Exam 2 (5-7) Flashcards
1
Q
Financial statement assertions relevancy
A
Without regard for controls, have a reasonable possibility of containing a material misstatement
2
Q
Three types of relevant financial statement assertions
A
- About classes of transactions and events
- Assertions about account balances
- Assertions about presentation and disclosures
3
Q
Existence or occurrence
A
Assets, liabilities, and equity interests exist and recorded transactions have occurred
4
Q
Rights and obligations
A
The company holds rights to the assets, and liabilities are the obligation of the company
5
Q
Completeness
A
All assets, liabilities, equity interest, and transactions that should have been recorded are recorded
6
Q
Cutoff
A
Transactions and events have been recorded in the correct accounting period
7
Q
Valuation, allocation and accuracy
A
All transactions, assets, liabilities and equity interests are included in the financial statements at proper amounts
8
Q
Presentation and disclosure
A
Accounts are described and classified in accordance with generally accepted accounting principles, and financial statement disclosures are complete, appropriate and clearly expressed
9
Q
Audit risk =
A
Risk of material misstatement x risk that auditors fail to detect the misstatement
10
Q
Risk of material misstatement =
A
Inherent risk x control risk
11
Q
Inherent risk
A
Risk of a material misstatement occurring in an assertion assuming no related internal controls (without regard for them)
12
Q
Control risk
A
Risk that a material misstatement in an assertion will not be prevented or detected on a timely basis by the company’s internal control
13
Q
Detection risk
A
Risk that the auditors’ procedures will lead them to conclude that a material misstatement does not exist in an assertion when in fact such misstatement does exist
14
Q
Assertions with high inherent risk
A
- Difficult to audit transactions or balances
- Complex calculations
- Difficult accounting issues
- Significant judgment by management
- Valuations that vary significantly based on economic factors
15
Q
Three types of transactions
A
Routine, no routine, estimated
16
Q
Routine transaction
A
Recurring financial statement activities recorded in the accounting records in the normal course of business, lower inherent risk
17
Q
Nonroutine transaction
A
Involve activities that only occur periodically such as the taking of physical inventories, high inherent risk
18
Q
Estimation transactions
A
Activities that create accounting estimates, higher inherent risk
19
Q
Appropriate audit evidence must be
A
- Relevant
- Reliable
20
Q
Audit evidence is more reliable when
A
- Obtained from knowledgeable independent sources outside the company rather than nonindependent sources
- Generated internally through a system of effective controls rather than ineffective controls
- Obtained directly by the auditor rather than indirectly or by inference
- Documentary in form rather than oral
- Provided by original documents rather than copies
21
Q
7 types of audit evidence and examples
A
- Accounting info system, JEs/ledgers
- Documentary evidence, checks/invoices
- Third-party reps, confirms/lawyer letters
- Physical evidence, physical inventory
- Computations, recompute EPS
- Data interrelationships, headcount + sales
- Client representations, client rep letter re SOX
22
Q
Risk assessment procedures
A
To obtain an understanding of the client and it’s environment, including it’s internal control to assess the risk of material misstatement
23
Q
Compliance tests (tests of controls)
A
When appropriate, to test the operating effectiveness of controls in preventing material misstatements
24
Q
Substantive procedures
A
To detect material misstatements at relevant assertion level, include analytical procedures and tests of details of account balances, transactions and disclosures
25
One may change the scope of audit procedures by changing
1. Nature (type and form)
2. Extent (quantity of evidence contained)
3. Timing (when performed)
26
Steps involved in analytical procedures
1. Develop expectation of account or ratio balance
2. Determine amount of difference that can be accepted without investigation
3. Compare the company’s account or ratio with the expectation
4. Investigate and evaluate significant differences
27
Four approaches to ratio analysis
1. Horizontal
2. Cross sectional
3. Vertical
4. Other methods
28
Horizontal analysis
Review ratios over time
29
Cross sectional analysis
Analyze ratios of similar forms at a point in time
30
Vertical analysis
Analyze relationships within a period
31
Vertical analysis
Analyze relationships within a period, “common size” statements prepared
32
Data analytics
The process of using related and unrelated data sets to provide insights into decisions
33
Fair value
The price that would be received to sell an asset or paid to transfer a liability in an orderly transaction between market participants
34
Three auditing approaches
1. Review and test management’s processes
2. Independently develop an estimate
3. Review subsequent events
35
Primary functions of audit documentation
Support the auditors’ compliance with auditing standards, support the auditors’ opinion
36
Secondary functions
Assist continuing and new audit team members in planning and performing the audit, serves as a record of matters of continuing audit interest, assists in supervision and review of the audit, demonstrates the accountability of team members, assists internal reviewers, external peer reviewers, PCAOB inspectors, and successor auditors in performing their roles
37
Audit documentation should be sufficient to
1. Enable an experienced auditor to understand the work performed and the significant conclusions reached
2. Identify who performed and reviewed the work
3. Show that the accounting agrees or reconciles to the financial statements
38
9 types of working papers
1. Audit administrative
2. Working trial balance
3. Lead schedules
4. Adjusting journal entries and reclassification entries
5. Supporting schedules
6. Analysis of a ledger account
7. Reconciliations
8. Computational
9. Corroborating documents
39
2 types of working files
1. Current files
2. Permanent files
40
Current files
Current year working papers, index and cross-referencing
41
Permanent files
Items of continuing audit interest
42
6 steps of audit process
1. Plan the audit
2. Obtain an understanding of the client and it’s environment, including internal control
3. Assess the risks of material misstatement and design further audit procedures
4. Perform further audit procedures
5. Complete the audit
6. Form an opinion and issue the audit report
43
Plan the audit
Establish an understanding with the client through an engagement letter, determine firm meets independence requirements, no management integrity issues, client understands terms
44
Items in engagement letters
1. Name of the entity
2. Management responsibilities
3. Auditor responsibilities
45
Obtain and understanding of the client and it’s environment
Perform risk assessment procedures
46
Two types fraud risks
1. Fraudulent financial reporting (management fraud)
2. Misappropriation of assets (defalcations)
47
Audit trail
Evidence that links source documents journal entries and ledger entries
48
5 examples of internal control
1) time clock
2) payroll register
3) bank reconciliation
4) employee profile setup - HRIS
5) payroll service
49
internal control
a process, effected by the entity's board of directors, management, and other personnel designed to provide reasonable assurance regarding, achievement of (the entity's) objectives on:
1) effectiveness and efficiency of operations
2) Reliability of financial reporting
3) Compliance with applicable laws & regulations
50
Foreign Corrupt Practices Act
1) FCPA
2) Passed in 1977 in response to American corporation practice of paying bribes and kickbacks to officials in foreign countries to obtain business
3) requires an effective system of internal control
4) makes illegal payment of bribes to foreign officials
51
Federal Sentencing Guidelines
1) sets standards for the sentencing of individuals and corporations for the commission of a felony
2) requires companies to have elements of an effective compliance program to help mitigate the security of the sentencing
52
7 elements of a compliance program
1) implementing written policies, procedures and standards of conduct
2) designating a compliance officer and compliance committee
3) conducting effective training and education
4) developing effective lines of communication
5) conducting internal monitoring and auditing
6) enforcing standards through well-publicized disciplinary guidelines
7) responding promptly to detected offenses and undertaking corrective action
53
preventative controls over financial reporting
aimed at avoiding the occurrence of misstatements in the financial statements
54
2 examples of preventative controls
1) segregation of duties
2) access to computer center
55
2 examples of detective controls
1) monthly bank reconciliations
2) account reconciliations
56
detective controls over financial reporting
designed to discover misstatements after they have occurred
57
corrective controls over financial reporting
needed to remedy the situation uncovered by detective controls
58
example of a corrective control
backups of master file
59
3 controls overlap
1) complementary
2) redundant
3) compensating
60
complementary controls overlap
function together
61
redundant controls overlap
address same assertion or control objective
62
compensating controls overlap
reduces risk existing weakness will result in misstatement
63
2 examples of complementary controls overlap
1) cash approvals
2) bank recs
64
65
example of redundant controls overlap
computer & program login
66
example of compensating controls overlap
post transaction review: IT master file @ WAM
67
5 components of internal control (from the COSO)
1) the control environment
2) risk assessment
3) control activities
4) the accounting information and communication system
5) monitoring activities
68
7 key factors of the control environment
1) integrity and ethical values
2) commitment to competence
3) board of directors or audit committee
4) management philosophy and operating style
5) organizational structure
6) human resource policies and practices
7) assignment of authority and responsibility
69
risk
the possibility that an event will occur and adversely effect the achievement of objectives
70
risk assessment
involves a dynamic and iterative process for identifying and assessing risks to the achievement of objectives
71
6 factors indicative of increased financial reporting risk
1) changes in the regulatory or operating environment
2) changes in personnel
3) implementation of a new or modified information system
4) rapid growth of the organization
5) changes in technology affecting production processes or information systems
6) introduction of new line of business, products or processes
72
control activities
the actions established through policies and procedures that help ensure that management's directives to mitigate risks to the achievement of objectives are carried out
73
4 key factors of control activities
1) annual performance reviews of personnel
2) information processing
3) physical controls
4) segregation of duties
74
annual performance reviews of personnel
assure competency of workforce
75
2 activities under information processing
1) general control activities
2) application control activities
76
general control activities
preventative and detective
76
application control activities
SOX critical IT systems (systems that interface to financial data), logical controls (passwords, two factor authentication)
77
segregation of duties
segregate authorization, recording and custody of assets
78
accounting information system
The means by which financial information is communicated internally to employees and externally to shareholders and other interested parties. The integrity of this system is critical in order to assure completeness and accuracy of the reported information.
79
5 key factors of the accounting information system
1) Identify and record valid transactions
2) Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions
3) Measure the value of transactions appropriately
4) Determine the time period in which the transactions occurred to permit recording in the proper period
5) Present properly the transactions and related disclosures in the financial statements
80
Monitoring
Ongoing evaluations to ascertain whether each of the five components of internal control is present and functioning. Findings are communicated to management and the board of directors as appropriate
81
2 key factors of monitoring
1) ongoing monitoring activities
2) separate evaluations
82
ongoing monitoring activities
regularly performed supervisory and management activities
83
example of ongoing monitoring activities
continuous monitoring of customer complaints
84
separate evaluations
performed on non-routine basis
85
separate evaluations example
periodic audits by internal audit
86
4 limitations of internal control
1) Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc.
2) Controls that depend on the segregation of duties may be circumvented by collusion
3) Management may override the structure
4) Compliance may deteriorate over time
87
enterprise risk management (erm)
COSO issued a new framework that compliments the COSO Internal Control model. Goes beyond internal control to focus on how organizations can effectively manage risks and opportunities.
The new “helix” or “DNA model” approach replaces the cube design and tries to illustrate how this needs to be interwoven into business strategy development much like DNA is embedded in human cells
88
5 Lines of Defense Implicit in COSO Internal Control Framework
1) Tone of the organization
2) Business unit management and process owners
3) Independent risk management and compliance functions
4) Internal assurance providers
5) Board risk oversight and executive management
89
5 control environment warning signs
1) Significant turnover of key executives; inappropriate performance pressures or compensation structure that encourages improper behavior; overly dominate chief executive who “kills the messenger” for delivering bad news
2) Middle and functional (grass roots) managers are not aligned to the company’s core values, mission or strategy
3) Risk is an afterthought to the business strategy
4) No clear escalation policy exists to bring items of concern to the appropriate levels of management or to the board of directors
5) Company has a high tolerance for risk and conflicts of interest
90
6 steps of an audit
1. Plan the audit
2. Obtain an understanding of the client and its environment, including internal control
3. Assess the risks of material misstatement and design further audit procedures
4. Perform further audit procedures
5. Complete the audit
6. Form an opinion and issue the audit report
91
Which steps of an audit relate most directly to the role of internal control in financial statement audits
steps 2-4
92
The understanding of internal control is used to help the auditor to (3)
1) Identify types of potential misstatements
2) Consider factors that affect the risks of material misstatement.
3) Design tests of controls (when applicable) and substantive procedures
93
4 procedures to obtain understanding
1) Inquiring of entity personnel – process “Walk-Through”
2) Observing the application of specific controls
3) Inspecting documents and reports
4) Tracing transactions through the information system relevant to financial reporting
94
4 ways to document the understanding of internal control
1) questionnaires
2) written narratives
3) flowcharts
4) walk-through
95
questionnaires
typically standardized by firm
96
written narratives
memos that describe flow of transactions
97
flowcharts
aka process map
98
walk-through
trace one or two transactions through cycle
99
4 general approaches to assess the risk of material misstatement
1) Identify risks while obtaining an understanding of the client and its environment, including its internal control
2) Relate the identified risks to what can go wrong at the relevant assertion level
3) Consider whether the risks are of a magnitude that could result in a material misstatement
4) Consider the likelihood that the risks could result in a material misstatement
100
3 examples of routine transactions
1) revenue
2) purchases
3) cash receipts & disbursements
101
2 examples of non-routine transactions
1) counting inventory
2) calculating depreciation expense
102
example of estimation transaction
determining the allowance for doubtful accounts
103
what type of transaction typically has the strongest controls
routine
104
4 responses to high risks
1) Assigning more experience staff or those with specialized skills
2) Providing more supervision and emphasizing the need to maintain professional skepticism
3) Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed
4) Increasing the overall scope of audit procedures, including the nature, timing or extent
105
2 approaches to perform further audit procedures and test controls
1) Identify controls likely to prevent or detect material misstatements
2) Perform tests of controls to determine whether they are operating effectively
106
3 things tests of controls address
1) How controls were applied
2) The consistency with which controls were applied
3) By whom or by what means (e.g., electronically) the controls were applied
107
4 things tests of controls include
1) Inquiries of appropriate client personnel
2) Inspection of documents and reports
3) Observation of the application of controls
4) Re-performance of the controls
108
What are the results of the tests of controls used to determine
the nature, extent, and timing (NET) of substantive procedures
109
audit decision aids
Checklist, standard form or computer program that helps auditors make a decision by ensuring that they have all relevant information or by assisting them in combining the information
110
Auditors of public companies must report on (2)
1) Financial statements
2) Internal control over financial reporting (ICFR)
111
404(a) Sarbanes Oxley
1) requires annual report filed with SEC to include an internal control report
2) Management acknowledges responsibility for establishing and maintaining adequate internal control
3) Provides assessment of internal control effectiveness at end of fiscal year
112
404(b) Sarbanes Oxley
requires CPA firm to audit internal control and express an opinion on effectiveness of internal control (required for companies with a capitalization in excess of $75M)
113
Control deficiency
Exists when the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis
114
Material weakness
1) Reasonable possibility that a material misstatement will not be prevented or detected; audit report modification required
2) Reported to the AC and in Financial Statements
115
Significant deficiency
1) Less severe than material weakness yet important enough to merit attention; no audit report modification
2) Reported to the Audit Committee (AC) of Board
116
3 levels of severity of control deficiencies
1) Material weakness
2) Significant deficiency
3) Less than a significant deficiency
117
What is the only risk that can be controlled by the auditor?
detection risk
118
