Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CITP > Risk Assessment (c)(i) and (c)(ii) > Flashcards

Risk Assessment (c)(i) and (c)(ii) Flashcards

1
Q

What is “Audit Risk”?

A
  • Audit Risk = RMM x DR (Detection Risk)
  • Level of risk that is acceptable to the audit firm
  • Auditor must consider risk of misstatement individually and in aggregate w/ other misstatements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

“Audit Risk” is a function of what 3 primary risks:

A

AR = ICD!

  1. Inherent Risk - Risk before controls are considered that could lead to material misstatement
  2. Control Risk - Ability of IC to prevent or detect material misstatement in timely manner
  3. Detection Risk - Risk that audit procedures will fail to detect material misstatement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is “Inherent Risk”?

A
  • Evaluate risk w/out regard of possible mitigating activities and controls that could lead to material misstatement, assuming no other related controls
  • ID risks inherent to entity or audit, even if entity cannot affect it
  • Ex: Entity’s environment and Entity’s IT (including financial data, data processing, and financial reporting processes)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are examples of “Inherent Risk” with an Entity’s Environment?

A

(1) Current Economy
(2) Industry Risks
(3) Entity-Specific Risks
- Large volumes of transactions mean probability of misstatement is proportional to its size
- Certain geographic locations have more IR (flood zone)
- Complex business processes or IT, use of ERP or enterprise-wide systems, history of noncompliance, history of not responding to auditors’ reports on deficiencies and heavy regulated entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are examples of high “Inherent Risk” with Entity’s IT?

A

(1) Data transfers
- Anytime data transferred from one system to another
(2) Software coding
- More programming, more risk
- To mitigate IT risks associated w/ AppDev is to employ SDLC best practices principles
(3) Database administrator (DBA)
- DBA can circumvent strong network and application controls
- Need proper SoD and mitigating controls(ex: no access to keying data, running apps, implementing apps or developing systems)
(4) O/S Admins
(5) Unauthorized access to O/S presents high IR of access to data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is “Control Risk” and how should it be assessed?

A
  • Likelihood or risk that material misstatement exists in transactions, events, disclosures or acct balances will not be prevented or detected by entity’s system of internal controls in a timely manner
  • To assess CR, CITP need to:
    (a) Consider nature of controls (automated vs manual, key vs non-key)
    (b) Use framework to mitigate controls (Preventive-Detective-Corrective/P-D-C model)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the P-D-C Controls Model?

A
  • A framework for evaluating risks associated w/ controls
    (1) Preventive Controls
    (2) Detective Controls
    (3) Corrective (Mitigating) Controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are “Preventive Controls”?

A
  • Designed to prevent adverse event from ever occurring

- Ex: Preventive controls implemented to prevent data keypunch errors, fraud, or bugs in software dev

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are “Detective Controls”?

A
  • Designed to detect adverse event if occurs
  • If error in data occur, detective control capable of ID’ing it
  • Ex: Use CAAT to ID gaps or duplicates in check numbers for disbursements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are “Corrective (Mitigating) Controls”?

A
  • If adverse event occurs and detected, corrective control corrects the event and reestablish equilibrium, correct data, correct workflow, etc
  • Ex: Use errors logs in App. Program written to ID anomalies (Detective). If found, send report. Person corrects errors and resubmits to reprocess (Corrective)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the definition of “Key Controls”?

A
  • A key control is one that prevents or detects material misstatement
  • Relates to materiality and likelihood
  • Also called Primary Controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are examples of “Key Controls”?

A
  • A control or combo of that covers all risks, objectives, and assertions in a
    financial process related to RMM
  • A control at the pinnacle of a hierarchy of controls over same process, risk or assertion
  • A control designed to mitigate RMM arising from a process, and if failed, entity would fail to prevent or detect material misstatement
  • A control that covers a risk that no other control also covers is by default a key control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are “Non-Key Controls”?

A
  • A control that does not fit as a Key Control

- Ex: A control that is designed to prevent or detect only immaterial errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is “Detection Risk”?

A
  • Risk that audit procedures will fail to detect material misstatement
  • Reflects level of substantive procedures and further audit procedures needed to sufficiently minimize Audit Risk to an acceptable level based on the other risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CITP (29 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions