AUD 3.03 - ID Assess and Respond to Risk

  1. An account is a significant risk when...
    There is a high probability of containing a material misstatement.
  2. True / False: The identification of significant accounts and disclosures must take into consideration the effect of internal controls.
    • False
    • The identification of said accounts must be based solely on inherent risk.
  3. The identification of significant accounts, disclosures and their relevant assertions should be based soley on _________ risk.
    • Inherent
    • When inherent risk is high
  4. When a company has multiple locations and business units, the auditor should identify significant accounts, disclosures, and their relevant assertions based on the [segment / consolidated] FS.
    Consolidated FS
  5. True / False: A separate set of significant accounts is identified based on inherent risk, and then again for risk of internal control
    • False
    • The same accounts identified as significant based on inherent risk are also used in the audit of internal control.
  6. When a company has multiple locations or business units, the identification of audit procedures that should be performed at the business unit level is based on:
    • The effect the business unit has on the consolidated financial statements
    • ** nature, amount of assets/liabilities/transactions
    • Any significant unusual transactions (size, timing, nature, outside the normal course of business)
    • The effect on other business unit(s) that would, in turn, affect the consolidated FS.
    • Physical location of the business unit (some countries are more corrupt)
  7. What are the 7 types of substantive audit procedure activities (aka the nature of the activity)? Which are used to test the operating effectiveness of internal controls?
    • From least to most evidence
    • Analytical Procedures
    • Inquiry** (inquiry alone is not sufficient evidence)
    • Observation**
    • Inspection**
    • Reperformance**
    • Recalculation
    • Confirmation
    • **Used to test internal controls
  8. What is the audit evidence heirarchy (strongest to weakest)?
    • A-E-I-O
    • Auditor knows (personal knowledge)
    • External evidence
    • Internal evidence
    • Oral evidence
  9. Regardless of whether the audit is integrated or not, when are tests of controls generally required
    • When an entity conducts its business using IT, w/o supporting documentation (all electronic)
    • Many transactions are performed automatically with little or no manual intervention (timed payments or billing)
    • Audit evidence is obtained in electronic form, which requires verification of accuracy and completeness of the info
  10. What is a dual-purpose test?
    A test that not only evaluates the operating effectiveness of a control, but also is a test of details to support a relevant assertion.
  11. Internal control is weak, control risk is high. Should the auditor perform tests of controls? What level of substantive procedures should be performed (maximum, moderate, minimum)
    • No, unless heavy use of IT
    • Maximum
  12. There is some internal control, control risk is medium. Should the auditor perform tests of controls? What level of substantive procedures should be performed (maximum, moderate, minimum)
    • Yes
    • Maximum
  13. Internal control is strong, control risk is low. Should the auditor perform tests of controls? What level of substantive procedures should be performed (maximum, moderate, minimum)
    • Yes
    • Minimal, but don't eliminate
  14. True / False: The auditor performed tests of controls in Q1 and Q2. He is now performing an audit in Q3. Because 2 quarters of tests were performed, the auditor can rely on the previous tests of controls.
    • False
    • Tests of controls must be performed in the current period, required for significant risk accounts
  15. The entity has internal controls in place for an account with a balance of $10,000. Materiality is set at $100,000. Tests of controls [are / are not] necessary.
    Are not necessary until involves a material misstatement.
  16. The entity has internal controls in place for an account whose balance is more than the material threshold. The tests are not designed to prevent or detect material misstatement. Tests of controls [are / are not] necessary.
    • Not necessary
    • The control must be designed to detect or prevent material misstatement
  17. True / False: The auditor may choose to test the operating effectiveness of tests of controls concurrently with obtaining an understanding of internal control
    True
  18. In a non-integrated audit, the auditor is required to obtain an understanding of the (1)_______ and (2)______ of internal control as part of understanding the entity, but is not required to evaluate (3)________.
    • design
    • implementation
    • effectiveness
  19. What factors should the auditor consider in determining the appropriate extent of testing controls
    • The extent to which the auditor wishes to rely on the operating effectiveness of the control to reduce substantive procedures
    • The length of time during which the auditor wishes to rely on the control
    • The extent to which other tests provide audit evidence about the same assertion
    • The frequency of the performance of the control during the period
    • The expected deviation rate from the control
    • The relevance and reliability of the evidence to be obtained
  20. True / False: Tests of controls at the end of the period ensure the tests were effective throughout the period
    • False
    • The test at the end of the period is only valid for that point in time and can only be relied upon for that period of time
  21. The auditor performed a test of control at the interim period. What must be done to ensure effectiveness at the end of the year?
    • Either reperform the test of controls OR
    • Obtain additional evidence to validate the controls through the new period
  22. True / False: Evidence obtained in a prior audit about the operating effectiveness of controls may be used in the current audit.
    • True ifthe auditor obtains evidence about whether changes in those controls have occurred and the control is not used to mitigate a significant risk.
    • New evidence must be gathered if changes have occurred.
  23. Internal controls were tested and operating effectiveness verified. No changes have occurred to the controls. How frequently must the controls be re-tested?
    • At least once every 3rd year if not a significant risk. More frequently is preferred.
    • If significant risk: must be tested in the period relied on.
  24. True / False: The auditor may rely on audit evidence obtained in prior audits for controls that mitigate a significant risk.
    • False
    • New tests of controls must be performed.
  25. True / False: None of the substantive procedures identified any material misstatement, therefore, the auditor can conclude that the related control was operating effectively.
    Nope
  26. What are the 2 types of substantive procedures and provide a brief description?
    • Substantive Analytical Procedures: The study of plausable relationships among financial and nonfinancial data
    • Tests of Details: Specific tests performed on ending balances, details of transactions, or both.
  27. On what types of transactions are substantive analytical procedures typically used?
    Large volume of predictable transactions
  28. Define FS level risks. What are examples that indicate FS level risks?
    • Risks that relate pervasively to the FS as a whole and potentially impact many relevant assertions.
    • Weak control environment
    • Lack of qualified personnel in financial reporting roles
  29. Define assertion level risks. What are examples that indicate assertion level risks?
    • Risks that relate to specific transactions, account balances, or disclosures at the relevant assertion level.
    • Cash held at stores may be stolen
    • Inventory may not be properly valued
Author
BethM
ID
332364
Card Set
AUD 3.03 - ID Assess and Respond to Risk
Description
Becker Review 2017
Updated