding accounting estimates? (2)
Establishing a process for estimates
Establishing and maintaining internal control over estimates
How do accounting estimates impact RMM? (3)
The complexity, subjectivity, reliability, and relevance of data Number/significance of assumptions
Degree of uncertainty with assumptions
What does understanding the internal control over financial reporting entail?
Evaluating the design and implementation of relevant controls
(design existence and effectiveness)
What procedures are used to understand the ICFR? (4)
Observation of operations
Inspection of documents
What components should auditors understand for ICFR? (5)
Company's risk assessment process
Information and communication
Monitoring of controls
Why are walkthroughs performed? (3)
Understand the flow of transactions in the information system
Evaluate the design of controls relevant to the audit
Determine whether those controls have been implemented
Following a transaction from origination through the company processes until it reflects in the financial records, using the same documents and IT system company personnel use
(helps determine if a control is missing or not designed effectively)
Analytical procedures (reasonableness tests)
Evaluation of F/S accounts by developing expectations about what account balances should be based on an analysis of relevant financial and nonfinancial data and comparing the expectation to a recorded balance
When are analytical procedures required? (2)
At completion (when performing the review of the financial statements near the end of the audit before the audit report is issued)
When are substantive analytical procedures optional?
During testing (if not used, need to test of details instead)
What kind of information should be used when conducting analytical procedures?
Independent (of accounting) and reliable information
What are the purposes/benefits of preliminary (planning) analytical procedures? (2)
Enhance understanding of the client's business and the significant transactions/events that have occurred since PYE
Attention directing to identify problem areas, and unusual changes/transactions/events
(high level, less precise in nature)
What should preliminary analytics be related to?
Revenue and likelihood of fraud
What are the analytical procedures steps? (5)
Develop an expectation
Define a significant difference
Compare expectation with the recorded amount
Investigate significant differences
Document each of the preceding steps
Is discussion among engagement team members about RMM required?
What should engagement team members discuss regarding RMM? (2)
The company's selection and application of accounting principles and disclosure requirements
The susceptibility of F/S to material misstatement due to error/fraud
What are the benefits of discussing RMM among engagement team members? (2)
Gain an understanding of previous experiences with the client
Set proper tone for engagement
What are the characteristics of a discussion regarding RMM? (3)
Should involve key team members
May be done in unison with fraud risk discussion (brainstorming)
Should be ongoing, throughout the engagement, and when conditions change
How do auditors identify significant accounts/disclosures/relevant assertions?
By evaluating the quantitative and qualitative risk factors associated with the F/S accounts and disclosures
What are risk factors related to identifying significant accounts/disclosures/assertions? (5)
Liquidity for fraud
Dollar size (2)
Size and composition of account
Exposure to losses in account
Liquidity for fraud
Susceptibility to misstatement due to error or fraud
Volume of activity, complexity, and homogeneity of individual transactions processed through the account or reflected in the disclosure
Subjective estimates (2)
Nature of the account/disclosure
Possibility of significant contingent liabilities arising from the activities reflected in the account/disclosure
Accounting and reporting complexities associated with the account/disclosure
Existence of RPT in the account
Changes from the prior period in account/disclosure
How do auditors identify significant risk factors?
By evaluating whether the risk requires special audit consideration because of the nature of the risk or the likelihood/magnitude of misstatement related to the risk
What factors are evaluated to determine significant risks? (7)
Effect of quantitative/qualitative risk factors on likelihood/magnitude of misstatements
Whether the risk is a fraud risk
Whether it's related to significant economic, accounting, or other development
Complexity of transactions
Whether the risk involves significant transactions with related parties
The degree of judgement (subjectivity) and uncertainty involved
Whether the risk involves significant unusual transactions
Do audit teams have to discuss the potential for material misstatement due to fraud?
Yes, it's required
What should team members emphasize when discussing the potential for material misstatement due to fraud?
The need to maintain a questioning mind throughout, and to exercise professional skepticism in gathering and evaluating evidence
What should the discussion of the potential for material misstatement due to fraud include? (6)
How and where the company's F/S might be susceptible to material misstatement due to fraud
How management could perpetrate and conceal financial reporting fraud
How assets of the company could be misaappropriated (RPT/omissions)
Known external and internal factors affecting the company that might create pressure, opportunity, and rationalization for fraud
Risk of management override
Potential audit responses to he susceptibility of the company's F/S to material misstatements due to fraud
What are fraud risk factors?
Events or conditions that indicate:
An incentive/pressure to perpetrate fraud
An opportunity to carry out the fraud
Attitude/rationalization that justifies the fraudulent action
When should you always presume fraud risk?
Improper revenue recognition
What do you always have to do regarding fraud risk factors?
Identify risk of management override of controls (controls designed to mitigate specific fraud risks and designed to prevent/deter/detect fraud
Where should inquiries about RMM and fraud be made? (4)
Other persons (legal counsel)
What should you be mindful when making inquiries about RMM?
Vague, implausible, or inconsistent response to inquiries
Discrepancies in the accounting records provided
Problematic/unusual relationships between auditor and management
Management is usually in the best position to commit fraud
Results from review of final substantive analytical procedures
What are the types of audit responses? (2)
Overall audit responses (how audit is conducted)
Audit procedures (NET)
What are examples of overall audit responses? (7)
Staffing of audit team/assignment
Incorporate elements of unpredictability
Evaluate choice and application of accounting principles
Pervasive changes to audit strategy (impacts NET)
Retrospective review (i.e. PY estimates)
Perform extended procedures (impacts NET)
What should you consider when conducting audit procedures related to NET? (3)
Pervasiveness of risks
What should the tests of controls do in an integrated audit? (2)
Satisfy CR assessment for F/S audit (throughout year under audit and for control reliance)
Audit of ICFR evaluation at a point in time (YE)
What should audit procedures relating to NET consider?
What are types of risk to be considered in audit procedures related to NET?
Management override of controls
How can audit procedures address significant risk?
Perform substantive procedures (test of details)
How can audit procedures address fraud risk in an F/S audit?
Test specific controls and perform substantive procedures (test of details)
What should audit audit procedures examine to address management override of controls? (3)
Examine journal entries and other adjustments
Review accounting estimates for bias
Evaluate business purpose for significant unusual transactions
What is important to note when obtaining an understanding of internal control?
Understanding internal control is different from testing control for assessing control risk (F/S audit) and testing control to express an opinion on ICFR (integrated audit)
Why do we need to understand internal control?
To test control for assessing control risk or to test control for the purpose of expressing an opinion on ICFR
Why are tests of controls in a financial statement audit performed?
To assess control risk at less than maximum, so that the control can then be relied on
What period do test of controls for F/S focus on?
The entire period of reliance (throughout the year)
Are tests of controls in a F/S audit required?
No, only an understanding of internal control is required
(unless you're an issuer doing an integrated audit)
What are two parts to the test of controls in F/S audit?
Design effectiveness test
Operating effectiveness test
What procedures can be used in a design effectiveness test? (4)
Inspection of documents
(refers to design and implementation)
What procedures can be used in an operating effectiveness test? (4)
Inspection of documents
What should be considered when using observation for an operating effectiveness test?
N: Reliability level
E: Frequency, rate of deviation, nature of control
T: When evidence is obtained and entire period of reliance
When should control risk be assessed at the maximum? (2)
For relevant assertions for which controls necessary to sufficiently address the RMM are missing/ineffective
When the auditor has not obtained sufficient appropriate evidence to support a CR assessment below the maximum
What should the auditor do when control risk deficiencies are identified?
Evaluate their severity and the effect on CR assessments and if the auditor plans to rely on controls:
Test other controls that address the same assertion
Revise the CR assessment and modify the planned substantive procedures
When should you perform substantive procedures in a F/S audit?
For each relevant assertion of each significant account/disclosure, regardless of assessed level of CR
What are N considerations for substantive procedures in a F/S audit?
Must include the following audit procedures related to the period-end financial reporting process:
Reconciling the F/S with the underlying accounting records
Examining material adjustments made during the course of preparing the F/S
What are E considerations for substantive procedures in a F/S audit?
Consider materiality of account, assess RMM, and degree of assurance from procedure preformed
What are T considerations for substantive procedures in a F/S audit? (3)
Performing at interim dates may permit early consideration of matters impacting YE
performing interim date without performing later increases RMM in YE that goes undetected
When procedures are performed at interim, need to extend the audit conclusion to the period end by performing additional procedures
A process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance over:
Reliability of financial reporting
Effectiveness and efficiency of operations
Compliance with applicable laws and regulations
What are the limitations of internal control? (5)
Recognizes that the cost of an entity's internal control should not exceed the benefits that are expected to be derived
What are management's responsibilities related to internal control? (3)
Establishing and maintaining adequate ICFR
Identify the framework used to assess the effectiveness of ICFR
Assess and report on the effectiveness of ICFR
What are the auditor's responsibilities related to internal control? (4)
For issuers, must audit and express an opinion on the effectiveness of the ICFR
For each fraud risk, must evaluate whether controls are in place to mitigate the fraud risk
Must assess control risk to determine the NET of substantive procedures to be performed
If planning to rely on control in F/S audit, must test control
What is the relationship between control reliance and substantive procedures?
Less reliance on internal control leads to higher control risk and lower detection risk:
N = more effective (substantive test of details)
T = YE
E = Higher sample size
What must issuers and non-issuers communicate related to control deficiencies?
Must communicate in writing to management and the audit committee all significant deficiencies and material weaknesses
What communications should issuers have related to control deficiencies? (3)
Should be made prior to F/s audit report issuance
May communicate during or at end of audit
May report control deficiencies to management, audit committee, or others
What communications should non-issuers have related to control deficiencies? (2)
Should report control deficiencies in writing or orally to management
All reports should be issued no later than 60 days after report release date
Should you report in writing that no significant deficiencies exist?
What should written communications about control deficiencies include?
Definitions of significant deficiency, material weakness, and categorization of deficiencies reported
Description and potential effects of deficiencies
Statement that the goal is to report on the F/S and not to provide assurance on IC
Statement restricting the use of the information communicated
Audit not designed to identify all deficiencies (unknowns may exist)
What is the severity ranking of control deficiencies?
When can an auditor choose not to test controls? (2)
Internal control system is too ineffective to rely on
Will take more time to test controls that it would to perform substantive testing to provide evidence needed for a F/S assertion
Do auditors have to test controls for issuers?
What is the scope, reporting, and timing of a test of controls for an internal control audit?
S: Test each relevant control activity each year
R: Opinion on the effectiveness of internal control
T: Evaluate effectiveness of internal control as of the fiscal YE
What is the scope, reporting, and timing of a test of controls for a financial statement audit?
S: Test relevant control activities if relying on them
R: No opinion on IC
T: Evaluate effectiveness of internal control throughout fiscal year
What does the audit committee consist of? (3)
3-6 outside members of the board (not employed by company)
Must be financially literate
At least one financial expert
What is the purpose of the audit committee?
Provides a buffer between the audit team and senior management
What are the duties of the audit committee? (4)
Appointment, compensation, and oversight of the public accounting firm conducting the entity's audit
Resolution of disagreements between management and the audit team
Oversight of the entity's internal audit function
Approval of non-audit services provided by the public accounting firm performing the audit engagement
A process effected by those charged with governance, management, and other personnel, designed to provide reasonable assurance regarding the preparation of reliable F/S in accordance with the applicable financial reporting framework
What else does ICFR provide reasonable assurance over? (3)
The accurate and fair maintenance of records of transactions
Transactions are recorded to permit preparation of financial statements in accordance with frameworks and that follow entity's policies and procedures
Prevention, or timely detection and correction of deficiencies that could have a material effect on the F/S
ICFR and F/S audit
What are the steps of evaluating the effectiveness of ICFR? (6)
Planning the engagement
Using a top-down approach
Evaluating identified deficiencies
Reporting on internal control
Step 1 of ICFR
Planning the engagement
Step 2 of ICFR
What does a top-down approach entail? (7)
Stariting at the F/S level
Understanding overall risks
Focusing on entity-level controls
Work to significant accounts, disclosures, assertions
Attend to possibility of MM
Verify understanding of process risks
Select controls for testing
What are the two component of using a top-down approach for ICFR?
Identify entity-level controls
What should you consider when identifying and evaluating entity level controls? (5)
Control environment (tone at top, culture)
Control over management oferride of control
Risk assessment process
Controls to monitor result of operations and other controls
Controls over YE financial reporting process
What should you consider when performing walkthroughs for ICFR? (4)
Sample of one transaction
Understand flow of transactions
Identify points where misstatements can arise
Identify controls in place to address any potential misstatements
Can auditors use the work of internal auditors when using a top-down approach for ICFR?
Step 3 of ICFR
Selecting and testing controls
Why is testing controls important?
They help the auditor conclude if the control sufficiently addressed the RMM for each relevant assertion
What are the two types of test of controls?
Test design effectiveness
Test operating effectiveness
Test design effectiveness
After an understanding of internal controls is gained through inquiry/inspection/observation/reperformance the controls are evaluated (preliminary assessment) for the possibility that the controls would not prevent or detect a misstatement
Test operating effectiveness
A sample of transactions is examined using inquiry/observation/inspection/re-performance
When would a test of controls not be performed?
If a design is deemed to be ineffective
Why isn't confirmation a procedure used to test controls?
Because you have to go outside of the company
Step 4 of ICFR
Evaluating identified deficiencies
When does a control deficiency exist?
When the design/operation of a control doesn't allow management/employees, in the normal course of business, prevent/detect misstatements on a timely basis
What are the types of control deficiencies?
Necessary control is missing or an existing control is poorly designed and doesn't meet its objective
A properly designed control is ignored or is inappropriately applied, doesn't operate as designed, or is operated by the wrong person
What does the categorization of a control deficiency depend on?
Likelihood and magnitude
(not about a misstatement actually occurring)
Are auditors required to search for all deficiencies?
No, the auditor is not required to search for deficiencies that individually/in combination are less sever than a material weakness
Deficiency in ICFR that is less severe than a material weakness yet important enough to merit attention by those responsible for oversight of the company's financial reporting
What are examples of significant deficiencies? (5)
Absence of appropriate separation of duties
Absence of appropriate reviews/approvals of transactions
Evidence of failure of control procedures
Instances of transactions that were not properly recorded in subsidiary ledgers; transactions were not material, either individually or in the aggregate
A lack of timely reconciliations of the account balances affected by the improperly recorded transactions
A reasonable possibility that a material misstatement of the company's annual or interim F/S will not be prevented or detected on a timely basis
What are indicators of a material weakness? (4)
Restatement of previously issued F/S to reflect the correction of a MM
Evidence of MM that were not prevented/detected by client's IC
Ineffective oversight of financial reporting process by entity's audit committee
Indication of fraud (material or immaterial) by senior management
Step 5 of ICFR
What are the types of opinion on ICFR? (3)
Unqualified: No MW identified
Disclaimer of opinion: Auditor could not perform all of the procedures required
Adverse opinion: One or more MW identified
What do you do when wrapping up ICFR? (4)
Evaluate management's report on the effectiveness of ICFR
Consider the effect of an adverse opinion on IC on the auditor's opinion on the F/S
Should disclose whether the opinion on the F/S was affected by the adverse opinion on ICFR
Obtain a written representation from management about ICFR
Can you issue an adverse opinion on ICFR and an unqualified opinion on the F/S?
Can you issue a qualified/adverse opinion on F/S and an unqualified opinion on ICFR?
How should you report on internal control?
Either as a separate report, or in a combination of ICFR and F/S
What should an ICFR report include?
Opinions on the effectiveness of ICFR and the fairness of the company's F/S
When should the date of the ICFR report be?
No earlier than the date on which the auditor has obtained sufficient appropriate evidence to support the auditor's opinion
Same date on ICFR as F/S report
What should the ICFR report include if an adverse opinion is issued? (2)
Definition of MW
Statement that MW was identified and whether management caught it
What must be communicated about deficiencies?
In writing to management and the audit committee all significant deficiencies and MWs
Should be made prior to issuance of audit report on ICFR
May communicate during or at end of audit
Why should ineffective oversight by the audit committee be communicated in writing to the board?
Because it's a material weakness indicator
Should you communicate control deficiencies to management?
YOU MIGHT ALSO LIKE...
Audit Chapter 12
Chapter 5 Auditing
Auditing- Chapter 12 Obj 1: Obtain and document an…
OTHER SETS BY THIS CREATOR
a5 must know
a4 must know
a3 must know
a2 must know