There is a high probability of containing a material misstatement.
True / False: The identification of significant accounts and disclosures must take into consideration the effect of internal controls.
The identification of said accounts must be based solely on inherent risk.
The identification of significant accounts, disclosures and their relevant assertions should be based soley on _________ risk.
When inherent risk is high
When a company has multiple locations and business units, the auditor should identify significant accounts, disclosures, and their relevant assertions based on the [segment / consolidated] FS.
True / False: A separate set of significant accounts is identified based on inherent risk, and then again for risk of internal control
The same accounts identified as significant based on inherent risk are also used in the audit of internal control.
When a company has multiple locations or business units, the identification of audit procedures that should be performed at the business unit level is based on:
The effect the business unit has on the consolidated financial statements
** nature, amount of assets/liabilities/transactions
Any significant unusual transactions (size, timing, nature, outside the normal course of business)
The effect on other business unit(s) that would, in turn, affect the consolidated FS.
Physical location of the business unit (some countries are more corrupt)
What are the 7 types of substantive audit procedure activities (aka the nature of the activity)? Which are used to test the operating effectiveness of internal controls?
From least to most evidence
Inquiry** (inquiry alone is not sufficient evidence)
**Used to test internal controls
What is the audit evidence heirarchy (strongest to weakest)?
Auditor knows (personal knowledge)
Regardless of whether the audit is integrated or not, when are tests of controls generally required
When an entity conducts its business using IT, w/o supporting documentation (all electronic)
Many transactions are performed automatically with little or no manual intervention (timed payments or billing)
Audit evidence is obtained in electronic form, which requires verification of accuracy and completeness of the info
What is a dual-purpose test?
A test that not only evaluates the operating effectiveness of a control, but also is a test of details to support a relevant assertion.
Internal control is weak, control risk is high. Should the auditor perform tests of controls? What level of substantive procedures should be performed (maximum, moderate, minimum)
No, unless heavy use of IT
There is some internal control, control risk is medium. Should the auditor perform tests of controls? What level of substantive procedures should be performed (maximum, moderate, minimum)
Internal control is strong, control risk is low. Should the auditor perform tests of controls? What level of substantive procedures should be performed (maximum, moderate, minimum)
Minimal, but don't eliminate
True / False: The auditor performed tests of controls in Q1 and Q2. He is now performing an audit in Q3. Because 2 quarters of tests were performed, the auditor can rely on the previous tests of controls.
Tests of controls must be performed in the current period, required for significant risk accounts
The entity has internal controls in place for an account with a balance of $10,000. Materiality is set at $100,000. Tests of controls [are / are not] necessary.
Are not necessary until involves a material misstatement.
The entity has internal controls in place for an account whose balance is more than the material threshold. The tests are not designed to prevent or detect material misstatement. Tests of controls [are / are not] necessary.
The control must be designed to detect or prevent material misstatement
True / False: The auditor may choose to test the operating effectiveness of tests of controls concurrently with obtaining an understanding of internal control
In a non-integrated audit, the auditor is required to obtain an understanding of the (1)_______ and (2)______ of internal control as part of understanding the entity, but is not required to evaluate (3)________.
What factors should the auditor consider in determining the appropriate extent of testing controls
The extent to which the auditor wishes to rely on the operating effectiveness of the control to reduce substantive procedures
The length of time during which the auditor wishes to rely on the control
The extent to which other tests provide audit evidence about the same assertion
The frequency of the performance of the control during the period
The expected deviation rate from the control
The relevance and reliability of the evidence to be obtained
True / False: Tests of controls at the end of the period ensure the tests were effective throughout the period
The test at the end of the period is only valid for that point in time and can only be relied upon for that period of time
The auditor performed a test of control at the interim period. What must be done to ensure effectiveness at the end of the year?
Either reperform the test of controls OR
Obtain additional evidence to validate the controls through the new period
True / False: Evidence obtained in a prior audit about the operating effectiveness of controls may be used in the current audit.
True ifthe auditor obtains evidence about whether changes in those controls have occurred and the control is not used to mitigate a significant risk.
New evidence must be gathered if changes have occurred.
Internal controls were tested and operating effectiveness verified. No changes have occurred to the controls. How frequently must the controls be re-tested?
At least once every 3rd year if not a significant risk. More frequently is preferred.
If significant risk: must be tested in the period relied on.
True / False: The auditor may rely on audit evidence obtained in prior audits for controls that mitigate a significant risk.
New tests of controls must be performed.
True / False: None of the substantive procedures identified any material misstatement, therefore, the auditor can conclude that the related control was operating effectively.
What are the 2 types of substantive procedures and provide a brief description?
Substantive Analytical Procedures: The study of plausable relationships among financial and nonfinancial data
Tests of Details: Specific tests performed on ending balances, details of transactions, or both.
On what types of transactions are substantive analytical procedures typically used?
Large volume of predictable transactions
Define FS level risks. What are examples that indicate FS level risks?
Risks that relate pervasively to the FS as a whole and potentially impact many relevant assertions.
Weak control environment
Lack of qualified personnel in financial reporting roles
Define assertion level risks. What are examples that indicate assertion level risks?
Risks that relate to specific transactions, account balances, or disclosures at the relevant assertion level.