456 midterm Flashcards

(201 cards)

1
Q

what is an audit

A

engagement where practitioner issues written report and concludes on a subject matter for which accountable party is responsible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what are the five types of audit and explain them

A
  1. financial statement audit
  2. compliance audit - making sure info is in compliance with particular act
  3. operational audit - looking at how things are being opperated
  4. comprehensive audit - doing more than one thing at the same time
  5. internal audit - internal departments provide assurance about aspects of activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is management’s responsibility

A

to prepare the financial statements (charged with governance)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what are five attributes that financial statements should include

A
relevant - impact user's decisions
reliable - unbiased
comparable - through time
understandable
fair presentation - according to standards or framework
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is auditors responsilibty

A

provide level of assurance that numbers are fair

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are three attributes auditors should have

A

professional skepticism
professional judgement
due care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is professional skepticism

A

open and questioning mind - not accepting everything as true and not accepting everything as false

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is due care

A

do work thoroughly, properly, correctly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

who are the users of financial statements

A
shareholders, owners of business
investors
suppliers
customers
lenders
employees
government
general public
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

reasons why users demand audited financial statements

A

remoteness - can’t see what managers are doing, dont have access to entity
complexity - don’t have accounting/legal knowledge
competing incentives - can be biased
reliability - need to make sure info is reliable, have real consequences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what are the three frameworks

A

agency theory
information hypothesis
insurance hypothesis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is the agency theory

A

managers behave opportunistically
focused on own self interests
so shareholders willing to pay to have them monitored
good quality managers willing to have audits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is information hypothesis

A

users value higher quality information when they know it’s accurate
audited info more valued- lower risk premium

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is insurance hypothesis

A

investors use audited info to insure against potential losses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what are the limitations of an audit

A

no guarentee that statements are free from error/fraud
required to be performed within reasonable period and cost
judgement is required in process - not always right

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what are the different levels of assurance

A

reasonable assurance
moderate assurance
no assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what reports are the different levels of assurance related with?

A

reasonable assurance - audit
moderate assurance - review engagement
limited assurance - notice to reader / compilation engagement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

what is reasonable assurance

A

gathering sufficient evidence to form positive expression of opinion regarding whether info being assured is presented fairly
highest, but not absolute, assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

what is moderate assurance

A

gathering sufficient evidence to form negative expression of opinion regarding reliability of information being assured
nothing has come to attention of reader

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

what is no assurance

A

reports on factual findings (ie mathematical accuracy) and does not express an opinion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

what are misstatements?

A

only happens in audit or review engagement
differences between reported financial statement and correct reporting required by standards
can’t force them to change misstatement but can tell them the consequences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

what are the factors to consider when evaluating

A

risk of additional misstatements remaining undetected
effects of misstatements on debt covenants/contracts
whether error or judgemental misstatement
reversing effect on current year’s financial report on misstatements identified in previous year
recurring differences will be more material in future
fraud, illegal acts
significance of financial statement element affected by misstatement
effect of misstatements on segment info/key ratio
changes net income into net loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

what is a schedule of uncorrected differences

A

auditor keeps list of all the errors they find in order to assess overall effect on financial statements and/or individual items/balances
consider effect on future year’s reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

what is another name for schedule of uncorrected differences

A

summary of unadjusted differences

summary of uncorrected differences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
what is the significance of prior year misstatements
immaterial in previous year but could be material this year | consider potential to reverse in next year
26
what is the format of an audit report
``` name of audit firm/address addressed to shareholders/board audit opinion basis for opinion key audit matters - judgement responsibility of management responsibility of auditor other reporting responsibilities name of engagement partner auditors signature date auditors address ```
27
how do you form an opinion
1. evaluate audit evidence obtained 2. evaluate effects of unrecorded misstatements and qualitative aspects of entity's accounting 3. evaluate whether financial statements are properly prepared/presented according to standards 4. evaluate fair presentation of statements in accordance with applicable reporting framework
28
what are the different audit opinions
unmodified opinion qualified opinion adverse opinion disclaimer of opinion
29
what is an unmodified opinion
unqualified or clean
30
what is a qualified opinion
auditor concludes financial statements contain material misstatement or wasn't able to obtain sufficient appropriate evidence but misstatement was material but NOT pervasive
31
what is an adverse opinion
misstatement is material and pervasive | statements are not fair
32
what is a disclaimer of opinion
wasn't able to obtain sufficient appropriate evidence so wasn't able to form an opinion and is material and pervasive
33
limitation of scope
auditor's inability to perform procedures or an imposition by entity ie timing problems records damaged/not complete restricted to locations if material but not pervasive: qualified if material and pervasive: disclaimer of opinion
34
why might an auditor need to modify the opinion
emphasize certain matter - emphasis of matter (doesn't affect opinion, could still be unqualified) express qualified, adverse, disclaimer of opinion
35
conditions leading to modified audit report?
significant uncertainty exists that should be brought to reader's attention limitation of scope disagreement with management regarding application of accounting policies or disclosure
36
what is emphasis of matter
applies when resolution of matter is dependent on future actions and events not under direct control of entity but may affect statements and matter IS disclosed in statements
37
what are some examples of when to use emphasis of matter
significant uncertainty: going concern, litigation additional disclosures early adoption of new accounting standard with significant impacts on statement major catastrophe subsequent event resulting in new information after year end
38
what are examples regulators
auditing and assurance oversight council (AASOC) auditing and assurance standards board (AASB) international auditing and assurance standards board (IAASB) Canadian Business Corporation Act (CBCA) Canadian Securities Administrator (CSA) Canadian Public Accountability Board (CPAB) Toronto Stock Exchange (TSX) Professional Accounting Bodies (CPA Canada, CPA Alberta)
39
what is the audit expectation gap
differences between expectations of assurance providers and statement users
40
what causes the audit expectation gap
unrealistic expectations including: auditor providing complete assurance auditor guaranteeing future viability of entity unqualified opinion denotes complete accuracy auditor will find all frauds
41
how can you reduce the expectation gap?
auditors performing their duties appropriately undertaking peer reviews of work performed reviewing and updating auditing standards educating the public enhanced reporting explaining audit processes and levels of opinion auditors provide greater attention to the risk of material fraud occuring
42
what are the fundamental ethical principles auditors must have
integrity - straightforward and honest objectivity - unbiased, don't allow things to influence you professional competence and due care - maintain knowledge and skill at level required confidentiality - refrain from disclosing information professional behaviour - comply with rules and regulations and don't harm reputation of profession
43
what is auditor independence
ability to act with integrity, objectivity and with professional skepticism
44
what are the two types of independence auditors must have
independence of mind - ability to act independently, actual independency independence in appearance - belief by others that independence of mind has been achieved, perceived independence
45
what are the five threats to independence
``` self interest self review advocacy familiarity intimidation ```
46
what is self interest threat and give an example
audit firm has financial interest in audit client | ie shares owned in the client
47
what is the self review threat and give an example
auditor needs to form opinion on own work done by themself | ie preparing info for client that is then assured
48
what is the advocacy threat and give an example
audit firm believed to act on behalf of client | ie encouraging others to buy client's shares
49
what is the familiarity threat and give an example
when close relationship exists between assurance firm and client ie former partner of firm is CEO at client
50
what is the intimidation threat and give an example
auditor feels threatened by client's staff and is unable to act objectively, fearing negative consequences ie threat that client will use different assurance firm next year if they're not given a clean opinion
51
what are the additional requirements for public companies with market capitalization and book value of total assets greater than $10 million
audit partner rotated off every 7 years with 5 year break from audit engagement audit committee must pre-approve all services provided to by the client partners can't be directly compensated for selling non assurance services if engagement team member accepts employment in financial reporting role with client, firm refrains from being auditor of client for one year from last filing - cooling off period
52
what are the safeguards to independence (three categories)
created by profession, legislation, regulation: quality control standards code of ethics legislative requirement to be independent created by clients: corporate governance to guide and control policies and procedures audit committee - liaise, enhance independence created by accounting firms: quality control procedures client acceptance and continuance rotation policies provide continuing education for staff
53
what groups do auditors have relationships with
shareholders board of directors audit committee internal auditors
54
describe auditor's relationship with shareholders
audit report addressed to them | formal responsibility for auditor appointment
55
describe auditor's relationship with board of directors
ensure company is being run to benefit shareholders | executive and non executive members (majority should be independent)
56
describe auditor's relationship with audit commitee
acts on behalf of board in financial reporting and audit matters aid to auditor independence meet with external and internal auditors
57
describe auditor's relationship with internal auditors
``` if effective internal audits, external auditor can modify nature and timing of procedures and reduce extent of testing depends on internal auditor's: objectivity technical competence ie training due professional care communication with external auditors ```
58
what legal liability do auditors have
must exercise due care and be diligent in applying standards and documenting work
59
when can auditor be found negligent and liable for damages under tort law
duty of care was owed breach of duty loss was suffered as a consequence of that breach
60
what legal liability do auditors have to clients
1. contract- failed duty of care implicit in acting as auditor and explicit in engagement letter 2. negligence/tort law - failed in performance of audit by being careless and breaching duty of care
61
what legal liability do auditors have to third parties
negligence/tort law
62
how do you determine legal liability to third parties
need to establish duty of care was owed to third party auditors negligence was responsible to third party's loss must establish auditor was aware third party was going to use financial statement must establish third party relied on financial statements for purpose they were prepared
63
what is contributory negligence
plaintiff and the defendant can be proven to both be negligent and each party must be held responsible in proportion to their guilt
64
steps to take to avoid litigation
hire competent staff, regular training comply with ethical and auditor regulations implement policies and procedures client acceptance staff allocation ethical and independence issue identification adequate work documentation - to show in court gather adequate and appropriate evidence to support opinion meet with client's audit committee to discuss significant issues arising in audit follow up significant weaknesses in client's internal control procedures from last year
65
what are the three steps of client acceptance and continuance
1. access client integrity 2. assess audit firm's ability to meet ethical requirements, service client 3. prepare client engagement letter
66
what should auditor consider when assessing client integrity
reputation of client client's reason for switching auditor client's attitude to risk exposure and management client's attitude to using internal controls appropriateness of client's interpretation of accounting rules client's willingness to allow auditor full access to info required to form opinion client's attitude and willingness to pay fair amount for audit work
67
where can auditor obtain info from when assessing client integrity
``` talking with prior auditor client personnel third parties key competitors reading press articles ```
68
what are ethical requirements auditor should consider with client acceptance
threats to fundamental principles arise from appointment ensure audit firm has sufficient staff available with required knowledge to complete audit consider potential safeguards and remedies decline appointment if threat insurmountable
69
what is a client engagement letter
prepared by auditor and acknowledged by client explains scope of audit, timing of aspects of audit, overview of client responsibilities identifies reporting framework and forms content of report confirms auditors right of access to info, independence considerations sets fees
70
what are the stages of an audit
1. planning 2. performing/execution 3. reporting
71
what are examples of preliminary risk identification
``` fraud risk going concern risk corporate governance understand internal controls understand IT environment significant accounts significant transactions of processes closing procedures materiality understand client identify related parties ```
72
what are the three levels to gaining an understanding of the client
entity level issues industry level issues economy level issues
73
what is entity level issues and examples
understanding the client in detail to understand accounts at risk:  identification and appropriate disclosure of client’s related parties ie parent companies, subsidiaries, investments  it’s major customers  it’s major suppliers  client’s capacity to adapt to changes in technology and other trends  warranties and discounts offered to customers  client operations  employee contracts, relations with employees  sources of financing  ownership structure  ID related parties
74
what is industry level issues and examples
understanding the client's position in the industry  risks from nature of industry and client’s position within it  compare client to national and international competitors – level of competition  auditor may have special industry expertise and knowledge  competitive pressure on client’s profits, ability to withstand industry downturn  client’s reputation relative to competitors, risk of losing business and profits  level of gov. support for industry and impact of government regulation  overall level of demand for industry goods
75
what is economy level issues and examples
how do overall economic conditions affect the client  Interest rate changes, financial crises  Shareholder expectations of increasing profits in good times  What are specific pressures on client to understate/overstate profits in these conditions
76
what is fraud risk
auditor must assess risk of material misstatement due to fraud
77
what must auditor do when assessing fraud risk
adopt attitude of professional skepticism maintain independent questioning mind search thoroughly for evidence to validate info provided by client don't just rely on past experience with client, remain independent of client
78
what are the two types of fraud
1. financial reporting fraud | 2. misappropriation of assets fraud
79
what are examples of financial reporting fraud
improper asset values, unrecorded liabilities delaying expenses, bringing forward revenues fictitious revenues, understating expenses inappropriate application of accounting principles
80
what are examples of misappropriation of assets fraud?
using company credit card for personal items failure to remove ex employees from payroll unauthorized discounts/refunds to customers theft of stock/other assets
81
what are incentives/pressures client may be inclined to commit fraud
competitive pressures, falling demand, falling profits, threat of bankruptcy rapid growth, low cash with high profits pressure to meet market expectations, plants to list on stock exchange about to enter into significant new contracts remuneration tied to profits
82
opportunities for fraud to be committed
accounts that rely on estimates and judgements high volume of transactions near year end significant related party transactions complex or unusual transactions significant adjusting entires and reversals after year end poor corporate governance, poor internal controls high staff turnover
83
rationalizations to fraud
poor tone at the top poor attitudes to internal controls excessive focus on maximizing profits/share prices poor attitudes to compliance with accounting regulations rationalization that other companies 'do it too'
84
auditor should perform specific procedures related to fraud
ask management if they're aware/suspect a fraud all audit team members should attend team planning meeting where they review significant fraud risk factors and financial statement elements susceptible to ffraud perform preliminary analytics to aid in identifying unusual relationships consider risk of management override
85
what is going concern risk
consider whether appropriate to assume client remains a going concern
86
what are indicators of going concern risk
significant debt/equity ratio long term loans due with no alternative financing prolonged losses, inability to pay debts when due loss of significant customer, supplier problems high staff turnover, loss of key personnel, srikes problems obtaining raw materials, inputs poor growth planning, inadequate risk management being under investigation for non compliance competitive pressures, drought etc
87
if going concern is in doubt, what additional audit procedures should you undertake?
assess cash flow, revenues, expenses, interim results review debt contracts, board meeting minutes discussions with client management and auditor
88
what factors reduce going concern risk?
letter of guarantee from parent company availability of assets/segment of business for sale for cash ability to raise funds through share issue or borrowing ability to sell unprofitable segment of business
89
what is corporate governance
the rules, systems and processes within companies used to guide and control activities
90
what are risks associated with IT environment?
unauthorized access to computers, software, data errors in programs lack of backup and loss of data appropriate IT installation and security procedures and training for staff
91
what are the two client controls to reduce IT risks
general controls - doesn't relate to specific application ie password protections, authorization application controls - ie who can access payroll software, debits/credits have to equal in accounting software
92
what are some risks associated with inadequate client closing procedures
revenue/expense accounts should include all transactions in year and none from other periods accrued assets and liabilities are complete assets and liabilities should include all relevant items
93
what are the audit procedures to assess adequacy of client closing procedures
assess adequacy of client interim reporting procedures check accuracy of accrual calculations analyze results to assess reasonableness consider pressures on client to overstate profit or report smoothed income trace transactions around year end to documents to determine appropriate dates
94
what are the stages in audit risk minimization
1. identification of accounts and related assertions most at risk of material misstatement (inherent risk) 2. assessment of client's system of internal controls (control risk) 3. auditor plans to undertake detailed testing of each identified account to the extent determined necessary
95
what is significant rask
identified and assessed risk of material misstatement that requires special audit consideration
96
what does significant risk involve
involves fraud related to significant economic/accounting development involves complex transactions involves significant related party transactions involves subjectivity in measurement of financial info
97
what is the function of audit risk (mathematical function)
AR = IR x CR x DR | audit risk = inherent risk x control risk x detection risk
98
what is inherent risk
risk that material misstatement could occur
99
what is control risk
risk that client's system of internal controls will not prevent or detect material misstatement
100
what is detection risk
risk that auditor's testing procedures will not be effective in detecting a material misstatement if there is one
101
what is the relationship between inherent/control risk and detection risk
inverse relationship - the higher inherent and control risk, the lower we want detection risk to be
102
when should you do more and less substantive testing based on control/inherent risk
if IR and CR are high, DR is set as low and more substantive testing will be performed if IR and CR are low, DR is set as high and less substantive testing will be performed
103
what is materiality
guides audit planning, testing and assessment of information in financial statement info is material if it impacts the decision making process of users of the financial statement
104
what are qualitative materiality factors
nature of the item ie fraud, non compliance with laws, related party transactions use professional judgement based upon knowledge of client and needs of users
105
what are quantitative materiality factors
magnitude of item - percentage of base figure
106
what are common bases and percents of materiality
``` 5-10% pretax normalized profit 0.5-1% total assets 0.5-5% equity 0.5-2% revenues/expenditures 0.5-5% gross profit or average of above measures ```
107
what is performance materiality
amount less than the planning materiality to reduce likelihood that any uncorrected misstatements do not exceed overall materiality -- 60-85%
108
how do materiality and audit risk differ
materiality is about the users, audit risk is about the business lower materiality if client is higher risk
109
what is specific performance materiality
materiality for particular class of transactions - materiality is dropped if higher risk transactions ie debt covenant
110
what is audit strategy
determination of the amount of time spent testing client's internal controls and conducting detailed testing of transactions and account balances - sets scope, timing and direction of the audit - provides basis for developing detailed audit plan - based on preliminary assessments of IR and CR
111
client performance measures
in gaining understanding of client, auditor should learn how client measures its own performance - liquidity - ability of company to meet needs for cash in short term and long term - profitability - concerned about shareholders ie how much are they willing to pay per dollar of earnings
112
what are analytical procedures and when are they conducted
evaluation of financial info by studying plausible links among financial and non financial data conducted throughout audit in: planning - highlight unusual fluctuations, identify risk execution - estimating account balances reporting - overall review
113
what are common analytical procedures
simple comparisons trend analysis (horizontal analysis) common size analysis (vertical analysis) ratio analysis
114
what is trend analysis
ratios over time, comparison of account balances over time select base year and restate accounts in subsequent years as % of that base ie COGS as percentage of sales
115
what is common size analysis
comparison of account balances with a single line item allows auditor to see how much account contributes to totals in statements can trace relative contribution of various accounts through time ie AR as percentage of total assets
116
what is ratio analysis
liquidity ratios, solvency ratios, inventory turnover
117
what are factors to consider when conducting analytical procedures
reliability of client data ability to make comparisons over time following sources generally considered reliable (audited info)
118
what are the three categories of assertions
assertions about classes of transactions - items related to daily operations of the firm, things on income statement assertions about account balances - on balance sheet assertions about presentation and disclosure - how things are presented on balance sheet and notes disclosure
119
what are the assertions about classes of transactions
``` occurrence completeness accuracy cut-off classification ```
120
what is occurrence assertion
transactions and events that have been recorded have occurred and pertain to the entity
121
what is completeness assertion | transactions
all transactions and events that should have been recorded have been recorded
122
what is accuracy assertion
amounts and other data relating to recorded transactions and events have been recorded properly
123
what is cut-off assertion
transactions and events have been recorded in the correct accounting period
124
what is classifications assertion
transactions and events have been recorded in the proper account
125
what are the assertions about account balances at year end
existence rights and obligations completeness valuation and allocation
126
what is existence assertion
assets, liabilities and equity interests exist
127
what are rights and obligations assertion
entity holds or controls the rights to assets and liabilities are the obligation of the entity
128
what is completeness assertion | account balances
assets, liabilities, equity interests that should have been recorded are recorded
129
what is valuation and allocation assertion
assets, liabilities, and equity are included in financial report at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded
130
what are the assertions about presentation and disclosure
occurrence, rights and obligations completeness classification and understandability accuracy and valuation
131
what is occurrence, rights and obligations assertion
disclosed events/transactions/other have occurred and pertain to entity
132
what is completeness assertion | presentation and disclosure
all disclosures that should have been included in financial report have been included
133
what is classification and understandability assertion
financial info is appropriate presented and described and disclosures are clearly expressed- users able to understand it
134
what is accuracy and valuation assertions
financial and other info is disclosed fairly and at appropriate amounts
135
what characteristics should good evidence have
sufficient - quantity of evidence appropriate - quality of evidence relevant reliable
136
what are the seven types of evidence
``` written/documentary verbal computational physical electronic confirmations representations - legal letter ```
137
what is an external confirmation
evidence obtained as a direct written response to the auditor from the third party ie bank confirmation
138
what is a negative and positive confirmation
negative - only reply if the information is wrong | positive - reply either way
139
what are the steps in using an expert
1. assess the need to use an expert 2. scope of work to be carried out 3. assess capability of expert 4. assess objectivity of expert 5. assess expert's report 6. responsibility for the conclusion - rests with auditor
140
when using work of another auditor, what should you consider
same standard objectivity gathering sufficient, appropriate evidence
141
what are evidence gathering procedures
``` inspection of records and documents inspection of tangible assets observation of client staff enquiry recalculations reperformance analytical procedures ```
142
what should you consider when drawing conclusions
does the auditor have sufficient, appropriate evidence on which to base conclusions does evidence address significant risks faced by the client form an audit opinion and report
143
what are working papers
document each stage of audit provides evidence of work completed, details evidence demonstrate to third party what you did defense against negligence claim current and permanent file (ie 5 year long loan details)
144
audit plan
contains audit procedures for testing controls and conducting substantive tests
145
when is assessment of control risk made
after gaining an understanding of the client during the planning stage
146
what are examples of control testing procedures
inspection of documents for evidence of authorization inspection of documents for evidence that details been checked by appropriate client personnel observation of client personnel performing various tasks ie opening mail, conducting inv. Count enquiry of client personnel about how they perform their tasks re-performing control procedures to test their effectiveness
147
what are the three types of substantive testing
substantive tests of transactions substantive tests of balances analytical procedures
148
what is the nature of audit testing
purpose of the test (assertion) and procedure used (inspection, observation, enquiry, confirmation, recalculation, reperformance, analytical)
149
what is the timing of audit testing
date that audit evidence relates to | stage of audit when procedures are done - interim vs year end
150
what testing is done in interim and what testing is done year-end
interim - control testing, low risk accounts | year- end - high risk accounts, accounts affected by high deviations in control tests, cut-off assertion
151
what is the extent of audit testing
amount of audit evidence gathered: increase extent of control testing when control risk is low reduce extent of substantive testing and increase extent of reliance on analytical procedures when lower control risk do little or no control testing with predominantly substantive strategy b/c high control risk
152
what is audit sampling
auditor doesn't test entire group of transactions in balance | sample of items tested should be representative of population
153
what is sampling risk
risk that sample chosen by auditor is not representative of the population available for testing and causes auditor to arrive at inappropriate conclusion
154
what are the two consequences of sampling risk
1. risk that audit will be ineffective ie conclude that balance is correct when it's not 2. risk that audit will be inefficient ie conclude it's wrong and end up doing more testing when it was actually right
155
what does sampling risk test in controls and substantive tests
controls - deviations | substantive tests - misstatements
156
what is non-sampling risk?
risk auditor makes inappropriate conclusion for reason unrelate to sampling issues
157
what are examples of non-sampling risk
use inappropriate audit procedures rely too heavily on unreliable evidence spend too little time testing high risk accounts/critical controls
158
what is statistical sampling
involves random selection and probability theory to evaluate results and sampling risk allows measurement of sampling risk can be costly
159
what is non statistical sampling
allows auditor to use judgement to select sample items used when account is low risk more common in smaller companies sometimes judgement is good
160
what are the 5 sampling methods
``` random selection systematic selection haphazard selection block selection judgemental selection ```
161
what is random selection
person can't influence choice of items each item has equal chance of being selected sample can be stratified before selecting random sample to increase efficiency
162
what is systematic selection
divide # of items in population by sample size, giving sampling interval n. select starting point and take every nth item can randomly order first to make more random
163
what is haphazard selection
auditor does not use methodical technique | personal bias could affect choice
164
what is block selection
select items grouped together ie stock of invoices sequence of items might make this inappropriate not statistical
165
what is judgemental selection
auditor chooses items based on judgement | non statistical
166
what factors should you consider when selecting sample?
consider: detection risk and planning materiality define error for test, set tolerable error and confidence level required
167
how to define population
control testing - draw sample from entire financial year | substantive testing - population from which sample is drawn must be defined according to assertion being tested
168
what are factors that influence control testing sample size
o larger sample size if auditor intends to rely more heavily on control to reduce substantive testing o smaller sample size if auditor willing to tolerate higher deviation rate for that control o larger sample size if auditor expects population to have higher rate of deviation for that control o larger sample size if auditor requires greater confidence that control is operating effectively (ie wants lower control risk)
169
what are factors that influence substantive sample size
o larger sample size if auditor assesses risk of material misstatement as greater (higher IR, CR) o smaller sample size if auditor also using other substantive procedures for same assertion o larger sample size if auditor requires greater confidence from results of tests (requires lower DR) o smaller sample size if auditor willing to accept greater total error (higher tolerable misstatement) o greater sample size if auditor expects to find greater misstatement in population o smaller sample size if auditor using stratification of population o very little change to sample size if population has more sampling units (once you’re at a point, there’s no change)
170
what do sample tests provide evidence for (for control and substantive tests)
``` control - control is effective within entire population substantive test - class or transactions of account balance tested is fairly stated ```
171
what do you do if errors are found in sample?
control test - calculate deviation rate for population | substantive test - calculate misstatement of transactions/account balance for population
172
how do you project monetary errors in sample to population
``` remove unique errors consider if sample stratified projected error = size of error/size of sample x size of population is total projected error tolerable? more testing required? ```
173
what is internal control
encompasses the entity's resources, systems, process, culture, structure and tasks
174
what internal controls do auditors focus on?
ones that have direct impact on entity's financial recording, compliance and asset safeguarding
175
what are the three characteristics of internal control
process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about achievement of entity's objectives
176
what three things should internal control regard
with regard to reliability of financial reporting effectiveness and efficiency of operations compliance with applicable laws and regulations
177
what are the 7 objectives of internal controls
``` real recorded valued classified summarized posted timely ```
178
what are limitations of internal control systems
human error that results in control breakdown ineffective understanding of control's purpose collusion by two or more individuals to avoid control software program being overridden/disabled management decisions about nature or extent of controls being implemented - cost/benefit analysis
179
what are the five parts of entity level internal controls
1. the control environment - culture, structure and discipline of an entity 2. the entity's risk assessment process - how entity identifies and responds to risk 3. information systems and communications 4. control activities - policies and procedures that help make sure management's directives are carried out 5. monitoring of control
180
what should auditor consider when understanding client's control activities
* Extent of reliance on IT * Existence of necessary policies and procedures * Extent to which control policies are being applied * Clarity of management objectives for controls * Existence of planning and reporting systems for performance and investigation of variance, and management action to follow up * Extent of segregation of duties * Software controls over access to data and programs * Periodic comparison between records and assets * Safeguards over access to documents, records, assets
181
why is entity internal control difficult in small entities
difficult to implement formal controls reliance on owner - can detect material errors but also has potential to override controls difficult to segregate duties so auditor should increase substantive procedures to compensate for weak controls
182
what are transaction level controls
impact a particular transaction or group of transactions | aimed at preventing or detecting errors
183
what does an auditor do to gain understanding of transaction level controls
1. identifies major events and transactions in process 2. identifies risks to correct processing - WCGW 3. for each WCGW, auditor identifies one or more controls 4. understanding is documented and used to guide evaluation and testing of internal controls
184
what are preventative controls
helps to avoid errors from occurring | BUT avoiding an error does not always result in evidence that control worked or worked efectively
185
what are detective controls
necessary to discover fraud or errors that occurred during transactions period
186
what are four components of detective controls
completely and accurately capture all relevant data identify all potentially significant errors performed on consistent and regular basis include follow up and correction on timely basis of any misstatements/issues detected
187
manual v automoated controls
manual controls don't rely on IT for operation automated controls generally rely on client's IT can also have IT dependent manual controls
188
what are auditor's techniques for testing controls
``` enquiry observation inspection of physical evidence reperformance professional judgement ```
189
what is professional judgement used to decide when testing controls
which controls to select or testing how much testing is required timing of tests of controls
190
what should you consider when deciding whether there's a need for additional tests of controls
results of enquiries and observation evidence provided by other tests changes in overall environment
191
what's important when documenting conclusions
results of control testing documented in working papers document in sufficient detail to allow another audit to perform same test just in case you end up in court
192
what are common forms of documenting controls
narratives flowcharts combination of narratives and flowcharts checklists and preformatted questionnaries
193
how do you identify strengths and weaknesses in controls
identify strengths and weaknesses that have financial reporting impact identify internal control exceptions where control did not operate as intended draw conclusions about control risk
194
what is the purpose of management letters
management might not have known they have weaknesses in control system so auditor needs to tell them requires auditor to provide those charged with governance timely observations arising that are significant and relevant to financial reporting process recommendations based on internal control weaknesses professional judgement required about matters to include allows management to document their actions in response and inform those with governance can use both interim and final management letters
195
what are factors that make audit evidence reliable
obtained through auditor's direct personal knowledge obtained through independent provider high degree of objectivity provider has adequate qualifications system of internal control producing the information is effective
196
what must the audit documentation of audit procedures include?
1. identify characteristics of the specific items or matters tested 2 who performed the audit work and dates work was completed 3. who reviewed the audit work performed and the date and extent of review
197
what are advantages of statistical sampling
helps auditor design efficient sample helps auditor measure sufficiency of evidence obtained helps auditor quantify sampling risk
198
what are disadvantages of statistical sampling
costs of training auditors in proper use of sampling techniques costs of designing and conducting sampling application potential lack of consistent application across audit teams due to complexity
199
what duties should be segregated
authorization or approval of transactions affecting assets custody of assets recording or reporting of transactions control over processing of transaction separated from recording or reporting transaction
200
what are four things to create a strong control environemnt
have code of conduct and ensure all employees are aware of it and follow it hire competent ethical employees assign responsibility and authority - have job descriptions ensure human resource policies are in place over hiring, training, evaluating, counselling, promoting and compensating employees
201
what are the four types of tests
inquiry observation inspection of physical evidence re-performance