Audit Exam 3

Question 1

What are 3 reasons audit planning matters in real life?

Answer 1

1. Helps auditors work smarter, not harder in gathering evidence.
2. Keeps clients happy. (How much $$, What will you need?)
3. Ensure compliance with GAAS. (Required by AICPA and PCAOB).

Question 2

Client Business Risk

Answer 2

Risk that the client loses customers
Risk that the client gets sued by XYZ
Risk that the client becomes obsolete
Risk that the client loses money

Question 3

Engagement Risk

Answer 3

Risk that the CPA firm suffers as a result of the audit

Enron, PCAOB fines, SEC fines, Lawsuits

Question 4

Sampling Risk

Answer 4

Risk that our sample is not representative of the population.

Question 5

Audit Risk

Answer 5

Risk of an incorrect audit opinion

Question 6

Acceptable Audit Risk

Answer 6

How much audit risk the partner is willing to assume/accept. Low AAR = risk averse; High AAR = less evidence needed

Question 7

Inherent Risk

Answer 7

Risk of an account being materially misstated absent of internal controls. Highly complex accounts; prone to fraud.

Question 8

Control Risk

Answer 8

Risk that the client’s internal controls either fail to prevent or detect material misstatement.

Question 9

Fraud Risk/Triangle

Answer 9

1. Incentives/pressures
2. Opportunities (bad IC)
3. Attitudes/rationalizations

Question 10

What are the 5 steps in accepting a client and performing initial audit planning?

Answer 10

1. Client acceptance – Bad client < No Client
2. Intended users/reason for audit - determine audience
3. Obtain an understanding w/client (scope/engagement letter)
4. Need outside specialists?
5. Select staff for engagement.

Question 11

What are the 6 things to study about a client’s business/industry?

Answer 11

1. Industry/external environment
2. Business operations - get an in-person tour
3. Any related-party transactions?
4. Management and governance
5. Get corporate minutes
6. Learn more about the industry!

Question 12

What is the definition of materiality?

Answer 12

Anything that affects the decision of a reasonable user.

Question 13

Factors affecting materiality

Answer 13

A) Dollar amount

B) Everything else

Question 14

Who decides materiality

Answer 14

Auditor

Question 15

How is materiality applied on audits?

Answer 15

On 2 levels -

1) Each account
2) All individual accounts combined

Question 16

How do you convert performance materiality to actual results?

Answer 16

1. Start with threshold
2. Look at known misstatement (based on evidence)
3. Look at allowance for sampling risk.
4. Sum 2+3 and compare to #1.

Question 17

What are known misstatements?

What are likely misstatements?

Answer 17

1. Actual, provable misstatements.

2. Sample risk/management estimates

Question 18

What is the audit risk equation

Answer 18

PDR = AAR / IR X CR
AAR = acceptable audit risk
IR = inherent risk
CR = control risk

Question 19

What is Planned Detection Risk (PDR)?

Answer 19

Risk that an auditor’s tests do not catch a material misstatement.

Question 20

What is Acceptable Audit Risk (AAR)?

Answer 20

How willing an auditor is to issue an incorrect opinion.
Church = high AAR
Boeing = low AAR (public company)

Question 21

What is Control Risk (CR)?

Answer 21

Risk that internal controls fail to detect an MM.
High CR = IC’s bad, more evidence is needed
If auditor plans to rely on good IC, he must have evidence (TOC) that IC’s are operationally effective.

Question 22

What is Inherent Risk (IR)?

Answer 22

Risk of material misstatement w/o considering internal controls.
Bad debt is subjective. High IR.
Sales is prone to fraud. High IR.

Question 23

Are auditors responsible for catching fraud?

Answer 23

Auditors are responsible for providing reasonable assurance against material misstatements whether due to error or fraud.

Question 24

Fraudulent Financial Reporting

Answer 24

Driven by upper-level management
Cookie Jarring
Income Smoothing
Kiting

Question 25

Misappropriation of Assets

Answer 25

Lower level employees | No $$ incentive to commit FFR

Question 26

Why are frauds hard to catch? / Why do auditors only offer reasonable assurance?

Answer 26

1. Sampling (not 100%) 2. Employee collusion 3. Management estimates

Question 27

What are the three parts of the fraud triangle?

Answer 27

1. Incentives/pressures (greed, revenge, fear, addiction) 2. Opportunities (failure of internal controls) 3. Attitudes/rationalization (nobody thinks of themselves as a crook)

Question 28

Assessing the risk of fraud - what elements go into the funnel?

Answer 28

1. Communicate among the team 2. Ask of management - play 20 questions w/controller 3. Risk factors - fraud triangle 4. Analytical procedures - fraud triangle 5. Other information

Question 29

When significant fraud risks are identified, how does the auditor respond?

Answer 29

On three levels 1) Overall level 2) Possible management override -- investigate 3) Assertion level -- check grids/trace forward/vouch back

Question 30

What are the three objectives of effective internal control?

Answer 30

1. Reliable financial reporting (prevent fraudulent financial reporting) 2. Effective operations (support good cash flow, avoid bounced checks, nonpaying customers) 3. Compliance with rules and regulations

Question 31

What is management's job with respect to internal controls?

Answer 31

Design the internal controls Implement the internal controls Monitor the internal controls Operating effectiveness

Question 32

What is the auditor's job with respect to internal controls?

Answer 32

OPINE on internal controls

Question 33

When does an auditor do Tests of Controls?

Answer 33

Interim - prior to fiscal year end Controlling date - last day of FYE Resolve all problems WRT IC's prior to B/S date, all is well

Question 34

Who does the heavy lifting of SOX 404(a) testing?

Answer 34

Internal Audit

Question 35

Who actually signs SOX 404(a)?

Answer 35

CEO and CFO

Question 36

COSO components of Internal Controls

Answer 36

1. Control environment 2. Risk assessment 3. Control activities 4. Information and Communication 5. Monitoring

Question 37

Separation of duties in IT - what are the three silos that should report to the CIO / IT Manager?

Answer 37

1. Systems development 2. Operations 3. Data Control

Question 38

What general controls should IT have?

Answer 38

1. Administration - is it well-funded? 2. Systems development - end users? 3. Separation of duties? 4. Backup and Contingency Planning? 5. Physical and Online Security?

Question 39

What are the four steps to obtain and document understanding of internal controls?

Answer 39

1. Obtain and document understanding of internal control design and operation (flowcharts, look at) 2. Assess control risk. If MAX at this stage, then you'll stop and proceed directly to TOT. 3. If you continue from step 2, design, perform, and evaluate tests of controls. 4. Then, decide planned detection risk and substantive tests (TOTs)

Question 40

How do you assess control risk?

Answer 40

``` By linking key controls and control deficiencies to transaction-related audit objectives. Then test the controls to see that they are working. Transaction-related audit objectives are: 1. Occurrence 2. Completeness 3. Accuracy 4. Posting 5. Classification 6. Timing ```

Question 41

How do you design and perform a test of controls?

Answer 41

See if the control is working as expected. Gather audit evidence, as in Ch 7 (physical exam, confirmation, inspection, inquiry, recalculation, re-performance, observation, analytical procedures) Want to confirm that IC's are being consistently applied 24/7/365. Effectivity date is last day of fiscal year.

Question 42

How does an auditor report on internal controls?

Answer 42

- Contact those charged with corporate governance. - SOX 404(a) is for all public companies; (b) accelerated filers - Management letters are suggestions for improvement/sales job at the end of the audit. - None of this is applicable in private firms

Question 43

Options for testing when AIS is highly computerized?

Answer 43

1. Run test data (but take it back out) 2. Parallel simulation (audit software -- confidence check) 3. Embedded audit module (not popular -- big brother)

Question 44

What accounts are involved in the sales and collection cycle?

Answer 44

``` Sales Cash Receipts Journal Sales Returns Write offs Bad Debt Expense ``` I/S: Sales Rev/Sales Disc/Sales Returns/Bad Debt Exp B/S: A/R/Cash/AFDA

Question 45

What source documents and records are involved in the sales and cash collection cycle?

Answer 45

Sales: Cust Order PO, Sales Order, Bill of Lading, Invoice, AR Subledger, AR Aged Trial Balance, General Ledger, Financial Statements Cash Receipts: Check+Remittance Advice, CR Prelist, Deposit Slip, Validated Deposit Slip, CR Journal, AR Subledger AR Aged TB, GL

Question 46

What are the test of controls for sales transactions?

Answer 46

- Separation of duties - CAR (custody, authorization, recording) - Independent checks - Link to 6 audit objectives (occurrence, completeness, etc.) - GAAS requires we look at IC's - CR in audit risk equation

Question 47

What are the tests of transactions for sales transactions?

Answer 47

Occurrence: Vouch back from SJE to BOL Completeness: Trace forward from BOL to SJE Accuracy: Agree amount of invoice to amount of SJE Cutoff: Agree date of BOL to date SJE Posting / Summarization

Question 48

What are the tests of transactions for cash receipts transactions?

Answer 48

Occurence: Vouch back from CR JE to validated deposit slip Completeness: Trace forward from vaidated deposit slip to CR JE Accuracy: Agree dollar amount on deposit slip to CRJE Posting: Agree details of CR prelist to AR subposting Cutoff: Agree date of deposit slip to CRJE

Question 49

What are the biggest concerns with controls over sales returns and allowances?

Answer 49

1. Occurrence (Misappropriation of assets) | 2. Completeness (FFR)

Question 50

What are the biggest concerns with controls over write-offs?

Answer 50

1. Occurrence Fear = steal cash and hide with bogus writeoff. Ensure proper authorization of writeoffs occurs.