Flashcards in Becker AUD 3.8 Deck (16):
What are the 3 responses to assessed risks of material misstatements?
1) OVERALL RESPONSE
2) Response to RISKS at RELEVANT ASSERTION LEVEL
3) "RESPONSE to SIGNIFICANT RISKS"
Test of controls are used in what way towards internal controls in relation to material misstatements?
Test of controls are used to EVALUATE the OPERATING EFFECTIVENESS of INTERNAL CONTROLS
in PREVENTING or DETECTING MATERIAL MISSTATEMENTS.
Providing MORE SUPERVISION is neither a test of what 2 things?
1) The test of operating effectiveness of internal controls
2) Substantive testing.
Providing more supervision during an audit of a non-issuer in response to assessed risks of material misstatement a the F/S level is an example of ___________.
An overall response.
1) Recalculate related to balance of accounts is ___ procedure.
2) Re-calculation related to control helps to obtain audit evidence about ______ _____
2) controls' effectiveness.
True or false:
1) Analytical procedures can provide evidence about Internal Control's operating effectiveness.
2) Analytical procedures can be used in the Testing Phase (field work) phase of the Audit as a substantive procedure to provide evidence on account's dollar balance
1) False. Analytical procedures are not designed to test the operating effectiveness of internal control
What are the 5 procedures to test Internal Control's operating effectiveness?
What kind of approach the external auditor would use when it is efficient or cost effective to TEST CONTROLS?
What is the reason that the external auditor cannot rely on the Internal Auditor's judgment on the company's internal control operating effectiveness?
1) Internal auditor does not have independence to give an audit judgment on whether client company's internal control effectiveness.
2) Internal auditors are usually not supposed to be involved with Audit decisions (to do more audit procedures or not), Audit assessments (on risks and materiality threshold), and audit judgments, esp. on areas of internal control and verifying accounting estimates.
Therefore, it is up to the External auditor to do a bit more work to verify internal auditor's judgments and assessments in determining internal control effectiveness.
1) True or false: The auditor would only use substantive procedures (test of details) when internal controls are not well documented.
2) In internal control testing (test of controls), Primarily substantive approach is taken when????
3) When substantive procedures are used in testing controls?
Not necessary. The auditor doe not need to use substantive procedures when there is no documentation on internal controls.
2) Primarily substantive approach is taken when:
* Effective controls are not present
* Implemented controls are assessed as INEFFECTIVE
* OR: when it's NOT EFFICIENT to test internal controls.
3) Substantive procedures are used when testing on internal controls is NOT EFFICIENT. Therefore, apply substantive procedures to ONLY EVALUATE specific ASSERTIONS and SPECIFIC RISKS.
1) When all control structure should have been performed:
Prior to assessing control risk at maximum level
After assessing control risk at maximum level?
2) All tests of controls (internal control testing) should've been performed:
BEFORE: assessing control risk at maximum level (or not)
AFTER : assessing control risk at maximum (or not)
3) When control risk is assessed at maximum level, then:
More substantives tests on details be performed
Less substantive tests on details to be performed.
4) When the control risk is assessed at a MAX LEVEL, then what does the auditor do next?
5) When large portions of sales are done at the last month of the fiscal year and the # of transactions for this fiscal year is relatively small, then the most EFFECTIVE audit approach would be in dealing with timing on audit procedures?
6) Can reviewing period-compensation to determine if bonuses were paid in audit testing the "REVENUE" account?
1) Prior to assessing control risk at MAX LEVEL
This because documenting the effectiveness of internal controls comes BEFORE setting the level on high the control risk is.
2) Before to assessing control risk at MAX LEVEL
This because you need to do Tests of Controls first (along with documentation on results of control testing) to determine How HIGH the control risk should be.
3) More substantives tests on details be performed
This because when CONTROL RISK is HIGH, you need to mitigate this risk by doing MORE substantive detail testing in order to find material misstatements and get the company management to resolve them. Doing this way ALSO reduces Detection risk.
Note: HIGH control risk means MORE substantive detail testing means LOW detection risk.
4) The Auditor documents this assessment on control risk. Then, Auditor DECIDES to do more substantive testing procedures.
5) Effective audit approach: Do a "primarily substantive approach" inspecting transactions occurring in the last month of the year and review sales contracts to determine whether revenue are posted in proper period.
FYI - If there's more sales volume AT YEAR-END and the sales volume only occurs year-end, then Do more tests of controls at year-end to provide assurance that the internal controls are operating effectively.
However, if there's a smaller sales volume, then do a Primarily substantive approach in testing the transactions are done properly and revenue is posted to the right period.
6) No. This because year-end compensation and bonuses are expenses that does not show whether internal controls are working to keep track of revenue properly and the revenue amounts are recorded to the right period.
1) True or false:
Substantive procedures include tests of details and substantive analytical procedures.
2) Tests of details (substantive testing) are performed when there is a LARGE number or SMALL number of transactions were posted to an account during the period?
3) When would the auditor DECIDES to reduce # of tests on details for a particular audit objective?
4) Substantive (detailed-based) analytical review procedures may be sufficient to _____ planned level of detection risk to acceptably ___ level.
5) Why would an auditor test the operating effectiveness of internal controls in the current audit if the auditor is going to RELY more on the controls (that have changed since previous audit)?
2) LARGE NUMBER
3) When the analytical procedures reveals no unusual transactions or unexpected results.
Note: More testing = LOW detection risk.
Performing Substantive analytical procedures = ALSO REDUCES detection risk.
5) To get confirmation that the Internal controls are operating very effectively, so the auditor would get the go ahead and decide on adjusting the audit procedures.
The auditor will not report on reliance of internal controls since that is not the auditor's responsibility to express a reliance on effective internal controls.
True or False:
1) Obtaining a list of current data center employees does provide any evidence regarding whether access is appropriate limited to these employees.
2) Asking chief technology officer about known problems provides some evidence about access controls, but it is not as reliable as the external auditor's direct personal observation.
3) Policy manuals provides evidence that the internal controls are operating effectively.
4) Auditor's direct personal observation does not provide the most reliable evidence on the internal controls for limited access to data center is operating effectively.
5) Evidence concerning proper segregation of duties is generally obtained through inspection and observation.
6) Completing internal control questionnaire helps the auditor understand how the internal controls supposed to work therefore it is a good source of evidence to truly show that the Internal Controls are operating effectively.
7) Performing substantive tests to verify details on bank balances provides evidence as to whether the balance amount is fairly stated not whether controls surrounding this account is operating effectively.
8) Preparing a flow chart of duties performed and the entity's available personnel might aid the auditor in understanding how controls are supposed to work. It does not provide evidence on whether internal controls are actually functioning as designed.
1) False. A list of current employees at the data center only tells you who works there not who has access to. This because there are some that have access whereas others do not.
Direct observation of the limited access to data center is most reliable.
Manuals (documentation / form) only tells how the internal controls should work. But it does not tell if it is really operating effectively currently.
Direct observation is the most reliable because a highly competent external auditor will observe and document (without outside biased interference) at the same time if the internal controls are working in to whom should have access.
Direct inspection and observation is the proper way to really see if the internal controls on segregated duties is working as it should.
Questionnaires can help to understand internal controls processes on how it should work. But, it does not prove that internal controls are working in reality.
Substantive testing are test of details on a specific balance. Not tests of controls.
True or False
1) During an audit, when you are dealing with electronic evidence that may not be retrievable after a specific period, this affects the timing of control tests and substantive testing?
2) Assessed of level of inherent risk is NOT based on the nature of underlying assertion.
3) To adopt substantive or reliance test strategies (i.e. substantive approach or combined approach) is NOT dependent on the length of time electronic evidence is available or not available.
4) Assessed Risk of Material Misstatement (inherent risk x control risk) is NOT dependent on the length of time electronic evidence is available.
5) Detection risk level is based on the assessment on risk of material misstatement (inherent risk x control risk)
6) Analytical procedures and risk assessment procedures are always necessary in a financial statement audit.
7) Risk assessment procedures must be performed to assess the risk of material misstatement and to determine whether and what extent further audit procedures are necessary.
8) Analytical procedures is always needed only in the planning stage.
9) If it takes more time to do control testing on inventory than substantive testing, then the auditor should still do control testing to determine there is hardly any misstatement in inventory.
10) If it would take less time or be more efficient to perform substantive tests than control testing and there is other reason to control testing, the auditor would only do substantive testing. No conduct control tests.
11) If control risk is low, then auditor can do interim testing.
1) True - timing of control test and substantive tests is based on the availability of data to analyze at certain times of business operations.
Assessed inherent risk level IS based on nature of underlying assertion.
You need to assess Risk of material misstatement (inherent risk x control risk) FIRST before determining an acceptable Detection risk level.
The only item not always necessary in a F/S audit is the Test of internal controls' effectiveness.
Analytical procedures and Risk assessment procedures are always necessary in a financial statement audit.
In the Audit Planning stage, Risk assessment procedures MUST BE performed to measure the Risk of Material Misstatement (inherent risk x control risk) IN ORDER to next determine the nature, extent, and timing of further audit procedures.
Analytical procedures are always needed in:
* Planning Stage
* Overall review stage.
If it is more efficient to do substantive testing on inventory than control testing and there is no other reason to do control testing, then only do detail testing. This because an audit has a certain deadline to get things done.
Control risk low = Can do interim testing
Control risk HIGH = do NOT do interim testing. Instead do period-end substantive testing.
Give 3 examples that could result in INCREASE in risk of material misstatement (and therefore overall audit risk)
1) High turnover of senior management
2) New sales incentive program
3) Doing interim testing during auditing a FIRST-TIME new audit client.