Engagement Planning 2 Flashcards Preview

Audit > Engagement Planning 2 > Flashcards

Flashcards in Engagement Planning 2 Deck (22):

Describe Inherent Risk

The risk that a material misstatement  of an assertion will take place in the absence of any internal control 

This risk is assessed using various analytical techniques, available information on the company and its industry, as well as by using overall auditing knowledge. The risk differs by account and assertion. For example, cash is more susceptible to theft than an inventory of coal.


What red flags may indicate higher risk in an audit?

  • Management compensation tied to stock
  • Aggressive financial forecasting
  • Former auditor disagreed with Management
  • Records not available for audit
  • Current audit procedures may need to be reconsidered if red flags exist


 Purpose of  Analytical Procedures USED DURING  RISK ASSESSMENT 

  • AU-C 315  - Analytical procedures used during risk assessment 
    • (1) May enhance the auditor’s understanding  of the client’s business and signification transactions or events that have occurred since prior audit and
    • (2) also may help to identify the existence of unusual transactions or events and amounts , ratios, and trends  that might indicates  matters that have audit implications
  • Analytical procedures used during risk assessment use data at a high level and they may provide only broad initial indication about possible existence of material misstatements 


What are the three factors that affect/influence fraud?

Fraud is born out of - RIO

  • Rationalization

  • Incentive

  • Opportunity 



  • Magnitude of omission or misstatement that makes it probable that the judgment of  a reasonable person (user)  relying on the  information could have been changed or influenced by the omission or misstatement 
  • Materiality is based on Auditor’s judgment -use PY financial statement
  • Materiality judgments involve both quantitative and qualitative considerations
  • For planning purposes, concerned with the smallest aggregate level
  • There is an inverse relationship between audit risk and materiality consideration
  • Materiality measure relate to an annual figure  


When the risk assessment does not include an expectation that controls operate effectively

This will be the case when

(1) controls appear weak, or

(2) the auditor believes that performing extensive substantive procedures is likely to be more cost effective than performing a combination of tests of controls and a decreased scope of substantive procedures

When the risk assessment does not include an expectation that controls operate effectively, further audit procedures will consist entirely of substantive procedures.



What are quantitative measurements versus non-quantitative measurements with respect to risk?

  • Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of percentages

  • Non-Quantitative Measurements - Inherent- Control- and Detection Risk can all be measured in terms of acceptable ranges


Describe Detection Risk

  • Auditor fails to detect a material misstatement 
  • Auditor can increase the nature, timing or extent of substantives testing to decrease the level of detection risk 
  • Substantive procedures are primarily relied upon to restrict detection risk. 
  • The risk that audit procedures will incorrectly lead to a conclusion that a material misstatement does not exist in an account balance when in fact such a misstatement does exist


What responses should an auditor take based on different levels of acceptable detection risk (DR)? What type of tests should be performed?

  • Less Acceptable DR  ⇒ Run More Substantive Tests ⇒ Less Audit Risk
  • More Acceptable DR ⇒ Run Less Substantive Tests ⇒ More Audit Risk


  Type of fraud considered in an audit

AU-C  240; AU  316
Fraudulent Financial Reporting -  management fraud - makes the financial statement misleading
Misappropriation of Assets ( embezzlement, stealing/theft, defalcation)  - employee 


What questions should be asked by an auditor prior to taking an engagement?

NOTE: must have permission of client to contact predecessor auditor (no permission = no engagement)

1) What are the Reason for the Auditor Change?
2) How is  the Integrity Management ?
3) Any Disagreements with management durig the Audit?
4) Any Comunication with Audit Committee regarding fraud, illegal acts, IC? 

 to get RID of new client and C (see)

 It is the successor’s responsibility, not the predecessor auditor’s responsibility to communicate with the predecessor

the successor auditor must attempt communication with the predecessor auditor either prior to accepting the engagement, or after the engagement has been accepted, or both



What is management's responsibility with respect to the financial statements?

  • Management is responsible for financial statements and adequacy of disclosures.  
  • Example of  management assertion 
    •  UPERCV
    • Presentation & Disclosure Existence (Tests Overstatements)
    • Rights & Obligations Completeness (Tests Understatements)
    • Valuation & Allocation


Describe Control Risk

Risk that internal control will not detect  a material misstatement on a timely  basis 

- This risk is assessed using the results of tests of controls. Tests of controls that provide audit evidence that controls operate effectively will ordinarily allow the auditor to assess control risk at a level below the maximum


What does an examination of internal control accomplish with respect to illegal acts?

  • Internal control analysis can result in the conclusion that IC is weak BUT probably won't identify illegal acts
  • Examples of audit procedures that may detect such illegal acts include
    • inquiries of management and legal counsel,
    • substantive procedures, and
    • reading board of director meeting minutes and
    • correspondence with licensing or regulatory authorities


How is Audit Risk calculated?

Audit risk is the risk that auditor express an inappropriate audit opinion when the financial statements are misstated


= Inherent Risk x Control Risk x Detection Risk

Risk of Material Misstatement = Control Risk x Inherent Risk

 Audit Risk - assessed in Nonquantitative and Quantitative term



Fraud reporting 

  • Any fraud risks identified that could lead to material misstatement MUST  be reported  to audit committee and company management
  • Disclosure to third parties regarding fraud NOT normally the auditor's responsibility
  • Fraud by management should normally be reported to the audit committee- NOT the SEC


What is the difference between fraud and errors?

Errors are unintentional

Fraud is intentional.


What is the auditor's responsibility with respect to fraud and illegal acts?

  • Auditor assess the RISK that such things will lead to material misstatements
  • Design the audit to provide reasonable assurance against fraud- illegal acts that directly and materially affect the financial statements
  • Report ALL management fraud to the audit committee (minor fraud by low-level employees not reported to committee)
  • Perform required inquiries and procedures (management inquiries- analytical procedures- discussions with audit personnel about fraud)
  • When a client refuses to give appropriate consideration to handling the illegal act (even an immaterial one), the auditor should consider whether the refusal affects his or her ability to rely on management’s representations and whether resignation is desirable


What should be included in an audit engagement agreement/letter?

NOTE: must be written - AC 210
Objectives of Engagement
Responsibilities of Management - provide written assertions
Auditor's responsibilities - Limited error/fraud responsibility
Limitations of Engagement

Engagement letter will aslo indicate
Financial Statements (and Disclosures) will be available
Indication of compliance with applicable laws and regulation
Letter of representations at conclusion of fieldworks
Establishment and maintenance of Internal Control
Statements are responsibility of management

• fees and billing


Whose responsibility is it to FIND and PREVENT fraud?

It is Management's responsibility.


Illegal Acts : Direct and Inderect effects 

Illegal Acts: direct effect - violation of laws or governmental  regulations having a material and direct effect on financial statement amounts and procedures
Illegal acts Indirect effect:  Violations of laws or governmental regulations  NOT having a material and direct effect on financial statement amount and disclosures 


An entity must have a single audit in any year when:

An entity must have a single audit in any year when:

  • the entity spends $750,000or more per fiscal year in federal awards, grants, or funds,
  • the entity spends funds from one or more than one federal program, and
  • if the entity only expends funds from one program, it “may” be eligible for a program audit versus a single audit.