Unit 4 - Audit Risk Strategy in a Professional Engagement Flashcards
(38 cards)
Define Audit Risk.
The risk (probability) that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.
Which of the following audit risk components may be assessed in nonquantitative terms?
Control Risk
Detection Risk
Inherent Risk
Control Risk - Yes
Detection Risk - Yes
Inherent Risk - Yes
What do professional standards identify as the two types of F/S related fraud?
Fraudulent financial reporting
Misappropriation of assets
What are the 3 categories of risk factors in the “fraud triangle?”
Opportunities
Incentives/Pressures
Attitudes/Rationalizations
What are fraud risks categorized as Incentives/Pressures?
Financial stability/profitability is threatened by economic conditions
Excessive pressure to meet the expectation of outsiders
What are fraud risks categorized as Opportunities?
Major financial statement elements that involve significant estimates by management that are difficult to corroborate
Ineffective monitoring of management (e.g., domination of management by a single person or small group without compensation controls; ineffective board of directors or audit committee oversight
Complex or unstable organizational structure
Internal controls are deficient
What are fraud risks categorized as Attitudes/Rationalizations?
Lack of commitment to establishing and enforcing ethical standards
Previous violations of securities laws or other regulations
Excessive focus by management on the entity’s stock price
What are incentives/pressures to commit misappropriation of assets?
Employees who have access to cash or other assets have personal financial problems
Employees have adverse relationships with the entity under audit, including anticipated future layoffs or recent changes to benefits or compensation levels
What are opportunities to commit misappropriation of assets?
When assets are inherently vulnerable to theft
Inadequate internal control over assets
What are attitudes/rationalizations to commit misappropriation of assets?
Auditors may not be in a position to assess these.
Employee’s behavior indicates dissatisfaction with the entity under audit
Changes in employee’s behavior or lifestyle is suspicious
Employee exhibits disregard for internal control related to assets by overriding existing controls or failing to correct known deficiencies
What are red flags from fieldwork that may affect the risk assessment?
Discrepancies in the accounting records - lack of support or suspicious errors
Conflicting or missing evidence - missing documents (or only available as copies)
Problematic relationship between the auditor and client personnel - undue time pressures or lack of access to records, etc.
What are two elements that make up a firm’s quality control system?
Acceptance & continuance of clients and engagements. - Important for firm to have policies and procedures to do risk assessment and decide when to accept a new engagement opportunity as well as when to continue an existing client relationship
Relevant ethical requirements (with emphasis on independence). - Firm must have policies and procedures to establish that all personnel associated with the engagement meet AICPA ethics requirements.
What are 5 matters that must be addressed (written or oral) with a predecessor auditor?
- Information bearing on the integrity of management
- Disagreements with management about accounting or auditing issues
- Communications to those charged with governance about fraud and/or noncompliance with laws or regulations
- Communications to management or those charged with governance about significant deficiencies in I/C
- Predecessor’s understanding about reason for the change in auditors
What are the 3 main phases of an audit?
Risk Assessment Phase - involves gaining an understanding of the client, identifying factors that may impact the risk of a material misstatement occurring in the financial statements, performing a risk and materiality assessment, and developing an audit strategy
Risk Response Phase - involves performing detailed tests of controls and substantive tests of transactions and accounts.
Reporting Phase - involving evaluating results of the detailed testing in light of the auditor’s understanding of the client, and forming an opinion as to the fair presentation of the client’s financial statements.
What are three main areas involved in the Risk Response phase of an audit?
-Perform detailed tests of controls
-Perform substantive tests of transactions and accounts and make decisions about the extent and timing of detailed testing of account balances and transactions
-Determine whether they plan to rely on the client’s system of internal controls
What is the concept of materiality?
The concept of materiality is used to guide audit testing and assess the validity of information contained in the financial statements and the notes to the financial statements.
Information is considered material if it impacts the decision-making process of users of the financial statements.
Materiality is a key auditing concept that is first assessed during the risk assessment phase of every audit.
Materiality guides audit planning and testing for the financial statements as a whole.
What is the difference between qualitative and quantitative materiality?
Information is considered qualitatively material if it affects a user’s decision-making process for a reason other than its magnitude. Examples include: illegal actions, fraud, related parties, and going concern issues.
Information is considered quantitatively material if it exceeds the magnitude of an auditor’s planning materiality assessment. Auditors use their professional judgment to arrive at an appropriate planning materiality amount for each client (commonly a percentage).
What is the difference between planning materiality and performance materiality?
Performance materiality is an amount set by the auditor that is less than planning materiality and is used to make decisions about the extent of audit procedures for a particular class of transaction, account balance, or disclosure.
Planning materiality is determined in the planning phase and is at an overall audit view. Performance materiality is more at an account level and should be less than the planning materiality.
The use of performance materiality should reduce the probability that the sum of immaterial and/or undetected misstatements in the financial statements is greater than materiality for the financial statements as a whole.
Define Professional Skepticism?
Auditors must maintain a questioning mind and thoroughly investigate all evidence presented by the client.
Professional skepticism is an objective and inquisitive attitude adopted by auditors when conducting all phases of the audit.
Au-C 200.A22 states auditors should be skeptical if any of the following arise during the audit:
Audit evidence recently gathered is contradictory to other evidence previously gathered
New information brings into question the reliability of client documents or responses to auditor inquiries
Conditions provide evidence of possible fraud
Situations indicate the need for additional audit procedures beyond what is required by generally accepted auditing standards or PCAOB standards
Define inherent risk.
The first stage in audit risk assessment involves identifying accounts and related assertions most at risk of material misstatement. This is referred to as inherent risk.
What is an assertion?
An assertion is a statement or representation, explicit or implied, made by management regarding the recognition, measurement, presentation, and disclosure of items included in the financial statements and notes.
What is considered a significant risk?
A significant risk is an identified and assessed risk of material misstatement that, in the auditor’s judgment, requires special audit consideration. Risks may be classified as significant, when the risk:
-involves fraud
-is related to significant economic or accounting developments
-involves complex transactions
-involves significant related-party transactions
-involves significant subjectivity in measurement of financial information
-involves significant transactions outside the client’s normal course of business
Define Control Risk.
Control risk is the risk that a client’s internal controls will not prevent or detect a material misstatement on a timely basis.
Auditors assess control risk to determine whether the client has controls in place that are designed to minimize the risk of material misstatement for each account and related assertion identified as being high risk by the auditors.
