456 midterm Flashcards Preview

acctg > 456 midterm > Flashcards

Flashcards in 456 midterm Deck (201):

what is an audit

engagement where practitioner issues written report and concludes on a subject matter for which accountable party is responsible


what are the five types of audit and explain them

1. financial statement audit
2. compliance audit - making sure info is in compliance with particular act
3. operational audit - looking at how things are being opperated
4. comprehensive audit - doing more than one thing at the same time
5. internal audit - internal departments provide assurance about aspects of activities


what is management's responsibility

to prepare the financial statements (charged with governance)


what are five attributes that financial statements should include

relevant - impact user's decisions
reliable - unbiased
comparable - through time
fair presentation - according to standards or framework


what is auditors responsilibty

provide level of assurance that numbers are fair


what are three attributes auditors should have

professional skepticism
professional judgement
due care


what is professional skepticism

open and questioning mind - not accepting everything as true and not accepting everything as false


what is due care

do work thoroughly, properly, correctly


who are the users of financial statements

shareholders, owners of business
general public


reasons why users demand audited financial statements

remoteness - can't see what managers are doing, dont have access to entity
complexity - don't have accounting/legal knowledge
competing incentives - can be biased
reliability - need to make sure info is reliable, have real consequences


what are the three frameworks

agency theory
information hypothesis
insurance hypothesis


what is the agency theory

managers behave opportunistically
focused on own self interests
so shareholders willing to pay to have them monitored
good quality managers willing to have audits


what is information hypothesis

users value higher quality information when they know it's accurate
audited info more valued- lower risk premium


what is insurance hypothesis

investors use audited info to insure against potential losses


what are the limitations of an audit

no guarentee that statements are free from error/fraud
required to be performed within reasonable period and cost
judgement is required in process - not always right


what are the different levels of assurance

reasonable assurance
moderate assurance
no assurance


what reports are the different levels of assurance related with?

reasonable assurance - audit
moderate assurance - review engagement
limited assurance - notice to reader / compilation engagement


what is reasonable assurance

gathering sufficient evidence to form positive expression of opinion regarding whether info being assured is presented fairly
highest, but not absolute, assurance


what is moderate assurance

gathering sufficient evidence to form negative expression of opinion regarding reliability of information being assured
nothing has come to attention of reader


what is no assurance

reports on factual findings (ie mathematical accuracy) and does not express an opinion


what are misstatements?

only happens in audit or review engagement
differences between reported financial statement and correct reporting required by standards
can't force them to change misstatement but can tell them the consequences


what are the factors to consider when evaluating

risk of additional misstatements remaining undetected
effects of misstatements on debt covenants/contracts
whether error or judgemental misstatement
reversing effect on current year's financial report on misstatements identified in previous year
recurring differences will be more material in future
fraud, illegal acts
significance of financial statement element affected by misstatement
effect of misstatements on segment info/key ratio
changes net income into net loss


what is a schedule of uncorrected differences

auditor keeps list of all the errors they find in order to assess overall effect on financial statements and/or individual items/balances
consider effect on future year's reports


what is another name for schedule of uncorrected differences

summary of unadjusted differences
summary of uncorrected differences


what is the significance of prior year misstatements

immaterial in previous year but could be material this year
consider potential to reverse in next year


what is the format of an audit report

name of audit firm/address
addressed to shareholders/board
audit opinion
basis for opinion
key audit matters - judgement
responsibility of management
responsibility of auditor
other reporting responsibilities
name of engagement partner
auditors signature
auditors address


how do you form an opinion

1. evaluate audit evidence obtained
2. evaluate effects of unrecorded misstatements and qualitative aspects of entity's accounting
3. evaluate whether financial statements are properly prepared/presented according to standards
4. evaluate fair presentation of statements in accordance with applicable reporting framework


what are the different audit opinions

unmodified opinion
qualified opinion
adverse opinion
disclaimer of opinion


what is an unmodified opinion

unqualified or clean


what is a qualified opinion

auditor concludes financial statements contain material misstatement or wasn't able to obtain sufficient appropriate evidence but misstatement was material but NOT pervasive


what is an adverse opinion

misstatement is material and pervasive
statements are not fair


what is a disclaimer of opinion

wasn't able to obtain sufficient appropriate evidence so wasn't able to form an opinion and is material and pervasive


limitation of scope

auditor's inability to perform procedures or an imposition by entity
ie timing problems
records damaged/not complete
restricted to locations
if material but not pervasive: qualified
if material and pervasive: disclaimer of opinion


why might an auditor need to modify the opinion

emphasize certain matter - emphasis of matter (doesn't affect opinion, could still be unqualified)
express qualified, adverse, disclaimer of opinion


conditions leading to modified audit report?

significant uncertainty exists that should be brought to reader's attention
limitation of scope
disagreement with management regarding application of accounting policies or disclosure


what is emphasis of matter

applies when resolution of matter is dependent on future actions and events not under direct control of entity but may affect statements and matter IS disclosed in statements


what are some examples of when to use emphasis of matter

significant uncertainty: going concern, litigation
additional disclosures
early adoption of new accounting standard with significant impacts on statement
major catastrophe
subsequent event resulting in new information after year end


what are examples regulators

auditing and assurance oversight council (AASOC)
auditing and assurance standards board (AASB)
international auditing and assurance standards board (IAASB)
Canadian Business Corporation Act (CBCA)
Canadian Securities Administrator (CSA)
Canadian Public Accountability Board (CPAB)
Toronto Stock Exchange (TSX)
Professional Accounting Bodies (CPA Canada, CPA Alberta)


what is the audit expectation gap

differences between expectations of assurance providers and statement users


what causes the audit expectation gap

unrealistic expectations including:
auditor providing complete assurance
auditor guaranteeing future viability of entity
unqualified opinion denotes complete accuracy
auditor will find all frauds


how can you reduce the expectation gap?

auditors performing their duties appropriately
undertaking peer reviews of work performed
reviewing and updating auditing standards
educating the public
enhanced reporting explaining audit processes and levels of opinion auditors provide
greater attention to the risk of material fraud occuring


what are the fundamental ethical principles auditors must have

integrity - straightforward and honest
objectivity - unbiased, don't allow things to influence you
professional competence and due care - maintain knowledge and skill at level required
confidentiality - refrain from disclosing information
professional behaviour - comply with rules and regulations and don't harm reputation of profession


what is auditor independence

ability to act with integrity, objectivity and with professional skepticism


what are the two types of independence auditors must have

independence of mind - ability to act independently, actual independency
independence in appearance - belief by others that independence of mind has been achieved, perceived independence


what are the five threats to independence

self interest
self review


what is self interest threat and give an example

audit firm has financial interest in audit client
ie shares owned in the client


what is the self review threat and give an example

auditor needs to form opinion on own work done by themself
ie preparing info for client that is then assured


what is the advocacy threat and give an example

audit firm believed to act on behalf of client
ie encouraging others to buy client's shares


what is the familiarity threat and give an example

when close relationship exists between assurance firm and client
ie former partner of firm is CEO at client


what is the intimidation threat and give an example

auditor feels threatened by client's staff and is unable to act objectively, fearing negative consequences
ie threat that client will use different assurance firm next year if they're not given a clean opinion


what are the additional requirements for public companies with market capitalization and book value of total assets greater than $10 million

audit partner rotated off every 7 years with 5 year break from audit engagement
audit committee must pre-approve all services provided to by the client
partners can't be directly compensated for selling non assurance services
if engagement team member accepts employment in financial reporting role with client, firm refrains from being auditor of client for one year from last filing - cooling off period


what are the safeguards to independence (three categories)

created by profession, legislation, regulation:
quality control standards
code of ethics
legislative requirement to be independent
created by clients:
corporate governance to guide and control
policies and procedures
audit committee - liaise, enhance independence
created by accounting firms:
quality control procedures
client acceptance and continuance
rotation policies
provide continuing education for staff


what groups do auditors have relationships with

board of directors
audit committee
internal auditors


describe auditor's relationship with shareholders

audit report addressed to them
formal responsibility for auditor appointment


describe auditor's relationship with board of directors

ensure company is being run to benefit shareholders
executive and non executive members (majority should be independent)


describe auditor's relationship with audit commitee

acts on behalf of board in financial reporting and audit matters
aid to auditor independence
meet with external and internal auditors


describe auditor's relationship with internal auditors

if effective internal audits, external auditor can modify nature and timing of procedures and reduce extent of testing
depends on internal auditor's:
technical competence ie training
due professional care
communication with external auditors


what legal liability do auditors have

must exercise due care and be diligent in applying standards and documenting work


when can auditor be found negligent and liable for damages under tort law

duty of care was owed
breach of duty
loss was suffered as a consequence of that breach


what legal liability do auditors have to clients

1. contract- failed duty of care implicit in acting as auditor and explicit in engagement letter
2. negligence/tort law - failed in performance of audit by being careless and breaching duty of care


what legal liability do auditors have to third parties

negligence/tort law


how do you determine legal liability to third parties

need to establish duty of care was owed to third party
auditors negligence was responsible to third party's loss
must establish auditor was aware third party was going to use financial statement
must establish third party relied on financial statements for purpose they were prepared


what is contributory negligence

plaintiff and the defendant can be proven to both be negligent and each party must be held responsible in proportion to their guilt


steps to take to avoid litigation

hire competent staff, regular training
comply with ethical and auditor regulations
implement policies and procedures
client acceptance
staff allocation
ethical and independence issue identification
adequate work documentation - to show in court
gather adequate and appropriate evidence to support opinion
meet with client's audit committee to discuss significant issues arising in audit
follow up significant weaknesses in client's internal control procedures from last year


what are the three steps of client acceptance and continuance

1. access client integrity
2. assess audit firm's ability to meet ethical requirements, service client
3. prepare client engagement letter


what should auditor consider when assessing client integrity

reputation of client
client's reason for switching auditor
client's attitude to risk exposure and management
client's attitude to using internal controls
appropriateness of client's interpretation of accounting rules
client's willingness to allow auditor full access to info required to form opinion
client's attitude and willingness to pay fair amount for audit work


where can auditor obtain info from when assessing client integrity

talking with prior auditor
client personnel
third parties
key competitors
reading press articles


what are ethical requirements auditor should consider with client acceptance

threats to fundamental principles arise from appointment
ensure audit firm has sufficient staff available with required knowledge to complete audit
consider potential safeguards and remedies
decline appointment if threat insurmountable


what is a client engagement letter

prepared by auditor and acknowledged by client
explains scope of audit, timing of aspects of audit, overview of client responsibilities
identifies reporting framework and forms content of report
confirms auditors right of access to info, independence considerations
sets fees


what are the stages of an audit

1. planning
2. performing/execution
3. reporting


what are examples of preliminary risk identification

fraud risk
going concern risk
corporate governance
understand internal controls
understand IT environment
significant accounts
significant transactions of processes
closing procedures
understand client
identify related parties


what are the three levels to gaining an understanding of the client

entity level issues
industry level issues
economy level issues


what is entity level issues and examples

understanding the client in detail to understand accounts at risk:
 identification and appropriate disclosure of client’s related parties ie parent companies, subsidiaries, investments
 it’s major customers
 it’s major suppliers
 client’s capacity to adapt to changes in technology and other trends
 warranties and discounts offered to customers
 client operations
 employee contracts, relations with employees
 sources of financing
 ownership structure
 ID related parties


what is industry level issues and examples

understanding the client's position in the industry
 risks from nature of industry and client’s position within it
 compare client to national and international competitors – level of competition
 auditor may have special industry expertise and knowledge
 competitive pressure on client’s profits, ability to withstand industry downturn
 client’s reputation relative to competitors, risk of losing business and profits
 level of gov. support for industry and impact of government regulation
 overall level of demand for industry goods


what is economy level issues and examples

how do overall economic conditions affect the client
 Interest rate changes, financial crises
 Shareholder expectations of increasing profits in good times
 What are specific pressures on client to understate/overstate profits in these conditions


what is fraud risk

auditor must assess risk of material misstatement due to fraud


what must auditor do when assessing fraud risk

adopt attitude of professional skepticism
maintain independent questioning mind
search thoroughly for evidence to validate info provided by client
don't just rely on past experience with client, remain independent of client


what are the two types of fraud

1. financial reporting fraud
2. misappropriation of assets fraud


what are examples of financial reporting fraud

improper asset values, unrecorded liabilities
delaying expenses, bringing forward revenues
fictitious revenues, understating expenses
inappropriate application of accounting principles


what are examples of misappropriation of assets fraud?

using company credit card for personal items
failure to remove ex employees from payroll
unauthorized discounts/refunds to customers
theft of stock/other assets


what are incentives/pressures client may be inclined to commit fraud

competitive pressures, falling demand, falling profits, threat of bankruptcy
rapid growth, low cash with high profits
pressure to meet market expectations, plants to list on stock exchange
about to enter into significant new contracts
remuneration tied to profits


opportunities for fraud to be committed

accounts that rely on estimates and judgements
high volume of transactions near year end
significant related party transactions
complex or unusual transactions
significant adjusting entires and reversals after year end
poor corporate governance, poor internal controls
high staff turnover


rationalizations to fraud

poor tone at the top
poor attitudes to internal controls
excessive focus on maximizing profits/share prices
poor attitudes to compliance with accounting regulations
rationalization that other companies 'do it too'


auditor should perform specific procedures related to fraud

ask management if they're aware/suspect a fraud
all audit team members should attend team planning meeting where they review significant fraud risk factors and financial statement elements susceptible to ffraud
perform preliminary analytics to aid in identifying unusual relationships
consider risk of management override


what is going concern risk

consider whether appropriate to assume client remains a going concern


what are indicators of going concern risk

significant debt/equity ratio
long term loans due with no alternative financing
prolonged losses, inability to pay debts when due
loss of significant customer, supplier problems
high staff turnover, loss of key personnel, srikes
problems obtaining raw materials, inputs
poor growth planning, inadequate risk management
being under investigation for non compliance
competitive pressures, drought etc


if going concern is in doubt, what additional audit procedures should you undertake?

assess cash flow, revenues, expenses, interim results
review debt contracts, board meeting minutes
discussions with client management and auditor


what factors reduce going concern risk?

letter of guarantee from parent company
availability of assets/segment of business for sale for cash
ability to raise funds through share issue or borrowing
ability to sell unprofitable segment of business


what is corporate governance

the rules, systems and processes within companies used to guide and control activities


what are risks associated with IT environment?

unauthorized access to computers, software, data
errors in programs
lack of backup and loss of data
appropriate IT installation and security procedures and training for staff


what are the two client controls to reduce IT risks

general controls - doesn't relate to specific application
ie password protections, authorization
application controls -
ie who can access payroll software, debits/credits have to equal in accounting software


what are some risks associated with inadequate client closing procedures

revenue/expense accounts should include all transactions in year and none from other periods
accrued assets and liabilities are complete
assets and liabilities should include all relevant items


what are the audit procedures to assess adequacy of client closing procedures

assess adequacy of client interim reporting procedures
check accuracy of accrual calculations
analyze results to assess reasonableness
consider pressures on client to overstate profit or report smoothed income
trace transactions around year end to documents to determine appropriate dates


what are the stages in audit risk minimization

1. identification of accounts and related assertions most at risk of material misstatement (inherent risk)
2. assessment of client's system of internal controls (control risk)
3. auditor plans to undertake detailed testing of each identified account to the extent determined necessary


what is significant rask

identified and assessed risk of material misstatement that requires special audit consideration


what does significant risk involve

involves fraud
related to significant economic/accounting development
involves complex transactions
involves significant related party transactions
involves subjectivity in measurement of financial info


what is the function of audit risk (mathematical function)

AR = IR x CR x DR
audit risk = inherent risk x control risk x detection risk


what is inherent risk

risk that material misstatement could occur


what is control risk

risk that client's system of internal controls will not prevent or detect material misstatement


what is detection risk

risk that auditor's testing procedures will not be effective in detecting a material misstatement if there is one


what is the relationship between inherent/control risk and detection risk

inverse relationship - the higher inherent and control risk, the lower we want detection risk to be


when should you do more and less substantive testing based on control/inherent risk

if IR and CR are high, DR is set as low and more substantive testing will be performed
if IR and CR are low, DR is set as high and less substantive testing will be performed


what is materiality

guides audit planning, testing and assessment of information in financial statement
info is material if it impacts the decision making process of users of the financial statement


what are qualitative materiality factors

nature of the item
ie fraud, non compliance with laws, related party transactions
use professional judgement based upon knowledge of client and needs of users


what are quantitative materiality factors

magnitude of item - percentage of base figure


what are common bases and percents of materiality

5-10% pretax normalized profit
0.5-1% total assets
0.5-5% equity
0.5-2% revenues/expenditures
0.5-5% gross profit
or average of above measures


what is performance materiality

amount less than the planning materiality to reduce likelihood that any uncorrected misstatements do not exceed overall materiality -- 60-85%


how do materiality and audit risk differ

materiality is about the users, audit risk is about the business
lower materiality if client is higher risk


what is specific performance materiality

materiality for particular class of transactions - materiality is dropped if higher risk transactions ie debt covenant


what is audit strategy

determination of the amount of time spent testing client's internal controls and conducting detailed testing of transactions and account balances
-sets scope, timing and direction of the audit
-provides basis for developing detailed audit plan
-based on preliminary assessments of IR and CR


client performance measures

in gaining understanding of client, auditor should learn how client measures its own performance
-liquidity - ability of company to meet needs for cash in short term and long term
-profitability - concerned about shareholders ie how much are they willing to pay per dollar of earnings


what are analytical procedures and when are they conducted

evaluation of financial info by studying plausible links among financial and non financial data
conducted throughout audit in:
planning - highlight unusual fluctuations, identify risk
execution - estimating account balances
reporting - overall review


what are common analytical procedures

simple comparisons
trend analysis (horizontal analysis)
common size analysis (vertical analysis)
ratio analysis


what is trend analysis

ratios over time, comparison of account balances over time
select base year and restate accounts in subsequent years as % of that base
ie COGS as percentage of sales


what is common size analysis

comparison of account balances with a single line item
allows auditor to see how much account contributes to totals in statements
can trace relative contribution of various accounts through time
ie AR as percentage of total assets


what is ratio analysis

liquidity ratios, solvency ratios, inventory turnover


what are factors to consider when conducting analytical procedures

reliability of client data
ability to make comparisons over time
following sources generally considered reliable (audited info)


what are the three categories of assertions

assertions about classes of transactions - items related to daily operations of the firm, things on income statement
assertions about account balances - on balance sheet
assertions about presentation and disclosure - how things are presented on balance sheet and notes disclosure


what are the assertions about classes of transactions



what is occurrence assertion

transactions and events that have been recorded have occurred and pertain to the entity


what is completeness assertion

all transactions and events that should have been recorded have been recorded


what is accuracy assertion

amounts and other data relating to recorded transactions and events have been recorded properly


what is cut-off assertion

transactions and events have been recorded in the correct accounting period


what is classifications assertion

transactions and events have been recorded in the proper account


what are the assertions about account balances at year end

rights and obligations
valuation and allocation


what is existence assertion

assets, liabilities and equity interests exist


what are rights and obligations assertion

entity holds or controls the rights to assets and liabilities are the obligation of the entity


what is completeness assertion
(account balances)

assets, liabilities, equity interests that should have been recorded are recorded


what is valuation and allocation assertion

assets, liabilities, and equity are included in financial report at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded


what are the assertions about presentation and disclosure

occurrence, rights and obligations
classification and understandability
accuracy and valuation


what is occurrence, rights and obligations assertion

disclosed events/transactions/other have occurred and pertain to entity


what is completeness assertion
(presentation and disclosure)

all disclosures that should have been included in financial report have been included


what is classification and understandability assertion

financial info is appropriate presented and described and disclosures are clearly expressed- users able to understand it


what is accuracy and valuation assertions

financial and other info is disclosed fairly and at appropriate amounts


what characteristics should good evidence have

sufficient - quantity of evidence
appropriate - quality of evidence


what are the seven types of evidence

representations - legal letter


what is an external confirmation

evidence obtained as a direct written response to the auditor from the third party
ie bank confirmation


what is a negative and positive confirmation

negative - only reply if the information is wrong
positive - reply either way


what are the steps in using an expert

1. assess the need to use an expert
2. scope of work to be carried out
3. assess capability of expert
4. assess objectivity of expert
5. assess expert's report
6. responsibility for the conclusion - rests with auditor


when using work of another auditor, what should you consider

same standard
gathering sufficient, appropriate evidence


what are evidence gathering procedures

inspection of records and documents
inspection of tangible assets
observation of client staff
analytical procedures


what should you consider when drawing conclusions

does the auditor have sufficient, appropriate evidence on which to base conclusions
does evidence address significant risks faced by the client
form an audit opinion and report


what are working papers

document each stage of audit
provides evidence of work completed, details evidence
demonstrate to third party what you did
defense against negligence claim
current and permanent file (ie 5 year long loan details)


audit plan

contains audit procedures for testing controls and conducting substantive tests


when is assessment of control risk made

after gaining an understanding of the client during the planning stage


what are examples of control testing procedures

inspection of documents for evidence of authorization
inspection of documents for evidence that details been checked by appropriate client personnel
observation of client personnel performing various tasks ie opening mail, conducting inv. Count
enquiry of client personnel about how they perform their tasks
re-performing control procedures to test their effectiveness


what are the three types of substantive testing

substantive tests of transactions
substantive tests of balances
analytical procedures


what is the nature of audit testing

purpose of the test (assertion) and procedure used (inspection, observation, enquiry, confirmation, recalculation, reperformance, analytical)


what is the timing of audit testing

date that audit evidence relates to
stage of audit when procedures are done - interim vs year end


what testing is done in interim and what testing is done year-end

interim - control testing, low risk accounts
year- end - high risk accounts, accounts affected by high deviations in control tests, cut-off assertion


what is the extent of audit testing

amount of audit evidence gathered:
increase extent of control testing when control risk is low
reduce extent of substantive testing and increase extent of reliance on analytical procedures when lower control risk
do little or no control testing with predominantly substantive strategy b/c high control risk


what is audit sampling

auditor doesn't test entire group of transactions in balance
sample of items tested should be representative of population


what is sampling risk

risk that sample chosen by auditor is not representative of the population available for testing and causes auditor to arrive at inappropriate conclusion


what are the two consequences of sampling risk

1. risk that audit will be ineffective ie conclude that balance is correct when it's not
2. risk that audit will be inefficient ie conclude it's wrong and end up doing more testing when it was actually right


what does sampling risk test in controls and substantive tests

controls - deviations
substantive tests - misstatements


what is non-sampling risk?

risk auditor makes inappropriate conclusion for reason unrelate to sampling issues


what are examples of non-sampling risk

use inappropriate audit procedures
rely too heavily on unreliable evidence
spend too little time testing high risk accounts/critical controls


what is statistical sampling

involves random selection and probability theory to evaluate results and sampling risk
allows measurement of sampling risk
can be costly


what is non statistical sampling

allows auditor to use judgement to select sample items
used when account is low risk
more common in smaller companies
sometimes judgement is good


what are the 5 sampling methods

random selection
systematic selection
haphazard selection
block selection
judgemental selection


what is random selection

person can't influence choice of items
each item has equal chance of being selected
sample can be stratified before selecting random sample to increase efficiency


what is systematic selection

divide # of items in population by sample size, giving sampling interval n. select starting point and take every nth item
can randomly order first to make more random


what is haphazard selection

auditor does not use methodical technique
personal bias could affect choice


what is block selection

select items grouped together ie stock of invoices
sequence of items might make this inappropriate
not statistical


what is judgemental selection

auditor chooses items based on judgement
non statistical


what factors should you consider when selecting sample?

detection risk
and planning materiality
define error for test, set tolerable error and confidence level required


how to define population

control testing - draw sample from entire financial year
substantive testing - population from which sample is drawn must be defined according to assertion being tested


what are factors that influence control testing sample size

o larger sample size if auditor intends to rely more heavily on control to reduce substantive testing
o smaller sample size if auditor willing to tolerate higher deviation rate for that control
o larger sample size if auditor expects population to have higher rate of deviation for that control
o larger sample size if auditor requires greater confidence that control is operating effectively (ie wants lower control risk)


what are factors that influence substantive sample size

o larger sample size if auditor assesses risk of material misstatement as greater (higher IR, CR)
o smaller sample size if auditor also using other substantive procedures for same assertion
o larger sample size if auditor requires greater confidence from results of tests (requires lower DR)
o smaller sample size if auditor willing to accept greater total error (higher tolerable misstatement)
o greater sample size if auditor expects to find greater misstatement in population
o smaller sample size if auditor using stratification of population
o very little change to sample size if population has more sampling units (once you’re at a point, there’s no change)


what do sample tests provide evidence for (for control and substantive tests)

control - control is effective within entire population
substantive test - class or transactions of account balance tested is fairly stated


what do you do if errors are found in sample?

control test - calculate deviation rate for population
substantive test - calculate misstatement of transactions/account balance for population


how do you project monetary errors in sample to population

remove unique errors
consider if sample stratified
projected error = size of error/size of sample x size of population
is total projected error tolerable?
more testing required?


what is internal control

encompasses the entity's resources, systems, process, culture, structure and tasks


what internal controls do auditors focus on?

ones that have direct impact on entity's financial recording, compliance and asset safeguarding


what are the three characteristics of internal control

process designed, implemented and maintained
by those charged with governance, management and other personnel
to provide reasonable assurance about achievement of entity's objectives


what three things should internal control regard

with regard to
reliability of financial reporting
effectiveness and efficiency of operations
compliance with applicable laws and regulations


what are the 7 objectives of internal controls



what are limitations of internal control systems

human error that results in control breakdown
ineffective understanding of control's purpose
collusion by two or more individuals to avoid control
software program being overridden/disabled
management decisions about nature or extent of controls being implemented - cost/benefit analysis


what are the five parts of entity level internal controls

1. the control environment - culture, structure and discipline of an entity
2. the entity's risk assessment process - how entity identifies and responds to risk
3. information systems and communications
4. control activities - policies and procedures that help make sure management's directives are carried out
5. monitoring of control


what should auditor consider when understanding client's control activities

• Extent of reliance on IT
• Existence of necessary policies and procedures
• Extent to which control policies are being applied
• Clarity of management objectives for controls
• Existence of planning and reporting systems for performance and investigation of variance, and management action to follow up
• Extent of segregation of duties
• Software controls over access to data and programs
• Periodic comparison between records and assets
• Safeguards over access to documents, records, assets


why is entity internal control difficult in small entities

difficult to implement formal controls
reliance on owner - can detect material errors but also has potential to override controls
difficult to segregate duties
so auditor should increase substantive procedures to compensate for weak controls


what are transaction level controls

impact a particular transaction or group of transactions
aimed at preventing or detecting errors


what does an auditor do to gain understanding of transaction level controls

1. identifies major events and transactions in process
2. identifies risks to correct processing - WCGW
3. for each WCGW, auditor identifies one or more controls
4. understanding is documented and used to guide evaluation and testing of internal controls


what are preventative controls

helps to avoid errors from occurring
BUT avoiding an error does not always result in evidence that control worked or worked efectively


what are detective controls

necessary to discover fraud or errors that occurred during transactions period


what are four components of detective controls

completely and accurately capture all relevant data
identify all potentially significant errors
performed on consistent and regular basis
include follow up and correction on timely basis of any misstatements/issues detected


manual v automoated controls

manual controls don't rely on IT for operation
automated controls generally rely on client's IT
can also have IT dependent manual controls


what are auditor's techniques for testing controls

inspection of physical evidence
professional judgement


what is professional judgement used to decide when testing controls

which controls to select or testing
how much testing is required
timing of tests of controls


what should you consider when deciding whether there's a need for additional tests of controls

results of enquiries and observation
evidence provided by other tests
changes in overall environment


what's important when documenting conclusions

results of control testing documented in working papers
document in sufficient detail to allow another audit to perform same test
just in case you end up in court


what are common forms of documenting controls

combination of narratives and flowcharts
checklists and preformatted questionnaries


how do you identify strengths and weaknesses in controls

identify strengths and weaknesses that have financial reporting impact
identify internal control exceptions where control did not operate as intended
draw conclusions about control risk


what is the purpose of management letters

management might not have known they have weaknesses in control system so auditor needs to tell them
requires auditor to provide those charged with governance timely observations arising that are significant and relevant to financial reporting process
recommendations based on internal control weaknesses
professional judgement required about matters to include
allows management to document their actions in response and inform those with governance
can use both interim and final management letters


what are factors that make audit evidence reliable

obtained through auditor's direct personal knowledge
obtained through independent provider
high degree of objectivity
provider has adequate qualifications
system of internal control producing the information is effective


what must the audit documentation of audit procedures include?

1. identify characteristics of the specific items or matters tested
2 who performed the audit work and dates work was completed
3. who reviewed the audit work performed and the date and extent of review


what are advantages of statistical sampling

helps auditor design efficient sample
helps auditor measure sufficiency of evidence obtained
helps auditor quantify sampling risk


what are disadvantages of statistical sampling

costs of training auditors in proper use of sampling techniques
costs of designing and conducting sampling application
potential lack of consistent application across audit teams due to complexity


what duties should be segregated

authorization or approval of transactions affecting assets
custody of assets
recording or reporting of transactions
control over processing of transaction separated from recording or reporting transaction


what are four things to create a strong control environemnt

have code of conduct and ensure all employees are aware of it and follow it
hire competent ethical employees
assign responsibility and authority - have job descriptions
ensure human resource policies are in place over hiring, training, evaluating, counselling, promoting and compensating employees


what are the four types of tests

inspection of physical evidence