Chapter 4 Flashcards
(16 cards)
Q: πΉ What is the audit risk model, and how does it guide audit planning?
A:
πΈ The audit risk model helps the auditor manage the risk of providing an inappropriate opinion on financial statements that are materially misstated
πΈ The model helps auditors decide how much audit work is needed and how rigorous it should be and where to focus testing
πΈ It involves four key components:
ββπΉ Acceptable audit risk β the maximum overall risk the auditor is willing to accept that a material misstatement remains undetected after the audit
ββπΉ Inherent risk β the likelihood that a material misstatement could occur before considering any internal controls
ββπΉ Control risk β the likelihood that the clientβs internal controls will fail to prevent or detect that misstatement
ββπΉ Planned detection risk β the risk that the auditorβs own procedures will fail to detect a misstatement
πΈ Auditors assess inherent and control risk based on their understanding of the client
πΈ They set an acceptable level of audit risk
πΈ Then they design audit procedures to lower planned detection risk as needed to keep the total risk within acceptable limits
Q: πΉ What is acceptable audit risk, and how does it affect the audit?
A:
πΈ Acceptable audit risk is the maximum overall risk the auditor is willing to accept that the financial statements are materially misstated, but the audit does not detect it
πΈ It reflects the auditorβs comfort level with issuing a clean opinion
πΈ Lower acceptable audit risk is chosen when:
ββπΉ Financial statements are used by many or important stakeholders
ββπΉ The client is publicly traded or highly regulated
ββπΉ There is greater risk of litigation
ββπΉ Management integrity is questionable
πΈ Lower AAR means more audit work, because the auditor needs greater assurance that material misstatements will be detected
Q: πΉ What is inherent risk, and how does it affect audit planning?
A:
πΈ Inherent risk is the likelihood that a material misstatement exists in an account or transaction before considering any internal controls
πΈ It depends on the nature of the item being audited, not on the clientβs controls
πΈ Inherent risk is higher when:
ββπΉ Transactions are complex, subjective, or non-routine
ββπΉ There is high volume or manual processing
ββπΉ The industry is volatile or heavily regulated
ββπΉ There is susceptibility to fraud (e.g., cash, estimates)
πΈ Higher inherent risk β more audit procedures required to obtain sufficient evidence
Q: πΉ What is control risk, and how does it affect audit work?
A:
πΈ Control risk is the likelihood that a material misstatement will not be prevented or detected by the clientβs internal controls
πΈ Control risk is affected by the design and effectiveness of the clientβs control systems
πΈ Control risk is higher when:
ββπΉ Controls are missing, poorly designed, or not followed
ββπΉ The client is small or lacks segregation of duties
ββπΉ The auditor cannot test the controls effectively
ββπΉ There is a history of control failures
πΈ High control risk β less reliance on controls β more emphasis on substantive testing
Q: πΉ What is planned detection risk, and how does the auditor manage it?
A:
πΈ Planned detection risk is the risk that the auditorβs procedures will fail to detect a material misstatement in the financial statements
πΈ It is the only component the auditor directly controls
πΈ It reflects the amount and quality of audit work the auditor needs to perform, based on their assessment of:
ββπΉ Acceptable audit risk
ββπΉ Inherent risk
ββπΉ Control risk
πΈ When those other risks are high, planned detection risk must be low, requiring more extensive or rigorous audit procedures
Q: πΉ What factors affect acceptable audit risk (AAR), and how?
A:
πΉ High number of FS users / public company β AAR
πΉ Client in poor financial health β AAR
πΉ High risk of litigation β AAR
πΉ Management integrity concerns β AAR
πΉ History of errors or restatements β AAR
πΉ Aggressive accounting policies β AAR
πΉ Volatile industry or high business risk β AAR
πΉ Private company / limited users β AAR
πΉ Stable industry and business operations β AAR
πΉ Strong management reputation β AAR
Q: πΉ What factors affect inherent risk (IR), and how?
A:
πΉ Complex transactions or estimates β IR
πΉ High volume of transactions β IR
πΉ Manual systems / lack of automation β IR
πΉ Subjective accounting areas (e.g., fair value) β IR
πΉ New accounting standards or reporting frameworks β IR
πΉ Significant changes in operations or personnel β IR
πΉ Poor past experience with specific account areas β IR
πΉ Volatile industry or external sensitivity β IR
πΉ Assets susceptible to theft or fraud (e.g., cash) β IR
πΉ Related party transactions β IR
πΉ Non-routine or unusual transactions β IR
πΉ Complex financial instruments β IR
Q: πΉ What factors affect control risk (CR), and how?
A:
πΉ Weak or poorly designed internal controls β CR
πΉ Lack of segregation of duties β CR
πΉ Controls not operating effectively β CR
πΉ Inadequate documentation of processes β CR
πΉ Lack of internal audit function β CR
πΉ High turnover in accounting personnel β CR
πΉ Prior year control deficiencies β CR
πΉ Auditor unable to test controls β CR
πΉ Small company environment (less formality) β CR
πΉ Strong control environment β CR
πΉ Effective design and implementation of controls β CR
πΉ Reliable documentation and monitoring β CR
πΉ Strong internal audit function β CR
πΉ Prior year controls tested and effective β CR
Q: πΉ What factors affect planned detection risk (PDR), and how?
A:
πΉ Acceptable audit risk β β β PDR
πΉ Inherent risk β β β PDR
πΉ Control risk β β β PDR
πΉ Higher assessed risks overall (IR or CR) β PDR
πΉ More persuasive audit evidence required β PDR
πΉ Stronger assessed internal controls β PDR
πΉ Lower acceptable audit risk β PDR
πΈ Reminder: The auditor sets PDR based on assessed levels of the other three risks
Q: πΉ What is materiality, and how is it determined and used in an audit?
A:
πΈ Materiality is the maximum misstatement that can exist without affecting usersβ decisions
πΈ Used to:
ββπΉ Plan the audit
ββπΉ Evaluate misstatements
ββπΉ Decide if FS are fairly presented
πΈ Depends on professional judgment, based on:
ββπΉ User needs
ββπΉ Nature of the client
ββπΉ Quantitative & qualitative factors
πΈ Quantitative benchmarks:
ββπΉ 5β10% of net income
ββπΉ 0.5β2% of total assets or revenues
πΈ Qualitative factors (may lower materiality):
ββπΉ Fraud or illegal acts
ββπΉ Related party transactions
ββπΉ Impacts earnings trends or key ratios
ββπΉ Management compensation incentives
ββπΉ Public company or sensitive users
πΈ Performance materiality is set below overall materiality to reduce audit risk
Q: πΉ What are tests of controls, and when are they used?
A:
πΈ Tests to evaluate the design and operating effectiveness of internal controls
πΈ Used when auditor plans to rely on controls to reduce control risk
πΈ Examples:
ββπΉ Inspecting documents for approvals
ββπΉ Observing control activities
ββπΉ Reperforming control steps
ββπΉ Testing segregation of duties
Q: πΉ What are tests of details of balances, and why are they important?
A:
πΈ Audit procedures that test individual balances at the account level for material misstatements directly
πΈ Provide direct evidence on financial statement assertions (e.g., existence, valuation)
πΈ Used when:
ββπΉ Risk of material misstatement is high
ββπΉ Analytical procedures are not precise enough
πΈ Focused on ending balances, especially high-risk ones like:
ββπΉ Accounts receivable
ββπΉ Inventory
ββπΉ Payables
ββπΉ Accruals
πΈ Often involve:
ββπΉ Confirmations
ββπΉ Recalculations
ββπΉ Inspection of source documents
Q: πΉ What is a substantive audit strategy, and when is it used?
A:
πΈ Auditor plans to place no reliance on internal controls
πΈ Control risk is assessed as high, so the auditor performs only substantive procedures
πΈ Used when:
ββπΉ Controls are weak, absent, or not testable
ββπΉ Cost of testing controls outweighs benefits
πΈ Focus is on:
ββπΉ Tests of details
ββπΉ Substantive analytical procedures
Q: πΉ What is a combined audit strategy, and when is it used?
A:
πΈ Auditor plans to rely on internal controls and perform tests of controls
πΈ Control risk is assessed as below maximum, allowing reduced substantive testing
πΈ Used when:
ββπΉ Controls are strong and efficiently testable
ββπΉ Reliance on controls improves audit efficiency
πΈ Audit work includes:
ββπΉ Tests of controls
ββπΉ Substantive procedures (reduced in scope)
Q: πΉ What are analytical procedures, and when are they used in an audit?
A:
πΈ Analytical procedures involve evaluating financial information by comparing expected vs. actual relationships and identifying unusual fluctuations
πΈ Common techniques:
ββπΉ Ratio analysis
ββπΉ Trend analysis
ββπΉ Reasonableness tests (e.g., depreciation, payroll)
πΈ Used at three stages of the audit:
ββπΉ Planning β to identify areas of potential misstatement
ββπΉ As substantive procedures β to gather audit evidence (if predictable & reliable)
ββπΉ Final review β to assess overall FS consistency and reasonableness
πΈ More effective when:
ββπΉ Accounts have predictable patterns
ββπΉ Relationships are well understood
ββπΉ Auditor can develop reliable expectations
πΈ If used substantively, auditor must:
ββπΉ Develop an independent expectation
ββπΉ Compare to actual results
ββπΉ Investigate significant differences
ββπΉ Document the process and conclusions
Q: πΉ What do sufficiency and appropriateness mean in relation to audit evidence?
A:
πΈ Sufficiency = the quantity of evidence
ββπΉ Affected by:
ββββπΈ Risk of material misstatement (β risk β β evidence needed)
ββββπΈ Quality of evidence (higher quality may reduce amount needed)
πΈ Appropriateness = the quality of evidence
ββπΉ Based on:
ββββπΈ Relevance (does it relate to the assertion tested?)
ββββπΈ Reliability (how trustworthy is the source?)
πΈ The auditor must balance both to support the audit opinion
