Flashcards in 456 midterm Deck (201):
1
what is an audit
engagement where practitioner issues written report and concludes on a subject matter for which accountable party is responsible
2
what are the five types of audit and explain them
1. financial statement audit
2. compliance audit - making sure info is in compliance with particular act
3. operational audit - looking at how things are being opperated
4. comprehensive audit - doing more than one thing at the same time
5. internal audit - internal departments provide assurance about aspects of activities
3
what is management's responsibility
to prepare the financial statements (charged with governance)
4
what are five attributes that financial statements should include
relevant - impact user's decisions
reliable - unbiased
comparable - through time
understandable
fair presentation - according to standards or framework
5
what is auditors responsilibty
provide level of assurance that numbers are fair
6
what are three attributes auditors should have
professional skepticism
professional judgement
due care
7
what is professional skepticism
open and questioning mind - not accepting everything as true and not accepting everything as false
8
what is due care
do work thoroughly, properly, correctly
9
who are the users of financial statements
shareholders, owners of business
investors
suppliers
customers
lenders
employees
government
general public
10
reasons why users demand audited financial statements
remoteness - can't see what managers are doing, dont have access to entity
complexity - don't have accounting/legal knowledge
competing incentives - can be biased
reliability - need to make sure info is reliable, have real consequences
11
what are the three frameworks
agency theory
information hypothesis
insurance hypothesis
12
what is the agency theory
managers behave opportunistically
focused on own self interests
so shareholders willing to pay to have them monitored
good quality managers willing to have audits
13
what is information hypothesis
users value higher quality information when they know it's accurate
audited info more valued- lower risk premium
14
what is insurance hypothesis
investors use audited info to insure against potential losses
15
what are the limitations of an audit
no guarentee that statements are free from error/fraud
required to be performed within reasonable period and cost
judgement is required in process - not always right
16
what are the different levels of assurance
reasonable assurance
moderate assurance
no assurance
17
what reports are the different levels of assurance related with?
reasonable assurance - audit
moderate assurance - review engagement
limited assurance - notice to reader / compilation engagement
18
what is reasonable assurance
gathering sufficient evidence to form positive expression of opinion regarding whether info being assured is presented fairly
highest, but not absolute, assurance
19
what is moderate assurance
gathering sufficient evidence to form negative expression of opinion regarding reliability of information being assured
nothing has come to attention of reader
20
what is no assurance
reports on factual findings (ie mathematical accuracy) and does not express an opinion
21
what are misstatements?
only happens in audit or review engagement
differences between reported financial statement and correct reporting required by standards
can't force them to change misstatement but can tell them the consequences
22
what are the factors to consider when evaluating
risk of additional misstatements remaining undetected
effects of misstatements on debt covenants/contracts
whether error or judgemental misstatement
reversing effect on current year's financial report on misstatements identified in previous year
recurring differences will be more material in future
fraud, illegal acts
significance of financial statement element affected by misstatement
effect of misstatements on segment info/key ratio
changes net income into net loss
23
what is a schedule of uncorrected differences
auditor keeps list of all the errors they find in order to assess overall effect on financial statements and/or individual items/balances
consider effect on future year's reports
24
what is another name for schedule of uncorrected differences
summary of unadjusted differences
summary of uncorrected differences
25
what is the significance of prior year misstatements
immaterial in previous year but could be material this year
consider potential to reverse in next year
26
what is the format of an audit report
name of audit firm/address
addressed to shareholders/board
audit opinion
basis for opinion
key audit matters - judgement
responsibility of management
responsibility of auditor
other reporting responsibilities
name of engagement partner
auditors signature
date
auditors address
27
how do you form an opinion
1. evaluate audit evidence obtained
2. evaluate effects of unrecorded misstatements and qualitative aspects of entity's accounting
3. evaluate whether financial statements are properly prepared/presented according to standards
4. evaluate fair presentation of statements in accordance with applicable reporting framework
28
what are the different audit opinions
unmodified opinion
qualified opinion
adverse opinion
disclaimer of opinion
29
what is an unmodified opinion
unqualified or clean
30
what is a qualified opinion
auditor concludes financial statements contain material misstatement or wasn't able to obtain sufficient appropriate evidence but misstatement was material but NOT pervasive
31
what is an adverse opinion
misstatement is material and pervasive
statements are not fair
32
what is a disclaimer of opinion
wasn't able to obtain sufficient appropriate evidence so wasn't able to form an opinion and is material and pervasive
33
limitation of scope
auditor's inability to perform procedures or an imposition by entity
ie timing problems
records damaged/not complete
restricted to locations
if material but not pervasive: qualified
if material and pervasive: disclaimer of opinion
34
why might an auditor need to modify the opinion
emphasize certain matter - emphasis of matter (doesn't affect opinion, could still be unqualified)
express qualified, adverse, disclaimer of opinion
35
conditions leading to modified audit report?
significant uncertainty exists that should be brought to reader's attention
limitation of scope
disagreement with management regarding application of accounting policies or disclosure
36
what is emphasis of matter
applies when resolution of matter is dependent on future actions and events not under direct control of entity but may affect statements and matter IS disclosed in statements
37
what are some examples of when to use emphasis of matter
significant uncertainty: going concern, litigation
additional disclosures
early adoption of new accounting standard with significant impacts on statement
major catastrophe
subsequent event resulting in new information after year end
38
what are examples regulators
auditing and assurance oversight council (AASOC)
auditing and assurance standards board (AASB)
international auditing and assurance standards board (IAASB)
Canadian Business Corporation Act (CBCA)
Canadian Securities Administrator (CSA)
Canadian Public Accountability Board (CPAB)
Toronto Stock Exchange (TSX)
Professional Accounting Bodies (CPA Canada, CPA Alberta)
39
what is the audit expectation gap
differences between expectations of assurance providers and statement users
40
what causes the audit expectation gap
unrealistic expectations including:
auditor providing complete assurance
auditor guaranteeing future viability of entity
unqualified opinion denotes complete accuracy
auditor will find all frauds
41
how can you reduce the expectation gap?
auditors performing their duties appropriately
undertaking peer reviews of work performed
reviewing and updating auditing standards
educating the public
enhanced reporting explaining audit processes and levels of opinion auditors provide
greater attention to the risk of material fraud occuring
42
what are the fundamental ethical principles auditors must have
integrity - straightforward and honest
objectivity - unbiased, don't allow things to influence you
professional competence and due care - maintain knowledge and skill at level required
confidentiality - refrain from disclosing information
professional behaviour - comply with rules and regulations and don't harm reputation of profession
43
what is auditor independence
ability to act with integrity, objectivity and with professional skepticism
44
what are the two types of independence auditors must have
independence of mind - ability to act independently, actual independency
independence in appearance - belief by others that independence of mind has been achieved, perceived independence
45
what are the five threats to independence
self interest
self review
advocacy
familiarity
intimidation
46
what is self interest threat and give an example
audit firm has financial interest in audit client
ie shares owned in the client
47
what is the self review threat and give an example
auditor needs to form opinion on own work done by themself
ie preparing info for client that is then assured
48
what is the advocacy threat and give an example
audit firm believed to act on behalf of client
ie encouraging others to buy client's shares
49
what is the familiarity threat and give an example
when close relationship exists between assurance firm and client
ie former partner of firm is CEO at client
50
what is the intimidation threat and give an example
auditor feels threatened by client's staff and is unable to act objectively, fearing negative consequences
ie threat that client will use different assurance firm next year if they're not given a clean opinion
51
what are the additional requirements for public companies with market capitalization and book value of total assets greater than $10 million
audit partner rotated off every 7 years with 5 year break from audit engagement
audit committee must pre-approve all services provided to by the client
partners can't be directly compensated for selling non assurance services
if engagement team member accepts employment in financial reporting role with client, firm refrains from being auditor of client for one year from last filing - cooling off period
52
what are the safeguards to independence (three categories)
created by profession, legislation, regulation:
quality control standards
code of ethics
legislative requirement to be independent
created by clients:
corporate governance to guide and control
policies and procedures
audit committee - liaise, enhance independence
created by accounting firms:
quality control procedures
client acceptance and continuance
rotation policies
provide continuing education for staff
53
what groups do auditors have relationships with
shareholders
board of directors
audit committee
internal auditors
54
describe auditor's relationship with shareholders
audit report addressed to them
formal responsibility for auditor appointment
55
describe auditor's relationship with board of directors
ensure company is being run to benefit shareholders
executive and non executive members (majority should be independent)
56
describe auditor's relationship with audit commitee
acts on behalf of board in financial reporting and audit matters
aid to auditor independence
meet with external and internal auditors
57
describe auditor's relationship with internal auditors
if effective internal audits, external auditor can modify nature and timing of procedures and reduce extent of testing
depends on internal auditor's:
objectivity
technical competence ie training
due professional care
communication with external auditors
58
what legal liability do auditors have
must exercise due care and be diligent in applying standards and documenting work
59
when can auditor be found negligent and liable for damages under tort law
duty of care was owed
breach of duty
loss was suffered as a consequence of that breach
60
what legal liability do auditors have to clients
1. contract- failed duty of care implicit in acting as auditor and explicit in engagement letter
2. negligence/tort law - failed in performance of audit by being careless and breaching duty of care
61
what legal liability do auditors have to third parties
negligence/tort law
62
how do you determine legal liability to third parties
need to establish duty of care was owed to third party
auditors negligence was responsible to third party's loss
must establish auditor was aware third party was going to use financial statement
must establish third party relied on financial statements for purpose they were prepared
63
what is contributory negligence
plaintiff and the defendant can be proven to both be negligent and each party must be held responsible in proportion to their guilt
64
steps to take to avoid litigation
hire competent staff, regular training
comply with ethical and auditor regulations
implement policies and procedures
client acceptance
staff allocation
ethical and independence issue identification
adequate work documentation - to show in court
gather adequate and appropriate evidence to support opinion
meet with client's audit committee to discuss significant issues arising in audit
follow up significant weaknesses in client's internal control procedures from last year
65
what are the three steps of client acceptance and continuance
1. access client integrity
2. assess audit firm's ability to meet ethical requirements, service client
3. prepare client engagement letter
66
what should auditor consider when assessing client integrity
reputation of client
client's reason for switching auditor
client's attitude to risk exposure and management
client's attitude to using internal controls
appropriateness of client's interpretation of accounting rules
client's willingness to allow auditor full access to info required to form opinion
client's attitude and willingness to pay fair amount for audit work
67
where can auditor obtain info from when assessing client integrity
talking with prior auditor
client personnel
third parties
key competitors
reading press articles
68
what are ethical requirements auditor should consider with client acceptance
threats to fundamental principles arise from appointment
ensure audit firm has sufficient staff available with required knowledge to complete audit
consider potential safeguards and remedies
decline appointment if threat insurmountable
69
what is a client engagement letter
prepared by auditor and acknowledged by client
explains scope of audit, timing of aspects of audit, overview of client responsibilities
identifies reporting framework and forms content of report
confirms auditors right of access to info, independence considerations
sets fees
70
what are the stages of an audit
1. planning
2. performing/execution
3. reporting
71
what are examples of preliminary risk identification
fraud risk
going concern risk
corporate governance
understand internal controls
understand IT environment
significant accounts
significant transactions of processes
closing procedures
materiality
understand client
identify related parties
72
what are the three levels to gaining an understanding of the client
entity level issues
industry level issues
economy level issues
73
what is entity level issues and examples
understanding the client in detail to understand accounts at risk:
identification and appropriate disclosure of client’s related parties ie parent companies, subsidiaries, investments
it’s major customers
it’s major suppliers
client’s capacity to adapt to changes in technology and other trends
warranties and discounts offered to customers
client operations
employee contracts, relations with employees
sources of financing
ownership structure
ID related parties
74
what is industry level issues and examples
understanding the client's position in the industry
risks from nature of industry and client’s position within it
compare client to national and international competitors – level of competition
auditor may have special industry expertise and knowledge
competitive pressure on client’s profits, ability to withstand industry downturn
client’s reputation relative to competitors, risk of losing business and profits
level of gov. support for industry and impact of government regulation
overall level of demand for industry goods
75
what is economy level issues and examples
how do overall economic conditions affect the client
Interest rate changes, financial crises
Shareholder expectations of increasing profits in good times
What are specific pressures on client to understate/overstate profits in these conditions
76
what is fraud risk
auditor must assess risk of material misstatement due to fraud
77
what must auditor do when assessing fraud risk
adopt attitude of professional skepticism
maintain independent questioning mind
search thoroughly for evidence to validate info provided by client
don't just rely on past experience with client, remain independent of client
78
what are the two types of fraud
1. financial reporting fraud
2. misappropriation of assets fraud
79
what are examples of financial reporting fraud
improper asset values, unrecorded liabilities
delaying expenses, bringing forward revenues
fictitious revenues, understating expenses
inappropriate application of accounting principles
80
what are examples of misappropriation of assets fraud?
using company credit card for personal items
failure to remove ex employees from payroll
unauthorized discounts/refunds to customers
theft of stock/other assets
81
what are incentives/pressures client may be inclined to commit fraud
competitive pressures, falling demand, falling profits, threat of bankruptcy
rapid growth, low cash with high profits
pressure to meet market expectations, plants to list on stock exchange
about to enter into significant new contracts
remuneration tied to profits
82
opportunities for fraud to be committed
accounts that rely on estimates and judgements
high volume of transactions near year end
significant related party transactions
complex or unusual transactions
significant adjusting entires and reversals after year end
poor corporate governance, poor internal controls
high staff turnover
83
rationalizations to fraud
poor tone at the top
poor attitudes to internal controls
excessive focus on maximizing profits/share prices
poor attitudes to compliance with accounting regulations
rationalization that other companies 'do it too'
84
auditor should perform specific procedures related to fraud
ask management if they're aware/suspect a fraud
all audit team members should attend team planning meeting where they review significant fraud risk factors and financial statement elements susceptible to ffraud
perform preliminary analytics to aid in identifying unusual relationships
consider risk of management override
85
what is going concern risk
consider whether appropriate to assume client remains a going concern
86
what are indicators of going concern risk
significant debt/equity ratio
long term loans due with no alternative financing
prolonged losses, inability to pay debts when due
loss of significant customer, supplier problems
high staff turnover, loss of key personnel, srikes
problems obtaining raw materials, inputs
poor growth planning, inadequate risk management
being under investigation for non compliance
competitive pressures, drought etc
87
if going concern is in doubt, what additional audit procedures should you undertake?
assess cash flow, revenues, expenses, interim results
review debt contracts, board meeting minutes
discussions with client management and auditor
88
what factors reduce going concern risk?
letter of guarantee from parent company
availability of assets/segment of business for sale for cash
ability to raise funds through share issue or borrowing
ability to sell unprofitable segment of business
89
what is corporate governance
the rules, systems and processes within companies used to guide and control activities
90
what are risks associated with IT environment?
unauthorized access to computers, software, data
errors in programs
lack of backup and loss of data
appropriate IT installation and security procedures and training for staff
91
what are the two client controls to reduce IT risks
general controls - doesn't relate to specific application
ie password protections, authorization
application controls -
ie who can access payroll software, debits/credits have to equal in accounting software
92
what are some risks associated with inadequate client closing procedures
revenue/expense accounts should include all transactions in year and none from other periods
accrued assets and liabilities are complete
assets and liabilities should include all relevant items
93
what are the audit procedures to assess adequacy of client closing procedures
assess adequacy of client interim reporting procedures
check accuracy of accrual calculations
analyze results to assess reasonableness
consider pressures on client to overstate profit or report smoothed income
trace transactions around year end to documents to determine appropriate dates
94
what are the stages in audit risk minimization
1. identification of accounts and related assertions most at risk of material misstatement (inherent risk)
2. assessment of client's system of internal controls (control risk)
3. auditor plans to undertake detailed testing of each identified account to the extent determined necessary
95
what is significant rask
identified and assessed risk of material misstatement that requires special audit consideration
96
what does significant risk involve
involves fraud
related to significant economic/accounting development
involves complex transactions
involves significant related party transactions
involves subjectivity in measurement of financial info
97
what is the function of audit risk (mathematical function)
AR = IR x CR x DR
audit risk = inherent risk x control risk x detection risk
98
what is inherent risk
risk that material misstatement could occur
99
what is control risk
risk that client's system of internal controls will not prevent or detect material misstatement
100
what is detection risk
risk that auditor's testing procedures will not be effective in detecting a material misstatement if there is one
101
what is the relationship between inherent/control risk and detection risk
inverse relationship - the higher inherent and control risk, the lower we want detection risk to be
102
when should you do more and less substantive testing based on control/inherent risk
if IR and CR are high, DR is set as low and more substantive testing will be performed
if IR and CR are low, DR is set as high and less substantive testing will be performed
103
what is materiality
guides audit planning, testing and assessment of information in financial statement
info is material if it impacts the decision making process of users of the financial statement
104
what are qualitative materiality factors
nature of the item
ie fraud, non compliance with laws, related party transactions
use professional judgement based upon knowledge of client and needs of users
105
what are quantitative materiality factors
magnitude of item - percentage of base figure
106
what are common bases and percents of materiality
5-10% pretax normalized profit
0.5-1% total assets
0.5-5% equity
0.5-2% revenues/expenditures
0.5-5% gross profit
or average of above measures
107
what is performance materiality
amount less than the planning materiality to reduce likelihood that any uncorrected misstatements do not exceed overall materiality -- 60-85%
108
how do materiality and audit risk differ
materiality is about the users, audit risk is about the business
lower materiality if client is higher risk
109
what is specific performance materiality
materiality for particular class of transactions - materiality is dropped if higher risk transactions ie debt covenant
110
what is audit strategy
determination of the amount of time spent testing client's internal controls and conducting detailed testing of transactions and account balances
-sets scope, timing and direction of the audit
-provides basis for developing detailed audit plan
-based on preliminary assessments of IR and CR
111
client performance measures
in gaining understanding of client, auditor should learn how client measures its own performance
-liquidity - ability of company to meet needs for cash in short term and long term
-profitability - concerned about shareholders ie how much are they willing to pay per dollar of earnings
112
what are analytical procedures and when are they conducted
evaluation of financial info by studying plausible links among financial and non financial data
conducted throughout audit in:
planning - highlight unusual fluctuations, identify risk
execution - estimating account balances
reporting - overall review
113
what are common analytical procedures
simple comparisons
trend analysis (horizontal analysis)
common size analysis (vertical analysis)
ratio analysis
114
what is trend analysis
ratios over time, comparison of account balances over time
select base year and restate accounts in subsequent years as % of that base
ie COGS as percentage of sales
115
what is common size analysis
comparison of account balances with a single line item
allows auditor to see how much account contributes to totals in statements
can trace relative contribution of various accounts through time
ie AR as percentage of total assets
116
what is ratio analysis
liquidity ratios, solvency ratios, inventory turnover
117
what are factors to consider when conducting analytical procedures
reliability of client data
ability to make comparisons over time
following sources generally considered reliable (audited info)
118
what are the three categories of assertions
assertions about classes of transactions - items related to daily operations of the firm, things on income statement
assertions about account balances - on balance sheet
assertions about presentation and disclosure - how things are presented on balance sheet and notes disclosure
119
what are the assertions about classes of transactions
occurrence
completeness
accuracy
cut-off
classification
120
what is occurrence assertion
transactions and events that have been recorded have occurred and pertain to the entity
121
what is completeness assertion
(transactions)
all transactions and events that should have been recorded have been recorded
122
what is accuracy assertion
amounts and other data relating to recorded transactions and events have been recorded properly
123
what is cut-off assertion
transactions and events have been recorded in the correct accounting period
124
what is classifications assertion
transactions and events have been recorded in the proper account
125
what are the assertions about account balances at year end
existence
rights and obligations
completeness
valuation and allocation
126
what is existence assertion
assets, liabilities and equity interests exist
127
what are rights and obligations assertion
entity holds or controls the rights to assets and liabilities are the obligation of the entity
128
what is completeness assertion
(account balances)
assets, liabilities, equity interests that should have been recorded are recorded
129
what is valuation and allocation assertion
assets, liabilities, and equity are included in financial report at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded
130
what are the assertions about presentation and disclosure
occurrence, rights and obligations
completeness
classification and understandability
accuracy and valuation
131
what is occurrence, rights and obligations assertion
disclosed events/transactions/other have occurred and pertain to entity
132
what is completeness assertion
(presentation and disclosure)
all disclosures that should have been included in financial report have been included
133
what is classification and understandability assertion
financial info is appropriate presented and described and disclosures are clearly expressed- users able to understand it
134
what is accuracy and valuation assertions
financial and other info is disclosed fairly and at appropriate amounts
135
what characteristics should good evidence have
sufficient - quantity of evidence
appropriate - quality of evidence
relevant
reliable
136
what are the seven types of evidence
written/documentary
verbal
computational
physical
electronic
confirmations
representations - legal letter
137
what is an external confirmation
evidence obtained as a direct written response to the auditor from the third party
ie bank confirmation
138
what is a negative and positive confirmation
negative - only reply if the information is wrong
positive - reply either way
139
what are the steps in using an expert
1. assess the need to use an expert
2. scope of work to be carried out
3. assess capability of expert
4. assess objectivity of expert
5. assess expert's report
6. responsibility for the conclusion - rests with auditor
140
when using work of another auditor, what should you consider
same standard
objectivity
gathering sufficient, appropriate evidence
141
what are evidence gathering procedures
inspection of records and documents
inspection of tangible assets
observation of client staff
enquiry
recalculations
reperformance
analytical procedures
142
what should you consider when drawing conclusions
does the auditor have sufficient, appropriate evidence on which to base conclusions
does evidence address significant risks faced by the client
form an audit opinion and report
143
what are working papers
document each stage of audit
provides evidence of work completed, details evidence
demonstrate to third party what you did
defense against negligence claim
current and permanent file (ie 5 year long loan details)
144
audit plan
contains audit procedures for testing controls and conducting substantive tests
145
when is assessment of control risk made
after gaining an understanding of the client during the planning stage
146
what are examples of control testing procedures
inspection of documents for evidence of authorization
inspection of documents for evidence that details been checked by appropriate client personnel
observation of client personnel performing various tasks ie opening mail, conducting inv. Count
enquiry of client personnel about how they perform their tasks
re-performing control procedures to test their effectiveness
147
what are the three types of substantive testing
substantive tests of transactions
substantive tests of balances
analytical procedures
148
what is the nature of audit testing
purpose of the test (assertion) and procedure used (inspection, observation, enquiry, confirmation, recalculation, reperformance, analytical)
149
what is the timing of audit testing
date that audit evidence relates to
stage of audit when procedures are done - interim vs year end
150
what testing is done in interim and what testing is done year-end
interim - control testing, low risk accounts
year- end - high risk accounts, accounts affected by high deviations in control tests, cut-off assertion
151
what is the extent of audit testing
amount of audit evidence gathered:
increase extent of control testing when control risk is low
reduce extent of substantive testing and increase extent of reliance on analytical procedures when lower control risk
do little or no control testing with predominantly substantive strategy b/c high control risk
152
what is audit sampling
auditor doesn't test entire group of transactions in balance
sample of items tested should be representative of population
153
what is sampling risk
risk that sample chosen by auditor is not representative of the population available for testing and causes auditor to arrive at inappropriate conclusion
154
what are the two consequences of sampling risk
1. risk that audit will be ineffective ie conclude that balance is correct when it's not
2. risk that audit will be inefficient ie conclude it's wrong and end up doing more testing when it was actually right
155
what does sampling risk test in controls and substantive tests
controls - deviations
substantive tests - misstatements
156
what is non-sampling risk?
risk auditor makes inappropriate conclusion for reason unrelate to sampling issues
157
what are examples of non-sampling risk
use inappropriate audit procedures
rely too heavily on unreliable evidence
spend too little time testing high risk accounts/critical controls
158
what is statistical sampling
involves random selection and probability theory to evaluate results and sampling risk
allows measurement of sampling risk
can be costly
159
what is non statistical sampling
allows auditor to use judgement to select sample items
used when account is low risk
more common in smaller companies
sometimes judgement is good
160
what are the 5 sampling methods
random selection
systematic selection
haphazard selection
block selection
judgemental selection
161
what is random selection
person can't influence choice of items
each item has equal chance of being selected
sample can be stratified before selecting random sample to increase efficiency
162
what is systematic selection
divide # of items in population by sample size, giving sampling interval n. select starting point and take every nth item
can randomly order first to make more random
163
what is haphazard selection
auditor does not use methodical technique
personal bias could affect choice
164
what is block selection
select items grouped together ie stock of invoices
sequence of items might make this inappropriate
not statistical
165
what is judgemental selection
auditor chooses items based on judgement
non statistical
166
what factors should you consider when selecting sample?
consider:
detection risk
and planning materiality
define error for test, set tolerable error and confidence level required
167
how to define population
control testing - draw sample from entire financial year
substantive testing - population from which sample is drawn must be defined according to assertion being tested
168
what are factors that influence control testing sample size
o larger sample size if auditor intends to rely more heavily on control to reduce substantive testing
o smaller sample size if auditor willing to tolerate higher deviation rate for that control
o larger sample size if auditor expects population to have higher rate of deviation for that control
o larger sample size if auditor requires greater confidence that control is operating effectively (ie wants lower control risk)
169
what are factors that influence substantive sample size
o larger sample size if auditor assesses risk of material misstatement as greater (higher IR, CR)
o smaller sample size if auditor also using other substantive procedures for same assertion
o larger sample size if auditor requires greater confidence from results of tests (requires lower DR)
o smaller sample size if auditor willing to accept greater total error (higher tolerable misstatement)
o greater sample size if auditor expects to find greater misstatement in population
o smaller sample size if auditor using stratification of population
o very little change to sample size if population has more sampling units (once you’re at a point, there’s no change)
170
what do sample tests provide evidence for (for control and substantive tests)
control - control is effective within entire population
substantive test - class or transactions of account balance tested is fairly stated
171
what do you do if errors are found in sample?
control test - calculate deviation rate for population
substantive test - calculate misstatement of transactions/account balance for population
172
how do you project monetary errors in sample to population
remove unique errors
consider if sample stratified
projected error = size of error/size of sample x size of population
is total projected error tolerable?
more testing required?
173
what is internal control
encompasses the entity's resources, systems, process, culture, structure and tasks
174
what internal controls do auditors focus on?
ones that have direct impact on entity's financial recording, compliance and asset safeguarding
175
what are the three characteristics of internal control
process designed, implemented and maintained
by those charged with governance, management and other personnel
to provide reasonable assurance about achievement of entity's objectives
176
what three things should internal control regard
with regard to
reliability of financial reporting
effectiveness and efficiency of operations
compliance with applicable laws and regulations
177
what are the 7 objectives of internal controls
real
recorded
valued
classified
summarized
posted
timely
178
what are limitations of internal control systems
human error that results in control breakdown
ineffective understanding of control's purpose
collusion by two or more individuals to avoid control
software program being overridden/disabled
management decisions about nature or extent of controls being implemented - cost/benefit analysis
179
what are the five parts of entity level internal controls
1. the control environment - culture, structure and discipline of an entity
2. the entity's risk assessment process - how entity identifies and responds to risk
3. information systems and communications
4. control activities - policies and procedures that help make sure management's directives are carried out
5. monitoring of control
180
what should auditor consider when understanding client's control activities
• Extent of reliance on IT
• Existence of necessary policies and procedures
• Extent to which control policies are being applied
• Clarity of management objectives for controls
• Existence of planning and reporting systems for performance and investigation of variance, and management action to follow up
• Extent of segregation of duties
• Software controls over access to data and programs
• Periodic comparison between records and assets
• Safeguards over access to documents, records, assets
181
why is entity internal control difficult in small entities
difficult to implement formal controls
reliance on owner - can detect material errors but also has potential to override controls
difficult to segregate duties
so auditor should increase substantive procedures to compensate for weak controls
182
what are transaction level controls
impact a particular transaction or group of transactions
aimed at preventing or detecting errors
183
what does an auditor do to gain understanding of transaction level controls
1. identifies major events and transactions in process
2. identifies risks to correct processing - WCGW
3. for each WCGW, auditor identifies one or more controls
4. understanding is documented and used to guide evaluation and testing of internal controls
184
what are preventative controls
helps to avoid errors from occurring
BUT avoiding an error does not always result in evidence that control worked or worked efectively
185
what are detective controls
necessary to discover fraud or errors that occurred during transactions period
186
what are four components of detective controls
completely and accurately capture all relevant data
identify all potentially significant errors
performed on consistent and regular basis
include follow up and correction on timely basis of any misstatements/issues detected
187
manual v automoated controls
manual controls don't rely on IT for operation
automated controls generally rely on client's IT
can also have IT dependent manual controls
188
what are auditor's techniques for testing controls
enquiry
observation
inspection of physical evidence
reperformance
professional judgement
189
what is professional judgement used to decide when testing controls
which controls to select or testing
how much testing is required
timing of tests of controls
190
what should you consider when deciding whether there's a need for additional tests of controls
results of enquiries and observation
evidence provided by other tests
changes in overall environment
191
what's important when documenting conclusions
results of control testing documented in working papers
document in sufficient detail to allow another audit to perform same test
just in case you end up in court
192
what are common forms of documenting controls
narratives
flowcharts
combination of narratives and flowcharts
checklists and preformatted questionnaries
193
how do you identify strengths and weaknesses in controls
identify strengths and weaknesses that have financial reporting impact
identify internal control exceptions where control did not operate as intended
draw conclusions about control risk
194
what is the purpose of management letters
management might not have known they have weaknesses in control system so auditor needs to tell them
requires auditor to provide those charged with governance timely observations arising that are significant and relevant to financial reporting process
recommendations based on internal control weaknesses
professional judgement required about matters to include
allows management to document their actions in response and inform those with governance
can use both interim and final management letters
195
what are factors that make audit evidence reliable
obtained through auditor's direct personal knowledge
obtained through independent provider
high degree of objectivity
provider has adequate qualifications
system of internal control producing the information is effective
196
what must the audit documentation of audit procedures include?
1. identify characteristics of the specific items or matters tested
2 who performed the audit work and dates work was completed
3. who reviewed the audit work performed and the date and extent of review
197
what are advantages of statistical sampling
helps auditor design efficient sample
helps auditor measure sufficiency of evidence obtained
helps auditor quantify sampling risk
198
what are disadvantages of statistical sampling
costs of training auditors in proper use of sampling techniques
costs of designing and conducting sampling application
potential lack of consistent application across audit teams due to complexity
199
what duties should be segregated
authorization or approval of transactions affecting assets
custody of assets
recording or reporting of transactions
control over processing of transaction separated from recording or reporting transaction
200
what are four things to create a strong control environemnt
have code of conduct and ensure all employees are aware of it and follow it
hire competent ethical employees
assign responsibility and authority - have job descriptions
ensure human resource policies are in place over hiring, training, evaluating, counselling, promoting and compensating employees
201