Engagement Planning Flashcards Preview

Audit > Engagement Planning > Flashcards

Flashcards in Engagement Planning Deck (63):

The steps in an Audit 

1)  Preparer for Audit 

2) Obtain understanding of client, its environment including Internal Control 

3) Assess Risks of Material Misstatement and Determine nature,  timing and extent of further  procedures 

4)  Perform Test of Controls 

5) Perform Substantive procedure 

6)  Formulate an Opinion

7) Issue Audit report 


Step in Planning an audit

Planing Procedure


  • Basic Discussion with the client
  • Review of audit document
  • Ask about recent developements
  • Interem financial statement - AP is mandatory
  • Non-audit personal
  • Staffing of audit
  • Timing of various audit procedure
  • Outside assistance - use of specialist
  • Pronouncements
  • Scheduling with the client


What is the primary duty of an auditor?

To provide users of financial information with REASONABLE ASSURANCE that the financial statements are free of material misstatements, whether cause by fraud or error


What is the auditor's responsibility for detecting theft or fraud?

Auditors are NOT responsible for detecting theft or fraud.

Instead- they are responsible for providing REASONABLE ASSURANCE that the financial statements are not materially misstated.


When should an auditor be hired in relation to the balance sheet date for optimum audit planning and efficiency?

The earlier the auditor is hired- the better for audit planning and efficiency


When can audit procedures be performed at interim dates?

GR Timing of audit procedure is flexible

If Control Risk for the accounts and/or transactions is low- audit procedures can be performed at interim dates. The auditor then reviews changes in the balances at year-end.


When can an auditor accept an engagement offered after the year is already closed?

The auditor can take the engagement if they are able to overcome the limitations of the engagement


For what does an auditor use professional skepticism?

  • professional skepticisman attitude that includes (a) a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and (b) a critical assessment of audit evidence. 
  • To plan the scope of the audit
  • To plan the objectives of the audit


How can analytical procedures be performed in audit planning?

The auditor can compare actual versus forecasted numbers



What must an auditor have in order to discuss issues relating to a predecessor auditor's work?

If issues relating to predecessor auditor's work on previous Financial Statements come up during the current audit- Auditor must have client's permission to discuss the issue.


Supervision requirements 

The work of each assistant should be reviewed to: 

  • To determine wether it was adequately performed (instruct assistan, review the working papers, dealing with differences of opinion among firm personnel)
  • To evaluate whether the results are consistent with the conclusion to be presented in the audit report


How is audit strategy mapped out?

  • Auditor determines the reporting objectives
  • Auditor determines the scope of the audit
  • considering various other important factors  (e.g., materiality levels, high-risk areas)



The 3 categories of GAAS standards

The 10 GAAS are used as overall measures of the quality  of the auditor's performance. TIPPICANOE

The GAAS standards are divided into 3 categories:

  • General Standards:apply to all aspect of the engagement from acceptance to completion
  • Fieldwork standards:  apply only to the portion of the engagement devoted into gathering of information 
  • Reporting standards: apply only to the manner in which the audit report is to be written 



General Standars
Training and Proficiency
• Independence
• Professional Care
Standards of Fieldwork
• Planning and supervision
• Internal Controls
• Corroborative Appropriate Audit Evidence
Reporting Standards
• Accounting Principles in Accordance with GAAP
• No New Principles – Consistency
• Omitted Disclosures – None
• Express an Opinion 


What are the General Standards for auditing?


  • Training and Proficiency (Education and Audit Experience)
  • Independence
  • Due Professional Care (TIP)


Auditor must be independence for

  • Auditor must be independent for attestation engagement (ERA's): Audit/Examination;  Review; Agreed-upon procedure engagements leading to findings; Special reports
  • NOT independt for compilation, taxes and consultation
  • Independence should be maintained in both fact and appearance
  • Independence is not impair for indirect and immaterial financial interest


Describe Due Professional Care

  •  Technical abilities mirror those held by peers in the profession
  • Follow GAAS Standards
  • Obtain a Reasonable Level of Assurance
  • Maintain Reasonable Level of Skepticism
  • Supervise Audit Staff
  • Review judgment at every level


List the Standards of Field Work


Planning and Supervision
Internal Control
Corroborative Audit Evidence



List the Standards of Reporting

Accounting Principles in Accordance with GAAP
No New Principles – Consistency
Omitted Disclosures – None
Express an Opinion 


Risk Assessment procedures in planning 

Risk assessment procedures is the procedures followed to obtain an understanding of the entity  and its environment

Risk assessment procedures include:

• Inquiries of management and others within the entity

• Analytical procedures:  example  comparing recorded financial information with anticipated results from budgets and forecast 

 Observation and inspection

• Other procedures, such as inquiries of others outside the entity (e.g., legal counsel, valuation experts) and reviewing information from external sources such as analysts, banks, etc.


What should an auditor do prior to accepting an audit engagement?

  • Review the previous financial statements
  • Speak to third parties
  • Contact predecessor auditor to evaluate whether engagement should be accepted (must have client permission)


What questions should be asked by an auditor prior to taking an engagement?

NOTE: must have permission of client to contact predecessor auditor (no permission = no engagement)

1) What are the Reason for the Auditor Change?
2) How is  the Integrity Management ?
3) Any Disagreements with management durig the Audit?
4) Any Comunication with Audit Committee regarding fraud, illegal acts, IC? 

 to get RID of new client and C (see)

 It is the successor’s responsibility, not the predecessor auditor’s responsibility to communicate with the predecessor

the successor auditor must attempt communication with the predecessor auditor either prior to accepting the engagement, or after the engagement has been accepted, or both



What should be included in an audit engagement agreement/letter?

NOTE: must be written - AC 210
Objectives of Engagement
Responsibilities of Management - provide written assertions
Auditor's responsibilities - Limited error/fraud responsibility
Limitations of Engagement

Engagement letter will aslo indicate
Financial Statements (and Disclosures) will be available
Indication of compliance with applicable laws and regulation
Letter of representations at conclusion of fieldworks
Establishment and maintenance of Internal Control
Statements are responsibility of management • fees and billing 


What is management's responsibility with respect to the financial statements?

  • Management is responsible for financial statements and adequacy of disclosures.  
  • Example of  management assertion 
    •  UPERCV
    • Presentation & Disclosure Existence (Tests Overstatements)
    • Rights & Obligations Completeness (Tests Understatements)
    • Valuation & Allocation



  • Magnitude of omission or misstatement that makes it probable that the judgment of  a reasonable person (user)  relying on the  information could have been changed or influenced by the omission or misstatement 
  • Materiality is based on Auditor’s judgment -use PY financial statement
  • Materiality judgments involve both quantitative and qualitative considerations
  • For planning purposes, concerned with the smallest aggregate level
  • There is an inverse relationship between audit risk and materiality consideration
  • Materiality measure relate to an annual figure  


How is Audit Risk calculated?

 = Inherent Risk x Control Risk x Detection Risk

Risk of material misstatement = Control Risk x Inherent Risk

Audit Risk - assessed in Nonquantitative and Quantitative term

Audit risk is the risk that auditor express an inappropriate audit opinion when the financial statements are misstated


Describe Control Risk

Risk that internal control will not detect  a material misstatement on a timely  basis 

- This risk is assessed using the results of tests of controls. Tests of controls that provide audit evidence that controls operate effectively will ordinarily allow the auditor to assess control risk at a level below the maximum


Describe Inherent Risk

The risk that a material misstatement  of an assertion will take place in the absence of any internal control 

This risk is assessed using various analytical techniques, available information on the company and its industry, as well as by using overall auditing knowledge. The risk differs by account and assertion. For example, cash is more susceptible to theft than an inventory of coal.


Describe Detection Risk

  • Auditor fails to detect a material misstatement 
  • Auditor can increase the nature, timing or extent of substantives testing to decrease the level of detection risk 
  • The risk that audit procedures will incorrectly lead to a conclusion that a material misstatement does not exist in an account balance when in fact such a misstatement does exist
  • Substantive procedures are primarily relied upon to restrict detection risk. 


What responses should an auditor take based on different levels of acceptable detection risk (DR)? What type of tests should be performed?

  • Less Acceptable DR  ⇒ Run More Substantive Tests
  • More Acceptable DR ⇒ Run Less Substantive Tests
  • More Substantive Tests (→ DR down ↓) ⇒ Less Audit Risk
  • Less Substantive Tests ( DR up ↑  ) ⇒ More Audit Risk


What are quantitative measurements versus non-quantitative measurements with respect to risk?

  • Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of percentages

  • Non-Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of acceptable ranges


Whose responsibility is it to FIND and PREVENT fraud?

It is Management's responsibility.


When the risk assessment does not include an expectation that controls operate effectively

This will be the case when

(1) controls appear weak, or

(2) the auditor believes that performing extensive substantive procedures is likely to be more cost effective than performing a combination of tests of controls and a decreased scope of substantive procedures

When the risk assessment does not include an expectation that controls operate effectively, further audit procedures will consist entirely of substantive procedures.



What is the auditor's responsibility with respect to fraud and illegal acts?

  • Auditor assess the RISK that such things will lead to material misstatements
  • Design the audit to provide reasonable assurance against fraud- illegal acts that directly and materially affect the financial statements
  • Report ALL management fraud to the audit committee (minor fraud by low-level employees not reported to committee)
  • Perform required inquiries and procedures (management inquiries- analytical procedures- discussions with audit personnel about fraud)
  • When a client refuses to give appropriate consideration to handling the illegal act (even an immaterial one), the auditor should consider whether the refusal affects his or her ability to rely on management’s representations and whether resignation is desirable


 Purpose of  Analytical Procedures USED DURING  RISK ASSESSMENT 

  • AU-C 315  - Analytical procedures used during risk assessment 
    • (1) May enhance the auditor’s understanding  of the client’s business and signification transactions or events that have occurred since prior audit and
    • (2) also may help to identify the existence of unusual transactions or events and amounts , ratios, and trends  that might indicates  matters that have audit implications
  • Analytical procedures used during risk assessment use data at a high level and they may provide only broad initial indication about possible existence of material misstatements 


What are the three factors that affect/influence fraud?

Fraud is born out of - RIO

  • Rationalization
  • Incentive
  • Opportunity 


What is the difference between fraud and errors?

Errors are unintentional

Fraud is intentional.


  Type of fraud considered in an audit

AU-C  240; AU  316
Fraudulent financial reporting -  management fraud - makes the financial statement misleading
Misappropriation of assets ( embezzlement, stealing/theft, defalcation)  - employee 


What red flags may indicate higher risk in an audit?

  • Management compensation tied to stock
  • Aggressive financial forecasting
  • Former auditor disagreed with Management
  • Records not available for audit
  • Current audit procedures may need to be reconsidered if red flags exist


What does an examination of internal control accomplish with respect to illegal acts?

  • Internal control analysis can result in the conclusion that IC is weak BUT probably won't identify illegal acts
  • Examples of audit procedures that may detect such illegal acts include
    • inquiries of management and legal counsel,
    • substantive procedures, and
    • reading board of director meeting minutes and
    • correspondence with licensing or regulatory authorities


Illegal Acts : Direct and Inderect effects 

Illegal Acts: direct effect - violation of laws or governmental  regulations having a material and direct effect on financial statement amounts and procedures
Illegal acts Indirect effect:  Violations of laws or governmental regulations  NOT having a material and direct effect on financial statement amount and disclosures 


Fraud reporting 

  • Any fraud risks identified that could lead to material misstatement MUST  be reported  to audit committee and company management
  • Disclosure to third parties regarding fraud NOT normally the auditor's responsibility
  • Fraud by management should normally be reported to the audit committee- NOT the SEC


Information that may suggest the possibility of illegal acts 

  • Unauthorized, improperly recorded, or unrecorded transactions
  • Investigation by a governmental agency
  • Reports of regulatory agencies citing law violations
  • Large payments for unspecified services to consultants, affiliates, or employees
  • Excessive sale commissions
  • Unusually large payment to cash, bearer, transfers to numbered bank accounts
  • Unexplained payments to government officials or employees
  • Failure to file tax returns or pay other fees


What was the effect of the SOX Act of 2002?

  • Created PCAOB
  • Designates Officer responsibility for internal control
  • Must disclose significant internal control weaknesses to auditor and audit committee
  • Must disclose any level of fraud discovered by employees with internal control responsibilities


What is the Hierarchy of Authoritative Literature?

1. Statements on Auditing Standards (SAS)

2. Auditing Interpretations- AICPA Guides & SOPs

3. Industry Articles (no authority)


Elements of quality control activities

  • Firm Leadership exhibits quality and leads by example and sets the tone for the organization
  • Firm should Monitor and document that its policies and procedures are being followed
  • Firm should have Relevant Ethical Requirements
  • Acceptance and continuance of client engagements should continue to be evaluated for client integrity- auditor competency- and legality
  • Firm should have competent and ethical personnel - Human ressource
  • Firm engagements are performed- supervised- and reviewed in accordance with professional standards and regulations.


Which literature governs Compilation services?

  • SSARS - Statements on Standards for Accounting and Review Services
  • These govern reporting for non-public entities only


What is the independence requirement for Compilations?

  • Independence NOT required for Compilations
  • No Internal Control work allowed
  • No assurance given


What type of assurance is provided by Review services?

Reviews provide NEGATIVE  or Limited  assurance 


What is the independence requirement for a Review?

  • Reviews require independence.
  • No Internal Control work allowed
  • Performs analytical procedures and Inquiries
  • No material indirect financial interest allowed
  • No immaterial direct financial interest allowed


For compilations and reviews- what knowledge must a service provider have?

Must have an understanding of the client industry


What is the independence requirement for consulting services?

Independence is not required for consulting services.


Relationship among IR, CR , DR 

  • IR and CR  exist independently of the audit 
  • DR  relates to the effectiveness of the auditor's procedures
  • Inverse  relationship 


Describe the limitations on Prospective Financial Statements?

Report is restricted to specified users.

Agreed-upon procedures are implemented.


the purposes of the quality control element on accepting/continuing a client relationship 

The quality control element on accepting or continuing a client relationship has the purposes of

(1) considering the integrity of the client,

(2) determining that the CPA firm is competent to perform the engagement, and

(3) determining that the CPA firm can comply with legal and ethical requirements


Attest Function

In an attest engagement a CPA is engaged to issue or does issue an examination, a review, or an agreed-upon procedures report on subject matter, or an assertion about subject matter, that is the responsibility of another party

The attestation standards apply to engagements that involve subject matter other than historical financial information, whereas the generally accepted auditing standards apply to the performance of services related to historical financial statements.


Effect of specialist’s work on the auditor’s report

Effect of specialist’s work on the auditor’s report

1. If the specialist’s findings support the related financial statement assertions, the auditor may conclude that sufficient competent evidential matter has been obtained, and no reference should be made to the specialist’s work in the audit report
2. If the specialist’s findings do NOT  support the related financial statement assertions

a. The auditor should (1) apply additional procedures and (2) if necessary, obtain the opinion of another specialist (unless it appears that the matter cannot be resolved)
b.If the difference cannot be resolved, the auditor will ordinarily qualify the opinion or disclaim an opinion because the inability to obtain sufficient competent evidential matter is a scope limitation
c.If the financial statements are incorrect, the auditor should express a qualified or adverse opinion due to a departure from GAAP

NOTE:  Only in b. and c. may the specialist be referred to.


Assurance services

The Special Committee on Assurance Services (the Elliott Committee), defined assurance services as independent professional services that improve quality of information, or its context, for decision makers.


Fraud risk factors

Fraud risk factors. Events or conditions that indicate an incentive or pressure to perpetrate fraud, provide an opportunity to commit fraud, or indicate attitudes or rationalizations to justify a fraudulent action.


The auditor’s communication with those charged with governance

The professional standards require that a communication (orally or in writing) of certain information occur between the auditor and those charged with governance of the company being audited (e.g., the board of directors, audit committee).

1. Qualitative aspects of the entity’s significant accounting practices
  2. Significant difficulties encountered during the audit
  3. Uncorrected misstatements
  4. Disagreements with management
  5. Management’s consultations with other accountants
  6. Significant issues discussed, or subject to correspondence with management
  7. Auditor independence issues
  8. If those charged with governance are not involved in managing the entity, the following should also be communicated

• Material corrected misstatements resulting from audit
• Representations requested from management
• Other significant issues



Evaluation of the work of specialist by CPA 

  • An auditor should obtain an understanding of the nature of the work performed by the specialist, including the objectives and scope.
  • The auditor should also understand the specialist’s relationship to the client, the methods or assumptions used (including a comparison with the preceding period), the appropriateness of using the specialist’s work, and the form and content of the specialist’s findings.


What are  the overall responses to the risk of material misstatement due to fraud

The overall responses to the risk of material misstatement due to fraud include

(1) assigning personnel with particular skills relating to the area and considering the necessary extent of supervision to the audit,

(2) increasing the consideration of management’s selection and application of accounting principles, and

(3) making audit procedures less predictable.


when assessing the internal auditors' competence

when assessing the internal auditors' competence, the auditor should obtain or update information from prior years about such factors as:

  • educational level and professional experience of internal auditors.
  • professional certification and continuing education.
  • audit policies, programs, and procedures.
  • practices regarding assignment of internal auditors.
  • supervision and review of internal auditors' activities.
  • quality of working-paper documentation, reports, and recommendations.
  • evaluation of internal auditors' performance.