Chapter 3: Engagement Acceptance, Planning, and Risk Assessment Flashcards

1
Q

Before the auditor accepts an engagement, what communication between the predecessor and the auditor should be made?

A
  • Obtain client’s permission to make inquiries of the predecessor auditor.
    Specific inquiries include:
  • information that might bear on management integrity
  • disagreements with management over accounting principles, auditing procedures, or other similarly significant matters
  • the predecessor’s understanding as to the reasons for the change of auditors; and
  • communication to management, the audit committee, and those charged with governance regarding fraud, illegal acts by clients, and matters relating to internal control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

After accepting the engagement, what communication between the auditor and the predecessor can be made?

A

The auditor may:

  • make specific inquiries regarding matters that may affect the conduct of the audit (e.g., audit problems)
  • Review the predecessor’s audit documentation related to matters of continuing accounting and auditing significance

note that the auditor should not make reference to the work of the predecessor as the basis for the opinion (do your own work).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What should the auditor assess when considering the firm’s client acceptance and continuance policies?

A

The auditor should assess:

  • the firm’s ability to meet reporting deadlines
  • the firm’s ability to staff the engagement
  • independence
  • integrity of client management
  • the group engagement’s team ability to obtain sufficient appropriate audit evidence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What topics should be included in the agreement to audit engagement terms? What is the purpose of establishing such an understanding?

A

An understanding should include:

  • objectives and the scope of the audit
  • Management’s responsibilities
  • the auditor’s responsibilities
  • the limitations of the engagement
  • other matters, such as timing, client assistance, fees and billing, etc.

The purpose of the agreement is to reduce the risk of misunderstanding. Note that an agreement letter documenting the understanding is a requirement under PCAOB standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name the six main financial statement assertions for nonissuer and issuers
[COVERU and CEO APPROVED]

A
Nonissuer:
Completeness
cutOff
Valuation, allocation, and accuracy
Existence and occurence
Rights and obligations
Understandability and classification
Issuer:
Completeness
Existence
Occurrence   {CEO}
Allocation
Presentation
Rights
Obligation
Valuation
E
Disclosure   {APPROVED}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Name the relevant assertions for “transactions and events”

A
Completeness
(Proper Period) Cutoff
Accuracy
Classification
Occurence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name the relevant assertions for “account balances”

A

Completeness
Allocation and Valuation
Rights and Obligations
Existence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Name the relevant assertions for “presentation and disclosure”

A

Completeness
Understandability and Classification
Rights and Obligations, and Occurrence
Valuation and Accuracy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the audit strategy?

A

The audit strategy outlines the scope of the audit engagement, the reporting objectives, timing of the audit, and required communications, and the factors that determine the focus of the audit. The audit strategy also includes a preliminary assessment of materiality and tolerable misstatement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define materiality and tolerable misstatement

A

Materiality:
is the amount of error or omission that would affect the judgment of a reaonsable person. The auditor uses judgment to set the initial levels of materiality (including materiality for the financial statements as a whole, performance materiality, and materiality for particular classes of transactions, account balances, and disclosures), and to revise them appropriately throughout the audit.

Tolerable misstatement:
is the maximum error in a population that the auditor is willing to accept. Tolerable misstatement is the application of performance materiality to a particular sampling procedure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an audit plan?

A

A written audit plan (required for every audit) is a listing of audit procedures that the auditor believes are necessary to accomplish the objectives of the audit. The audit plan typically follows development of the audit strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What should be included in each step of the audit plan?

we cast our NET over the audit!

A

Each step of the audit plan should set out the procedure in detail, specifying the Nature, Extent, and Timing of the work to be performed and including a reference to the assertion under consideration.
(NET - Nature, Extent, Timing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

List the three types of audit procedures and tell why each is used

A

Risk assessment procedure - to obtain an understanding of the entity and its environment, including its internal control
Test of controls - to evaluate the operating effectiveness of internal control in preventing or detecting material misstatements
Substantive procedures - to detect material misstatements in the financial statements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the responsibilities of assistants when there are disagreements?

A

Assistants have a responsibility to exercise due professional care and to observe the standards of fieldwork. They should bring any disagreements with the conduct of the audit to the attention of the auditor-in-charge.
The assistant also has the right to document the disagreement, and, if necessary, to disassociate from the opinion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What factors determine the amount of reliance an independent auditor may place on the work of internal auditors?

A

The following factors affect the amount of reliance:

  • The objectivity of internal auditors (level of reporting within the organizational structure)
  • The competence of internal auditors
  • an evaluation of the work performed by internal auditors

Note that the external auditor remains solely responsible for the audit report, and may not share judgment responsibility with the internal auditor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Should an auditor refer to the work of a specialist in the auditor’s report?

A

Generally, in the case of an unmodified opinion, no reference is made to the work of a specialist. If, however, the auditor decides to express a modified opinion due to the work of the specialist, reference to the specialist may be made. The auditor may need the permission from the specialist before making reference to the specialist.
Under ISAs, the auditor is required to obtain permission from the specialist before making reference to the specialist in the report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Under PCAOB standards, what factors affect the nature and extent of necessary planning activities?

A
  • The size and complexity of the company
  • The auditor’s previous experience with the company
  • Changes in circumstances that occur during the audit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

According to PCAOB standards, what factors indicate less complex operations?

A
  • fewer business lines
  • less complex business processes and financial reporting systems
  • more centralized accounting functions
  • extensive involvement of senior management in day to day operations
  • fewer levels of management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The engagement partner is responsible for:

A
  • planning the audit
  • supervising the work of engagement team members
  • complying with relevant audit standards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What factors determine the nature, extent, and timing of supervision?

A
  • the size and complexity of the entity
  • the nature of the work assigned to each engagement team member
  • the assessed risk of material misstatement
  • the qualifications of the assistants
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Distinguish between the three types of material misstatements

A

Three types of material misstatements are:

  1. Factual misstatements: there is no doubt
  2. Judgmental misstatements: management and the auditor have material judgment differences on accounting estimates or the application of accounting policies
  3. Projected misstatements: this represents the auditor’s best estimate of misstatements in an audit sample to the population that the samples were drawn.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is audit risk? List and define the two elements of audit risk.

A

Audit risk is the risk that the auditor may unknowingly fail to modify appropriately the opionn on financial statements that are materially misstate. It is comprised of:

  1. Risk of Material Misstatement - the risk that the financial statements are materially misstated.
  2. Detection Risk - the risk that the auditor will not detect a material misstatement that exists in a relevant assertion.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

State the audit risk model including the relationship of detection risk to substantive tests

A

AR = RMM x DR
Audit Risk = Risk of Material Misstatement x Detection Risk
RMM = IR + CR
Note that as the acceptable level of detection risk increases, the assurance required from substantive tests decreases. As the acceptable level of detection risk decreases, the assurance require from substantive testing must increase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What are the two components of the risk of material misstatement?

A

RMM = IR + CR
Inherent Risk - The susceptibility of a relevant assertion to a material misstatement assuming there are no related controls
Control Risk - the risk that a material misstatement that could occur in a relevant assertion will not be prevented or detected (and corrected) on a timely basis by the entity’s internal control.

25
Q

What is the difference between error and fraud?

State the auditor’s responsibility to detect errors and fraud

A

An error is an unintentional misstatement or omission of amounts or disclosures in the financial statements
Fraud is an intentional action that results in misstatements or omissions of financial information with the intent to deceive financial statement users.

The auditor must plan and perform the audit (using due care and professional skepticism) to provide reasonable (not absolute) assurance about whether the financial statements are free of material misstatement, whether due to errors or fraud.

26
Q

Name the two types of fraud

A
  1. Fraudulent financial reporting

2. Misappropriation of assets, or defalcation (i.e. embezzlement)

27
Q

what fraud risk factors are generally present when fraud occurs?

A

The 3 conditions that generally are present when fraud occurs are:

  1. incentives/pressures
  2. opportunity
  3. rationalization

The auditor identifies and evaluates these fraud risk factors as part of assessing the risk of material misstatement due to fraud

28
Q

When analyzing fraud risk, which four attributes should the auditor consider?

A

The auditor should consider the following fraud risk attributes:

  1. Type of risk
  2. Significant of the risk
  3. Likelihood of the risk
  4. Pervasiveness of the risk
29
Q

How would an auditor report noncompliance of a law or regulation assuming:

1) it has a material effect on the financial statements
2) there is insufficient evidence; or
3) the client refuses to accept a modified report?

A

scenario 1: if not adequately reflected in the financial statements, a qualified opinion or adverse opinion should be issued
scenario 2: if unable to obtain sufficient evidence of a suspected noncompliance, a qualified opinion or disclaimer of opinion should be issued
scenario 3: if the client refuses to accept a modified report, the auditor should withdraw from the engagement and contact those charged with governance in writing

30
Q

Why is the auditor required to obtain an understanding of the entity and its environment?

A

To assess the risk of material misstatement and to make informed judgments about other audit matters such as:

  • materiality and tolerable misstatement
  • the entity’s selection and application of accounting procedures
  • areas that require special audit consideration
  • design and performance of further audit procedures
31
Q

What steps should the auditor perform in assessing and responding to risk?

A
  1. obtain an understanding of the entity and its environment, including its internal control
  2. assess the risk of material misstatement
  3. respond to the assessed level of risk by designing further audit procedures based on this assessment
  4. test internal controls to evaluate their operating effectiveness
  5. perform substantive tests
  6. evaluate the sufficiency and appropriateness of audit evidence obtained.
32
Q

what risk assessment procedures should the auditor use to obtain an understanding of the entity and its environment?

A

Risk assessment procedures include:

  • inquiry
  • analytical procedures
  • observation and inspection
  • risk assessment discussion
33
Q

what factors should be examined when obtaining an understanding of the entity and environment?

A

when obtaining an understanding of the entity and environment, the auditor should understand:

  • industry, regulatory, and other external factors
  • the nature of the entity
  • objectives, strategies, and business risks
  • the entity’s financial performance
  • internal control
  • the company’s selection and application of accounting principles (issuer audits-PCAOB standards)
34
Q

what are analytical procedures?

A

Evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data (e.g., ration analysis)

note: analytical procedures are required in the planning and final review phrases of the audit. They also may be used (but are not required) in substantive testing

35
Q

For what purposes are analytical procedures used in the audit planning phrase?

A

analytical procedures are used in planning the audit to understand the client’s business and to identify unusual transactions and events; amounts, ratios, or trends that might represent specific risks relevant to the audit

36
Q

What are the objective of internal control?

A
  1. to promote efficiency and effectiveness of operations
  2. to ensure reliable financial reporting
  3. to encourage compliance with applicable laws and regulations
37
Q

what are some inherent limitations of internal control?

A

Errors may be made in the performance of control procedures
Collusion provides a way to bypass controls related to segregation of duties
Top management can override internal controls
Segregation of duties may be difficult to achieve in a smaller entity

38
Q

what are the 5 components of internal control?

[CRIME]

A
Control environment
Risk assessment
Information and communication systems
Monitoring
Existing control activities
39
Q

Why is the control environment particularly important to internal control?

A

the control environment sets the tone of an organization, influencing the control consciousness of its employees, and providing the foundation for other components of internal control.

40
Q

What factors are included in the control environment?

A
  • Communication and enforcement of intergrity and ethical values
  • Management’s commitment to competence
  • participation of those charged with governance
  • management’s philosophy and operating style
  • organizational structure
  • assignment of authority, responsibility, and accountability
  • human resource policies and practices
41
Q

describe the “risk assessment” component of internal control

A

risk assessment is an entity’s identification and analysis of risks to achievement of its objectives with respect to financial reporting. Risk assessment involves identification, analysis, and management of business risks relevant to the preparation of financial statements

42
Q

what functions are served by an entity’s information system with respect to financial reporting?

A
  • identify and record all valid transactions
  • describe transactions in a timely manner and in sufficient detail to allow proper classification
  • measure and record the proper monetary value of transactions
  • determine and ensure proper recording of transactions and events in the appropriate time period
  • present transactions and related disclosures properly int he financial statements
43
Q

what functions should an auditor understand about an entity’s communication system with respect to financial reporting?

A
  • the methods used to communicate roles, responsibilities and significant matters related to financial reporting
  • communications between management and those charged with governance, and between management and external parties
44
Q

what activities may be considered part of the monitoring component of internal control?

A

the monitoring process may include:

  • management and supervisory activities
  • separate internal control evaluations
  • the internal audit functions
  • evaluation of communications from external parties
45
Q

name some control activities that are relevant to an audit

[PAID TIPS]

A

Prenumbering of documents
Authorization of transactions
Independent checks to maintain asset accountability
Documentation
Timely and appropriate performance reviews
Information processing general and application controls
Physical controls for safeguarding assets
Segregation of duties

46
Q

what functions should be segregated?

[segregation of duties is your ARK to protect against a flood of troubles]

A

Authorizing transactions
Recording transactions
Maintaining Kustody of the related assets

47
Q

why does an auditor obtain an understanding of the client’s internal control?

A

an auditor obtains an understanding of internal control to evaluate the design of controls and determine whether they have been implemented, to assess the risk of material misstatement, and to design the Nature, Extent, and Timing of further audit procedures

48
Q

When are service organization’s services considered to be part of an entity’s information system?

A

A service organization’s services are considered to be part of an entity’s information system when those services affect the initiation, execution, processing, or reporting of the user company’s transactions

49
Q

what two types of reports may a service auditor provide, and what is the difference in how the user auditor may use them?

A

The service auditor may provide a “Report on Management’s Description of the Service Organization’s system and the Suitability of the Design and Operating Effectiveness of Controls (type 2 report)
or simply a “Report on Management’s Description of the Service Organization’s System and the Suitability of the Design of Controls (Type 1 report).”
The Type 2 Report may support a reduction in the assessed level of control risk whereas the Type 1 Report does not

50
Q

what steps should the auditor take in designing the nature, extent, and timing of further audit procedures?

A

the auditor uses his or her understanding of the entity and environment, including internal control to:

  • identify types of potential material misstatements
  • consider the factors that affect the risk of material misstatement
  • design tests of controls, when applicable
  • design substantive procedures
51
Q

what are the 3 ways in which an auditor should respond to assessed risk?

A

The auditor should respond to assessed risk in 3 ways:

  1. an overall response, to address risk at the FS level
  2. a response at the relevant assertion level
  3. a response to significant risks
52
Q

what is a significant risk?

A

a significant risk is one that requires special audit consideration. The following factors may be indicative of a significant risk:

  • non-routine, unusual, or complex transactions
  • business risks that may result in material misstatement
  • fraud risk
  • significant related party transactions
  • accounting estimates or other subjective measurements of financial information
  • accounting principles that are subject to different interpretations
53
Q

what are the documentation requirements surrounding the auditor’s assessment of risk?

A

the auditor should document the:

  • discussion among the audit team
  • understanding of the entity and its environment, including its internal control
  • assessment of the risks of material misstatement
  • basis for the risk assessment
  • identified risks and related controls evaluated
54
Q

what are the two approaches an auditor may use to respond to identified risks at the relevant assertion level?

A
  1. substantive approach - only substantive tests are used, either because there are no effective controls, or because it would not be efficient to test the operating effectiveness of controls
    2 combined approach - tests of the operating effectiveness of control and tests of substantive procedures are both used
55
Q

when are tests of controls performed?

A

When the auditor’s risk assessment is based on the assumption that controls are operating effectively

OR

when substantive procedures alone are insufficient, such as when there is a significant amount of electronic processing

56
Q

how does the auditor’s assessment of the risk of material misstatement affect substantive procedures?

A
  • the auditor’s determination that the risk of material misstatement is high necessitates a greater level of assurance from substantive procedures, which may be obtained by varying the nature, extent, or timing of such procedures
  • the auditor’s determination that the risk of material misstatement is low allows reduction in the assurance required from substantive procedures. This too may be accomplished by varying the nature, extent, or timing of such procedures
57
Q

What are the documentaiton requirements surrounding the auditor’s repsonse to assessed risk?

A

The auditor should document the:

  • overall response addressing assessed risk a the FS level
  • nature, extent, and timing of further audit procedures
  • linkage of further audit procedures with assessed risk at the relevant assertion level
  • results of audit procedures
  • conclusions reached regarding the use of prior period evidence
58
Q

Under PCAOB standards, what factors are relevant to the conclusion that sufficient appropriate evidence has been obtained?

A
  • the significance of uncorrected misstatements and the likelihood of their having a material effect on the financial statements
  • the results of audit procedures performed
  • the auditor’s risk assessment
  • the appropriateness of the evidence obtained