Audit Exam 2

Probability that the information distributed by an entiry will materially false and misleading as a result of errors, fraud, or direct-effect illegal acts

• the probability that an audit team will express an inappropriate audit opinion when the financial statements are materially mistated
• (this risk always exists)

probability that, in the absence of internal controls, material errors or frauds could enter the accounting system used to develop financial statements. its the susceptibility of the account to misstatement.

• 1. dollar size of account
• 2. liquidity
• 3. volume of transactions
• 4. complexity of the transactions
• 5. subjective estimates

Probability that the client's internal control policies and procedures will fail to prevent or detect material mistatements, provided any enter or would have entered the accounting system in the first place

Probability that audit procedures will fail to detect material misstatements, provided any have entered the accounting system in the first place and have not been detected and corrected by the client's internal controls.

• 1. audit of the details of transactions and balances
• 2. analytical procedures applied to procude circumstantial evidence about dollar amounts in the accounts.

AR=IR x CR x DR

RMM = IR x CR

Inspection of tangible assets

Inspection of records or documents (vouching)

Inspection of records or documents (tracing)

Inspection of records or documents (tracing or vouching)

Confirmation

Reperformance

Inspection of records or documents (tracing or vouching)

Analytical Procedures

Inquiry

An auditor selects an item of financial information, usually from a journal or ledger, and follows its path back through the processing steps to its orgin

An auditor selects a basic source document and follows its processing path forward to find its final recording in a summary journal or ledger

• 1. Comparison of current year account balances to balances of one or more comparable periods
• 2. Comparison of the current-year account balances to anticipated results found in the company's budgets and forecasts
• 3. Evaluatino of the relationships of current year account balances to other current-year balances for conformity with predictable patterns based on the company's experience
• 4 comparison of current year account balances and financial relationships with similar information for the industry in which the company operates
• 5. study of the relationships of current year account balances with relevant nonfinancial information

list of the audit procedures that the audit team needs to perform to gather sufficient appropriate evidence on which to base their opinion on the financial statements

• 1. obtain an understnading of important events that have affected the client and its operations
• 2. to identify areas of the engagement that could represent special risks to the firm
• 3. to ensure that the engagement can be completed in a timely fashion

• 1. objectives of the engagement
• 2. management's responsibilities
• 3. auditors responsibilities
• 4. limitations of the engagement

a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives

• 1. Internal environment: the "risk consciousness" of the organization and includes the organization's risk management philosophy and "risk appetite," its integrity and ethical values, and the environment in which it operates. the internal enviornment restablishes how the organization responds to risk
• 2. Objective setting: is mgmt's responsibility to determine the goals and objectives of the organization.
• 3. Event Identification: is the identification of conditions and events, either internal or external to the organization, that could adversely affect mgmt's objectives.
• 4. Risk assessment: is the systematic process for estimating the likelihood of adverse conditions occurring.
• 5. Risk response: addresses how the organization will prevent or respond to the adverse conditions if they actually occur.
• 6. Control activities: are policies and procedures to ensure that risk responses are appropriate given the circumstances and environment in which the organization operates.
• 7. Information and communication: link all components of the ERM.
• 8. Monitoring: includes regular management and supervisory activities over risk management activities.

• avoid it
• control it
• share it

• 1. Develop an expectation
• 2. Define a significant difference
• 3. Calculate predictions and compare them with the recorded amount
• 4. investigate significant diffrences
• 5. Document each of the above steps

Preliminary planning: required as an attention-getting approach

Substantive testing: optional (mix of procedures to control DR at appropriate level)

Final Review: Required as an overall test of reasonableness

The auditor must evaluate the impact of technology on the client's operations

The auditor must evaluate computer controls implemented by the client in the auditor's study and evaluation of the client's internal controls and assessment of CR

The auditor can use the computer's speed and accuracy to assist in the audit

• Transaction trails
• Uniform processing of transactions
• Segregation of duties
• Potential for fraud
• Potential for increased management supervision
• Initiation or subsequent execution of transactions by computer

• Extent to which computers are used
• Complexity of computer operations
• Organizational structure of computer processing
• Availability of data
• Use of CAATs
• Need for specialized skills

• Should be prepared in sufficent detail to enable an experienced auditor having no previous connection to the engagement to:
• -understand the nature timing, extent and results of procedures, evidence obtained and conclusions reached
• -Determine who performed the work, date of work, reviewer and date of review

• Audit documentation should provide a clear link to significant findings or issues and
• -demonstrate compliance with PCAOB standards
• -support basis for conclusions on every relevant assertion
• -document that accounting records agree with financial statements

must be retained 7 years from report release date

documentation may not be deleted or discarded after report release date

• Additions must indicate
• -date the information was added
• -name of preparer
• -reason for the addition

• Ownership
• auditors maintain ownership, even after auditor-client relationship is over

• Confidentiality
• only can be made public with permission, or if subpoenaed, or as part of a peer review of firm practices, or as part of an ethics investigation of firm personnel.

• Management Responsibility:
• Responsibility for establising and maintaining adequate internal control
• Assess and report on internal control over financial reporting
• SOX

• Auditor Responsibility:
• Assess RMM
• Auding Standard No. 5: an audit of internal control over financial reporting that is integrated with an audit of financial statements

Certify company's financial statements

report on the company's internal control over financial reporting

• Must include:
• -statement that management is responsible
• -statement identifying the IC framework (usually COSO)
• -statement providing management's assessment

its called an attestation engagement

• Internal Control
• -the process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives including:
• 1. reliability of financial reporting
• 2. compliance with applicable laws and regulations
• 3. effectiveness and efficiency of operations

People

reasonable assurance

absolute assurance

• Human Error
• Collusion
• Management overide of controls
• Cost/benefit analysis

• Control Activities
• Risk Assessment
• Information and Communication
• Monitoring
• Environment (control)

"tone at the top"

• General principles:
• Integrity and ethical values
• BOD
• mgmt's philosophy and operating style
• organizational structure (decentralized)
• financial reporting competencies
• Authroity and responsibility
• HR

• Provides a Buffer between the audit team and operating mgmt
• Must be financially literate
• At least on financial expert

Appointment, compensation, and oversight of the public accounting firm

Resolution of disagreements betweeen mgmt and audit team

oversight of entity's internal audit function

approval of (allowed) nonaudit services provided by the firm performing audit

Mgmt's identification and analysis of relevant risks to achievement of its objectives

Possibly using COSO's ERM framework

• 3 principles
• financial reporting objectives
• financial reporting risks
• fraud risks

integration with risk assessment

selection and development of control

activities

policies and procedures

information technology

Separate the tasks of

• authorization
• custody
• recording

• Financial reporting information
• internal control information
• internal communication
• external communication

• 1. Phase 1: understand and document design and operation of internal control
• 2. Phase 2: assess preliminary control risk
• 3. Phase 3: Testing and reassessment

• Plan the audit:
• Consider knowledge of industry
• Consider knowledge of business
• Consider extent of changes in operations
• Consider extent of changes in Internal control
• Evaluate controls for all relevant assertions for all significant accounts or disclosures

• Use a top-down approach to gain an understanding:
• Identify entify-level controls
• Perform walkthroughs
• Auditor must perform work related to company-wide anti-fraud programs and controls that have a pervasive effect
• Auditor can incorporate work of internal auditors and others

• Test Controls: Design Effectiveness
• Design effectiveness determines whether the controls over financial reporting, if operating effectively, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements

• Test Controls: Operating Effectiveness
• Operating effectiveness is whether the control is operating as designed and whether the person performing the control possesses the necessary authority and qualifications to perform the control effectively

• Evaluate control deficiencies
• Design deficiency is a problem relating to either a necessary control that is missing or an existing control that is so poorly designed that if fails to satisfy the control's objectives
• Operating deficiency occurs when a properly designed control is either ignored or inappropriately applied

• Identify significant deficiencies
• Significant deficiencies are defined as conditions, or combinations of conditions, that could adversely affect the organziation's ability to initiate, record, process, and report financial data in the financial statements

• Identify Material Weaknesses
• deficiencies that result in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis

• 3 categories of dificiencies
• -internal control deficiency
• -significant dificiency
• -material weakness

**the difference between a significant deficiency and a material weakness is the likelihood and materiality that a potential misstatement would not be detected on a timely basis

an adverse opinion

a material wekness in internal control

• Wrapping Up: Forming an opinion on the effectiveness over financial reporting
• auditors issue an opinion
• evaluate mgmt's report

• Reports on internal control
• -separate report on internal control
• -integrated audit report and report on internal control
• ---includes auditor's opinions on 1)internal control effectiveness, and the 2) fairness of the company's financial statements

• Review for subsequent changes
• obtain management representations
• Review internal auditor reports
• review regulatory agency reports
• obtain evidence from other engagements

• 1. Plan the audit
• 2. Use a top-down approach to gain an understanding
• 3a. Test controls- design effectiveness
• 3b. Test controls- operating effectiveness
• 4a. Evaluate control deficiencies
• 4b. Identify significant deficiencies
• 4c. Identify Material weaknesses
• 5. Wrapping Up
• 6. Reports on Internal control
• 7. review for subsequent changes

• Improper Revenue Recognition
• -cut-off
• -bill and hold
• -channel stuffing
• Returns and Allowances
• Collectibility of receivables
• "lapping" of receivable payments

Must be 1) realized or realizable and 2) earned

• SEC guidance (SAB 104)
• -persuasive evidence of an arrangement exists
• -delivery has occured or services have been rendered
• -the seller's price to the buyer is fixed or determinable
• -collectibility is reasonably assured

• sales recorded but goods not shipped
• goods shipped but not recorded
• sale invoiced but not recorded
• sale invoiced but improperly costed
• sale amount recorded incorrectly
• sale recorded to wrong customer account
• goods shipped to poor credit risk
• sales misclassified
• sale recorded in wrong period

• cash receipts recorded but not deposited
• cash receipts deposited but not recorded
• cash receipts not recorded or deposited
• cash receipts amount recorded incorrectly
• cash receipts credited to wrong customer account
• cash receipts recorded in wrong period

• Separation of duties
• Authorization of transactions
• Access to assets
• Adequate documents and records
• Independent checks on performance

• Test A/R aged trial balance
• Test reconciliation of A/R control with A/R subsidiary ledger
• Confirm selected balances
• Perform analytical procedures
• Test sales cut-off

• request reply regardless
• -small number of accounts are involved
• -large number of errors are anticipated

• request reply is it disagrees
• a large number of of small balances involved
• the auditor has no reason to believe that the recipients of the requests are unlikely o give them considerations

should be used if the recipient is likely to return a positive confirmation without verifying the accuracy of the information

• to increase response rate
• multiple choice

• responses to positive and blank confirmations provide more reliable evidence than negative non response
• recipients of A/R confirmations may not report understatements
• Auditors must have heightened professional skepticism for electronic responses
• non-response to positive/blank confirmation request
• --follow up with second and third requests
• --a lower than expected response rate could be indicative of fictitios customer accounts
• --alternative procedures
• non response to negative confirmation requests
• --only limited vevidence concerning financial statement assertions
• --alternative procedures are not neccessary for unreturned negative confirmation request
• follow up on all reported exceptions

• vouch subsequent cash collections
• examine shipping documents
• examine client-generated supporting documentation, such as invoice copies
• inspect correspondence files

• Inspect customer files for collectibility
• Recalculate allowance and bad debt expense
• Verify reasonableness of ALLOWANCE and BAD DEBT EXPENSE

• unrecorded liabilities
• noncancelable purchase agreements
• capitalized expenses

• purchase goods and services
• receiving the goods or servicies
• recording the asset or expense and related liability
• paying the invoice through the cash disbursement process

• Information processing controls:
• compare PO # on BOL with company PO
• Compare Quantities agains receiving report and PO
• compare prices against quoted price or catalog listing
• Mathematically verify vendor's invoice
• determine when to pay invoice and prepare voucher

• authorization of the purchase is done by puchasing dept.
• Custody of inventory is held by receiving dept. and requesting dept.
• transactions are recorded by general accounting and A/P depts
• reconcile liabilities to vendor statements and general ledger account
• Bids are received by someone independent of the purchasing decision

• Photocopies of invoices
• invoices in numerical order
• round numbers
• slightly below authorization thresholds
• P.O. Boxes with no other addresses
• no listed Phone #
• Vendor and employee addresses the same
• Multiple vendors at same location

• Payroll is inflated/employees are overpaid
• Payroll is understated/employees are underpaid
• Employees are paid for work not done
• Errors in payroll calculations
• Phantom ("ghost") employees
• Payments to terminated employees

• Test of year-end accruals
• payroll test
• "Hires & Fires"--select new hires & former employees to ensure removal
• Third-party payments
• Surprise payoffs
• Reconciliation of payroll & related accounts

• Separate checking account-imprest basis
• Separate bank reconciliation
• Control & investigation of unclaimed wages
• Suprise payoffs
• Timely investigation of employee complaints