overall

Question 1

Control Environment

Answer 1

Control Consciousness of the top management, refers to the tone at top.
Control environment includes following:
Processes and Protocols to attract, develop, and retain human resource
Proper organizational structure with properly designed reporting structures
Measures for Performance Evaluation and Incentives for Performance
Oversight by Board of Directors and Those Charged with Governance
Commitment to Integrity and Ethics
Appropiate Assignment of Authority and Responsibility

Question 2

Objectives of Internal Control

Answer 2

Accurate and Reliable Financial Reporting
Compliance with applicable laws and regulations
Effective and Efficient Business Operations

Question 3

Objectives of Internal Control

Answer 3

Accurate and Reliable Financial Reporting
Compliance with applicable laws and regulations
Effective and Efficient Business Operations

Question 4

Control Activities
Develop controls that contribute to the mitigation of risks to the achievement of objectives to acceptable levels
Ensure appropriate segregation of duties i.e. Authorization, Recordkeeing, Custody and Comparison
Develop controls that contribute to the mitigation of risks to the achievement of objectives to acceptable levels
Ensure appropriate segregation of duties i.e. Authorization, Recordkeeing, Custody and Comparison

Monitoring
Monitoring involves whether each othe five components of Internal Control is present and functioning

Information and Communication
The auditor should obtain an understanding of the information system, including the related business processes relevant to financial reporting
Auditor should obtain an understanding of communication system relevant to financial reporting

Answer 4

Risk Assesment refers to identification, analysis and management of risk
Auditor should evaluate if the risk assesment process is appropriate to the circumstances, including the nature, size, and complexity of the entity.

Monitoring
Monitoring involves whether each othe five components of Internal Control is present and functioning

Information and Communication
The auditor should obtain an understanding of the information system, including the related business processes relevant to financial reporting
Auditor should obtain an understanding of communication system relevant to financial reporting

Question 5

Inherent limitation of internal controls

Answer 5

Competence
Human judgment in decision making can be faulty and subject to bias
Obsolescense
External events outside the organization’s control may arise and render existing Internal Controls obsolete
Collusion
Employees may circumvent controls through collusion
Override by Management
Cost Constraints
Controls can not be implemented because Cost of Controls is more than benefit of the contr

Question 6

Audit of Non-Issuers
Auditor expresses an opinion on the client’s financial statements and not on client’s internal control
Auditor is not required to perform test of controls but required to perform test of details
However, Auditor will perform test of controls if auditor wants to assess control risk at less than maxium level such that Auditor can afford a high detection risk and reduce the Nature, Extent and Timing of Substantive Procedures
Auditor is not required to perform test of controls but if auditor comes across significant deficiencies and material weaknesses the auditor must report those to management and those charged with governance.

Answer 6

Audit of Issuers
Auditor expresses an opinion on the client’s financial statements and on client’s internal control over financial reporting
Auditor is required to perform both test of controls and test of details
Auditor tests controls to opine on the effectiveness of ICFR and Auditor audits Financial Statements to provide his opinion on Financial statements, however auditor will conduct both these audits simultaneously such that auditor can leverage the assesed control risk to reduce the scope i.e. Nature, Extent and Timing of Substantive Procedures

Question 7

Risk Assesment Procedures
Auditor performs risk assesment procedures to identify and assess Inherent Risk and Control Risk i.e. Risk of Material Misstatement at Financial Statement Level and at Assertion Level
Auditor asseses financial statement risk by performing following procedures
Walk-through
Analytical procedures
Inquiries of management, internal auditors, TCWG, others within the entity
Observation
Inspection

Answer 7

Understand the entity & its environment, including its Internal Control
Understand the client entity and it’s business environment and obtain knowledge about:
Objectives & strategies of the entity
Performance of the entity
External & Internal Factors affecting the entity
Structure of the entity

Question 8

Understand and evaluate the design and implementation of internal control
Evaluate the design of Internal Control to ensure that the design of internal controls is sound enough to prevent and detect errors.
Ensure the controls are implemented and are placed in operation

If improper design/implementation of controls, auditor will assess control risk at maximum level and will move straight to substantive testing without control testing as controls can not be leveraged to reduce the Nature, Extent and Timing of the Audit
If proper design/implementation of controls, auditor will test the operating effectiveness of controls to assess Control risk below maximum level and would use the reduced level of assessed control risk to reduce the Nature, Extent and Timing of the Audit

Answer 8

Auditor may use Top Down Approach to obtain an understanding of Controls
Entity Level Controls
Controls at Transaction, Balance and Disclosure Level
Assertion Level Controls

Question 9

since entity-level controls are pervasive, it may be more effective and efficient for the auditor to evaluate the design & implementation of entity-level controls before evaluating transactions and assertion level control.
If entity level controls don’t operate, transactions and assertion level control might fail as well
If transactions and assertion level control fail auditor might consider the entity level controls which compensate for the transaction level control

Answer 9

Preventive controls identify misstatements as they occur and prevent them from happening
Detective controls Detect & correct misstatements after they have occurred

Auditor must document the understanding of Internal Controls. Controls can be documented in
Flowchart
Internal Control Questionnaire & Checklists
Narratives
Decision tree

Question 10

Assesment of Risk of Material Misstatement
Identify Risks
Consider the likelihood of the identified risks
Consider the magnitude of impact of identified risk on Financial Statements
Determine if identified risks are significant risk as they would require special consideration during audit (Example: Fraud Risk)

Based on assessed Risk auditor can perform the audit using the following two approaches

Substantive Approach No Test of Controls Only Test of Details
Improper Design & Implementation of Internal Controls Controls are not effective
Inefficient to perform test of Controls

Combined Approach Test of Controls Test of Details
Proper Design and Implementation of Internal Controls Controls are effective
Substantive tests by itself are not sufficient because of IT environment of the client

Answer 10

Test of Controls
If Auditor decides to take a combined approach, auditor will test the operating effectiveness of controls to ensure that the controls are operating as they have been designed to
Reperformance
Inquiry
Observation
Vouching
Tracing
Auditors might use dual purpose tests for higher efficiency in audit i.e. perform test of controls along with test of details.

Question 11

Nature of Testing
Extent of Testing
Extent of Testing is less for IT based controls due to automation, consistency and accuracy offered by IT based controls
Timing of Tests of Controls
Interim Testing can be done, but obtain audit evidence about significant changes to those controls subsequent to the interim period
If changes in controls from previous audits, controls to be tested in the current audit.
If there have not been such changes, auditor should test the controls at least once in every third audit
Controls over significant risk should be tested in the current period

Answer 11

Evaluate Results of Test of Controls
Detection Risk Scope
Operating Effectively High Decrease NET
Not Operating Effectively Low Increase NET

Question 12

Why it is important to plan?

Answer 12

Identify potential problems and solve on a timely basis.
To have an Effective and Efficient Audit
Helps in selecting appropriate resources
Figure out the requirements of component auditors and specialists.

Question 13

Why it is important to plan?

Answer 13

Identify potential problems and solve on a timely basis.
To have an Effective and Efficient Audit
Helps in selecting appropriate resources
Figure out the requirements of component auditors and specialists.

Question 14

Factors influencing Planning

Answer 14

Industry and Size of the Entity
Engagement Teams
Matters identified during the audit

Question 15

Develop Overall Audit Strategy

Answer 15

Set the overall tone of the audit.
Decide on the scope of the audit
Figure out areas where additional time and resources needs to be used

Question 16

Discussion with Management

Answer 16

where management support might be required but be careful not to divulge necessary information which might impact the effectiveness of audit

Question 17

Engagement Team

Answer 17

Involve Engagement team in planning of the audit and utilize their knowledge and experience in planning the audit better

Question 18

Engagement Team

Answer 18

Involve Engagement team in planning of the audit and utilize their knowledge and experience in planning the audit better

Question 19

External Help

Answer 19

Use of Internal Auditors and Specialists, if yes the extent of usa

Question 19

External Help

Answer 19

Use of Internal Auditors and Specialists, if yes the extent of usa

Question 20

Audit Plan

Answer 20

documented Plan is mandatory
Documentation must include:
Nature and Extent of Risk Assesment Procedures
Nature, Extent and Timing of Audit
Test of Controls
Test of Details
Substantive Tests
Analytical Procedures
Determine Materiality for Financial Statement as whole and can be changed later if circumstances changes

Question 21

Auditor’s Responsibility (Fraud)

Answer 21

Maintain Professional Skepticisim throughout the audit
Fraud is difficult to detect compared to Errors as it will be concealed and due to collusion
Management Fraud is worse than Employee Fraud
Misstatement due to Fraud is worse than Misstatement due to Error

Question 22

Discuss Fr-Type
Materiality
Probability
Impact

Answer 22

normally done in a Fraud Brainstorming Session
Figure out ways of how fraud can be perpetrated
Consider fraud risk factors
Discuss about controls and risk of management override
Educate team to maintain professional skepticism throughout
Risk Asses

Question 23

Presumptive Significant Risk

Answer 23

evenue Recognition
Management override of Controls
If auditor assumes risk is not significant in these two areas, document the same

Question 24

Response

Answer 24

Assign team to
Evaluate and Alter NET
Incorporate an Element of Unpredictability

Question 25

Evaluate Evidence

Question 26

communication

Answer 26

one level above the employee committing the fraud
Frauds resulting in material Misstatement and frauds involving top management, communicate to TCWG and Audit Committee
External Bodies
Subpeona
Legal Requirements
Successor Auditor
Funding agency if receiving governmental assistance
Documentation

Question 27

AP

Answer 27

evaluations of financial info through analysis of plausible relationships among both financial and non-financial data
Budget vs. Actual Comparison
Relationships, ratios & trend Analysis
Industry vs. Entity
Earlier periods vs. This period
Financial vs. Non-financial

Question 28

AP in planning

optional- obtain evidence on relevant assertions for transactions/ balances & reduce

Answer 28

Must***May identify aspects of the entity of which the auditor was unaware and may assist in assessing RMM in order to provide a basis for planning the NET of further audit procedures.

Must**Assist the auditor when forming an overall conclusion about whether Financial Statements are consistent with the auditor’s understanding of the entityP155

Question 29

Sufficiency
Based on auditor’s judgment
Want evidence that is persuasive
Assess Risk of Material Misstatement i.e. Inherent Risk and Control Risk May consider the relationship between the cost of obtaining audit evidence and the usefulness of the info obtained. But Difficuly or expense involved not considered a valid reason for not performing an audit procedure

Answer 29

Evidence Obtained by performing procedures during year-end tend to be more pesuasive and reliable than evidence obtained by performing procedures during interim or during the year
Relevance Relates to the purpose of the audit procedure and, when appropriate, the assertion under consideration

Reliability Influenced by the source and form of audit evidence.
Source
Combined Approach Substantive Approach Obtained directly by auditor. Example: Observation of Physical Count of Inventory
Obtained from knowledgeable independent sources outside the entity. Example: A/R Confirmation

Prepared by outsider but obtained from entity. Example: Bank Statements
Generated internally by entity. Example: Invoices, Purchase Orders, Sales Order
Form
Written Evidence is more reliable than oral evidence
Audit evidence by original documents is more reliable than photocopies

Test of Controls