Assessing and responding to risks Flashcards
(16 cards)
The inability to complete which of the following activities most likely would prevent an accountant from completing an engagement for a review of financial statements performed in accordance with Statements on Standards for Accounting and Review Services?
A. Assessing the risk of material misstatement.
B. Comparing plausible relationships among financial and nonfinancial data.
C. Obtaining a letter of inquiry from the entity’s attorney.
D. Communicating with the predecessor accountant.
B. Comparing plausible relationships among financial and nonfinancial data.
In a financial statement (F/S) review, an accountant expresses a conclusion on whether the F/S are in accordance with an applicable financial reporting framework. To issue a conclusion, the accountant is required to design and perform analytical procedures, make inquiries, and perform other procedures as necessary.
Such procedures should be focused on:
All material items in the F/S, including disclosures
Areas that represent the greatest risk of material misstatement
Specific analytical procedures that the accountant should perform include:
Comparing current period data with prior period data
Considering plausible relationships among financial and nonfinancial data
Comparing amounts reported in the F/S against the accountant’s expectations.
Required inquiries for every engagement include (among others):
Related party relationships and transactions
Subsequent events
Going concern issues, including management’s assessment
Material commitments, contractual obligations, or contingencies, including disclosures
Litigation, claims, and assessments.
(Choices A, C, and D) Because a review provides only limited assurance, certain audit procedures (which provide reasonable assurance) are not required for a review. These procedures include assessing the risk of material misstatement, obtaining a letter of inquiry from the entity’s attorney, and communicating with the predecessor accountant.
Things to remember:
In a review of financial statements (F/S), an accountant expresses a conclusion regarding whether an entity’s F/S are in accordance with an applicable financial reporting framework. The conclusion is based on obtaining limited assurance, primarily through the performance of inquiries and analytical procedures.
Which of the following procedures would an accountant least likely perform during an engagement to review the financial statements of a nonissuer?
A. Observing safeguards over the use of assets.
B. Comparing the financial statements with anticipated results.
C. Obtaining a management representation letter.
D. Reconciling the financial statements to underlying accounting records.
A. Observing safeguards over the use of assets.
Review requirements include making inquiries of management and performing analytical procedures. Analytical procedures involve an accountant developing an expectation, comparing that expectation with client amounts, and investigating significant differences.
Primary analytical procedures that an accountant should perform in a review are:
Comparing current period data to prior period data
Considering plausible relationships among financial and nonfinancial data (eg, age of workers)
Comparing the client’s financial ratios or amounts reported in the financial statements (F/S) to the accountant’s expectation (Choice B).
Additional review procedures include:
Reading the F/S to evaluate whether the F/S are in conformity with the applicable financial reporting framework
Reading any other accountants’ reports on F/S related to significant components (eg, a subsidiary)
Reconciling the F/S to underlying accounting records (Choice D)
Obtaining a management representation letter (Choice C)
Inquiring about:
Significant unusual transactions, including those with related parties
Actions taken at board of directors’ meetings
Observing safeguards over the use of assets (ie, understanding internal controls) is the least likely procedure to be performed in a review. An accountant is not required to obtain an understanding of internal control in a review engagement. This procedure would be performed in an audit.
Things to remember:
Review procedures are limited to analytical procedures and inquiries of client personnel. Observing safeguards over the use of assets is part of testing internal controls, which is an audit procedure, not a review procedure.
Which of the following should an auditor do when control risk is assessed at the maximum level?
A. Perform fewer substantive tests of details.
B. Perform more tests of controls.
C. Document the assessment.
D. Document the control structure more extensively.
C. Document the assessment.
An auditor must obtain and document an understanding of an entity’s internal control (I/C) designed to prevent material financial misstatements. The auditor will test the controls that appear to reliably minimize the risk of material misstatement (RMM). Control risk (CR) is assessed at a maximum level when I/C does not minimize the RMM.
In all instances, the risk assessment procedures must be documented, indicating how and when procedures were performed, which audit team members performed the procedures, the risks identified, the assessed CR level, and the overall RMM.
A maximum CR level indicates that I/C does not provide reasonable assurance that material misstatements will be detected and corrected. Therefore, it would be inefficient to perform more audit tests of ineffective controls (Choice B). Instead, the auditor would increase, not decrease, substantive testing to determine that the financial information is materially correct (Choice A).
(Choice D) Auditors are required to document an understanding of the I/C structure to assess the CR and the resulting RMM. If the CR is at the maximum level, more extensive control documentation would provide no added audit value.
Things to remember:
If control risk (CR) is at the maximum level, an auditor must document how and when the assessment was performed, who participated in the assessment, the risks identified, and how the risk level was determined. Risk assessment documentation is required even when CR is assessed at lower than the maximum level.
A retail entity uses electronic data interchange (EDI) in executing and recording most of its purchase transactions. The entity’s auditor recognizes that the documentation of the transactions will be retained for only a short period of time. To compensate for this limitation, the auditor most likely would
A. Inspect internal records prepared by the retail entity.
B. Perform tests several times during the year.
C. Perform a review of interim financial information.
D. Decline the engagement due to a lack of documentation.
B. Perform tests several times during the year.
In electronic data interchange (EDI), paper documents (eg, purchase orders) are converted to a standardized electronic format for automated transmission among business partners. When planning an engagement, auditors consider the effect technology and data storage policies have on the nature, timing, or scope of audit procedures.
Audit testing may be performed several times a year (or continuously) to compensate for conditions limiting documentation availability. The standards for obtaining sufficient appropriate audit evidence apply, even if doing so requires more of the auditor’s time. Timing of the audit should be addressed in the engagement letter and communicated with those in charge of governance.
(Choice A) Internally generated audit evidence is less reliable than evidence obtained directly by the auditor because it can be altered by the client.
(Choice C) A review of interim financial information is a different engagement to express limited assurance on financial statements covering a shorter time period (eg, quarterly). This differs from performing audit procedures multiple times per year during a single audit.
(Choice D) In this scenario, management is not unreasonably denying the auditor access to information, but rather limiting the time documentation is available because of technological factors (eg, electronic data storage retention policies).
Things to remember:
In electronic data interchange, paper documents are converted to a standardized electronic format for automated transmission among business partners. When planning an engagement, auditors consider the effect technology and data storage policies have on the nature, timing, or scope of audit procedures.
An audit team has concluded that inventory is highly susceptible to misappropriation and that a potential misstatement would be material to the financial statements. How should the audit team address the audit procedures to the increased risk?
A. Review the client’s control procedures over the safeguarding of inventory, and perform a physical inventory count on the last day of the current year.
B. Review the client’s control procedures over the safeguarding of inventory, incorporate the use of substantive analytical procedures, and develop an expectation.
C. Review the client’s control procedures over the safeguarding of inventory, but do not modify substantive procedures over inventory.
D. Review the client’s control procedures over the safeguarding of inventory, and perform physical inventory counts throughout the current year.
A. Review the client’s control procedures over the safeguarding of inventory, and perform a physical inventory count on the last day of the current year.
When inventory is material to the financial statements, the auditor should obtain evidence of its existence, completeness, ownership, and value as of the balance sheet date. Increased substantive testing is warranted if internal controls are weak or the auditor assesses a high risk of material misstatement.
In this scenario, the audit team has determined that inventory is susceptible to misappropriation (ie, used for a purpose other than sales to customers) and that a potential misstatement would be material to the financial statements. Therefore, the auditors must review controls in place to safeguard the inventory from misappropriation.
Physical inventory counts during the year often provide sufficient evidence of ending inventory values. When inventory presents the potential for material misstatement, the audit team needs to modify their substantive testing to perform a physical inventory count on the balance sheet date, or as close as possible, to assess the accuracy of the ending inventory (Choice C).
(Choice B) The use of analytical procedures would be inappropriate because they result in an expected inventory balance, not an actual value.
(Choice D) Performing inventory counts during the year (ie, at interim dates) does not ensure materially correct ending inventory balances.
Things to remember:
Additional testing is required when inventory is material to the financial statements and susceptible to misappropriation. The auditors must review procedures for safeguarding inventory and perform a physical inventory count on the balance sheet date or as close as possible.
Equipment acquisitions that are misclassified as maintenance expense most likely would be detected by an internal control procedure that provides for
A. Segregation of duties of employees in the accounts payable department.
B. Independent verification of invoices for disbursements recorded as equipment acquisitions.
C. Investigation of variances within a formal budgeting system.
D. Authorization by the board of directors of significant equipment acquisitions.
C. Investigation of variances within a formal budgeting system.
Equipment acquisitions represent either additional assets (eg, a new machine) or maintenance expenses (eg, a motor to maintain a machine). Organizations establish budgets as a means of documenting planned expense and capital spending. Investigating and explaining significant variances (ie, differences) between actual results and budgets provides a control to help prevent financial misstatements (eg, recording asset purchases as expense).
A formal budgeting system can provide an internal control to ensure assets are correctly capitalized. Equipment acquisitions that are incorrectly expensed might be identified by investigating significant variances between actual and budgeted expenses and capital amounts. If new equipment is incorrectly expensed as maintenance rather than capitalized as an asset, the actual maintenance expense would likely exceed the budgeted amount.
(Choice A) Segregating duties protects assets from misappropriation, not misclassification.
(Choice B) Verifying disbursement invoices recorded as equipment acquisitions would ensure expenses are not capitalized but would not identify disbursements that were incorrectly expensed.
(Choice D) Reviewing the board of directors’ equipment authorizations would ensure that purchases were approved but would not ensure that purchases were properly recorded as assets rather than expenses.
Things to remember:
Formal budgets provide strong internal control when significant variances between budget and actual results are investigated. These variances can highlight situations where assets were incorrectly expensed rather than capitalized, allowing for financial adjustments where appropriate.
To assess the risk of material misstatement, an auditor is performing an analytical procedure that involves comparing the client’s current year quick ratio to their quick ratios from the last 5 years. Each of the following situations would be identified by comparing the current year quick ratio to prior years except
A. Collection of an account receivable was incorrectly recorded with a credit to accounts payable.
B. The current payment of a long-term debt was recorded as a credit to long-term debt.
C. A collection of a payment on account from one of the entity’s regular customers was never recorded.
D. A collection of a payment on account from one of the entity’s regular customers was recognized as a cash sale rather than a payment on account.
C. A collection of a payment on account from one of the entity’s regular customers was never recorded.
Analytical procedures allow auditors to develop expectations based on knowledge obtained from plausible and reasonable relationships (eg, prior financial information). These expectations (eg, prior year quick ratios) are compared with current year client information to identify potential errors and assess the risk of material misstatement (RMM).
The quick ratio changes when erroneous entries impact the numerator and/or denominator. The auditor might identify errors by comparing the current year quick ratio with that of prior years. For example:
Recording an A/R collection to A/P correctly records the cash but incorrectly overstates A/R (ie, quick ratio numerator) and understates A/P (ie, quick ratio denominator) (Choice A)
A current liability is established each year for the portion of long-term debt due within the year. Debiting the current year payment to long-term debt instead of the current liability overstates the current ratio denominator (ie, current liabilities) (Choice B)
Recording the collection of a payment on account as a cash sale results in a debit to cash and a credit to sales revenue instead of A/R. This incorrectly overstates the current year quick ratio numerator (Choice D)
An unrecorded payment on account understates cash and overstates AR by the same amount, with no effect on the current year quick ratio. Therefore, the quick ratio analytical procedure would not have identified this missing entry.
Things to remember:
Quick ratio analysis is an analytical procedure used to help an auditor identify the risk of material misstatement (RMM) by comparing the relationship between the current year quick ratio with that of prior years. Erroneous information and an increased RMM might be identified when the current year quick ratio differs from that of prior years without plausible reason (eg, due to transaction errors).
Detection risk differs from both control risk and inherent risk in that detection risk
A. Exists independently of the financial statement audit.
B. Can be changed at the auditor’s discretion.
C. Arises from risk factors relating to fraud.
D. Should be assessed in nonquantitative terms.
B. Can be changed at the auditor’s discretion.
The risk of material misstatement (RMM) is a function of inherent risk (IR) and control risk (CR). IR represents the RMM due to characteristics (eg, complexity) of an entity’s transactions, account balances, or disclosures. CR is the risk that internal control will fail to prevent or detect a material misstatement. Because both CR and IR arise from characteristics of the entity and its environment, these risks exist independently of the audit (Choice A).
Detection risk (DR), on the other hand, is the risk that if a material misstatement exists in the financial statements, auditors will not identify it. Auditors decide on an acceptable level of DR based on their assessment of RMM. They adjust DR at their discretion by changing the nature, timing, or extent of audit procedures. For example, if RMM is high, the auditors may lower DR by performing more tests.
(Choice C) RMM arises from risk factors relating to fraud or error. DR is set by the auditor in response to RMM.
(Choice D) Like CR and IR, DR may be assessed in quantitative (eg, 5%) or nonquantitative (eg, low) terms.
Things to remember:
Detection risk (DR) is the risk that an audit will not detect a material misstatement if one exists. DR can be adjusted at the auditor’s discretion by audit testing. In contrast, the risk of material misstatement (ie, control risk, inherent risk) is a factor of the entity and its environment and therefore cannot be changed by the auditor.
Inherent risk and control risk differ from detection risk in that they
A. Arise from the misapplication of auditing procedures.
B. May be assessed in either quantitative or nonquantitative terms.
C. Exist independently of the financial statement audit.
D. Can be changed arbitrarily at the auditor’s discretion.
C. Exist independently of the financial statement audit.
Detection risk is the risk that if a material misstatement exists in the financial statements, auditors will fail to identify it. Detection risk can be reduced by audit procedures. Auditors decide on an acceptable level of detection riskbased on their assessment of the likelihood that there is a material misstatement.
The risk of material misstatement is a function of inherent risk and control risk. Inherent risk is the risk that a material misstatement will exist due to characteristics (eg, complexity or volatility) of the entity’s transactions, account balances, or disclosures. Control risk is the risk that the entity’s internal control will fail to prevent or detect a material misstatement. Because control risk and inherent risk are both established by characteristics of the entity, not the audit, they both exist independently of the audit.
(Choice A) Misapplied audit procedures will increase detection risk, not control risk or inherent risk.
(Choice B) Detection, control, and inherent risks may be expressed in quantitative (eg, 10%) or nonquantitative (eg, low) terms.
(Choice D) The only way to change control risk or inherent risk would be to change the entity itself or its environment. Auditors have no such power. However, auditors do set detection risk at their discretion.
Things to remember:
Detection risk is the risk that a material misstatement, if one exists, will not be detected by an audit. As such, it exists only within the context of an audit. Control risk and inherent risk emerge from the entity and its environment, not the audit.
Which of the following situations represents a risk factor that relates to misstatements arising from misappropriation of assets?
A. A high turnover of senior management.
B. A lack of independent checks.
C. A strained relationship between management and the predecessor auditor.
D. An inability to generate cash flow from operations.
B. A lack of independent checks.
Auditors are concerned about two types of fraud:
Fraudulent financial reporting is the deliberate misstatement of financial information (eg, overstating revenue).
Misappropriation of assets includes theft and the dishonest use of an entity’s assets. Auditors are concerned about misappropriation because it can create material misstatements if, for example, stolen assets remain on the books.
Fraud risk factors fall into three categories: the motivation of the potential fraudster, opportunities available to be exploited, and organizational attitudes that allow fraud to be rationalized. Risk factors relating to opportunity for misappropriation include large amounts of cash or items easily converted to cash and poor controls over assets. A lack of independent checks (eg, reconciliation of cash receipts to sales) is an internal control problem that creates the opportunity for misappropriation.
(Choice A) High turnover of senior management results in less reliable oversight by those charged with governance, creating an opportunity for an unscrupulous manager to commit fraudulent financial reporting, not misappropriation.
(Choice C) A strained relationship between management and the predecessor auditor is indicative of an organizational culture that condones, or rationalizes, aggressive accounting, which is characteristic of fraudulent financial reporting.
(Choice D) Cash flow problems are a threat to the organization’s financial future. They create the motivation for fraudulent financial reporting.
Things to remember:
Misappropriation of assets is the wrongful taking or use of assets. Inadequate control over assets (eg, a lack of independent checks) is a risk factor for misappropriation.
Under which of the following circumstances would an auditor be most likely to assess control risk at the maximum level for certain assertions?
A. Control policies and procedures are unlikely to relate to the assertions.
B. The entity’s control environment, accounting system, and control procedures are interrelated.
C. Sufficient evidence to support the assertions is likely to be available.
D. More emphasis on tests of controls than substantive tests is warranted.
A. Control policies and procedures are unlikely to relate to the assertions.
Control risk (CR) is the risk that internal control will fail to prevent or detect a material misstatement. To assess CR, an auditor must first identify specific control policies and procedures that relate to specific assertions (ie, might prevent/detect material misstatements).
If there are no controls relating to certain assertions, CR should be set at the maximum level for those assertions. If relevant controls are in operation, the auditor determines whether they are suitably designed. If so, the auditor may test to determine whether those controls are reliable (ie, CR is below maximum), which would reduce the need for substantive testing. For example, if controls relating to the valuation assertion for accounts receivable are strong, the auditor may decide to perform fewer tests of details (eg, recalculation) on that assertion.
(Choice B) Because an entity’s control environment, accounting system, and control procedures are always interrelated, their interrelatedness does not imply that CR is high or low.
(Choice C) An auditor may set CR at maximum and rely on substantive testing alone if doing so is more efficient and sufficient evidence is likely to be available. However, it is usually more efficient to test controls and reduce substantive testing.
(Choice D) A greater emphasis on tests of controls would be warranted if CR were initially set below maximum (indicating controls may be reliable).
Things to remember:
If there are no controls relating to certain financial statement assertions, control risk is at maximum for those assertions. If relevant, appropriately designed controls are in operation, the auditor may test to determine whether those controls are reliable, which would reduce the need for substantive testing.
Which of the following procedures is an accountant required to perform when compiling the financial statements of a nonissuer in accordance with Statements on Standards for Accounting and Review Services (SSARS)?
A. Obtain a management representation letter.
B. Understand the reporting framework and significant accounting policies adopted by management.
C. Make inquiries of key personnel concerning related party transactions.
D. Perform analytical procedures using financial statement account balances.
B. Understand the reporting framework and significant accounting policies adopted by management.
In a compilation engagement, an accountant assists a client in presenting financial statements (F/S) and issues a report to accompany those F/S. A compilation requires the accountant to read the resulting F/S to verify there are no obvious material misstatements or misapplications of the financial reporting framework (eg, GAAP, cash basis). However, because the compilation report is not intended to offer any assurance, no procedures (eg, analytical procedures, inquiries on related parties) are performed to verify the accuracy of the F/S (Choices C and D).
Although management is responsible for selecting the reporting framework and accounting policies, the accountant must understand both the framework and the policies to apply them in presenting the F/S.
(Choice A) A management representation letter is a crucial piece of evidence used to support an audit opinion or a review conclusion. Because a compilation report provides neither an opinion nor a conclusion on the F/S, there is no need for such evidence.
Things to remember:
Although a client’s management is responsible for selecting the financial reporting framework and accounting policies, the accountant must understand both the framework and the policies to perform the compilation. A compilation engagement requires the accountant to read client’s financial statements (F/S) for obvious mistakes, but it does not involve gathering evidence on the reliability of the F/S.
Which of the following procedures might an auditor perform to test the classification assertion associated with the repair and maintenance expense account?
A. Compare budgeted to actual repairs and maintenance expense.
B. Verify that expenses are recorded in the correct period.
C. Verify that all repair costs were capitalized as part of the asset.
D. Identify plant and equipment assets that cannot be repaired and should be written off.
A. Compare budgeted to actual repairs and maintenance expense.
Management assertions are implicit or explicit claims regarding the entity’s F/S. For example, management claims that all transactions are recorded in the appropriate F/S accounts (the classification assertion).
Although maintenance costs are always expensed, the same does not apply to repair costs. GAAP indicates situations where repair costs are more appropriately capitalized rather than expensed (Choice C).
An auditor might perform an analytical comparison of budgeted to actual repair and maintenance expense totals. A large difference between these amounts could indicate whether repair costs were incorrectly capitalized or recorded as an expense (the classification assertion).
This comparison may start the auditor’s substantive tests of the repair and maintenance expense account. Any need for further substantive testing will be based on the results of the comparison, the auditor’s evaluation of repair and maintenance expense I/C, and materiality.
(Choice B) Verifying that expenses are recorded in the correct period is a test associated with the cutoff assertion.
(Choice D) Identifying plant and equipment assets that cannot be repaired and should be written off is associated with the property, plant, and equipment (PP&E) valuation and allocation assertion. Even if assets cannot be repaired, they may still be in use and should remain on the balance sheet as PP&E. Assets no longer in use should be reclassified or written off.
Things to remember:
Comparing budgeted to actual repairs and maintenance expense is a procedure an auditor might perform to test the classification assertion associated with the repair and maintenance expense account.
The objective of tests of details of transactions performed as substantive tests is to
A. Comply with generally accepted auditing standards.
B. Attain assurance about the reliability of the accounting system.
C. Detect material misstatements in the financial statements.
D. Evaluate whether management’s policies and procedures operated effectively.
C. Detect material misstatements in the financial statements.
(Choice A) The auditor is required by generally accepted auditing standards to collect sufficient, appropriate evidence to support the opinion. The auditor is not specifically required to perform substantive tests of transactions.
(Choice B) The auditor is required to obtain a sufficient understanding of the entity, including the internal control structure and thus the information system relevant to financial reporting to plan the nature, timing, and extent of the audit tests to be performed. If control risk is to be assessed below maximum, the auditor may then decide to perform tests of controls (not substantive tests of transactions) to support a lowered assessment. The auditor does not perform substantive tests of transactions to gain assurance about the reliability of the information system.
(Choice C) Substantive tests of transactions, like substantive tests of balances, are performed to detect material misstatements in the financial statements.
(Choice D) Tests of controls are performed to evaluate whether management’s controls (i.e., policies and procedures) operated effectively. Substantive tests of transactions are performed to detect material misstatements in the financial statements.
Which of the following procedures should an accountant perform during an engagement to compile prospective financial statements?
A. Test the entity’s internal controls to determine if adequate controls exist so that financial projections can be reasonably achieved.
B. Make inquiries prior to the date of the report about possible future transactions that may impact the forecast once the report is issued.
C. Make inquiries about the accounting principles used in the preparation of the prospective financial statements.
D. Compare the prospective financial statements with the entity’s historical results for the prior year.
C. Make inquiries about the accounting principles used in the preparation of the prospective financial statements.
Accountants performing compilation services assist management in presenting financial statements (F/S). One type of compilation engagement is to compile either historical or prospective (ie, forward-looking) F/S, including both forecasts and projections.
Although a compilation does not involve the use of inquiry to provide evidence regarding the accuracy of the F/S, an accountantdoesneed to make inquiries about the significant accounting principles applied. Because the accounting principles are selected by the client, the accountant will need to obtain an understanding of those principles from the client. This is true whether the accountant is compiling historical or prospective information.
(Choice A) Because compilations are not intended to provide any form of assurance, there is no need to test the entity’s internal controls.
(Choices B and D) In an examination of prospective F/S, an accountant may compare historical financial results with the prospective F/S or make inquiries about future transactions that may impact actual results. Unlike an examination, a compilation engagement is not meant to provide any assurance, so it does not include any testing of the F/S or underlying assumptions.
Things to remember:
Although a compilation does not involve the use of inquiry to provide evidence regarding the accuracy of the F/S, accountants must make inquiries about the accounting principles clients select.
An auditor concludes that there is a heightened risk of a material misstatement. Which of the following is an appropriate action that an auditor can take?
Decrease Materiality Increase detection risk
A. Yes Yes
B. Yes No
C. No Yes
D. No No
