Complete Audit Flashcards
1
Q
What is the majority of an auditor’s work in determining an audit opinion?
A
Collection of evidence to support the opinion.
1
Q
What is the primary duty of an auditor?
A
To provide users of financial information with REASONABLE ASSURANCE that the financial statements are not materially misstated.
1
Q
What is Audit Sampling?
A
Taking part of a population- subjecting it to audit procedures- projecting results to a population
2
Q
When is an audit of IT NOT required?
A
Controls are redundant to another department The system does not appear to be reliable and testing controls would not be an efficient use of time Costs exceed benefit
2
Q
What engagements are covered by the AICPA Code of Professional Conduct?
A
Covers all professional engagements and is the minimum standard of conduct Member should additionally follow specific standards for a specific engagement
2
Q
What are the requirements for an audit report?
A
Must conform to GAAP Consistency with prior period reporting is implied (must state if inconsistent) Adequacy of disclosure is implied (must state if disclosures are lacking) Opinion is provided - provides assurance Must be signed by the auditor- and dated.
2
Q
If internal control is poor and a company’s accounting practices are sloppy- which risk is higher?
A
Control risk increases with poor internal control and sloppy accounting practice.
2
Q
Who created the International Auditing Standards?
A
The International Auditing and Assurance Standards Board (IAASB) Member of the International Federation of Accountants (IFAC)
2
Q
Of what does audit Evidence consist?
A
Evidence consists of client accounting data and supporting documentation from client or from third parties.
2
Q
What is the auditor’s responsibility for detecting theft or fraud?
A
Auditors are *not* responsible for detecting theft or fraud. Instead- they are responsible for providing REASONABLE ASSURANCE that the financial statements are not materially misstated.
2
Q
What are the characteristics of Statistical Sampling?
A
Based on formulas Helps find an appropriate audit sample Helps evaluate evidence obtained Helps evaluate results and quantify Sampling Risk
3
Q
When can an audit of IT be performed without directly interacting with the system?
A
System isn’t complex or complicated System output is detailed
3
Q
What must an accountant have under the AICPA Code of Professional Conduct?
A
Integrity Objectivity No Conflicts of Interest No known misrepresentations of facts No outsourcing of judgment
3
Q
How should an audit report be adjusted if reporting is not consistent with the prior period?
A
If inconsistent- an Unqualified Opinion is OK Explanatory paragraph after Opinion is added Otherwise- Qualified Opinion issued
3
Q
If internal control is poor- what is the effect on the audit?
A
Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.
3
Q
For whom were IAASB International Auditing Standards created?
A
IAASB standards are for countries that don’t have their own standards and help set the tone for the rest of the members who do have their own standards (AICPA) IAASB doesn’t override member standards
3
Q
What is the relationship between Evidence and Detection Risk?
A
Evidence has an inverse relationship with Detection Risk The one aspect of Audit Risk an auditor can control through (N)ature (T)iming (E)xtent of audit procedures. Inherent Risk and Control risk are outside of auditor’s control.
3
Q
When should an auditor be hired in relation to the balance sheet date for optimum audit planning and efficiency?
A
The earlier the auditor is hired- the better for audit planning and efficiency.
3
Q
What are the characteristics of Non-Statistical Sampling?
A
Based on human decision Equally acceptable as Statistical Sampling
4
Q
What is the role of a Database Administrator?
A
Maintains database Restricts access Responsible for IT internal control
4
Q
What are threats and safeguards to independence?
A
Safeguards > Threats = Independence Threats > Safeguards = No Independence
4
Q
When is consistency not violated with respect to changes in reporting between years?
A
Accounting Errors Reclassifications Prospective treatment of a new principle Accounting Estimate Change
4
Q
For what does internal control provide reasonable assurance?
A
Internal control provides reasonable assurance that: Material misstatements will be prevented Reliability/integrity of financial statements will be preserved Assets are protected against misuse
4
Q
What financial approach is used under IAASB audit standards?
A
IAASB standards are based on a risk assessment approach
4
Which aspects of Audit Risk can an auditor control?
Detection Risk which is decreased by gathering evidence.
4
When can audit procedures be performed at interim dates?
If Control Risk for the accounts and/or transactions is low- audit procedures can be performed at interim dates. The auditor then reviews changes in the balances at year-end.
4
What are the characteristics of Substantive Tests?
Variables sampling Probability proportionate to size sampling
5
What is the role of a Systems Analyst?
Recommends changes or upgrades Liaison between IT and users
5
What are the threats to independence?
Self-Review (Auditing own work) Advocate of the Client Adverse Interest (Lawsuit against Client) Too familiar with Client – could impair the appearance of Independence to public Undue influence on Client - On Board of Directors- exception being an Honorary board position
5
What assurance is provided in an audit opinion?
The opinion states that the financial statements are fairly presented in all material respects The opinion states if the financials are in conformity with GAAP.
5
What is required in an examination of internal control under Sarbanes-Oxley?
CEO/CFO must disclose Internal Control deficiencies Management must provide assessment of Internal Control Management must certify Financial Statements
5
How do IAASB audit standards compare to US audit standards?
IAASB = No Internal Control audits IAASB = No Referencing another Audit Firm IAASB = Less detailed documentation IAASB = Required: obtain written fraud assessment IAASB = Required: location of auditor’s home office
5
Which aspects of Audit Risk can an auditor NOT control?
Inherent Risk and Control Risk are outside of an auditor's control.
5
When can an auditor accept an engagement offered after the year is already closed?
The auditor can take the engagement if they are able to overcome the limitations of the engagement.
5
What type of sampling are Control Tests?
Attribute Sampling
6
What is the role of the data Librarian?
Responsible for disc storage Holds system documentation
6
What are the Safeguards to independence?
Offset the threats Safeguards are created by Legislation (SOX)- Client (Audit Committee)- Accounting Firm (Policies)
6
What are the sections of the audit report?
Title - States that the auditor is independent Address - whomever hired the auditor Introduction Paragraph Scope Paragraph Opinion Paragraph Signed and Dated by Author
6
What is the relationship between internal control and Substantive Testing?
Inverse Relationship: Stronger Internal Controls = Less Testing Needed Weaker Internal Controls = More Testing Needed
6
What are International Ethical Standards?
Standards set by International Ethics Standards Board for Accountants (IESBA) Code of Ethics for Professional Accountants - Similar to AICPA Code of Professional Conduct
6
How does a high level of acceptable Detection Risk affect an audit?
Less Evidence collected. Opens door for incremental audit risk - Internal Control should be strong. Business and transactions should be relatively stable and predictable. (N) Less-competent Evidence collected (T) Interim testing acceptable (E) Fewer transactions are verified.
6
For what does an auditor use professional skepticism?
To plan the scope of the audit To plan the objectives of the audit
6
What is Sampling Risk?
Risk that your sample isn’t representative of population Can happen even if audit is done properly
7
What is the benefit of Generalized Audit Software in an audit?
Uses computer speed to quickly sort data and files- which leads to a more efficient audit Compatible with different client IT systems Extracts evidence from client databases Tests data without auditor needing to spend time learning the IT system in detail Client-tailored or commercially produced
7
What are the characteristics of a Covered Member?
On the engagement team- have Significant influence on Audit- such as: Reviewing Partner Managing Partner in CPA Firm Firm Personnel who does more than 10 hours of non-attest work (Income Taxes) Partner sharing office with another Partner who oversees an engagement Financial Interest in Client by Covered Member (Auditor on Engagement)
7
Which statements are included in the Scope Paragraph of the audit report?
GAAS was followed (IF SEC company- uses the standard of the PCAOB) Reasonable assurance about material misstatements was obtained. Financial statements and disclosures are supported by evidence. Management estimates evaluated Accounting principles evaluated Financial Statement presentation evaluated Reasonable basis exists for an opinion If any scope limitations exist- the auditor tries to work around them and still issue an unqualified opinion if possible.
7
What are the three objectives of internal control?
Reliability of Financial Reporting Operational Efficiency/Effectiveness Compliance with Law and Regulations
7
Which groups are covered under the three sections of the International Ethical Standards?
A) Covers all accountants B) Covers Public accountants C) Covers accountants in a business environment
7
What should occur when a low level of Detection Risk is acceptable?
More Evidence collected (N) More-competent Evidence collected (T) End of year balance testing (E) More transactions are verified
7
How can analytical procedures be performed in audit planning?
The auditor can compare actual versus forecasted numbers.
7
What is the risk of assessing Control Risk too high?
A risk of Control Testing - Auditor works to make Control Risk lower More substantive tests - Sample overstates Control Risk- Leads to an under-reliance on internal control- over-testing- and overall audit inefficiency Audit ends up being effective (correct result)- but you do more work
8
What is a Relational Database?
Group of related spreadsheets Retrieves information through Queries
8
What are the requirements for a Covered Member?
No direct financial interest No Material indirect financial interest Firm personnel who are not Covered Members cannot own more than 5% of stock Covered Member's immediate family cannot own more than 5% of stock or be employed in Key positions. If Covered member is aware of this- it will impair independence. Cannot make management decisions. All requirements apply during the period of the professional engagement- and as long as they are a client.
8
For an unqualified opinion to be issued- what must be the case with all periods presented?
A prior year’s Financial Statement used for comparative purposes must also meet criteria for an Unqualified Opinion If an exception arises- the Explanatory and Opinion paragraphs will address the issue If a prior year’s issue has been corrected- issue an Unqualified opinion and ignore the past issue
8
What are the five components of internal control?
Control Environment Risk Assessment Information and Communication Monitoring Control Activities
8
What are the requirements for all accountants under the International Ethical Standards?
Accountants should have Integrity Accountants should be Objective Accountants should have Competence Accountants should exercise Due Care Accountants should maintain Confidentiality Accountants should act Professionally
8
What are the primary risks in an audit for a typical for-profit company?
Auditors are there to verify that Assets & Revenues are not overstated Expenses & Liabilities are not understated Exception – if the CPA Exam states that it is a “tax-driven” company flip them around
8
What must an auditor have in order to discuss issues relating to a predecessor auditor's work?
If issues relating to predecessor auditor’s work on previous Financial Statements come up during the current audit- Auditor must have client’s permission to discuss the issue.
8
What is the risk of assessing Control Risk too low?
A risk of Control Testing - Complement to Confidence Level Inverse relationship to Sample Size Higher accepted risk of assessing Control Risk too low = Smaller Sample Lower accepted risk of assessing Control Risk too low = Larger Sample
9
What is a Data Definition Language?
A language that defines a database and gives information on database structure. It maintains tables- which can be joined together. It establishes database constraints.
9
What happens when a Covered Member disagrees with a Supervisor?
If Supervisor's position is still GAAP/GAAS- defer to Supervisor If Supervisor's position is not GAAP/GAAS- report to higher levels of management If management ignores you- consider leaving the firm
9
What is included in an unqualified opinion paragraph with an emphasis?
Includes: Immaterial GAAP issues Going Concern worries Auditor shares responsibility Emphasizing a particular aspect of Financial Statements Unqualified Opinion/Assurances not affected Explanatory paragraph added after opinion
9
What is the purpose for a control environment assessment?
Sets tone for the entire company
9
What questions should public accountants pose to themselves under the International Ethical Standards?
What are the threats/safeguards? Does this new client threaten our ethics? What are the conflicts of interest? What are the threats/safeguards for offering a second opinion? What are the threats/safeguards for receiving commissions or contingent fees? Is our marketing truthful? What are the threats/safeguards for receiving client gifts? What are the threats/safeguards to objectivity?
9
What is the primary constraint on audit evidence?
Cost vs. Benefit is a primary constraint.
9
What questions must an auditor ask with respect to procedures carried out by assistants?
Were they adequately performed? (Review the working papers) Are the results consistent with the audit report?
9
What are the risks if the auditor concludes controls are operating effectively based on the sample and Control Risk is set too low?
Leads to higher Detection Risk - Fewer substantive tests Sample understates Control Risk This error leads to over-reliance on internal control- under-testing- and overall audit ineffectiveness. Does NOT necessarily mean that the Financial Statements are materially misstated – it does mean that if there is one- you are less likely to find it
10
What functions are performed by a Data Manipulation Language?
Maintains and queries a database Auditor needs information- so client uses DML to get the information needed
10
When is independence required?
Audit Review Attestation Engagement
10
What is the effect of a qualified opinion?
A qualified opinion creates reduced assurances. It results from scope limitations or major inconsistencies. It includes material problems with GAAP- disclosures- or segment reporting. If there is an issue that causes a Qualified Opinion- the explanatory paragraph goes after the Scope and before the Opinion paragraphs and the Opinion paragraph refers to the issue as well.
10
What are the components of the Control Environment?
Integrity/Ethics of Management Competence of Management Organizational Structure Human Resource Policies Assignment of Authority/Responsibility Management's Style (riskier with a dominant/aggressive individual) Board/Audit Committee involvement
10
What characteristics should audit evidence have?
Sufficient (quantity) Appropriate: Relevant & Reliable (Quality)
10
How is audit strategy mapped out?
Auditor determines what the reporting objectives are. Auditor determines the scope of the audit.
10
What is the risk of Incorrect Acceptance?
A risk of Substantive Testing - Auditor accepts a balance as fairly stated- when in fact it is not fairly stated Hurts audit effectiveness Wrong conclusion reached Efficient- but not effective
11
What functions are performed by a Data Control Language?
A Data Control Language controls a database and restricts access to the database.
11
What are the requirements for Non-attest engagements?
Agreement must be in writing. Independence not required - Must state if you are not independent Applicable engagements: Consulting- Compilation
11
How is the audit report changed if there is Scope Limitation?
Qualified opinion is issued. Scope paragraph modified Explanatory paragraph between Scope and Opinion paragraphs Opinion paragraph points out scope limitation
11
What does an auditor's assessment of Detection Risk determine?
Detection Risk determines nature- timing- and extent of audit procedures.
11
How does the quality of audit evidence vary depending on who has provided it?
Best evidence: Observation of activity by auditor. 2nd Best: Originates from External Parties and is sent directly to auditor (or failing that items are generated by third party and provided to auditor by the client such as a bank statement) Weakest: Oral evidence from management.
11
What are the foundations of Generally Accepted Audit Standards (GAAS)?
Materiality and Audit Risk
11
What is the risk of Incorrect Rejection?
A risk of Substantive Testing - Auditor rejects balance as fairly stated when in fact it is fairly stated Hurts audit efficiency Wrong recommendations given Effective- but not efficient
12
What are Check Digits?
A numerical character consistently added to a set of numbers. It makes it more difficult for a fraudulent account to be set up or go undetected.
12
Which standards apply to consulting engagements?
Consulting engagements are covered by Statements on Standards for Consulting Services (SSCS) Requirements: Competence- Due Care- Planning- Supervision- Obtain Sufficient Data- Must Serve Client Interest- Must have written or oral agreement- must communicate with client.
12
How is the audit report modified for major inconsistencies found during the audit?
Qualified opinion is issued. Scope paragraph remains unchanged Explanatory paragraph between Scope and Opinion paragraphs Opinion paragraph points out inconsistency
12
What determines the acceptable level of Detection Risk?
Risk of material misstatement determines acceptable level of Detection Risk
12
Which documents are the most persuasive and credible?
Third party documents are more persuasive and credible than internally-prepared docs Auditor Knowledge = Most Persuasive 3rd Party info given to auditor 3rd Party info given to client Internally-prepared doc
12
What are the General Standards for auditing?
Training and Proficiency (Education and Audit Experience) Independence Due Professional Care (TIP)
12
What is Non-Sampling Risk?
Risk of human (auditor) missing an error Also called exception- error or deviation.
13
What is the purpose of a Code Review?
A Code Review tests a program’s processing logic. Advantageous because auditor gains a greater understanding of the program.
13
List some common consulting engagements.
Advisory Services Transaction Services Management Consulting Implementation Services
13
How does a Disclaimer of Opinion affect the audit report?
States that an opinion cannot be issued. Includes severe Scope limitation
13
What items could increase the risk of material misstatement?
Rapid growth in the company. The methods management uses to identify risk- estimate its significance and assess the likelihood of occurrence Major changes to operations- personnel- systems- IT- products- corporate organization- and foreign operations.
13
What are Substantive Procedures?
Test substance/amounts/values. They help to reduce the risk of material misstatements. They only test accuracy of financial statements and dollar amounts - they don't test internal controls.
13
Describe the key components of maintaining auditor independence.
Auditor must be independent in fact and appearance Honesty No direct financial interest No indirect material financial interest
13
How does Sampling Risk compare to Non-Sampling Risk?
Sampling Risk deals with the chance that your audit sample is flawed Non-Sampling risk deals with the chance that your human decisions/conclusions are flawed
14
What is the purpose of a Limit Test?
Examines data and looks for reasonableness using upper and lower limits to determine if data fits the correct range. Did anyone score higher than 100%?
14
What is the rule concerning contingent fees for a covered member?
Not allowed if Member also performs services where independence is required Commissions or referral fees for Covered Members are not allowed Example – Audit firm gets a commission for recommending to Client that they implement a new A/P System...NOT Allowed If a firm performing non-attest work doesn't also perform Covered Member services (aka – Independence not required)- then Firm can get a commission on referring products/services- but they must disclose to the Client Tax Preparation - Payment according to refund amount is disallowed
14
What would cause an Adverse Opinion?
Very material GAAP and Disclosure issues would cause an Adverse Opinion. If there is an issue that causes an Adverse Opinion- the explanatory paragraph goes after the Scope and Before the Opinion paragraphs and the Opinion paragraph refers to the issue as well
14
What happens when Control Risk is assessed to be at the maximum level?
No internal control testing is performed. All audit procedures are increased in intensity to compensate for increased risk.
14
What are the substantive tests that are most often performed?
Trace (or Vouch) Reconcile Analytical Procedures Confirmations Examine evidence that supports management assertions. (T.R.A.C.E.)
14
Describe Due Professional Care
Technical abilities mirror those held by peers in the profession Follow GAAS Standards Obtain a Reasonable Level of Assurance Maintain Reasonable Level of Skepticism Supervise Audit Staff Review judgment at every level
14
What is Attribute Sampling?
Looking at Control Procedures - Were invoices approved when paid? Errors are stated in terms of %- not dollar amounts For example- 5 invoices out of 100 were not properly paid. Error rate is 5% Hint: If you see Error Rate on the Exam- they are referring to Attribute Sampling.
15
What is the Test Data Method?
Auditor processes data with client’s computer - fake transactions are used to test program control procedures. Each control needs to only be tested once Problem with this method - fake data could combine with real data.
15
When are contingent fees allowed?
When fees are structured relative to judicial proceedings. Example: IRS audit- or filing an amended tax return subject to tax case with a different taxpayer.
15
How is division of auditor responsibility disclosed?
Disclosed in Introductory Paragraph. Doesn't name the other auditor without permission. Referenced in Opinion paragraph and division of responsibility indicated If other auditor is not referenced- then you take responsibility for their conclusions- so consideration of independence- experience- credentials- etc required
15
What happens when Control Risk is below the maximum level?
Auditor tests internal controls. Auditor evaluates Control Risk based on tests Auditor adjusts substantive tests accordingly: Weaker Internal Control = More substantive tests Stronger Internal Control = Less substantive tests
15
When performing audit procedures what should auditors focus on?
Auditors focus first on Balance Sheet Accounts then associated Income Statement items
15
List the Standards of Field Work
Planning and Supervision Internal Control Evidence (PIE)
15
How do you determine if Control Procedures are operating properly or not operating properly?
Control Procedures are either operating properly or they are not operating properly – based on Error Rate and the tolerance you have for errors
16
How can Operating Systems Logs be utilized during an audit?
Auditor can review logs to see which applications were run and by whom.
16
How should recommendations and suggestions by a covered member to a client be handled?
Client must carry them out - covered member cannot perform management functions. Client must assign someone of competence to oversee the non-attest engagement and CPA must be satisfied that this has occurred.
16
What standards govern SSARS engagements?
Compilations are governed by SSARS (Statements on Standards for Accounting and Review Services)
16
Describe some common examples of Control Activities.
Performance Reviews Information Processing Physical Controls Segregation of Duties
16
How is Cash audited?
Assurance Level is High. Acceptable Detection Risk is Low.
16
List the Standards of Reporting
Consistency Disclosures Opinion GAAP (CDOG)
16
What is the Tolerable Rate?
Error rate in population that you are willing to accept/tolerate Inverse relationship to Sample Size Higher Tolerable Rate = Smaller Sample Lower Tolerable Rate = Larger Sample If you’re willing to accept a higher probability that errors exist- there is less pressure on the sample
17
What is the purpose of Access Security Software?
Helpful in online environments Restricts computer access - may use encryption.
17
What are the requirements for Personal Financial Planning Engagements?
Must have definite objectives Must have specific procedures planned Must have a basis for recommendations Must have recommendations communicated Must have action steps to implement
17
Which clients can have compilation engagements?
Non-SEC (non-public) registrants only.
17
What should an auditor understand with respect to Information and Communication on an audit?
Understand Client's: Major transaction classes Transaction initiation Support records/documents Transaction processing Financial Statement internal reporting process Financial Statement external reporting process
17
How is Accounts Receivable audited?
If Acceptable DR is High - Negative Confirmation is used - Customer only responds if balance is materially wrong. If Acceptable DR is Low - Positive Confirmation is used - Customer asked to confirm by telling auditor the balance. Corresponding Income Statement Account - Revenue
17
What should an auditor do prior to accepting an audit engagement?
Review the previous financial statements Speak to third parties Contact predecessor auditor to evaluate whether engagement should be accepted (must have client permission)
17
What is the Expected Population Error Rate?
What Error Rate are you expecting? - Judgment call- based on experience Direct relationship to Sample Size More errors = Larger Sample Less errors = Smaller Sample
18
How can Library Management Software assist with an audit?
Library Management Software logs any changes to system/applications etc.
18
When is a GAAP departure appropriate?
Departure from GAAP is appropriate if GAAP would cause Financial Statements to be misleading- then it must be explained/disclosed.
18
What is a compilation?
Accountant puts together financial statements with information PROVIDED BY MANAGEMENT. No opinion is expressed- and no assurances are given. Independence is not required.
18
How must an auditor document understanding of internal control?
Through written documentation such as internal control memos- flowcharts- and questionnaires
18
How is Accounts Payable audited?
Review purchase orders/invoices Confirm with Vendors Corresponding Income Statement Account – Various Expenses
18
What questions should be asked by an auditor prior to taking an engagement?
Note: must have permission of client to contact predecessor auditor (no permission = no engagement) Why the Auditor Change? Any Serious Discussions with Audit Committee? How is Management Integrity? Disagreements? How was Internal Control? Understand Industry or Be Willing to Learn Consider Scope Limitation - Limited evidence available = no engagement
18
What is the basic premise of Attribute Sampling?
Attribute in the sample gives information about the entire audit population Used to estimate Internal Control error rate
19
How can Embedded Audit Modules in software be utilized in an audit?
Assist with audit calculations Enable continuous monitoring in an audit environment that is changing Weakness: requires implementation into the system design Example: SCARF - Collects information based on some criteria and can be analyzed at a later time (necessary because the audit environment is continually changing)
19
When may a covered member disclose confidential information?
Member may disclose confidential info when client isn't following GAAP OR If they receive a subpoena – CPAs are not Attorneys- so there is no CPA-Client privilege
19
What disclosures are required for Compilation engagements?
Disclosures not necessary – must state that they are not included
19
What questions should be asked to determine the risk of material misstatement?
Were all transactions recorded? Were they timely? Measured appropriately? Recorded in correct period? Presented and disclosed properly? Did Management communicate their responsibilities?
19
How is Inventory audited?
Examine purchase agreements Look at Board Minutes Is Inventory held as collateral? Corresponding Income Statement Account – COGS
19
What should be included in an audit engagement agreement?
Note: must be written Objectives of Engagement Limitations of Engagement Responsibilities of Management - Provide written assertions Responsibilities of Auditor - Limited error/fraud responsibility Expectations of Access to Records Financial Statements (and Disclosures) are Management’s Responsibility Compliance with Laws Internal Control
19
For what is the Expected Population Deviation (error) Rate used?
Used to determine initial level of Control Risk
20
What is an Audit Hook?
An Audit Hook is an application instruction that gives auditor control over the application.
20
What is the effect of not returning all client-provided documents upon request?
This is an act discreditable. You MUST return all documents the client gives you even if they don't pay their bill. If you create a document- however- like a work paper- you are not required to give the client a copy of papers you created if they haven't paid their bill They are the firm's work papers- but are still confidential!
20
What standards govern Review engagements?
SSARS (Statements on Standards for Accounting and Review Services)
20
What is the purpose of testing internal controls?
Auditor needs reasonable assurance that controls are functioning as designed and effective Internal Control Testing should be strong as (IRON) so that nothing gets past them Inquiry – Interview company personnel Re-performance – Can it be replicated? Observation – Watch the control be applied INspection – Dig into the details/documents If results are as expected- substantive procedures do not need to be adjusted
20
How are beginning balances audited?
Should match last year's ending balance.
20
What is management's responsibility with respect to the financial statements?
Management is responsible for financial statements and adequacy of disclosures. Presentation & Disclosure Existence (Tests Overstatements) Rights & Obligations Completeness (Tests Understatements) Valuation & Allocation
20
What is the Allowable Risk of Over-reliance?
Risk of Assessing Control Risk too low Gives you the Sampling Risk
21
What is the purpose of Transaction Tagging?
Transaction Tagging allows logging of company transactions and activities.
21
What are the rules with respect to CPA firm names?
CPA firm names must not be misleading. If partner dies- remaining partner has two years to change name if partnership dissolved. If partner dies and more than one partner still remains (i.e. 1 dies and you still have 2 or more partners...you don't need to change the name) All Partners/Shareholders must be members of the AICPA in order to hold themselves out as members of the AICPA. Non-CPAs can be owners- but 2/3 of Ownership must be CPAs. Non-CPA owner must not be involved with the accounting- and is still bound by AICPA code of conduct- must maintain CPE requirements and have Bachelor's degree.
21
What type of assurance is given in a Review engagement?
Reviews give limited assurance.
21
When can controls tested by an auditor in a prior year be used in the current year's audit assessment?
Controls tested by auditor in a prior year can be used in the current year’s audit assuming they are re-tested every third year Exception: If the control has changed since the last audit
21
What is the general presumption for auditing Ending Balances?
If Beginning Balance Additions Subtractions are OK then Ending Balances should also be OK.
21
What is the purpose of the Audit Committee?
Responsible for Hiring Auditor Oversees Internal Control Must Agree with Auditor on: Responsibility of the Parties- Audit Fee- Timing of the Audit- Audit Plan Acts as Liaison Between Auditor and the Board Auditor Communicates Concerns about: Internal Control Deficiencies- Errors- Fraud- Illegal Activities
21
When is Attribute sampling used?
Attribute sampling is only useful when there is documented evidence (an audit trail) to test Use when the existence of an error needs to be verified or debunked
22
How do Extended Records assist in audit trail creation?
Extended Records add audit data to financial records.
22
What is the consequence of disclosing CPA exam material post-1996?
It is an Act Discreditable.
22
What procedures are required for Review engagements?
Analytical procedures are required for reviews. Compare results to documented predictions.
22
What happens if internal controls are deficient?
Control Risk increases Scope of substantive procedures increases Detection Risk decreases Material Weakness - Reasonable possibility that a material misstatement in Financial Statements would not be found- more than a remote chance of occurrence
22
How is a Statement of Cash Flows audited?
Foot all balances – Check the Math Trace Cash Flow items to other Financial Statements Check classifications - Operating Activities Investing Activities Financing Activities
22
How is Audit Risk calculated?
Inherent Risk x Control Risk x Detection Risk Risk that material mistakes- errors- omissions- or fraud will result in an inaccurate audit report Based on Auditor Judgment Measured in both Qualitative and Quantitative
22
What is Classic Variable Sampling?
Testing for a dollar amount Value in sample gives information about value in entire population.
23
How does Real Time Processing affect an audit?
Destroys prior data when updated aka Destructive Updating Requires well-documented Audit Trail
23
What are the consequences for a CPA who commits an Act Discreditable?
Licenses are granted at the State level If State revokes certificate- AICPA Ban Felony Conviction- AICPA Ban Prepares Fraudulent Tax Return- AICPA Ban Intentionally failing to file return- AICPA Ban SEC can get involved with discipline
23
What is a Review engagement?
Financial statements are presented with no opinion expressed- and limited assurances are given. Independence is required for a review engagement.
23
What is a Material Weakness?
Reasonable possibility exists that a material misstatement in Financial Statements would not be found- and has more than a remote chance of occurrence.
23
Under the Indirect Method what must be disclosed on a Statement of Cash Flows?
Interest Paid Income Taxes Paid Non-cash Transactions Cash and Cash Equivalents Definitions
23
Describe Control Risk
Risk that internal control will not detect error or fraud Auditor cannot control this.
23
What functions are used in conjunction with Classic Variable Sampling?
Mean Per Unit = Sample Average x Number in Population Stratification - Decreases effect of variance in population and reduces sample size
24
What is the risk of auditing System outputs versus Application outputs?
If the auditor only audits the outputs of a computer system and doesn’t also audit the software applications- an error in the applications could be missed.
24
What are the functions of the PCAOB?
Monitors CPA Firms who audit SEC clients - All SEC Audit firms must register Issues standards for firms to follow - usually stricter than AICPA standards
24
What is a Forecast?
A prospective financial statement that uses normal circumstances. General and limited use allowed.
24
What does Tracing test?
Tests Completeness Starts with source document and traces forward to the journal entry.
24
Under the Direct Method what must be disclosed on a Statement of Cash Flows?
Results as if you had used Indirect Method Non-cash Transactions Cash and Cash Equivalents Definition
24
Describe Inherent Risk.
Which transactions have a higher level of risk? Auditor cannot control
24
What are the characteristics of Probability Proportionate to Size (PPS) sampling?
A form of Variable Sampling Does NOT use Standard Deviation Auditor focuses on a dollar amount Larger or more valuable items get picked more often as part of the sample
25
What is a Compiler?
Software that translates source program (similar to English) into a language that the computer can understand
25
When is independence impaired under PCAOB standards?
If Client pays a contingent fee (i.e. based on outcome) With Marketing or Planning engagements Aggressive Tax Strategies Firm does tax work for Client employee involved with audit oversight or their family
25
What is a Projection?
A prospective financial statement using hypothetical situations. Only limited use by the client is allowed.
25
What does Vouching test?
Tests Existence. Starts with a journal entry and searches for a voucher or source document to support the entry.
25
What are Subsequent Events and what do they require?
Subsequent events occur after the Balance Sheet Date but before the audit report is issued. Auditor needs to make inquiries and assess if they affect the audit report.
25
Describe Detection Risk.
Will the auditor fail to detect a material misstatement? Auditor CAN control Do testing at year-end Increase substantive testing Run more effective tests
25
What is Projected Misstatement?
Misstatement found in sample – have to project it to remainder of population
26
How is Parallel Simulation utilized during an audit?
Client data is processed using Generalized Audit Software (GAS) Sample size can be expanded without significantly increasing the audit cost GAS output compared to client output
26
Who must approve non-audit work performed by a firm for a client?
Client Audit Committee must approve non-audit work performed by Firm Firm must disclose any potential independence issues to Audit Committee
26
What are the requirements for Agreed Upon Procedures?
Independence is required Only limited use by the client is allowed.
26
What activities represent Segregation of Duties?
Non-compatible duties performed by separate individuals- such as: Authorization of asset disbursement vs. Recording of Assets vs. Custody of assets If supporting audit evidence doesn’t exist- use Observation and Inquiry Accounting should be segregated from Production
26
What should occur if the audit report has already been issued and the auditor becomes aware of a situation that was present as of the Balance Sheet date (a subsequent event)?
If audit report has already been issued and auditor becomes aware of a situation that was present as of the BS date client should issue a disclosure to financial statement users and/or revise the financial statement. Regulatory agencies might need to get involved under some circumstances.
26
What responses should an auditor take based on different levels of acceptable detection risk (DR)? What type of tests should be performed?
Less Acceptable DR = Run More Substantive Tests More Acceptable DR = Run Less Substantive Tests More Substantive Tests (DR down) = Less Audit Risk; (AR = IR x CR x DR) Less Substantive Tests (DR up) = More Audit Risk; (AR = IR x CR x DR)
26
How does Probability Proportionate to Size (PPS) sampling compare to Classic Variables sampling?
PPS: Easier to use- Results in a stratified (homogenous) sample- Results in a smaller sample size to audit- Easy to design Classic Variables Sampling: Easy to expand sample size- Selecting zero and negative balances easy
27
What does auditing internal control in a company’s IT environment accomplish?
Plan the rest of audit- Shorter audit trails that may expire- Less documentation Assess the level of Control Risk - Unauthorized access to systems or data is more difficult to catch Systems access controls adds another layer to separation of duties analysis Focus should be on the general controls- new systems development- current systems changes- and program or data access control or computer ops control changes
27
Which organization is in charge of determining if federal funds are being misappropriated?
GAO - Government Accountability Office
27
What disclosures are required for remote likelihood of losses?
No disclosure required.
27
With respect to signing checks- how are duties segregated?
Employees who prepare vouchers/invoices should not also have the authority to SIGN CHECKS Tip – Remember this as an underlying theme with Segregation of Duties – authority to make a payment should not also lie in the hands of those creating invoices/vouchers. Why? People commit fraud by setting up fake companies and basically paying themselves
27
What should an auditor do if they discover they have forgotten to perform a substantive procedure?
If auditor discovers that they forgot to perform a substantive procedure auditor should determine if other substantive procedures performed served as a substitute. Otherwise support for their audit opinion could be jeopardized.
27
What are quantitative measurements versus non-quantitative measurements with respect to risk?
Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of percentages Non-Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of acceptable ranges
27
What factors affect sample size?
Tolerable rate for error - Inverse relationship with sample size Risk of assessing Control Risk too low - Inverse relationship with sample size Expected population error rate - Direct relationship with sample size Population size does NOT affect the sample size - as population is larger- sample size doesn't grow.
28
What rules must auditors follow for governmental audits?
Auditors must follow both GAAS and GAS – aka the “Yellow Book” Materiality threshold is usually lower More detail is required on working papers More stringent CPE rules and requirements - 24 hours of continuing education must be related to governmental auditing every 2 years Compliance with Regulations is a requirement of the Audit Report
28
What disclosure is required for a probable loss contingency?
Accrue if estimable. Explanatory paragraph if not estimable.
28
With respect to custody of assets- how should duties be segregated?
Employees who have custody of assets should not also RECORD those assets Someone in charge of petty cash should not also control the petty cash records Treasury Department (custodians) should NOT have record keeping duties They control assets and should not be able to adjust any recording of those assets
28
When are Analytical Procedures required?
REQUIRED When planning the audit (preliminary) REQUIRED When reviewing the audit (final) Analytical procedures may be also performed optionally along with the substantive testing. Use of Analytical Procedures in the audit must be documented.
28
Whose responsibility is it to FIND and PREVENT fraud?
It is Management's responsibility.
28
What is the formula for Audit Sampling?
SER + ASR \< TER SER = Sample Error Rate ASR = Allowance for Sampling Risk TER = Tolerable Error Rate
29
What disclosure is made if a loss contingency is reasonably possible?
Auditor assesses need for explanatory paragraph based on loss likelihood.
29
What are the limitations on control activities?
Controls can’t stop collusion or bad judgment Management can override controls Cost vs. Benefit relationship of Internal Control
29
How do Analytical Procedures assist the auditor?
Helps the Auditor: Determine if Management Assertions are reasonable Develop audit plan Develop some expectations about the financial statement and hopefully bring to light any glaring errors on financial statement
29
What is the auditor's responsibility with respect to fraud and illegal acts?
Assess the RISK that such things will lead to material misstatements Design the audit to provide reasonable assurance against fraud- illegal acts that directly and materially affect the financial statements Report ALL management fraud to the audit committee (minor fraud by low-level employees not reported to committee) Perform required inquiries and procedures (management inquiries- analytical procedures- discussions with audit personnel about fraud)
29
What is Allowance for Sampling Risk?
The amount that you add to the Sampling Error Rate to get some cushion for your sample. As high as you think the population error rate could go based on experience.
30
How is a gain contingency reported?
Gain contingencies are not reported.
30
What is required if a Material Weakness is identified?
A written report to management is required. Report declaring that no material weaknesses were found is allowed Previous weaknesses reported that still exist should be reported again Should be reported no later than 60 days after audit report release date If one or more material weaknesses is uncorrected at year-end- an Adverse Opinion on internal control must be given
30
What is the focus of Analytical Procedures?
Analytical Procedure focus is on dollar amounts (not internal controls) Analyzes Financial Data: Do Financial Statements Make Sense? Comparison of data between years
30
What are the three factors that affect/influence fraud?
Fraud is born out of: Rationalization Incentive Opportunity (RIO)
30
What is the Tolerable Error Rate?
The amount of error rate that you can accept - If population error rate is less than TER- then accept the Control as effective If population error rate is more than TER- do more testing to get SER lower or conclude control isn’t effective. Do more substantive testing
31
How does an immaterial GAAP issue affect the audit opinion?
It doesn't. Opinion is Unqualifed.
31
What is the effect of a Significant Deficiency? What is it?
A significant deficiency adversely affects a company's ability to report in the financial statements according to GAAP. A significant deficiency is a “more than a remote likelihood” of material misstatement by “more than an inconsequential amount”
31
How is the Current Ratio calculated?
Current Ratio = Current Assets / Current Liabilities
31
What is the difference between fraud and errors?
Errors are unintentional- fraud is intentional.
31
What are the steps to develop a sampling plan?
Determine Test Objective - for example- have sales shipments been billed? Define Population and Deviation - take a sample of shipping document- trace forward to see if billed Determine Sample Size based on tolerable rate for error- risk of assessing Control Risk too low- and expected population error rate. Select Sampling Technique
32
How does a material GAAP issue affect the audit opinion?
Qualified Opinion is issued. Similar to Scope Limitation. Explanatory paragraph after Scope Paragraph. Opinion refers to GAAP issue.
32
What must occur if a Significant Deficiency is identified?
If a Significant Deficiency is identified- a written report to management required Report declaring that no significant deficiencies is not allowed Previous deficiencies reported that still exist should be reported again Should be reported no later than 60 days after the audit report release date
32
How is the Quick Ratio calculated?
Quick Ratio = Liquid Assets / Current Liabilities
32
What red flags may indicate higher risk in an audit?
Management compensation tied to stock Aggressive financial forecasting Former auditor disagreed with Management Records not available for audit Current audit procedures may need to be reconsidered if red flags exist.
32
After a Sampling Plan is developed- what are the steps in sampling?
Perform the Sampling Plan Evaluate Results Document Results
33
How does a very material GAAP issue affect the audit report?
Adverse opinion is issued. Same paragraph structure as a Qualified opinion.
33
What is a Control Deficiency?
A control is not operating as intended Written report to management not required
33
How is the Asset Turnover calculated?
Asset Turnover = Net Sales / Average Assets
33
Describe the characteristics of a Fraud Risk Factor.
Has been observed in similar situations Does NOT necessarily mean that there is a material weakness in internal control Leads to an auditor taking action
33
What is Systematic Sampling?
Every certain # of a population is selected Population needs to be randomly ordered Primary advantage is that population doesn’t require pre-numbering
34
How does a Going Concern issue affect the audit report?
Unqualified opinion with an Emphasis is OK Explanatory paragraph is added after Opinion paragraph.
34
What must an auditor ask if using the work of third parties?
Are the competent? Are the objective?
34
How is the Inventory Turnover calculated?
Inventory Turnover = COGS / Average Inventory
34
What does an examination of internal control accomplish with respect to illegal acts?
Internal control analysis can result in the conclusion that IC is weak- but probably won’t identify illegal acts
34
What is Sequential Sampling?
Also called Stop or Go sampling Each audit step determines the next step
35
What is a Yellow Book audit?
An audit performed under governmental auditing standards (GAS).
35
What must an auditor understand with respect to internal auditors?
Auditor needs to understand the role of Internal Auditors within the organization because their work affects the audit plan Responsibility for judgments about materiality or appropriateness of entries or estimates cannot be shared with third parties like Internal Auditors Internal Auditors should be asked to do some of the legwork like preparing schedules or running reports They should not be asked to make any decisions or judgments
35
How is Gross Margin % calculated?
Gross Margin % = Gross Margin / Sales
35
What is the purpose of adjusting audit procedures in light of fraud risk factors identified during an audit?
Strives to make audit engagement procedures less patterned and predictable Re-evaluates management’s application of accounting procedures Finds and assigns audit personnel with relevant skills in this area
35
What is Discovery Sampling?
Audit is testing an area that is so crucial that zero population errors can be tolerated Any phony employees on payroll?
36
How do GAS standards compare to GAAS?
GAS is more strict that GAAS.
36
What is required in an examination of internal control under Sarbanes-Oxley?
CEO/CFO must disclose deficiencies Management must provide assessment of Internal Controls Management must certify Financial Statements
36
What type of testing are ratios?
Ratios are Analytical Procedures
36
What should be documented with respect to fraud risk factors in an audit?
Any fraud risks identified that could lead to material misstatement Audit procedures performed to assess risks Nature of communication made to audit committee and company management Disclosure to third parties regarding fraud not normally the auditor’s responsibility Fraud by management should normally be reported to the audit committee- NOT the SEC.
36
How does Block Sampling compare to other sampling methods?
Easy to implement- but is the worst method of sampling.
37
What is required under the Single Audit Act?
A report on internal control is required. GAAS and GAS don't require the I/C report.
37
What is the relationship between internal control and Substantive Testing?
Has inverse relationship: Stronger internal control results in LESS substantive testing Weaker internal control leads to MORE substantive testing
37
What type of procedure is a Budget vs. Actual comparison?
Budget vs. Actual comparisons are Analytical Procedures.
37
What was the effect of the SOX Act of 2002?
Created PCAOB Designates Officer responsibility for internal control Must disclose significant internal control weaknesses to auditor and audit committee Must disclose any level of fraud discovered by employees with internal control responsibilities
38
What are the three objectives of internal control?
Reliability of Financial Reporting Operational Efficiency/Effectiveness Compliance with Law and Regulations
38
List Common Types of Analytical Procedures
Ratio analysis Budget vs. Actual comparison Comparison of data between years Use of non-financial data to predict expected values for financial data
38
What is the Hierarchy of Authoritative Literature?
1. Statements on Auditing Standards (SAS) 2. Auditing Interpretations- AICPA Guides & SOPs 3. Industry Articles (no authority)
39
What are the five components of internal control?
Control Activities Risk Assessment Information and Communications Monitoring Control Environment
39
How do management assertions affect the audit?
Management assertions help the auditor to plan the audit and select substantive tests.
39
What quality control activities are undertaken by CPA firms with audit practices?
Firm Leadership exhibits quality and leads by example and sets the tone for the organization Firm should Monitor and document that its policies and procedures are being followed Firm should have Relevant Ethical Requirements Acceptance and continuance of client engagements should continue to be evaluated for client integrity- auditor competency- and legality Firm should have competent and ethical personnel Firm engagements are performed- supervised- and reviewed in accordance with professional standards and regulations.
40
What are the components of the Control Environment?
Integrity/Ethics of Management Competence of Management Organizational Structure Human Resources Policies Assignment of Authority/Responsibility Management's Style (riskier with a dominant/aggressive individual) Board/Audit Committee involvement
40
What assertions do auditors test?
Presentation - Cutoff Classification - Is it in the right period and category? Existence/ Occurrence - Did it happen? Does it exist? Rights & Obligations - Does the company own them? Completeness - Was everything recorded? Valuation - Are they worth the amount at which they are recorded? (PERCV)
40
Which literature governs Compilation services?
SSARS - Statements on Standards for Accounting and Review Services These govern reporting for non-public entities only
41
What happens when Control Risk is below the maximum level?
Auditor tests internal controls. Auditor evaluates Control Risk based on tests Auditor adjusts substantive tests accordingly: Weaker Internal Control = More substantive tests Stronger Internal Control = Less substantive tests
41
What assertions are tests for transaction classes?
Occurrence Cutoff Classification Completeness Accuracy
41
What is the independence requirement for Compilations?
Independence NOT required for Compilations No Internal Control work allowed No assurance given
42
What should an auditor understand with respect to Information and Communication on an audit?
Understand Client's: Major transaction classes Transaction initiation Support records/documents Transaction processing Financial Statement internal reporting process Financial Statement external communication process
42
For which assertions are disclosures tested?
Occurrence Completeness Classification Accuracy
42
What type of assurance is provided by a Compilation?
Compilations are not an assurance service. No assurance is provided.
43
How must an auditor document understanding of internal control?
Auditor must document understanding of Internal Control via Memos- Flowcharts- and Questionnaires
43
Is testing the validity of direct evidence a basic audit procedure?
No it is an extended procedure. For example you don’t have to take a loan covenant document and go search out that it’s a valid loan covenant. Instead you consider the source – if it’s externally prepared it’s more persuasive.
43
What type of assurance is provided by Review services?
Reviews provide NEGATIVE assurance.
44
What is the purpose of testing internal controls?
Auditor needs reasonable assurance that controls are functioning as designed and effective Internal Control Testing should be strong as (IRON) so that nothing gets past them: Inquiry – Interview company personnel Re-performance – Can it be replicated? Observation – Watch the control be applied INspection – Dig into the details/documents If results are as expected- substantive procedures do not need to be adjusted
44
How are Management Estimates audited?
First and foremost you need to understand management’s rationale and methods for developing estimates before you can judge reasonableness. Next Auditor should formulate their own opinion on what a good estimate should be and compare it. Finally determine if subsequent events affect the estimate.
44
What is the independence requirement for a Review?
Reviews require independence. No Internal Control work allowed Performs analytical procedures No material indirect financial interest allowed No immaterial direct financial interest allowed
45
Whose property are audit documentation (audit workpapers)? In what form must they be?
Audit workpapers are the property of the auditor. They can be paper or electronic. They must include a WRITTEN audit program (either paper or electronic).
45
For compilations and reviews- what knowledge must a service provider have?
Must have an understanding of the client industry.
46
What is the Current File?
Information pertaining to the current year's audit.
46
What are attestation services?
CPA expresses a conclusion about an assertion - Compliance with laws NOT considered a Consulting engagement Independence Required
47
What is the Permanent File?
Information used for this audit and future audits which is updated as needed.
47
What is the independence requirement for consulting services?
Independence is not required for consulting services.
48
How long must audit workpapers be maintained?
Must be kept for 5 years after the audit release date or according to regulations whichever is longer. Must be kept for 7 years under PCAOB Audit PCAOB audits also require an Engagement Completion Document
48
Describe the limitations on Prospective Financial Statements?
Report is restricted to specified users. Agreed-upon procedures are implemented.
49
What is the primary requirement for audit workpapers besides being written?
Any experienced auditor should be able to look at your work and understand what you did.
50
How should documents added to work papers be treated?
If further documents are added to the work papers after the audit report is issued it must be documented as to who added them why they were added and any effects on the audit report.
51
How should documents removed from workpapers be treated?
After the audit report is released the firm has 60 days to subtract from the file. You can still add to the file if you document it but you cannot delete any information after 60 days. Note – for SEC auditors the PCAOB only allows deletions up to 45 days after issuance of the audit report.
