Integrated Audit Procedures M1 Flashcards
What is the objective of the Integrated Audit?
- The auditor should perform the integrated audit to achieve the objectives of financial and internal control audits engagements simultaneously.
- This would include obtaining sufficient appropriate evidence to support the auditor’s opinion on internal control as of the period end and obtaining sufficient appropriate evidence to support the auditor’s control risk assessments for purposes of the audit of financial statements.
What type of engagement is the Integrated Audit?
Attestation Engagement;Compliance type
Regarding Integrated Audits, what are the Internal controls over financial reporting audit Opinion procedures?
- If there is scope limitation you must disclaim an opinion or withdraw from the audit.
- Tests of controls performed during the financial statement audit would be relevant information to internal controls and an auditor should review the results when forming an opinion on the effectiveness of internal control over financial reporting.
- The reports issued by an entity’s internal audit department would be relevant information to internal controls and an auditor should review the results when forming an opinion on the effectiveness of internal control over financial reporting.
- Misstatements may imply that controls are not functioning
effectively and therefore, the auditor should consider whether any identified misstatements have an impact on the effectiveness of the internal control over financial reporting.
How do you test internal controls for operating effectiveness?
- Reperformance.
- Recalculation.
- Inspection.
How do you test internal controls for proper design and implementation?
- Inquiry
- Observation
- Inspection
What are the procedures to follow for a issuer on internal control audits of an Integrated Audit?
- Auditors of issuers are required to express an opinion on whether the company maintained effective
internal control over financial reporting. - Audits of internal control and in a financial statement audit are required to be performed together. Each of these two audits provides information.
that is relevant to the other.
What are the procedures to follow for a non-issuer on internal control audits?
- Assess controls to see if controls were designed and properly implemented, you only test controls for effectiveness if auditor plans to rely on the controls in a non-integrated audit unless engaged to audit or required by law.
What are the procedures for risk assessment in a integrated audit of a non-issuer?
- Selecting controls to test.
- Determining significant accounts and relevant assertions
- Determining evidence necessary to conclude on the effectiveness of a given control.
What are the differences in a financial statement audit and a audit of internal controls?
- A financial statement audit includes consideration of internal control as a basis for designing audit procedures only, not as a basis for expressing an opinion.
- In a financial statement audit, communication of significant deficiencies must be made within 60 days of the report release date, whereas in an audit of internal control, the communication must be made by the report release date.
- In a financial statement audit, communication of significant deficiencies should include restricted use language, whereas in an audit of internal control, no restriction on the use of the report is required.
- An opinion on financial statements is over a period of time, and
an opinion of internal control is at a point in time. - An auditor’s consideration of internal control in a financial statement audit is more limited than that of an auditor engaged to examine the effectiveness of internal control.
What are the 2 opinion types availble to the Internal Control Audits?
Unmodifed/Unqualified or Adverse
meaning the controls are either effective or not nothing in between.
How to gain an understanding of the likely source of potential misstatements?
- The top-down approach is used in selecting controls to test in an integrated audit.
- Performing walkthroughs involving following a transaction from origination through the entity’s processes, including information systems, until it is reflected in the entity’s financial records, using the same documents and IT that entity personnel use.
- An auditor should identify the controls that management has implemented.
- An auditor should obtain an understanding of how transactions are initiated, authorized, processed, and recorded.
What is the correct order to follow in a top-down approach to select controls to test in an integrated audit?
A top-down approach is used when selecting controls to test.
- The auditor evaluates overall risks at the financial statement level.
- Considers controls at the entity level.
- Focuses on accounts, disclosures, and assertions for which there is a reasonable possibility of material misstatement.
What is a entity-level controls?
Include controls related to the control environment with a pervasive effect on a company’s internal control such as:
- Risk assessment process controls
- Biannual distribution of the code of conduct
- Period-end financial reporting controls
Depending on the specific control, the control could be classified as either preventive or detective.
What is a assertion-level control?
- Specific controls put in place at the relevant assertion level for balances, transactions, and disclosures.
What happens if management refuses to give the Auditor a written managers rep letter?
There is a scope violation and the auditor should withdraw or disclaim an opinion.
