AUD 3 Internal Control 9 (Review) Flashcards

Question

Elements of Internal Control: (CRIME) E : Control Environment 5 principles Management and those charge with governance: 1. Demonstrate a commitment to integrity and ethical values; 2. Exercise their oversight responsibility; 3. Establish structure, authority, and responsibility; 4. Demonstrate a commitment to competence; and 5. Enforce accountability. -------------- R = Risk Assessment 4 principles management and those charged with governance: 1. Specify suitable objectives 2. Identify and analyze risk 3. Assess fraud risk 4. Identify and analyze significant change ----------------- I = Information and Communication 3 principles Management and those charge with governance: 1. Use relevant information 2. Communicate internally 3. Communicate externally --------------- M = Monitoring 2 principles Management and those charge with governance: 1. Conduct ongoing and/or separate evaluations 2. Evaluate and communicate deficiencies

Answer 1

Elements of Internal Control: (CRIME) E : Control Environment 5 principles Management and those charge with governance: 1. Demonstrate a commitment to integrity and ethical values; 2. Exercise their oversight responsibility; 3. Establish structure, authority, and responsibility; 4. Demonstrate a commitment to competence; and 5. Enforce accountability. -------------- R = Risk Assessment 4 principles management and those charged with governance: 1. Specify suitable objectives 2. Identify and analyze risk 3. Assess fraud risk 4. Identify and analyze significant change ----------------- I = Information and Communication 3 principles Management and those charge with governance: 1. Use relevant information 2. Communicate internally 3. Communicate externally --------------- M = Monitoring 2 principles Management and those charge with governance: 1. Conduct ongoing and/or separate evaluations 2. Evaluate and communicate deficiencies

Answer 2

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) An auditor performs the following procedures to obtain and apply an understanding of internal control to an audit: Step 1 – Obtain an understanding of the design of all 5 components of the entity’s internal control (CRIME) through the performance of risk assessment procedures. Step 2 – Document the understanding of Internal Control. Step 3 – Assess Risk of Material Misstatement (RMM) which consists of inherent risk (IR) and control risk (CR). RMM = IR × CR Step 4 – Develop an audit strategy to either: o (RELY?) Perform tests of control (TofC) to determine if CR is below maximum, reducing RMM below the level of IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests): or o (NOT Rely) Decide NOT to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR. Step 5 – Reassess Risk of Material Misstatement and evaluate results. o For controls for which tests of controls were performed, evaluate results to reassess RMM and determine if it is appropriate to modify the nature, timing, and extent of further audit procedures. Step 6 – Document conclusions and determine the effect on the planned substantive procedures. At this point, the audit program needs to be developed or revised for further audit procedures.

Answer 3

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 1 – 1. Understand the Design of CRIME by performing Risk Assessment Procedures Risk assessment procedures include: * Analytical procedures (Using high level data) * Inquiries of management and others within the entity, including inquiries of internal auditors. * Inspection (of documents and records) * Observation (the application of specific controls)

Answer 4

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 1 – 1. Understand the Design of CRIME by performing Risk Assessment Procedures The knowledge obtained through risk assessment procedures is used to: * Identify the types of potential misstatements (Errors or Fraud). * Consider factors that affect the risk of material misstatements. * Design tests of controls and substantive procedures. o As part of obtaining an understanding of internal control sufficient to plan the audit, the auditor should evaluate whether the client’s programs and controls that address the identified risks of material misstatement due to fraud have been suitably designed and implemented. o Determine if these have been Implemented (Placed into operation). ▪ Understanding doesn't require evaluating their operating effectiveness.

Answer 5

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 1 – 1. Understand the Design of CRIME by performing Risk Assessment Procedures Walk through involves applying some means other than inquiry, such as - observing the control being applied, - performing analytical procedures to determine if the control is producing the appropriate results, or - inspection of documents or other items that will provide evidence that the control is in place.

Answer 6

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 1 – 1. Understand the Design of CRIME by performing Risk Assessment Procedures • While performing a walk through provides information about the design and implementation of a control, it is not sufficient to determine if the control was operating effectively throughout the period being audited or to rely on the control as a basis for modifying the nature, timing, and extent of further audit procedures. • If the auditor intends to rely on the control as a basis for modifying the nature, timing, and extent of further audit procedures, the auditor is required to determine if the control was operating effectively throughout the affected period through the performance of tests of controls.

Answer 7

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 1 – 1. Understand the Design of CRIME by performing Risk Assessment Procedures The techniques available to the auditor to gain information about a client's internal control structure include: • Prior audits – Reviewing audit documentation that document the internal control structure of the client in prior years. • Reperformance – Applying the control that the client personnel presumably performed to determine if the procedure was performed properly. • Inquiry – Asking management and other client personnel to describe the controls that they are currently using. • Inspection – Examining documents that are used in internal control, such as authorization forms and procedures manuals. • Observation – Watching employees perform their jobs.

Answer 8

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 1 – 1. Understand the Design of CRIME by performing Risk Assessment Procedures The performance of risk assessment procedures designed to provide the auditor with an adequate understanding to enable the auditor to effectively assess the risk of material misstatement of the financial statements.

Answer 9

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 1 – 1. Understand the Design of CRIME by performing Risk Assessment Procedures The techniques available to the auditor to gain information about a client's internal control structure include: * Prior audits * Reperformance * Inquiry * Inspection * Observation

Answer 10

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 2 – 2. Document Understanding of Internal Control There are different techniques that are commonly used for documenting the auditor's understanding of the internal control structure. These are (FIND): * F = Flowchart * I = Internal Control Questionnaire (ICQ) * N = Narrative or Memorandum * D = Decision table/tree

Answer 11

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 2 – 2. Document Understanding of Internal Control There are different techniques that are commonly used for documenting the auditor's understanding of the internal control structure. These are (FIND): * F = Flowchart * I = Internal Control Questionnaire (ICQ) * N = Narrative or Memorandum * D = Decision table/tree - ---------------------- * * = Advantages * = Disadvantages • F = Flowchart - VISUAL depiction of the internal control structure - Shows a process from beginning to end - Indicates which departments or groups of employees are responsible for each function - Indicates what documents are used and how they are distributed and disposed of - Indicates the interaction among departments or groups of employees - **Helpful in determining if there is adequate SEGREGATION of duties - **Helpful in TRACING documents through the system - **Giving a sense of the FLOW and sequence of transactions in the client entity - *Flowcharting requires knowledge of specialized SYMBOLS • I = Internal Control Questionnaire (ICQ) - **Easiest to Use - Questions can be answered with a simple yes or no - YES answer = Control is properly in place (strength) - NO answer = Potential weakness - **Easily identifies potential weaknesses in internal control - *Difficult to develop a complete and comprehensive questionnaire - *Difficult to obtain an understanding of the flow of the system - The most STRUCTURED of the approaches - **EASIEST for an inexperienced audit staff member to utilize - Very popular area of testing on the CPA exam • N = Narrative or Memorandum - Narrative approach - DETAILED written description of the internal control structure - Describes the system with WORDS rather than symbols - Easier to understand the flow of the system - Easier to understand the interrelationships among departments and employees - *NOT clearly indicate whether there is adequate segregation of duties - *Difficult to visualize the flow of documentation - *Can be cumbersome - *Not commonly used • D = Decision table/tree - Client employee choose from several alternative actions and documenting such activities - May best be accomplished by preparing a decision table that lists each possible condition and the actions that will result from each - Depicts the logic of an operation or process - Yes/No questions - Each answer will direct the user to the next relevant question - *Limited tool - *Cannot effectively document the entire structure

Answer 12

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 3 – 3. Assessing Risk of Material Misstatement (RMM) The auditor first assesses risk of material misstatement at the financial statement level by evaluating the entity’s ability to prepare financial statements that are fairly presented in accordance with the applicable financial reporting framework. This will include factors such as the auditor’s perception of the competency of the entity’s accounting personnel; an evaluation of the entity’s ability to develop estimates and interpret accounting principles; whether the auditor considers management aggressive or believes management is under pressure to achieve difficult financial goals; if the industry or the economy has created particular challenges; or if the entity is seeking financing or anticipating entering into a substantial transaction. Any of these or a variety of other factors may increase the risk that the financial statements, taken as a whole, will be materially misstated.

Answer 13

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 3 – 3. Assessing Risk of Material Misstatement (RMM) The auditor may use either a substantive approach, in which substantive procedures are emphasized, or a combined approach, in which both tests of controls and substantive procedures are used. • The auditor needs to o Identify the risks. o Relate the identified risks to the types of potential misstatements that could occur at the relevant assertion level. o Consider whether the risks are so significant that they could result in a material misstatement of the financial statements. o Consider the likelihood (probability) that the identified risks could result in material misstatements on the financial statements.

Answer 14

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 3 – 3. Assessing Risk of Material Misstatement (RMM) If the risk assessment is based on an expectation that controls are operating effectively, the auditor should test the operating effectiveness of controls (TofC) that have been determined to be suitably designed to prevent or detect material misstatements. • Intend to Rely? The risk assessment may NOT include an expectation that controls operate effectively when (Substantive approach): o Controls appear inadequate / Ineffective/ weak. o Auditor believes that performing extensive substantive procedures is likely to be more cost effective than performing tests of controls. (Cost/benefit – inefficient). ----------- If the controls appear effective, tests of controls will be performed when (Combined approach): * The auditor’s risk assessment includes an expectation of operating effectiveness of controls because the likelihood of material misstatement is lower if the control operates effectively (Cost effective) or * When substantive procedures alone do not provide sufficient audit evidence.

Answer 15

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 3 – 3. Assessing Risk of Material Misstatement (RMM) Since tests of controls alone are not normally sufficient upon which to base an audit opinion, the further audit procedures will be composed of a combination of tests of controls and substantive procedures. Thus, the decision to perform tests of controls will be made when the auditor believes that a combination of tests of controls and a decreased scope of substantive procedures is likely to be more cost effective than performing more extensive substantive procedures. The overall approach here, as it relates to controls is to * Identify controls that are relevant to specific assertions that are likely to prevent or detect material misstatements, and * Perform tests of controls to evaluate the effectiveness of those controls.

Answer 16

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 3 – 3. Assessing Risk of Material Misstatement (RMM) The auditor also assesses risk at the financial statement level by identifying those items that may have a propensity for misstatement. This may be individual accounts, such as items on the balance sheet; classes of transactions, such as items on the income statement; or disclosures, including footnotes as well as descriptions and notations on the financial statements themselves. Items will represent a greater risk of misstatement for a variety of reasons. It may be due to error as a result of: * The difficulty of obtaining information needed to accurately record the transaction; or * The complexity of the requirements for accounting for an item.

Answer 17

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 3 – 3. Assessing Risk of Material Misstatement (RMM) An item may be more susceptible to fraud because: * It is a valuable item that might be misappropriated by employees or others; * It is an item for which it is easy to conceal a misstatement; or * A misstatement to the item has the potential of influencing other actions such as the payment of a commission or the earning of a bonus based on performance.

Answer 18

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 3 – 3. Assessing Risk of Material Misstatement (RMM) Once items that are susceptible to misstatement are identified, risk of material misstatement is assessed at the relevant assertion level. The fact that an item is likely to be misstated will generally affect all of the assertions and the risk should be analyzed accordingly. For example: • For an entity that might have a tendency to OVERSTATE results because it is competing in the capital markets, sales may be likely to be overstated and the auditor will be concerned about: o Occurrence, since the entity may record sales that did not occur; o Cutoff, since the entity may record sales from the next period in the current period; o Accuracy, since the entity may record sales in amounts greater than the actual transactions; and o Classification, since the entity may wish to characterize the proceeds from the issuance of debt or from the sale of assets that do not generate revenues into sales. o The auditor would not be concerned about completeness, however, since an entity wishing to overstate sales would not omit sales.

Answer 19

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 3 – 3. Assessing Risk of Material Misstatement (RMM) Once items that are susceptible to misstatement are identified, risk of material misstatement is assessed at the relevant assertion level. The fact that an item is likely to be misstated will generally affect all of the assertions and the risk should be analyzed accordingly. For example: • For an entity that might have a tendency to UNDERSTATE results for the purpose of avoiding taxation, sales may be likely to be understated and the auditor will be concerned about: o Completeness, since the entity may omit sales; o Cutoff, since the entity may postpone the recognition of sales that occurred this period until the next period; and o Valuation, since sales may be reported at amounts lower than the actual amounts. o The auditor would be less concerned about occurrence, since an entity intending to understate sales is not likely to report sales that did not occur; and o The auditor would be less concerned with classification, since an entity intending to understate sales is not likely to include items that are not properly reported as sales in that category.

Answer 20

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 3 – 3. Assessing Risk of Material Misstatement (RMM) For an entity that might have a tendency to OVERSTATE results the auditor will be concerned about: o Occurrence o Cutoff o Accuracy o Classification

Answer 21

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 3 – 3. Assessing Risk of Material Misstatement (RMM) For an entity that might have a tendency to UNDERSTATE results for the purpose of avoiding taxation, the auditor will be concerned about: o Completeness o Cutoff o Valuation

Answer 22

3. Assessing Risk of Material Misstatement (RMM) Will the auditor reply on internal control? NO – RMM (high) = Substantive Approach YES – RMM (low) = Combined Approach

Answer 23

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) An auditor performs the following procedures to obtain and apply an understanding of internal control to an audit: Step 4 – Develop an audit strategy to either: o (RELY?) Perform tests of control (TofC) to determine if CR is below maximum, CR < 100% or CR < 1.0 RMM = IR x CR reducing RMM below the level of IR RMM < IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests): or o (NOT Rely) Decide NOT to perform tests of controls, assessing CR at the maximum level as if the control did not exist, CR = 100% or CR = 1.0 RMM = IR x CR RMM = IR x 1.0 RMM = IR and measuring RMM as being equal to IR.

Answer 24

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 4 – 4. Tests of Controls (Develop an Audit Strategy) Develop an audit strategy to either: • Perform tests of control to determine if CR is below maximum, reducing RMM below the level of IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests): or • Decide not to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR.

Answer 25

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 4 – 4. Tests of Controls (Develop an Audit Strategy) There are 4 Procedures for testing controls (RIIO). 1. Reperformance 2. Inspection 3. Inquiry 4. Observation

Answer 26

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 4 – 4. Tests of Controls (Develop an Audit Strategy) There are 4 Procedures for testing controls (RIIO). 1. Reperformance 2. Inspection 3. Inquiry 4. Observation • Reperformance – The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly. Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity or may involve re-footing an invoice to make certain that amounts have been calculated correctly. • Inspection – The auditor examines controls, documents and reports that provide documentary evidence. For example, the auditor might examine paid invoices to make certain they have been properly cancelled to avoid paying the same invoice more than once. • Inquiry – The auditor asks client personnel involved in controls to state how effectively certain controls were enforced. For example, the auditor might ask the accounting personnel if they handled any cash or signed checks in the course of the year. • Observation – The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented. For example, the auditor might observe the distribution of pay checks to see if appropriate procedures for verifying employees are being followed.

Answer 27

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 4 – 4. Tests of Controls (Develop an Audit Strategy) There are 4 Procedures for testing controls (RIIO). 1. Reperformance 2. Inspection 3. Inquiry 4. Observation * Reperformance – The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly. * Inspection – The auditor examines controls, documents and reports that provide documentary evidence. * Inquiry – The auditor asks client personnel involved in controls to state how effectively certain controls were enforced. * Observation – The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented. ---------------------- These different types of tests of controls can be very effective in determining if a system features appropriate segregation of duties. In general, however, the most effective type of test of control is observation.

Answer 28

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 4 – 4. Tests of Controls (Develop an Audit Strategy) Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis, applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control. For example, the auditor may be evaluating the occurrence assertion in relation to sales. The following may result: * The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company. * The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur. * The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis. o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding. o Otherwise, the auditor will inquire as to whether management has considered the possibility and developed a separate control, of which the auditor is not yet aware, to deal with the issue.

Answer 29

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 4 – 4. Tests of Controls (Develop an Audit Strategy) If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified. The auditor will evaluate the control deficiency, determining if it is a significant deficiency or a material weakness and, if so, make certain to include it in a communication to those charged with governance. In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur. * The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct. * To test the assertion of occurrence, the auditor will likely select a sample from the population of recorded sales and trace them to supporting documentation to verify that they actually occurred.

Answer 30

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 4 – 4. Tests of Controls (Develop an Audit Strategy) The auditor will then determine an audit strategy: NOT RELY • The auditor may decide Not to Rely on the controls related to a relevant assertion. o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place. o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient appropriate audit evidence. --------------- RELY • The auditor may decide to Rely on the controls related to the relevant assertion. o RMM will be reduced from IR, taking into account the effect of CR being below the maximum. o The auditor will perform tests of the controls selecting from a population that covers the entire period during which the auditor is anticipating that the controls were in place.

Answer 31

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 5 – Reassess Risk of Material Misstatement and evaluate results. o For controls for which tests of controls were performed, evaluate results to reassess RMM and determine if it is appropriate to modify the nature, timing, and extent of further audit procedures.

Answer 32

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 5 – 5. Reassess RMM to Determine DR Based on the results of the tests of controls the auditor will determine whether it is necessary to modify the scope of substantive procedures. If tests of control reveal that the system operates as expected, there will generally be no need to change the scope of planned substantive procedures. Conversely, if the system does not operate as effectively as expected, the scope of substantive procedures for the relevant assertions involved will increase (thereby decreasing detection risk). • DR tells you how much substantive testing to do • Must do substantive testing (adjust Audit Program for Substantive tests) • AR / (IR × CR) = DR

Answer 33

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 5 – 5. Reassess RMM to Determine DR When an auditor decides to rely on controls, tests of controls are performed to determine if the controls were working effectively as they were designed for the period under audit. If, based on the tests of controls, the auditor concludes that the controls are EFFECTIVE, the nature, timing, and extent of further audit procedures in relation to that assertion will be reduced. If, however, based on the tests of controls, the auditor canNOT conclude that the controls are effective, ``` control risk (CR) will be reset to maximum and the auditor will develop an audit program to test the assertion applying substantive audit procedures as if there were NO controls related to the assertion and as if no test of controls had been performed. ```

Answer 34

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 5 – 5. Reassess RMM to Determine DR Since the most expensive and inefficient alternative is to perform tests of controls, only to determine that the controls are not reliable, the auditor will do a cost/benefit analysis before deciding to perform tests of controls. In performing the cost/benefit analysis: * The auditor will estimate the cost of performing a substantive audit without performing tests of controls. * The auditor will estimate the cost of performing tests of controls. * The auditor also estimate the cost of the reduced substantive testing that will be performed if the controls prove to be reliable. * Finally, the auditor will estimate the likelihood that the controls to be tested are likely to be effective.

Answer 35

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 5 – 5. Reassess RMM to Determine DR In performing the cost/benefit analysis: The auditor will then: • Add the cost of performing tests of controls to the cost of reduced substantive testing and multiply the total by the probability that the controls will be effective. • Add the cost of performing tests of controls to the cost of the unreduced substantive testing and multiply the total by the probability that controls will not be reliable, which is 100% minus the probability used previously. • The total of those two amounts will be compared to the cost of performing substantive tests exclusively. The lower of the two amounts will determine the strategy to be taken.

Answer 36

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 5 – 5. Reassess RMM to Determine DR Tests of controls alone are not normally considered sufficient evidence upon which to base an audit opinion. As a result, even when tests of controls prove that controls can be relied upon, further audit procedures may be reduced but will not be eliminated. In many cases, the auditor will use DUAL purpose testing, which consists of tests that are designed to test the effectiveness of controls while providing evidence as to the fairness or correctness of an element of the financial statements by supporting one of management’s assertions.

Answer 37

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 5 – 5. Reassess RMM to Determine DR In many cases, the auditor will use DUAL purpose testing. • When the results are SATISFACTORY, the auditor will conclude that the control may be relied upon and the evidence obtained is SUFFICIENT to support the assertion, eliminating the need for further testing. • When the results are NOT satisfactory, the auditor will conclude that the control may NOT be RELIED upon and will determine the nature, timing, and extent of further audit procedures that will be necessary to support the assertion.

Answer 38

Cost / Benefit Analysis Choice 1 - Effective Control • Add the cost of performing tests of controls to the cost of reduced substantive testing and multiply the total by the probability that the controls will be effective. Choice 1 - Effective Control = [ (Test of Controls Cost) + (Reduced Substantive Testing Cost) ] x Probability of Effective Control Choice 2 - Ineffective Control • Add the cost of performing tests of controls to the cost of the unreduced substantive testing and multiply the total by the probability that controls will not be reliable, which is 100% minus the probability used previously. Choice 2 - Ineffective Control = [ (Test of Controls Cost) + (Substantive Testing Cost) ] x Probability of Ineffective Control or = [ (Test of Controls Cost) + (Substantive Testing Cost) ] x (100% – Probability of Effective Control) Choice 3 - Perform Substantive Testing only • The total of those two amounts will be compared to the cost of performing substantive tests exclusively. Choice 3 - Perform Substantive Testing only = Substantive Testing Cost The lower of the two amounts will determine the strategy to be taken.

Answer 39

Cost / Benefit Analysis Choose lower cost between Choice 1 - Effective Control = [ (Test of Controls Cost) + (Reduced Substantive Testing Cost) ] x Probability of Effective Control and Choice 2 - Ineffective Control = [ (Test of Controls Cost) + (Substantive Testing Cost) ] x (100% – Probability of Effective Control) Then compared the lower cost with Choice 3 - Perform Substantive Testing only = Substantive Testing Cost The lower of the two amounts will determine the strategy to be taken.

Answer 40

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 6 – 6. Document Conclusions and Develop or Revise Audit Programs The auditor is required to communicate significant deficiencies and material weaknesses to management and those charged with governance. The basis for risk assessment must always be documented. The auditor needs to document: * The assessment of the risks of material misstatement at the financial statement and relevant assertion levels; * The basis for that assessment; * Significant risks identified and related controls evaluated; and * Risks identified that require tests of controls to obtain sufficient audit evidence and the related controls evaluated.

Answer 41

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 6 – 6. Document Conclusions and Develop or Revise Audit Programs The auditor will document the procedures performed and the conclusions reached such that others will understand what procedures were performed, what items were tested and how they were selected, the evidence gathered, and the conclusions drawn. In addition, the auditor will develop audit programs to indicate the further audit procedures that the auditor believes are necessary and appropriate in order to draw a conclusion related to a management assertion.

Answer 42

Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315) Step 6 – Document conclusions and determine the effect on the planned substantive procedures. At this point, the audit program needs to be developed or revised for further audit procedures.

Answer 43

Sarbanes - Oxley Act (SOX) SOX created a variety of regulations and eliminated a significant portion of the accounting profession’s system of self-regulation. Some issues include: • Section 302 "Corporate Responsibility for Financial Reports” - requires that the principal executive officer and the principal financial officer, or their equivalents, certify as to certain items on each annual or quarterly report: o The signing officer has reviewed the report o Based on the signer’s knowledge, the report does not contain a material untrue statement or omit a material fact o Based on the signer’s knowledge, the financial statements and other information are fairly presented • In addition, the signing officers certify that: o They are responsible for establishing and maintaining internal controls o They have designed those controls to ensure the receipt of all relevant information during those periods in which periodic reports are being prepared o They have evaluated the effectiveness of internal controls within 90 days prior to the report o They have presented their conclusions about the effectiveness of internal controls in the report • Officers are also required to report to auditors and to the audit committee: o All significant deficiencies that could adversely affect the reporting process and any material weaknesses o Any fraud (whether material or not) involving management or employees with a role in internal controls

Answer 44

Basic Concepts and Internal Control Limitations Regardless of the good intentions of management, even a strong control environment combined with excellent control activities is subject to certain inherent limitations (COCO): * Collusion * Override by management * Competence/Human error * Obsolescence * Collusion – Control activities that depend on segregation of duties will not be effective if those engaged in the segregated functions conspire with one another. * Override by management – Since management designs and implements the system of internal control, it is in a position to override it, so that even an effective internal control structure cannot be expected to prevent intentional misbehavior by management. This is one of the reasons the auditor must establish the integrity of management before accepting the engagement. It is also important to establish whether employee personnel have ever been asked to override systems of internal control by management. * Competence/Human error – If control procedures are erroneously applied, they will not be effective. Internal control cannot be expected to prevent mistakes in human judgment (misjudgment). * Obsolescence – A good internal control structure may cease to be effective due to changes in the company's operations or size, changes in technology, or other changes affecting the way the entity’s business is transacted.

Answer 45

Internal Control It is essential to keep in mind the concept of reasonable assurance as it relates to internal control, taking into account the cost/benefit factor. Even if it were possible to design a perfect system of internal control, management would not do so, since there are costs involved in any action, and the costs of the internal control structure should not exceed the benefits. As a result, management may sometimes reasonably refuse to remedy a deficiency in internal control that it knows exists.

Answer 46

Internal Control The auditor is required to respond to management override of controls – Because management is often in a position to override controls in order to commit financial-statement fraud, the standard includes procedures to test for management override of controls on every audit. It should be noted that even a properly planned and performed audit may not detect a material misstatement resulting from fraud because of (1) concealment aspects of fraudulent activity, including the fact that fraud often involves collusion or falsified documents, and (2) the need to apply professional judgment in the identification or evaluation of fraud risk factors and other conditions.

Answer 47

Operating Cycles and the Flow of Transactions The auditor will then obtain an understanding of various components and in particular: (SACRED) ``` • (Start) Initiation • Authorization • Completion or execution • Recording • (Evaluate Defenses) Verifications ``` It should be easy to remember that a good system of internal control is SACRED to a business. ---------------- • (Start) Initiation – The auditor should determine what event or circumstance initiates a transaction. Sales transactions, for example, may be initiated when the entity’s sales force make calls to their regular customers or when customers call in orders as they identify their needs. • Authorization – Before an entity will commit resources to meet its obligations in a transaction or to respond to an event or circumstance, it will want to determine that the counterparty to the transaction is a legitimate party with the intent and ability to perform or that the event or circumstance is real. • Completion or execution – The entity should have policies and procedures to make certain that its obligations in transactions and its responses to recurring events and circumstances are being performed in accordance with management’s directives. This will include the flow of documents, services, goods, and other resources throughout the system. • Recording – The entity should have a system for making certain that all transactions, events, or circumstances that affect operations or financial position are properly captured and reflected in the entity’s financial records. • (Evaluate Defenses) Verifications – Each system should have checks and balances to make certain that each function within the system is performed properly and in the appropriate sequence. This may involve policies such as those requiring the shipping department to compare a customer’s purchase order with an internal sales order and to a list of goods transferred from stores before shipping the goods. It may also involve accounting for the sequence of pre-numbered documents, checking for authoritative signatures, or periodically reconciling recorded amounts to physical assets. These verifications may occur throughout a system.

Answer 48

Operating Cycles and the Flow of Transactions An auditor divides the audit down into different cycles that make up the flow of transactions for the entire company. All related accounts within each cycle are audited together. Within each cycle, the auditor is concerned with what each specific employee does, the documents they handle and how each document relates to the segregation of ARCC’S (Authorization, Recording, Custody and Comparison). Controls have a function of either Preventing misstatements before they occur (most effective) or Detecting and Correcting misstatements that have already occurred (less expensive to implement, but could detect too late).

Answer 49

Operating Cycles and the Flow of Transactions When the auditor obtains an understanding of each of the systems applied to recurring transactions, often referred to as cycles, the auditor is concerned with what each specific employee does, the documents they handle, and whether there is appropriate segregation of duties. The duties to be segregated are the authorization of transactions, the recording of those transactions, custody of the resources that are associated with that transaction, and comparison or reconciliation of the recorded amounts to the physical resources (ARCC). ARCC = Authorization, Recording, Custody and Comparison

Answer 50

Operating Cycles and the Flow of Transactions Some controls are considered preventative, designed to minimize the possibility that misstatements will occur. Although a preventative approach has the tendency to be the most effective, it is not always feasible to develop controls that will be effective at preventing a misstatement, particularly one that results from fraud, and in many cases, the cost of developing an effective preventative control will exceed the benefit that can be derived from it. Other controls are designed to be corrective in that they are designed to identify misstatements that may occur due to errors or fraud and establish a means of correcting them on a timely basis. These, of course, have their limitations in that they may not be effective for a fraudulent misstatement that is cleverly concealed and may identify a misstatement after a negative impact has already occurred.

Answer 51

Operating Cycles and the Flow of Transactions When evaluating the system for a particular cycle, the focus will be on the accounts balances or classes of transactions that are affected. When evaluating the system for a particular cycle, the focus will be on the accounts balances or classes of transactions that are affected. The revenue cycle will generally result in a debit to cash or accounts receivable and a credit to sales, while the purchasing cycle will result in a debit to purchases in a periodic system, or to inventory in a perpetual system, and a credit to accounts payable. For the account affected, the auditor will evaluate whether or not a step or process within the system supports one or more of management’s assertions.

Answer 52

Operating Cycles and the Flow of Transactions For the account affected, the auditor will evaluate whether or not a step or process within the system supports one or more of management’s assertions. • A requirement that each recorded sale be supported by an order signed by a customer supports management’s assertion of occurrence in that having a signed purchase order provides evidence that a sale did occur. • A policy that the accounting clerk notify a supervisor whenever an internally generated sales order is presented out of sequence supports the assertion of completeness in that tracing all sales orders to the accounting records will provide evidence that all sales transactions have been recorded.

Answer 53

Revenue Cycle (Sales Revenue / Accounts Receivable / Cash Receipts) The revenue cycle of a business consists of sales, billings, and collections. In order to properly segregate the incompatible functions of authorization, recording, and custody, the activities may include specific employees with each of the following duties. * Sales clerk – Accepts orders from customers and prepares written sales orders using internal prenumbered, preprinted forms (PPN) (recording). * Credit manager – Approves customer credit on orders (authorization). * Warehouse clerk – Holds goods in inventory awaiting requests for shipment (custody). * Shipping clerk – Removes items from inventory to ship to customer (custody). * Billing clerk – Prepares sales invoices to send to customers (recording). * Receivables clerk – Posts sales and collections to individual customer accounts based on sales invoices and remittance advices, respectively (recording). * General ledger bookkeeper – Posts journal entries for sales and collections (recording). * Mail room clerk/receptionist – Opens mail containing customer checks (or cash) and remittance advices, prepares a prelist of checks, referred to as a remittance listing, and directs these items to appropriate parties within the system (custody). * Cashier – Receives checks, prepares deposit slip, and deposits funds at the bank (custody). * Cash receipts clerk – Receives remittance listing and posts to cash receipts journal (recording). * Receiving clerk – Receives all goods that are being returned and returns them to inventory (custody). * Treasurer – Approves credit memos for returns and write-offs of uncollectible accounts (authorization). * Controller/Internal Audit – Bank reconciliations and analyses of past-due accounts receivable should be performed by individuals independent of cash receipts and disbursements (comparison).

Answer 54

Revenue Cycle This list should be reviewed simply to make sure you are comfortable with the meaning of each job title: * Sales clerk – (recording) * Credit manager – (authorization) * Warehouse clerk – (custody) * Shipping clerk – (custody) * Billing clerk – (recording) * Receivables clerk – (recording) * General ledger bookkeeper – (recording) * Mail room clerk/receptionist – (custody) * Cashier – (custody) * Cash receipts clerk – (recording) * Receiving clerk – (custody) * Treasurer – (authorization) * Controller/Internal Audit – (comparison)

Answer 55

Revenue Cycle (Sales Revenue / Accounts Receivable / Cash Receipts) A system may not necessarily include all of the above employees, and sometimes a function may be performed by another employee or one of the above employees identified by a different title. For example, all of the clerks involved in recording may simply be called bookkeepers. Also, the system will include periodic reconciliations, such as reconciling the bank account, that may be performed by virtually any employee who is not involved in the preparation of either of the two types of records being compared and does not have custody of resources being compared to recorded amounts. A key aspect of segregation of duties is that an employee who is responsible for one of the three functions (authorization, recording, custody) should not be involved in either of the other two.

Answer 56

Revenue Cycle (Sales Revenue / Accounts Receivable / Cash Receipts) Some of the documents and records that are commonly seen in the revenue cycle include the following. * Sales order – The list of goods ordered by the customer along with the prices to be charged. Even if a customer has submitted their own purchase order, a sales order will be prepared, since these are prenumbered and make it possible to periodically account for orders to be sure they were processed. * Bill of lading – The shipping document that is signed by the carrier, often a trucker, accepting goods from the shipping clerk. * Sales invoice – The bill that is prepared and sent to the customer after shipment to request payment. Before doing so, the billing clerk should compare the sales order and bill of lading to ensure they are in agreement. * Sales register (journal) – A book in which sales invoice information is posted. Cash register records provide similar information for retail outlets and other cash businesses. * Subsidiary receivables ledger – A book that lists the outstanding receivables with a separate record for each customer. * Remittance advice – The document included in an envelope with the check or other form of payment to indicate the purpose of the check. * Remittance listing – A summary of the money received that day. This may be called a prelist in some cases, and is prepared by the employee first receiving the cash, which is usually the mail room clerk. * Cash receipts journal – A book in which the remittance listings are posted. * Deposit slip – The document signed or stamped by the bank to acknowledge receipt of checks and that is periodically reconciled to postings into the cash receipts journal by an independent employee. * Bank Reconciliation – Comparison of the cash balance according to the entity’s books to the amount indicated by the bank that it is holding on behalf of the entity (book to physical). The purpose of most other documents and records can be determined by seeing the context in which they are being used on the exam.

Answer 57

Revenue Cycle (Sales Revenue / Accounts Receivable / Cash Receipts) Some of the documents and records that are commonly seen in the revenue cycle include the following. * Sales order – The list of goods ordered by the customer along with the prices to be charged. * Bill of lading – The shipping document that is signed by the carrier, accepting goods from the shipping clerk. * Sales invoice – The bill that is prepared and sent to the customer after shipment to request payment. * Sales register (journal) – A book in which sales invoice information is posted. * Subsidiary receivables ledger – A book that lists the outstanding receivables with a separate record for each customer. * Remittance advice – The document included in an envelope with the check to indicate the purpose of the payment. * Remittance listing – A summary of the money received that day. (Prelist) * Cash receipts journal – A book in which the remittance listings are posted. * Deposit slip – The document signed or stamped by the bank to acknowledge receipt of checks. * Bank Reconciliation – Comparison of the cash balance (book to physical).

Answer 58

Revenue Cycle (Sales Revenue / Accounts Receivable / Cash Receipts) Some of the documents and records that are commonly seen in the revenue cycle include the following. * Sales order * Bill of lading * Sales invoice * Sales register (journal) * Subsidiary receivables ledger * Remittance advice * Remittance listing (Prelist) * Cash receipts journal * Deposit slip * Bank Reconciliation

Answer 59

Revenue Cycle (Sales Revenue / Accounts Receivable / Cash Receipts) Ultimately, the reason an auditor cares about the internal control structure is that it relates to whether the financial statement assertions are correct and therefore may be relied upon. The assertions are discussed in detail in another section, but some specific applications of these assertions are frequently tested in discussing the revenue cycle. Examples related to each assertion follow (U-PERCV): * Understandability and Classification * Presentation and Disclosure * Existence or Occurrence (Vouching) * Rights and Obligations * Completeness (Tracing) and Cutoff * Valuation, Allocation and Accuracy

Answer 60

Revenue Cycle (Sales Revenue / Accounts Receivable / Cash Receipts) Examples related to each assertion follow (U-PERCV): * Understandability and Classification * Presentation and Disclosure * Existence or Occurrence (Vouching) * Rights and Obligations * Completeness (Tracing) and Cutoff * Valuation, Allocation and Accuracy --------------- • Understandability and Classification – Transactions and events have been recorded in the proper accounts and information is presented and described clearly. • Presentation and Disclosure – Management asserts that all sales to employees have been properly identified in the statements and notes as related party transactions. The auditor may review sales invoices for specific sales to employees and then trace these invoices to the general ledger entry to see if they are posted to the "due from employees" account. • Existence or Occurrence (Vouching) – Management asserts that all sales that have been recorded actually have taken place (be sure not to confuse this with the previous assertion). The auditor may select a sales invoice and vouch from the sales invoice to the bill of lading in order to ensure that items billed to customers were based on actual shipments. • Rights and Obligations – Management asserts the right to collect receivables. An auditor can vouch from postings in the subsidiary receivables ledger for a specific client back to the sales order, bill of lading, and sales invoice, in order to establish that the goods were ordered, shipped, and billed, giving the company the right to collect. • Completeness (Tracing) and Cutoff – Management asserts that it has recorded all sales that have taken place. The auditor may select a bill of lading and then trace from the bill of lading to the sales invoice in order to ensure that all shipped goods have been billed to customers. • Valuation, Allocation and Accuracy – Management asserts that receivables are likely to be collected. The auditor can test the process of credit approval before shipment in order to determine that the company is only shipping to customers likely to pay.

Answer 61

Revenue Cycle (Sales Revenue / Accounts Receivable / Cash Receipts) Another way to look at the assertions: As indicated, the auditor’s understanding of the system of internal control is to determine if the financial statement assertions are correct and may be relied upon. In relation to sales for events and transactions (CPA-CO): * Completeness * Period Cutoff * Accuracy * Classification (Sorted) * Occurrence

Answer 62

Revenue Cycle In relation to sales for events and transactions (CPA-CO): * Completeness * Period Cutoff * Accuracy * Classification (Sorted) * Occurrence --------------------- • Completeness – All sales that occurred were recorded. The auditor will evaluate whether prenumbered sales order forms are being used and if the sequence of forms is being accounted for in which case a gap in the sequence may indicate an unrecorded transaction. • Period Cutoff – All transactions are recorded in the appropriate period. The auditor will determine if there is a process for identifying when goods were shipped, in the case of goods sold with fob shipping terms, or received, in the case of goods sold with FOB destination terms, and if the accounting department has a process for making certain that sales are reported in the appropriate period. • Accuracy – All transactions are recorded in the appropriate amount. The auditor will determine if the recording of sales involves comparing the quantities on customer order forms to internally prepared sales order forms and to goods shipped as well as whether there is a process for checking the mathematical accuracy of documents. • Classification (Sorted) – Amounts reported as sales include only sales of the entity’s goods or services in the ordinary course of business and do not include proceeds from transactions that should not appropriately be reported as sales. The auditor will evaluate whether there is a means of preventing transactions that are not with a customer and are not accompanied by appropriate sales forms from being included in sales. • Occurrence – Each recorded sale actually occurred. The auditor will evaluate whether those responsible for recording are required to have some form of verification, such as a sales order signed by the customer, to indicate that a sale actually occurred as a prerequisite for its being recorded.

Answer 63

Revenue Cycle In relation to sales for events and transactions (CPA-CO): * Completeness * Period Cutoff * Accuracy * Classification (Sorted) * Occurrence --------------------- • Completeness – All sales that occurred were recorded. • Period Cutoff – All transactions are recorded in the appropriate period. • Accuracy – All transactions are recorded in the appropriate amount. • Classification (Sorted) – Amounts reported as sales include only sales of the entity’s goods or services in the ordinary course of business. • Occurrence – Each recorded sale actually occurred.

Answer 64

Revenue Cycle In relation to sales for events and transactions (CPA-CO): * Completeness – All sales that occurred were recorded. * Period Cutoff – All transactions are recorded in the appropriate period. * Accuracy – All transactions are recorded in the appropriate amount. * Classification (Sorted) – Amounts reported as sales include only sales of the entity’s goods or services in the ordinary course of business. * Occurrence – Each recorded sale actually occurred.

Answer 65

``` Recording • Sales clerk – (recording) • Billing clerk – (recording) • Receivables clerk – (recording) • General ledger bookkeeper – (recording) • Cash receipts clerk – (recording) ``` ``` Custody • Warehouse clerk – (custody) • Shipping clerk – (custody) • Mail room clerk/receptionist – (custody) • Cashier – (custody) • Receiving clerk – (custody) ``` Authorization • Credit manager – (authorization) • Treasurer – (authorization) Comparison • Controller/Internal Audit – (comparison)

Answer 66

In relation to sales for events and transactions (CPA-CO): * Completeness – All sales that occurred were recorded. * Period Cutoff – All transactions are recorded in the appropriate period. * Accuracy – All transactions are recorded in the appropriate amount. * Classification (Sorted) – Amounts reported as sales include only sales of the entity’s goods or services in the ordinary course of business. * Occurrence – Each recorded sale actually occurred.

Answer 67

Revenue Cycle In relation to accounts receivable balances (RACE): * Rights and obligations * Allocation and Valuation * Completeness * Existence

Answer 68

Revenue Cycle (Sales Revenue / Accounts Receivable / Cash Receipts) In relation to accounts receivable balances (RACE): • Rights and obligations – All amounts reported as accounts receivable are owed to the entity. The auditor will want to make certain that receivables are supported by sales orders and shipping documents indicating that the entity has met its performance obligations and is entitled to the payment. • Allocation and Valuation – The amounts reported represent the amounts that the entity is actually owed. The auditor will evaluate this in the same manner as accuracy for sales. • Completeness – All receivables are included in the amount reported. The auditor will evaluate this in the same manner as completeness for sales. • Existence – All reported accounts receivable are actual claims that resulted from sales. The auditor will evaluate this in the same manner as occurrence for sales.

Answer 69

Revenue Cycle A/R balances (RACE): • Rights and obligations – All amounts reported as accounts receivable are owed to the entity. • Allocation and Valuation – The amounts reported represent the amounts that the entity is actually owed. • Completeness – All receivables are included in the amount reported. • Existence – All reported accounts receivable are actual claims that resulted from sales.

Answer 70

Segregation of Duties in the Revenue Cycle For proper segregation of duties, authorization of transactions, the recording function, and custody of assets should be kept separate. * The functions of authorizing sales on account and authorizing credits to accounts receivable that may result from sales discounts, sales returns, sales allowances, or write offs, should be segregated. * The function of authorizing sales, recording accounts receivable, and having custody of inventory should be segregated. * The functions of the cashier who has custody of the cash, the recording of cash receipts, and preparing the bank reconciliation (comparison) should be segregated. In businesses that handle large amounts of cash during the normal course of operations, obtaining bonds (insurance and background searches) for employees who handle cash is a common practice. Employee knowledge that bonding companies often prosecute those accused of dishonest acts can act as an effective deterrent to theft and fraud. • Employees responsible for authorizing sales approval, issuance of credit memos and bad debt write-offs should be denied access to cash.

Answer 71

Spending Cycle (Purchases / Accounts Payable / Cash Disbursements) The spending cycle of a business consists of ordering goods or services, receiving or using them, and paying for them. In order to properly segregate the incompatible functions of authorization, recording, and custody, the activities may include specific employees with each of the following duties: • Purchasing manager – Approves purchase requests before they are processed and negotiates terms with vendors (authorization). • Purchasing clerk – Places orders with vendors (recording). • Receiving clerk – Receives delivery of goods from vendors (custody). • Payables clerk – Prepares payment voucher which is the basis for authorizing the issuance of a check to the vendor after verifying the accuracy of the vendor invoice and comparing supporting documents (recording). • Payables manager – Oversees the Posting of vouchers to appropriate purchase records (recording). • Treasurer – Signs and mails check for payment (custody). • Shipping department – Sends goods back to vendors when goods are nonconforming or a right to cancel an order is being exercised by the company (custody).

Answer 72

Spending Cycle (Purchases / Accounts Payable / Cash Disbursements) The spending cycle of a business consists of ordering goods or services, receiving or using them, and paying for them. In order to properly segregate the incompatible functions of authorization, recording, and custody, the activities may include specific employees with each of the following duties: * Purchasing manager * Purchasing clerk * Receiving clerk * Payables clerk * Payables manager * Treasurer * Shipping department

Answer 73

Spending Cycle (Purchases / Accounts Payable / Cash Disbursements) The documents most often discussed on the exam include: • Purchase requisition – The internal request by the department in need for goods to be ordered by the purchasing department. • Purchase order – The external form mailed to the vendor to request that goods be delivered to the company. • Receiving report – The document prepared in the receiving department and signed by the carrier to acknowledge the goods that have been delivered to the company. • Purchase (vendor) invoice – The document received from the vendor indicating the goods the vendor claims to have shipped. This is the same document that is known as the sales invoice when considered from the vendor's side of the transaction. • Invoice register – A book listing invoices received from vendors. • Payment voucher – The document prepared by the payables clerk to request that a check be issued for payment to a vendor. • Purchase journal (or voucher register) – A book listing all of the payment vouchers generated by the company.

Answer 74

Spending Cycle (Purchases / Accounts Payable / Cash Disbursements) The documents most often discussed on the exam include: * Purchase requisition * Purchase order * Receiving report * Purchase (vendor) invoice * Invoice register * Payment voucher * Purchase journal (or voucher register)

Answer 75

Spending Cycle The documents most often discussed on the exam include: • Purchase requisition – The internal request by the department in need for goods to be ordered by the purchasing department. • Purchase order – The external form mailed to the vendor to request that goods be delivered to the company. • Receiving report – The document prepared in the receiving department and signed by the carrier to acknowledge the goods that have been delivered to the company. • Purchase (vendor) invoice – The document received from the vendor indicating the goods the vendor claims to have shipped. • Invoice register – A book listing invoices received from vendors. • Payment voucher – The document prepared by the payables clerk to request that a check be issued for payment to a vendor. • Purchase journal (or voucher register) – A book listing all of the payment vouchers generated by the company.

Answer 76

Spending Cycle (Purchases / Accounts Payable / Cash Disbursements) In order to properly segregate the incompatible functions of authorization, recording, and custody, the activities may include specific employees with each of the following duties: * Purchasing manager – (authorization) * Purchasing clerk – (recording) * Receiving clerk – (custody) * Payables clerk – (recording) * Payables manager – (recording) * Treasurer – (custody) * Shipping department – (custody)

Answer 77

Spending Cycle * Purchasing clerk – (recording) * Payables clerk – (recording) * Payables manager – (recording) * Receiving clerk – (custody) * Treasurer – (custody) * Shipping department – (custody) • Purchasing manager – (authorization)

Answer 78

Spending Cycle There are certain issues involving the various purchase documents: • When the purchase order is prepared by the purchasing clerk to send to the vendor, additional copies of the order are sent to the receiving department to authorize them to accept delivery of the goods and the payables department to enable them to do appropriate comparisons later. The receiving department copy does not include quantities for the goods ordered so as to ensure that the receiving department will perform an independent count of the goods delivered instead of relying on the purchase order numbers. The payables clerk compares the purchase order and receiving report with the vendor invoice to ensure they agree before preparing the payment voucher.

Answer 79

Spending Cycle There are certain issues involving the various purchase documents: • The check for payment is usually prepared by a clerk in the treasury department who doesn't have signature authority. They will provide the unsigned check along with the payment voucher and supporting document to the treasurer for signature. The treasurer makes sure the check agrees with the voucher and other documents before signing. Immediately after signing, the treasurer cancels the supporting documents (so that they won't accidentally be processed again at a later time), places the check in the envelope, seals it, and arranges for mailing.

Answer 80

Spending Cycle (Purchases / Accounts Payable / Cash Disbursements) The auditor should look for specific applications of the different control activities to the spending cycle. Commonly-tested examples of auditing procedures used to understand the internal control structure related to spending include (PRAISE): • Physical controls – Verify that all goods are received by the receiving department and returns are shipped by the shipping department. • Recording – Verify that receiving reports are prepared for all goods received and that debit memos are prepared for all goods that are returned. • Authorization – Select individual cancelled checks and vouch them to the purchase orders, receiving reports, vendor invoices, and payment vouchers. • Independent checks – Verify that the client periodically performs inventory counts and reconciles amounts on hand to inventory records so as to know when inventory has been lost or stolen. • Segregation of duties – Use inquiry and observation to determine that there is a separation of the functions of (1) authorization of purchases and payments, (2) recording of purchase orders and posting to the purchase journal, and (3) custody of inventory and checks for payment. • Evaluate performance – Determine if the client uses a standard costing system that generates variances, enabling them to identify actual cost numbers that may be incorrect.

Answer 81

Spending Cycle Examples of auditing procedures used to understand the internal control structure related to spending (PRAISE): * Physical controls * Recording * Authorization * Independent checks * Segregation of duties * Evaluate performance

Answer 82

What Is a cancelled check? A cancelled check is a check payment for which the stated amount of cash has been removed from the payer's checking account. Once the cash draw down is completed, the bank stamps the check as cancelled. Once a check is cancelled it can no longer be used as an authorization to remove additional funds from the account of the payer. A cancelled check has passed through the entire set of payment activities, which include the following: 1. Received by the payee 2. Endorsed by the payee 3. Deposited with the payee's bank 4. Paid by the drawee bank to the payee bank 5. Cash is paid into the payee's account by the payee bank

Answer 83

What Is a Canceled Check? A canceled check is a check that has been paid or cleared by the bank it was drawn on after it has been deposited or cashed. The check is "canceled" after it's been used or paid so that the check cannot be used again.

Answer 84

Returns and Allowances (debit memorandum) When a purchaser receives defective, damaged, or otherwise undesirable merchandise, the purchaser prepares a debit memorandum that identifies the items in question and the cost of those items. The purchaser uses the debit memorandum to inform the seller about the return and to prepare a journal entry that decreases (debits) accounts payable and increases (credits) an account named purchases returns and allowances, which is a contra‐expense account. Contra‐expense accounts normally have credit balances. On the income statement, the purchases returns and allowances account is subtracted from purchases.

Answer 85

Returns and Allowances (debit memorandum) Example: If Music World discovers $100 worth of defective merchandise in the shipment from Music Suppliers, Inc., Music World prepares a debit memorandum, returns the merchandise, and makes a journal entry that decreases (debits) accounts payable for $100 and that increases (credits) purchases returns and allowances for $100. General Journal Date Account Title and Description Debit Credit _________________________________________ 2013 06/15 Account Payable $100 Purchase Returns $100 and Allowances DM #1072, Invoice #15932 For reference purposes, the journal entry's description may include the debit memorandum number and the seller's invoice number.

Answer 86

Returns and Allowances (debit memorandum) When a purchaser receives defective, damaged, or otherwise undesirable merchandise, the purchaser prepares a debit memorandum that identifies the items in question and the cost of those items. The purchaser uses the debit memorandum to inform the seller about the return and to prepare a journal entry that decreases (debits) accounts payable and increases (credits) an account named purchases returns and allowances, which is a contra‐expense account. Contra‐expense accounts normally have credit balances. On the income statement, the purchases returns and allowances account is subtracted from purchases. Returns and Allowances (debit memorandum) Example: If Music World discovers $100 worth of defective merchandise in the shipment from Music Suppliers, Inc., Music World prepares a debit memorandum, returns the merchandise, and makes a journal entry that decreases (debits) accounts payable for $100 and that increases (credits) purchases returns and allowances for $100. General Journal Date Account Title and Description Debit Credit _________________________________________ 2013 06/15 Account Payable $100 Purchase Returns $100 and Allowances DM #1072, Invoice #15932 For reference purposes, the journal entry's description may include the debit memorandum number and the seller's invoice number.

Answer 87

A Debit Memo What is a debit memo? A debit memo is usually a type of correspondence device. It is a piece of paper issued by the buyer to inform the seller how much the buyer plans to reduce its accounts payable balance when making a return or asking for an allowance. The buyer may use this form to record an entry, but many companies wait until they receive a credit memo from the seller economic sore recording the transaction, just in case the seller disagrees and the buyer later has to change the dollar amount of the previous entry.

Answer 88

Standard Cost vs Actual Cost 1. Meaning Standard Cost: Standard cost refers to the estimated costs of a product pertaining to material, labor, and other overhead costs. Actual Cost: The actual cost is the realized cost and is not based on the estimates of the same. ------------ 2. Accounting Treatment Standard Cost: Standard Cost cannot be included in the financial statements of a company Actual Cost: Actual Costs are shown as an expense in the financial statement ------------ 3. Recording the Costs Standard Cost: These costs are recorded at the beginning of the year when the budget is planned Actual Cost: These costs are incurred and realized during the entire year and recorded in the same manner. ------------ 4. Accuracy of Data Capture Standard Cost: In case of any errors in data capture, the inventory valuation does not change but shown as Variance Actual Cost: In case of errors in data capture, would lead to distorted costs and actual inventory valuation ------------ 5. Visibility of Issues Standard Cost: Method of cost using standard costs provides better visibility and chances to improve the performance, as the variances can be useful to identify the issues in the production and manufacturing process Actual Cost: In the method of costing using Actual costs, certain issues can be hidden by capitalizing them with the cost of the inventory

Answer 89

Standard Cost vs Actual Cost Conclusion – Standard Costing method requires to work on them every year or for every period the management decides as. Also, the variance that is observed after the actual costs needs to be monitored and check the accuracy of the standards decided. On the other hand, the actual costs need not be decided on an annual or periodic basis. The changes in the costs are decided on an ongoing basis. The method of costing to apply for the inventory entirely depends on the management and its style. While it might be recommended by many that actual costing is better when compared as it is more liberating, offers more options, readily available information and ultimately more flexibility, but there also be some thoughts around standard costing practices being more usable and better. On the basis of the standard costs, it becomes easier to attract bank loans and also make plans well in advance for the unit based on the estimated costs.

Answer 90

Spending Cycle Just as in the case of the revenue cycle, the auditor is primarily concerned with the relationship of the various control activities to the various management assertions. Similarly to the revenue cycle, tracing through the system in the normal order (from source documents to postings in books and records) is an attempt to verify the completeness of the records, while vouching in reverse order (from books and records back to source documents) is an attempt to verify the existence or occurrence of all the transactions that are reflected in the records.

Answer 91

Segregation of Duties in the Purchases and Spending Cycle For proper segregation of duties, authorization of transactions, the recording function, and custody of assets should be kept separate. * The functions of authorizing purchases, receiving goods purchased, and recording the purchase should be segregated. * The cash functions should be segregated. Authorizing payment for purchases, recording payments, access to checks, and reconciliation of the bank account should be segregated. * Individuals with authority to approve vouchers for payment should not have access to unused purchase orders.

Answer 92

Personnel and Payroll Cycle The personnel cycle of a business normally is segregated between different departments: * Personnel – (authorization) * Payroll – (recording) * Treasurer – (custody) * Controller – (comparison)

Answer 93

Personnel and Payroll Cycle The personnel cycle of a business normally is segregated between different departments: * Personnel – (authorization) * Payroll – (recording) * Treasurer – (custody) * Controller – (comparison) ------------- • Personnel – This is the authorization department that is responsible for hiring of new employees, approval of changes in pay rates, and termination of employees. • Payroll – This is the recording department that performs the calculation of payroll amounts. They will examine and then update records based on authorization forms for hiring, firing, and pay rates received from personnel, and will calculate payroll based on time sheets and other reports approved by appropriate supervisors in the various operational departments of the company. They update pay records and prepare vouchers for the amount of payment. They may also be involved in the preparation of pay checks as long as they do not have the ability to sign them and do not receive custody of signed but unclaimed pay checks that have not been voided. • Treasurer – This is the custody department that is responsible for the signing and distribution of pay checks to employees, and unclaimed paychecks should always be retained within this same department until they are either distributed or voided. If payment of wages is in cash, employees should be required to sign a receipt for the amount received. • Controller – Comparison – Bank Reconciliation.

Answer 94

Personnel and Payroll Cycle The personnel cycle of a business normally is segregated between different departments: • Personnel – (authorization) Hire, Fire, Salary Rates • Payroll – (recording) Calculate Pay • Treasurer – (custody) Signs and distributes checks Custody of cash • Controller – (comparison) Bank Reconciliation

Answer 95

Personnel and Payroll Cycle Key Documents The key documents generated in this cycle include: * Personnel records; * Hiring and deduction authorization forms (W-4); * Time cards; * Payroll register; * Paychecks; * Payroll cost allocation; and * Bank reconciliations.

Answer 96

Description of the Personnel and Payroll Cycle ``` Personnel Department (HR) Employee Payroll Department Treasurer Controller ``` ------------- Payroll Department The payroll department: - Examines authorization forms from the personnel department for new employees - Adds the new employees’ names to the payroll processing program. - Promptly updates the records for changes in deductions, pay rates, and terminations. - Enters all the time card and wage rate information into the payroll register. - Prepared payroll checks and submitted to the treasurer for signature. - Prepares a payroll cost allocation based on the time card information. The payroll cost allocation is used to distribute payroll costs over the various accounts affected.

Answer 97

Description of the Personnel and Payroll Cycle ``` Personnel Department (HR) Employee Payroll Department Treasurer Controller ```

Answer 98

Description of the Personnel and Payroll Cycle ``` Personnel Department (HR) Employee Payroll Department Treasurer Controller ``` ----------- Treasurer The treasurer receives the checks from the payroll department and signs them. The treasurer is responsible for distribution of paychecks. Unclaimed paychecks should remain in the custody of the treasurer. Unclaimed checks should not be returned to the payroll department.

Answer 99

Description of the Personnel and Payroll Cycle ``` Personnel Department (HR) Employee Payroll Department Treasurer Controller ``` ----------- Personnel Department (HR) The personnel department is involved with the personnel records and all the hiring forms, including the deduction forms for payroll deductions. The personnel department approves changes in pay rates and deductions from employee salaries. The personnel department is also involved in the termination process. It is essential that the personnel department promptly sends employees’ termination notices to the payroll department.

Answer 100

Description of the Personnel and Payroll Cycle ``` Personnel Department (HR) Employee Payroll Department Treasurer Controller ``` ----------- Employee The employee prepares a time card, and submits it to the supervisor for authorization. The time card is then sent to the payroll department.

Answer 101

Description of the Personnel and Payroll Cycle ``` Personnel Department (HR) Employee Payroll Department Treasurer Controller ``` ----------- Controller As an overall verification of custody controls over cash, the controller should prepare monthly bank reconciliations to verify that there were no errors made in recording receipts in the cash receipts journal.

Answer 102

Description of the Personnel and Payroll Cycle ``` Personnel Department (HR) Employee Payroll Department Treasurer Controller ``` ----------- Personnel Department (HR) The personnel department is involved with the personnel records and all the hiring forms, including the deduction forms for payroll deductions. The personnel department approves changes in pay rates and deductions from employee salaries. The personnel department is also involved in the termination process. It is essential that the personnel department promptly sends employees’ termination notices to the payroll department. ------------- Employee The employee prepares a time card, and submits it to the supervisor for authorization. The time card is then sent to the payroll department. ------------- Payroll Department The payroll department: - Examines authorization forms from the personnel department for new employees - Adds the new employees’ names to the payroll processing program. - Promptly updates the records for changes in deductions, pay rates, and terminations. - Enters all the time card and wage rate information into the payroll register. - Prepared payroll checks and submitted to the treasurer for signature. - Prepares a payroll cost allocation based on the time card information. The payroll cost allocation is used to distribute payroll costs over the various accounts affected. ------------- Treasurer The treasurer receives the checks from the payroll department and signs them. The treasurer is responsible for distribution of paychecks. Unclaimed paychecks should remain in the custody of the treasurer. Unclaimed checks should not be returned to the payroll department. ------------- Controller As an overall verification of custody controls over cash, the controller should prepare monthly bank reconciliations to verify that there were no errors made in recording receipts in the cash receipts journal.

Answer 103

Segregation of Duties in the Personnel and Payroll Cycle For proper segregation of duties, authorization of transactions, the recording function, and custody of assets should be kept separate. * The functions of authorizing the hiring of personnel, payroll processing (recording) and distributing payroll checks (custody) should be segregated. * The functions of authorizing payroll rate changes and payroll processing (recording) should be segregated. * Payroll checks should be prepared by the payroll department and signed by the treasurer, segregating recording and custody.

Answer 104

Service Organizations Many companies use various types of service bureaus to assist them with the processing of routine transactions. Certain transactions, like payroll, may require a particular expertise and can often be processed more efficiently by an entity that specializes in that type of transaction. One of the most common types of service bureaus processes the payroll of various customer entities. When an entity uses one of these service bureaus, also referred to as service organizations, AU-C section 402, Audit Considerations Relating to an Entity Using a Service Organization, provides guidance as to the impact on an audit. It defines a service organization as “an organization or segment of an organization that provides services to user entities that are relevant to those user entities’ internal control over financial reporting.”

Answer 105

Service Organizations The objective of the “user auditor” (the auditor of the client using the services of the service organization), are to obtain an understanding of the nature and significance of the services provided, and evaluate their effect on the user entity’s internal control in order to assess the risks of material misstatement, and to design and perform audit procedures responsive to those risks. Since the auditor is not in a position to examine the activities of such an outside organization, they will often need to rely on reports of the auditor of the service organization itself, referred to as the service auditor. The latter will usually issue a report on the internal control structure that the former may consider in assessing the internal control structure of the client. The report on internal control structure by the service organization's auditor will describe the services of the organization that are covered by the report and a description of the auditor's procedures. This will enable the auditor of one of the service organization's customers to understand the overall impact of the service organization's work on the internal control structure of the customer. Before relying on such a report, the auditor should be satisfied as to the competence and independence of the service auditor, and the adequacy of the standards under which the report was issued.

Answer 106

Service Organizations The report of the service organization's auditor will assist the customer's auditor in gaining an understanding of the internal control structure of the customer, to the extent it depends on the service organization's work. This will not, however, be considered a basis for determining the effectiveness of the customer's internal control structure, so the use of the report is not a division of responsibility. As a result, there must be no reference to the auditor of the service organization in the audit report on the financial statements of the customer.

Answer 107

Service Organizations Transactions processed by service organization (payroll processing) (AU-C 402/AT-C 320) * TofC in place at client. * TofC in place at service organization by another auditor. o Report on whether controls have been implemented and controls operating effectiveness. • Get report from the other Auditor (service auditor). o Expresses an opinion on management’s assertions regarding: ▪ Management’s description of the service organization’s system fairly presents the system that was designed and implemented during the period. ▪ The controls related to the control objectives stated in management’s description were suitably designed and operated effectively during the period. o The report also includes a description of the tests of controls and the results of those tests that were performed by the service auditor. o Description of the Scope and nature of procedures performed. o ID party specifying objectives. o ID purpose of engagement. o ID parties Intended use. • A service auditor should inquire of management about subsequent events.

Answer 108

Service Organizations Transactions processed by service organization (payroll processing) (AU-C 402/AT-C 320) • Get report from the other Auditor (service auditor). o Expresses an opinion on management’s assertions regarding: ▪ Management’s description of the service organization’s system fairly presents the system that was designed and implemented during the period. ▪ The controls related to the control objectives stated in management’s description were suitably designed and operated effectively during the period. o The report also includes a description of the tests of controls and the results of those tests that were performed by the service auditor. o Description of the Scope and nature of procedures performed. o ID party specifying objectives. o ID purpose of engagement. o ID parties Intended use.

Answer 109

Service Organizations As part of obtaining an understanding of the internal controls of a client using a service organization, the auditor should obtain an understanding as to how the client uses the service organization. The understanding will include: * The nature of the services provided; * The significance of the services to the user entity; * The effect on the user entity’s internal control; * The nature and materiality of transactions that are processed by the service organization; * Interaction between the activities of the user entity and of the service organization; * The nature of the relationship between the entities; and * Contractual terms for activities performed by the service organization.

Answer 110

Service Organizations The auditor will also evaluate the internal controls established by the user entity to administer the relationship with the service organization. The entity may, for example, have controls to verify the accuracy of the output of the service organization. The auditor will use the understanding of the nature and significance of the services provided by the service organization, along with the entity’s related controls, to identify and assess risks of material misstatement that may result.

Answer 111

Service Organizations In some cases, the auditor will be unable to obtain a sufficient understanding of the nature and significance of the relationship with a service organization using the resources available through the user entity. In such cases, the auditor will obtain a sufficient understanding by performing one or more of the following: * Obtaining and reading a type 1 or type 2 report, if available; * Obtain information from contact with the service organization, through the user entity; * Apply procedures directly to the operations of the service organization; or * Use the work of another auditor applying procedures designed to obtain the necessary information.

Answer 112

Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives; and o A report from the auditor of the service organization, referred to as the service auditor, expressing an opinion in relation to management’s written assertions.

Answer 113

Service Organizations There are two reports that the auditor of a service organization may issue: • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the auditor of the service organization, referred to as the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.

Answer 114

Service Organizations There are two reports that the auditor of a service organization may issue: --------- • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives; and o A report from the auditor of the service organization, referred to as the service auditor, expressing an opinion in relation to management’s written assertions. ---------- • A type 2 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of and the operating effectiveness of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date, ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives, and ▪ The controls related to the specified objectives were operating effectively throughout the specified period; and o A report from the auditor of the service organization, referred to as the service auditor, expressing an opinion in relation to management’s written assertions and describing the tests of controls performed and the results of those tests.

Answer 115

Service Organizations Since the user auditor is not in a position to examine the activities of such an outside organization, they will often need to rely on reports of the service auditor. The service auditor will usually issue a report on the internal control structure that the user auditor may consider in assessing the internal control structure of the client. The report on internal control structure by the service auditor will describe the services of the organization that are covered by the report and a description of the service auditor's procedures. This will enable the user auditor to understand the overall impact of the service organization's work on the internal control structure of the customer. Before relying on such a report, the auditor should be satisfied as to the competence and independence of the service auditor, and the adequacy of the standards under which the report was issued.

Answer 116

Service Organizations Transactions processed by service organization (payroll processing) (AU-C 402/AT-C 320) • TofC in place at client. • TofC in place at service organization by another auditor. o Report on whether controls have been implemented and controls operating effectiveness. • Get report from the other Auditor (service auditor). o Expresses an opinion on management’s assertions regarding: ▪ Management’s description of the service organization’s system fairly presents the system that was designed and implemented during the period. ▪ The controls related to the control objectives stated in management’s description were suitably designed and operated effectively during the period. o The report also includes a description of the tests of controls and the results of those tests that were performed by the service auditor. o Description of the Scope and nature of procedures performed. o ID party specifying objectives. o ID purpose of engagement. o ID parties Intended use. • A service auditor should inquire of management about subsequent events.

Answer 117

Service Organizations Transactions processed by service organization (payroll processing) (AU-C 402/AT-C 320) 1. Test of Control in place at client. 2. Test of Control in place at service organization by another auditor. 2. 1 Report on whether controls have been implemented and controls operating effectiveness. 3. Get report from the other Auditor (service auditor). 3. 1 Expresses an opinion on management’s assertions regarding: 3. 11 Management’s description of the service organization’s system fairly presents the system that was designed and implemented during the period. 3. 12 The controls related to the control objectives stated in management’s description were suitably designed and operated effectively during the period. 3. 2 The report also includes a description of the tests of controls and the results of those tests that were performed by the service auditor. 3. 3 Description of the Scope and nature of procedures performed. 3. 4 ID party specifying objectives. 3. 5 ID purpose of engagement. 3. 6 ID parties Intended use. 4. A service auditor should inquire of management about subsequent events.

Answer 118

Service Organizations Transactions processed by service organization (payroll processing) (AU-C 402/AT-C 320) 1. Test of Control in place at client. 2. Test of Control in place at service organization by another auditor. 2. 1 Report on whether controls have been implemented and controls operating effectiveness. 3. Get report from the other Auditor (service auditor). 3. 1 Expresses an opinion on management’s assertions: 3. 2 The report also includes a description of the tests of controls and the results of those tests that were performed by the service auditor. 3. 3 Description of the Scope and nature of procedures performed. 3. 4 ID party specifying objectives. 3. 5 ID purpose of engagement. 3. 6 ID parties Intended use. 4. A service auditor should inquire of management about subsequent events.

Answer 119

Service Organizations Transactions processed by service organization (payroll processing) (AU-C 402/AT-C 320) 1. Test of Control in place at client. 2. Test of Control in place at service organization by another auditor. 3. Get report from the other Auditor (service auditor). 4. A service auditor should inquire of management about subsequent events.

Answer 120

Service Organizations There are two reports that the auditor of a service organization may issue: • A type 1 report is a report on management’s description of the service organization’s system of controls and the suitability of the design of the controls. It consists of: o Management’s description of the system; o Management’s written assertion that, in all material respects, based on appropriate criteria, ▪ The description of the system fairly presents the system that was designed and implemented as of a specified date and ▪ Controls related to objectives stated in management’s description were suitably designed to achieve those objectives; and o A report from the service auditor, expressing an opinion in relation to management’s written assertions.

Answer 121

Service Organizations To rely upon a type 1 or type 2 report, the auditor should: * Determine that the date of a type 1 report, or the period covered by a type 2 report is appropriate for the auditor’s needs; * Evaluate whether the evidence provided by the report is appropriate and sufficient for the purpose of obtaining an understanding of the user’s internal control; and * Determine if the user entity has developed controls that are complementary to those of the service organization that address risks of material misstatement relating to relevant assertions in the user’s financial statements.

Answer 122

Service Organizations When the auditor of the user entity intends to rely on the controls at the service organization, they must be subjected to tests of controls, which may be accomplished by: * Obtaining and reading a type 2 report; * Applying tests of controls at the service organization; or * Using another auditor to perform tests of control at the service organization.

Answer 123

Service Organizations To rely upon a type 1 or type 2 report, the auditor should: * Determine that the date of a type 1 report, or the period covered by a type 2 report is appropriate for the auditor’s needs; * Evaluate whether the evidence provided by the report is appropriate and sufficient for the purpose of obtaining an understanding of the user’s internal control; and * Determine if the user entity has developed controls that are complementary to those of the service organization that address risks of material misstatement relating to relevant assertions in the user’s financial statements. ------------ When the auditor of the user entity intends to rely on the controls at the service organization, they must be subjected to tests of controls, which may be accomplished by: * Obtaining and reading a type 2 report; * Applying tests of controls at the service organization; or * Using another auditor to perform tests of control at the service organization.

Answer 124

Service Organizations If the auditor’s test of controls consists of obtaining and reading a type 2 report, the auditor will evaluate the report to determine: * Whether it is for an appropriate period; * Whether there are complementary controls at the user entity identified by the service organization as addressing risks of material misstatement and, if so, determining if those controls have been designed and implemented and applying tests of controls to them; * If the time period covered by tests of controls is adequate and evaluating the length of time since testing; and * Whether tests of controls performed by the service auditor provide sufficient appropriate audit evidence to support the user auditor’s risk assessment.

Answer 125

According to AU-C 402/AT-C 320 Payroll Processing Transactions processed by service organization * Test of Control in place at CLIENT. * Test of Control in place SERVICE organization by another auditor. * Get REPORT from the other Service Auditor. * A service auditor should inquire of management about subsequent events.

Answer 126

Investing and Financing Cycle The investing and financing cycle deals with transactions involving acquisition and disposal of assets other than inventory and transactions with creditors and shareholders. Lately the exam has done significant testing on Derivatives in the TBS section of the Audit exam. Substantive testing for derivatives will be covered in more detail in the audit evidence section. Since there are typically very few transactions in these areas in a typical year for a client, an auditor will often find it most efficient to ignore the internal control structure and simply test the few transactions that took place. In this case, the auditor will: * Not test the controls; * Assess risk of material misstatement (RMM) at the same level as inherent risk (IR), assuming that control risk (CR) is at the maximum level, generally resulting in a high RMM; and * Reduce detection risk (DR) by performing extensive substantive tests.

Answer 127

Investing and Financing Cycle In those less frequent cases where a large number of transactions have occurred, the auditor may find it more efficient to rely on the internal control structure rather than test the numerous transactions that took place. In this case, the auditor will: * Test the controls to determine their effectiveness; * Reduce the risk of material misstatement (RMM) based on the results of the tests of controls; and * Accept higher detection risk (DR) by performing only limited substantive tests.

Answer 128

Investing and Financing Cycle As with the other cycles, the auditor is concerned with the relationship of the internal control procedures to the management assertions on the financial statements. Examples of controls that support the assertions with regard to investments include (PERCV): * Presentation and Disclosure * Existence or Occurrence * Rights and Obligations * Completeness and Cutoff * Valuation, Allocation and Accuracy

Answer 129

Investing and Financing Cycle As with the other cycles, the auditor is concerned with the relationship of the internal control procedures to the management assertions on the financial statements. Examples of controls that support the assertions with regard to investments include (PERCV): • Presentation and Disclosure – The controller determines that securities are classified in the records correctly as trading securities, available-for-sale securities, or held-to-maturity securities, based on management decisions as to the intent of holding them. • Existence or Occurrence – The treasurer vouches the agreement of broker advices on purchases with cancelled checks. • Rights and Obligations – Securities on hand are examined by senior management to ensure that they are registered in the name of the company. • Completeness and Cutoff – The internal auditor makes a list of securities in bank safe deposit boxes and compares them with the securities listed in the records. • Valuation, Allocation and Accuracy – The controller compares current market prices with the listed values of securities.

Answer 130

Investing and Financing Cycle Applying the RACE mnemonic for account balances: * Rights and obligations * Allocation and Valuation * Completeness * Existence

Answer 131

Investing and Financing Cycle Applying the RACE mnemonic for account balances: • Rights and obligations – Management examines investment securities to verify that they are registered in the name of the entity or confirms such with custodians of the investments. • Allocation and Valuation – The recorded values of investments are periodically compared to current market prices. • Completeness – The investments on hand and held by custodians are periodically reconciled to their recorded amounts. • Existence – The entity maintains physical custody of investments in a secure physical location or they are maintained in the custody of a trustee, which can be confirmed.

Answer 132

What an auditor will do when there are very few transactions in investing and financing cycle? • Not test the controls • Assess risk of material misstatement (RMM) at the same level as inherent risk (IR), RMM = IR RMM = IR x CR assuming that control risk (CR) is at the maximum level, CR = Maximum CR = 100% or 1.0 RMM = IR x 100% generally resulting in a high RMM; and RMM = High • Reduce detection risk (DR) by performing extensive substantive tests. DR = Low DR = AR / (RMM) DR = AR / (IR × CR)

Answer 133

What an auditor will do when a large number of transactions in investing and financing cycle have occurred? * Test the controls to determine their effectiveness * Reduce the risk of material misstatement (RMM) based on the results of the tests of controls RMM = Lower and • Accept higher detection risk (DR) by performing only limited substantive tests. DR = Higher DR = AR / (RMM) DR = AR / (IR × CR)

Answer 134

Investing and Financing Cycle Very Few Transactions • Not Test the Controls • Risk of Material Misstatement = Inherent Risk RMM = IR RMM = IR x CR Control Risk = Maximum Level CR = Maximum CR = 100% or 1.0 RMM = IR x CR RMM = IR x 100% RMM = High • DR = Low Low Detection Risk = More substantive tests DR = AR / (RMM) Low DR = AR / (High RMM) DR = AR / (IR × CR)

Answer 135

Investing and Financing Cycle Very Few Transactions * Test of Controls = Not Test * RMM = IR CR = Maximum CR = 100% or 1.0 RMM = IR x CR RMM = IR x 100% RMM = High • DR = Low Low Detection Risk = More substantive tests DR = AR / (RMM) Low DR = AR / (High RMM)

Answer 136

Investing and Financing Cycle Very Few Transactions • Test of Controls = Not Test • RMM = IR CR = Maximum RMM = High • DR = Low Low Detection Risk = More substantive tests Low DR = AR / (High RMM)

Answer 137

Investing and Financing Cycle Large number of Transactions * Test the controls to determine their effectiveness * Reduce RMM based on the results of the tests of controls RMM = Lower • Higher Detection Risk = Limited substantive tests DR = Higher Higher DR = AR / (Lower RMM)

Answer 138

Investing and Financing Cycle Large number of Transactions * Test the controls * RMM = Lower * Higher Detection Risk = Limited substantive tests DR = Higher Higher DR = AR / (Lower RMM)

Answer 139

Investing and Financing Cycle The procedures will typically be applied by management or other employees at a very high level, reflecting the extremely large value and great danger of fraud in connection with marketable securities. Requiring two officers to be involved in access is common. In fact, it is generally best to have an independent trustee maintain possession of securities so that they are safeguarded from all misappropriation by company employees.

Answer 140

Investing and Financing Cycle AU-C 501 presents guidance on auditing Derivative instruments, hedging activities, and investments in both debt and equity securities. Applicable accounting standards are in the FASB Codification, Topic 815, Derivatives and Hedging.

Answer 141

Investing and Financing Cycle Internal Controls Inherent risk (IR) associated with investments, particularly marketable securities, is generally high, largely due to the fact that their value is readily determinable and they are frequently easily transferrable. Inherent Risk Assessment (IR): Factors affecting inherent risk in this area include: * Management’s investment objectives * Complexity of the security or derivative instrument * Whether the transaction giving rise to the security involved cash * The entities with the security or derivative in question * Whether the derivative is stand-alone or an embedded feature of a separate agreement * External factors affecting management’s assertions such as credit, market and legal risks * Evolving GAAP with respect to derivatives and investments * Reliance on outside parties * Assumptions about future conditions

Answer 142

Investing and Financing Cycle Internal Controls Internal controls reduce control risk (CR) such that, regardless of a high inherent risk (IR), risk of material misstatement (RMM) can be reduced. Internal Control --> Reduce CR even with High IR, RMM is reduced RMM = IR x CR reduced RMM = high IR x reduced CR When internal controls in relation to investments are expected to reduce control risk below the maximum, reducing the risk of material misstatement, specific controls are associated with management assertions and tests of controls are performed to gather evidential matter regarding their operating effectiveness.

Answer 143

Investing and Financing Cycle Internal Controls Internal Control --> Reduce CR below maximum Internal Control --> Reduce CR < 100% Internal Control --> Reduce CR < 1.0 then --> RMM is reduced Perform Tests of Controls for operating effectiveness

Answer 144

Investing and Financing Cycle Internal Controls Control Risk Assessment (CR): Identify specific controls applicable to assertions and gather evidential matter regarding their operating effectiveness (tests of controls). Examples of controls include: * Monitoring of investment activities and reporting by independent control staff; * Senior management approval of transactions; * Accurate risk measurement systems for investments and derivatives; * Regular reconciliations to control account balances; * Definitions and regular reviews of limits and constraints on investment activities; and • Regular reviews of controls by senior management or some independent body. o As CR↑ (increases) the auditor’s acceptable level of DR↓ (decreases), which means the auditor will perform MORE ↑ Substantive Testing.

Answer 145

Investing and Financing Cycle Internal Controls Substantive Procedures (discussed in more detail in Audit Evidence) Since derivatives are required to be reported at fair value, the auditor is required to evaluate whether the fair values of investments in derivatives have been determined appropriately, using an acceptable valuation method. Substantive procedures in the area of investments in Derivatives should be designed to test management’s assertions with regard to (PERCV): * Presentation and Disclosure * Existence * Rights and Obligations * Completeness * Valuation

Answer 146

Investing and Financing Cycle Internal Controls Substantive Procedures Substantive procedures in the area of derivatives investments should be designed to test management’s assertions with regard to (PERCV): * Presentation and Disclosure * Existence * Rights and Obligations * Completeness * Valuation • Presentation and Disclosure – This will involve - reading disclosures to make certain they are in compliance with GAAP; - determining if securities have been pledged as collateral for indebtedness through inquiries and inspection of documents; and - determining that investments are appropriately classified through inquiries of management. • Existence – This may involve the - inspection of securities on hand; - confirmations with brokers or other third parties either holding securities or who may be counter-parties; - reviewing documents; and, - when appropriate, inspecting documentation of settlement or realization. • Rights and Obligations – This may involve the review of documents and confirmations with counter parties. • Completeness – This may involve - review of minutes of the board of directors or others responsible for governance; - tests of subsequent transactions for evidence of realization or settlement; - confirmations with counter parties, financial institutions, brokers, and others; and - evaluating beginning amounts for disposition of inclusion in ending amounts. • Valuation: o For valuation based on cost: ▪ Inspection of documentation ▪ Confirmation o For valuation based on financial results of investee: ▪ Obtaining audit evidence supporting investee’s results ▪ Reading available financial statements of investee o For valuation based on fair value: ▪ Obtaining quoted market prices on exchanges when available ▪ Obtaining quoted market prices from broker-dealers for unlisted securities ▪ Obtaining estimates, including those using models like Black-Scholes

Answer 147

Investing and Financing Cycle An entity uses derivatives as hedges to protect itself against various risks that may be inherent in the assets or liabilities they hold, in anticipated transactions, or other aspects of their business. The purpose of the hedge is to shift the risk to a counter-party. For example: 1) Fair Value Hedge 2) Cash Flow Hedge

Answer 148

Investing and Financing Cycle An entity uses derivatives as hedges to protect itself against various risks that may be inherent in the assets or liabilities they hold, in anticipated transactions, or other aspects of their business. The purpose of the hedge is to shift the risk to a counter-party. For example: 1) Fair Value Hedge 2) Cash Flow Hedge Fair Value Hedge • An entity with a fixed rate receivable may be concerned that fluctuations in interest rates will affect its fair value. They might enter into an interest rate swap in which they will pay out interest at a fixed rate, to offset the interest received, and receive interest from the counter-party at a variable rate. o As a result, they will always be paying the market rate of interest and changes in the fair value of the note will be offset by changes in the fair value of the derivative used as a hedge. o This would be considered a fair value hedge.

Answer 149

Investing and Financing Cycle An entity uses derivatives as hedges to protect itself against various risks that may be inherent in the assets or liabilities they hold, in anticipated transactions, or other aspects of their business. The purpose of the hedge is to shift the risk to a counter-party. For example: 1) Fair Value Hedge 2) Cash Flow Hedge Cash Flow Hedge • An entity with a variable rate receivable may be concerned about the uncertainty of future cash inflows due to fluctuations in the interest rate. They might enter into an interest rate swap in which they will pay out interest at a variable rate, to offset the interest received, and receive interest from the counter-party at a fixed rate. o As a result, regardless of changes in the market interest rate, the entity will receive a steady and predictable stream of interest cash inflows. o This would be considered a cash flow hedge.

Answer 150

Investing and Financing Cycle A cash flow hedge may also be used to transfer risk associated with a forecasted transaction. A company planning to purchase goods or services from a foreign supplier may enter into a forward exchange contract to make certain that a change in the foreign currency exchange rates does not adversely affect the cash flows associated with the transaction. In order to apply hedge accounting to a derivative instrument, at the inception management must - 1) designate the derivative as a hedge; formally document the hedging relationship, the entity’s risk management strategy for using the hedge, and the method of assessing its effectiveness; and - 2) have the expectation that the hedge will be highly effective. The auditor should gather evidence that management has met these requirements.

Answer 151

Investing and Financing Cycle In order to apply hedge accounting to a derivative instrument, at the inception management must - 1) designate the derivative as a hedge; formally document the hedging relationship, the entity’s risk management strategy for using the hedge, and the method of assessing its effectiveness; and - 2) and have the expectation that the hedge will be highly effective. The auditor should gather evidence that management has met these requirements. In addition: Fair Value Hedges • For fair value hedges, the auditor should obtain evidence to support the recorded change in the hedged item that is attributable to the hedged risk. Cash Flow Hedges • For a cash flow hedge of a forecasted transaction, the auditor should obtain evidence that supports management’s determination that the forecasted transaction will probably occur. Support may include evidence: o Regarding the frequency of similar past transactions. o Supporting the entity’s ability to execute the transaction. o Indicating the loss that might result if the transaction does not occur. o Supporting the likelihood that substantially different transactions might be used to achieve the same business purpose.

Answer 152

The Basics of Accounting for Derivatives and Hedge Accounting In the regular course of business operations, organizations, are exposed to market risks such as interest rate risk, foreign exchange risk, commodity price risk, etc., that give rise to income volatility. As a result, organizations often will take some action to mitigate or economically hedge against such exposures using derivative financial instruments. In addition some organizations may enter into derivative contracts for speculative or trading purposes.

Answer 153

Accounting for Derivative Instruments Under current U.S. and International accounting standards, an entity is required to measure derivative instruments at fair value, or mark-to-market (MTM), with changes in fair value or MTM to be recognized through the income statement. Fair value is defined under U.S. accounting standards as “the price that would be received to sell an asset, or paid to transfer a liability in an orderly transaction between market participants at the measurement date.” International accounting standards define fair value slightly differently as “the amount for which an asset could be exchanged, or a liability settled, between knowledgeable, willing parties in an arm’s length transaction.” Non-performance risk or the risk that an obligation will not be fulfilled (also known as credit risk) is also required to be incorporated into the fair value measurement. While the definitions differ, the principle is generally the same in the U.S. and internationally.

Answer 154

Hedge Accounting Accounting for derivative instruments at fair value creates a common issue for organizations that hedge risks using such instruments. Specifically, such organizations may face an accounting mismatch between the derivative instrument which is measured at fair value, and the underlying exposure being hedged, as typically underlying exposures are recognized assets or liabilities that are accounted for on a cost or an amortized cost basis, or future transactions that have yet to be recognized. This accounting mismatch results in volatility in the financial statements as there is no offset to the change in the fair value of the derivative instrument.

Answer 155

Hedge Accounting Hedge accounting provides this offset by effectively eliminating/ reducing the accounting mismatch through one of three ways: 1. Fair Value Hedge 2. Cash Flow Hedge 3. Net Investment Hedge

Answer 156

Hedge Accounting Hedge accounting provides this offset by effectively eliminating/ reducing the accounting mismatch through one of three ways: 1. Fair Value Hedge 2. Cash Flow Hedge 3. Net Investment Hedge ------------- FAIR VALUE HEDGE 1. Through a Fair Value Hedge, which is achieved by accounting for the underlying exposure, asset or liability (typically referred to as the hedged item) by adjusting the carrying value for changes in the hedged risk, which would then offset, to the extent effective, the change in the fair value of the derivative instrument, CASH FLOW HEDGE 2. Through a Cash Flow Hedge where changes in the fair value of the derivative instrument are deferred in shareholders equity, to the extent effective, until the underlying exposure impacts the income statement in the future, NET INVESTMENT HEDGE 3. Through a Net Investment Hedge which is a variation on a cash flow hedge, used to hedge foreign exchange risk associated with net investments in foreign currency denominated operations.

Answer 157

Hedge Accounting 1. FAIR VALUE HEDGE A Fair Value Hedge is used when an entity is looking to eliminate or reduce the exposure that arises from changes in the fair value of a financial asset or liability (or other eligible exposure) due to changes in a particular risk, such as interest rate risk on a fixed rate debt instrument. The hedged item is permitted to measured at fair value each period in respect of the hedged risk (not for all risks), even if the hedged item is normally measured at amortized cost. Any resulting adjustment to the carrying amount of the hedged item related to the hedged risk is recognized in profit or loss, even if such a change normally would be recognized in Other Comprehensive Income (OCI) – for example in the case of an instrument classified as available for sale. Measurement of Derivative Instrument [ Change in Fair Value ] + / - --> Income Statement Measurement of Hedge Item [ Change in Fair Value + / - --> Income Statement attributable to risk hedged ]

Answer 158

Hedge Accounting 2. CASH FLOW HEDGE A Cash Flow Hedge is used when an entity is looking to eliminate or reduce the exposure that arises from changes in the cash flows of a financial asset or liability (or other eligible exposure) due to changes in a particular risk, such as interest rate risk on a floating rate debt instrument. The hedged item is accounted for under normal principles. The hedging derivative instrument is measured at fair value each period however, the effective portion of the change in fair value is deferred in OCI and presented within equity (normally in a hedging reserve). The difference between the effective portion of the change in the fair value of the derivative hedging instrument and the full change in the fair value (the ineffective portion ) is recognized immediately in profit or loss. A Cash Flow Hedge only has measured ineffectiveness where the change in the fair value of the derivative instrument exceeds the change in the present value of the future cash flows of the hedged item/ exposure (referred to as an “over hedge”). The change in the fair value of the hedging instrument that is deferred in OCI is reclassified to profit or loss at a future date when the hedged item affects profit or loss (for example, when the interest payment on a floating rate debt instrument is made or when the payment associated with an anticipated transaction occurs). The Cash Flow Hedge Measurement of Derivative [ Change in Fair Value ] Recognition Effective Portion --> OCI (SHs’ Equity) I V* Ineffective Portion --> Income Statement *Amounts are subsequently transferred out of OCI based on the same timing as the hedged item impacts income (interest income, interest expenses, etc.)

Answer 159

Hedge Accounting 3. NET INVESTMENT HEDGE A Net Investment Hedge is a specific type of foreign currency cash flow hedge that is used to eliminate or reduce the foreign currency exposure that arises from an entity’s Net Investment in a Foreign Operation (NIFO). Upon consolidation each period of the NIFO into the parent financial statements, a foreign currency gain or loss is recognized in shareholders’ equity (part of the cumulative translation account). A Net Investment Hedge can be used to eliminate or reduce this volatility in shareholders’ equity. The hedging instrument in a Net Investment Hedge can either be a derivative instrument (such as a foreign exchange forward contract) or a non-derivative instrument (such as a foreign currency denominated debt instrument), or a combination of a derivative and non-derivative under international accounting principles. When derivative hedging instrument is used, the effective portion of the change in the fair value of the instrument is recognized in equity. The ineffective portion is recognized immediately in profit or loss. Similarly, when non-derivative instrument is used, the foreign currency translation gain or loss is recognized in equity (as opposed to profit or loss). The Net Investment Hedge Measurement of Derivative [Change in Fair Value] Recognition [Net Investment in Foreign Operation] 1) Effective -to-- (SHs’ Equity) -from- Foreign Currency Portion Gain / Loss l V* 2) Ineffective --> Income Statement Portion *Amounts are subsequently transferred out of Shareholders’ Equity in the same period during which corresponding exchange gains or losses arising from the translation of the financial statements of the foreign operation are recognized in the net income.

Answer 160

Interest Rate Swap Example: (LO 6) On January 2, 2017, MacCloud Co. issued a 4 year, $100,000 note at 6% fixed interest, interest payable semiannually. MacCloud now wants to change the note to a variable-rate note. As a result, on January 2, 2017, MacCloud Co. enters into an interest rate swap where it agrees to receive 6% fixed and pay LIBOR (variable Rate) of 5.7% for the first 6 months on $100,000. At each 6-month period, the variable rate will be reset. The variable rate is reset to 6.7% on June 30, 2017. Instructions (a) Compute the net interest expense to be reported for this note and related swap transaction as of June 30, 2017. (b) Compute the net interest expense to be reported for this note and related swap transaction as of December 31, 2017. (a) June 30, 2017 ------ MacCloud Co. will pay variable rate at 5.7% $100,000 x 5.7% x (½) = $2,850 Counter Party will pay fixed rate at 6.0% $100,000 x 6.0% x (½) = $3,000 (b) December 31, 2017 MacCloud Co. will pay variable rate at 6.7% $100,000 x 6.7% x (½) = $3,350 Counter Party will pay fixed rate at 6.0% $100,000 x 6.0% x (½) = $3,000 ---- Explain MacCloud Co. issued a note (borrowing money) at fixed rate 6% MacCloud Co. want to get variable rate, thinking it is cheaper interest expense, at 5.7% (but later interest rate reset at 6.7%) Counter-party also has the note at variable rate at 5.7% but want a fixed rate at 6% So MacCloud Co. and Counter-party swap their interest payment on their $100,000 note. They both will be paying each other interest on the debt.

Answer 161

Interest Rate Swap June 30, 2017 Fixed rate 6% Variable rate at 5.7% Fair Value Hedge change to Fixed rate --> Variable rate Example: MacCloud Co. with $100k note June 30, 2017 fixed rate 6% --> variable rate at 5.7% Interest expense $3,000 --> $2,850 Result: June 30, 2017 MacCloud Co. gain $3,000 - $2,850 = $150 ---------------------- Cash Flow Hedge change to Variable rate --> Fixed rate Example: Counter-party with $100k note June 30, 2017 variable rate at 5.7% --> fixed rate 6% Interest expense $2,850 --> $3,000 Result: June 30, 2017 Counter-party loss $3,000 - $2,850 = $150

Answer 162

Interest Rate Swap December 31, 2017 Fixed rate 6% Variable rate at 6.7% Fair Value Hedge change to Fixed rate --> Variable rate Example: MacCloud Co. with $100k note December 31, 2017 fixed rate 6% --> variable rate at 6.7% Interest expense $3,000 --> $3,350 ``` Result: December 31, 2017 MacCloud Co. loss $3,350 - $3,000 = $350 Total loss in 2017 +$150 - $350 = $200 ``` ---------------------- Cash Flow Hedge change to Variable rate --> Fixed rate Example: Counter-party with $100k note December 31, 2017 variable rate at 6.7% --> fixed rate 6% Interest expense $3,350 --> $3,000 ``` Result: December 31, 2017 Counter-party gain $3,350 - $3,000 = $350 Total gain 2017 -$150 + $350 = +$200 ```

Answer 163

What is a fair value hedge? Fair Value Hedge = A hedge of the exposure to changes in the fair value of a recognized asset or liability, or of an unrecognized firm commitment, that are attributable to a particular risk. ------------- Fair value hedges protect existing assets, liabilities and firm commitments against changes in fair value. The exposure to changes in fair value can result from a variety of causes including holding a commodity, being committed to purchase or sell something on predetermined terms or issuing or holding a financial instrument that has a fixed interest rate and maturity.

Answer 164

Interest Rate Swap Example An entity with fixed-rate debt enters into an interest rate swap to receive a fixed rate of interest and pay a variable rate January 1, 2019 (Fair Value Hedge) change to Fixed rate debt --> Variable rate debt 6% --> 6.5% to protect against a scenario in which the entity would be required to pay a premium if it decided to extinguish its debt prior to maturity if interest rates decline. (explain) ----------- Future (1 year later) January 1, 2020 Interest Rate in the future Fixed rate debt --> Variable rate debt 6% --> 5.0% If the interest will decrease to 5.0% in the future. the firm will pay higher interest on the fixed rate debt at 6.0%. Therefore, the entity is required to pay a premium if it decides to extinguish its debt prior to maturity when interest rates decline. (The debtor will loose the interest gain on fixed rate (6.0% - 5.0% = 1%)

Answer 165

Another example, a refinery, concerned that crude prices may fall while it is firmly committed under a purchase contract to buy one million barrels of crude oil at a fixed price in the future, would sell a crude oil futures contract. If prices decrease, the entity will be contractually obligated to pay an above-market price under its purchase contract, but would realize a gain in the value of its futures contract that effectively reimburses the entity as if it had purchased the crude at the lower hedged market price. However, if crude oil prices increase, the loss on the futures contract will result in the refinery paying an effective cost over and above the fixed purchase contract price.

Answer 166

Fair Value Hedge In both of the previous examples, the entities’ future cash flows to pay interest and buy crude oil, respectively, were fixed. The derivatives effectively unlocked the fixed terms of both the fixed-rate debt and the firm purchase commitment to buy crude oil, and exposed the entities’ earnings to subsequent favorable and unfavorable changes in value of the hedged items attributable to changes in interest rates and market prices, respectively.

Answer 167

What is a fair value hedge? Fair Value Hedge = A hedge of the exposure to changes in the fair value of a recognized asset or liability, or of an unrecognized firm commitment, that are attributable to a particular risk. ------------------- Fair value hedges protect existing assets, liabilities and firm commitments against changes in fair value. The exposure to changes in fair value can result from a variety of causes including holding a commodity, being committed to purchase or sell something on predetermined terms or issuing or holding a financial instrument that has a fixed interest rate and maturity. Except for foreign currency fair value hedges, the derivative in a fair value hedge will unlock a price, rate, or index that would otherwise be fixed or locked from the entity’s income statement perspective. Once the derivative unlocks the fixed terms, the entity’s income statement benefits from favorable changes in the price, rate or index. However, because of the unlocking of the fixed terms, the entity’s earnings may also be exposed to unfavorable changes.

Answer 168

Fair Value Hedge "The derivative in a fair value hedge will unlock a price, rate or index that would otherwise be fixed or locked from the entity’s income statement perspective.*" *Fair value hedges of firm commitments denominated in a foreign currency, actually LOCK in an exchange rate rather than unlock the exchange rate. However, the purpose of locking in the exchange rate is to protect the entity while it is “locked” into some other cost, price, rate or index, such as a contract to purchase a fixed quantity of inventory at a fixed price denominated in a foreign currency. Because the entity cannot avoid the fixed price, it is exposed to changes in the foreign currency exchange rate. Thus, even in this hedging relationship, the derivative is protecting the entity from fixed prices, costs, rates or indexes.

Answer 169

Fair Value Hedge Examples of fair value hedges of assets work similarly. An entity that owns inventory could enter into a fair value hedge to protect the value of its inventory on hand, and an entity that has an investment in an available-for-sale fixed-rate debt instrument could enter into an interest rate swap to synthetically convert the fixed-rate debt instrument to a variable-rate debt instrument. Fair value hedges protect against exposures to changes in the fair value of a recognized asset (e.g., inventory, fixed-rate notes receivable, fixed-rate bond), liability (e.g., fixed-rate debt issuance), or unrecognized firm commitment.

Answer 170

Investing and Financing Cycle Most testing related to Property, plant, and equipment (PPE) transactions concerns itself with the different types of controls that reduce the risk of misstatement. In a good internal control structure, the internal audit staff will periodically inspect physical assets. This cycle includes acquisitions, disposals and depreciation expense. Among the objectives are: • Verifying the existence of recorded assets by Vouching from records to the physical assets. This can assist in identifying unrecorded disposals. • Verifying the completeness of acquisitions by Tracing from the physical assets to the records. This can assist in identifying unrecorded acquisitions.

Answer 171

The Net Investment Hedge Measurement of Derivative [Change in Fair Value] Recognition [Net Investment in Foreign Operation] 1) Effective -to-- (SHs’ Equity) -from- Foreign Currency Portion Gain / Loss l V* 2) Ineffective --> Income Statement Portion *Amounts are subsequently transferred out of Shareholders’ Equity in the same period during which corresponding exchange gains or losses arising from the translation of the financial statements of the foreign operation are recognized in the net income.

Answer 172

Production and Conversion Cycle The production and conversion cycle deals with manufacturing operations. Most of the controls are similar to those in the purchasing and spending cycle, since inventory may be involved in both cycles, the difference being whether they were manufactured or purchased. Acquisition of, and accounting for, raw materials purchased in a manufacturing process would be similar to merchandise inventory in a nonmanufacturing entity. Examples of controls related to the management assertions for manufactured inventory include: * Presentation and Disclosure * Existence or Occurrence * Completeness and Cutoff * Valuation, Allocation and Accuracy --------------------- • Presentation and Disclosure – Direct labor charged to individual time tickets is compared to the total direct labor charged to work-in-process, in order to ensure direct labor costs have not been charged to manufacturing overhead. • Existence or Occurrence – Perpetual inventory records are compared with goods on hand. • Completeness and Cutoff – Forms used for material requisitions are prenumbered and periodically accounted for. • Valuation, Allocation and Accuracy – Subsidiary records are periodically reconciled to inventory control accounts.

Answer 173

Production and Conversion Cycle Using the mnemonic RACE for account balances: * Rights and obligations * Allocation and Valuation * Completeness * Existence

Answer 174

Production and Conversion Cycle Using the mnemonic RACE for account balances: * Rights and obligations * Allocation and Valuation * Completeness * Existence --------------- • Rights and obligations – Terms of notes, lines of credit, and other debt instruments are evaluated to determine if inventories have been pledged as collateral. • Allocation and Valuation – Allocations of salaries and wages to inventory are reviewed to make certain appropriate amounts are included. • Completeness – Forms used for the acquisition of raw materials and other items are prenumbered and all numbers are accounted for. • Existence – Perpetual inventory records are regularly reconciled to goods in inventory to make certain that recorded amounts are still on hand.

Answer 175

Production and Conversion Cycle As with the purchasing and spending cycle, the objectives within the production and conversion cycle include properly recording and executing transactions. In addition, an especially difficult objective of internal control with respect to manufacturing processes is maintaining proper custody as raw materials become work-in-process and then finished goods. In contrast, inventory in a merchandising company normally only goes from the receiving department to inventory when acquired and then from inventory to the shipping department when sold.

Answer 176

Documenting the Internal Control Structure An auditor is required to document the understanding of a client’s internal control. There is no specific means of documentation required and the auditor may select any method, or combination of methods, that best suits the needs of the auditor in being able to apply the understanding to result in an audit that is both efficient and effective. Internal Control Questionnaire (ICQ) Yes (strength) / No (weakness) questions covering all control activities: One common form of documentation is the internal control questionnaire (ICQ). A questionnaire always phrases questions in a form that requires a yes or no answer for each question, with a yes answer indicating the presence of a potentially useful control, and a no response indicating a weakness. This is consistent with the emphasis of the auditor on finding strengths in the system to rely on.

Answer 177

Internal Control Questionnaire (ICQ) Yes (strength) / No (weakness) questions covering all control activities: A well-designed questionnaire will include questions related to each of the different types of control activities (from the PRAISE mnemonic) that may be utilized in an internal control structure. There is no perfect questionnaire that can be memorized for the exam, but the following list includes questions that can be adapted to individual TBS types of questions (these questions should be made more precise by referring to documents and personnel that are used in the specific department that is being tested). For each of the six activities, two potential questions are provided, since recommended solutions usually have contained around 12 questions spread over all the activities (PRAISE): ``` PRAISE • Physical controls • Recording • Authorization • Independent checks • Segregation of duties • Evaluate performance ``` • Segregation of duties (ARCC)

Answer 178

Internal Control Questionnaire (ICQ) ``` PRAISE • Physical controls • Recording • Authorization • Independent checks • Segregation of duties • Evaluate performance ``` ``` • Segregation of duties (ARCC) o Authorization o Recording o Custody of assets o Comparison ```

Answer 179

Internal Control Questionnaire (ICQ) ``` PRAISE • Physical controls • Recording • Authorization • Independent checks • Segregation of duties • Evaluate performance ``` --------------------- • Physical controls – Is proper security maintained over valuable department assets? Are there adequate safeguards over unused documents? • Recording – Are transactions documented as to all relevant terms and descriptions? Are documents prenumbered and periodically accounted for? • Authorization – Are transactions authorized by personnel at least one level above the request level? Are the third parties involved in transactions approved in advance? • Independent checks – Are documents compared to verify their agreement before transactions are executed? Are records periodically reconciled to related documents? • Segregation of duties – Is the principal function of the department (Authorization, Recording, or Custody) independent of each of the other two functions? • Evaluate performance – Are there written department policies and procedures? Are unusual or uncompleted transactions periodically investigated?

Answer 180

Internal Control Questionnaire (ICQ) • Segregation of duties – Are the principal functions of each process, authorization, recording, custody, and comparison (ARCC) independent of one another? o Authorization – Are transactions authorized by personnel at least one level above the request level? o Recording – Are transactions documented as to all relevant terms and descriptions? Are documents prenumbered and periodically accounted for? o Custody of assets – Is custody limited to those with a need to have access? Are those with access subjected to bonding or appropriate background checks? o Comparison – Are physical assets periodically reconciled to recorded amounts? Are normal activities, such as bank deposits, subject to comparisons of recorded amounts to support documents, such as comparing daily deposits to remittance listings or reconciling amounts in cash registers?

AUD 3 Internal Control 9 (Review) Flashcards

(204 cards)