Audit Exam 2

  1. Information Risk
    Probability that the information distributed by an entiry will materially false and misleading as a result of errors, fraud, or direct-effect illegal acts
  2. Audit Risk
    • the probability that an audit team will express an inappropriate audit opinion when the financial statements are materially mistated
    • (this risk always exists)
  3. Inherent Risk
    probability that, in the absence of internal controls, material errors or frauds could enter the accounting system used to develop financial statements. its the susceptibility of the account to misstatement.
  4. Factors that have been suggested as being related to the susceptibility of accounts to mistatement or fraud: (5)
    • 1. dollar size of account
    • 2. liquidity
    • 3. volume of transactions
    • 4. complexity of the transactions
    • 5. subjective estimates
  5. Control Risk
    Probability that the client's internal control policies and procedures will fail to prevent or detect material mistatements, provided any enter or would have entered the accounting system in the first place
  6. Detection Risk
    Probability that audit procedures will fail to detect material misstatements, provided any have entered the accounting system in the first place and have not been detected and corrected by the client's internal controls.
  7. 2 categories of substantive procedures
    • 1. audit of the details of transactions and balances
    • 2. analytical procedures applied to procude circumstantial evidence about dollar amounts in the accounts.
  8. Audit Risk Model
    AR=IR x CR x DR
  9. Risk of Material Misstatement (RMM)
    RMM = IR x CR
  10. Model used to Calculate risks and related sample sizes
    Image Upload 1
  11. Procedures and Assertions

    Existence or Occurence
    Inspection of tangible assets

    Inspection of records or documents (vouching)
  12. Procedures and Assertions

    Completeness or Cutoff
    Inspection of records or documents (tracing)

    Inspection of records or documents (tracing or vouching)
  13. Procedures and Assertions

    Rights and Obligations
  14. Procedures and Assertions

    Valuation and Allocation and Accuracy

    Inspection of records or documents (tracing or vouching)
  15. Procedures and Assertions

    Presentation and Disclosure
    Classification and Understandability
    Analytical Procedures

  16. Vouching
    An auditor selects an item of financial information, usually from a journal or ledger, and follows its path back through the processing steps to its orgin
  17. Tracing
    An auditor selects a basic source document and follows its processing path forward to find its final recording in a summary journal or ledger
  18. Analytical procedures
    • 1. Comparison of current year account balances to balances of one or more comparable periods
    • 2. Comparison of the current-year account balances to anticipated results found in the company's budgets and forecasts
    • 3. Evaluatino of the relationships of current year account balances to other current-year balances for conformity with predictable patterns based on the company's experience
    • 4 comparison of current year account balances and financial relationships with similar information for the industry in which the company operates
    • 5. study of the relationships of current year account balances with relevant nonfinancial information
  19. Audit plan
    list of the audit procedures that the audit team needs to perform to gather sufficient appropriate evidence on which to base their opinion on the financial statements
  20. 3 basic goals of engagement planning
    • 1. obtain an understnading of important events that have affected the client and its operations
    • 2. to identify areas of the engagement that could represent special risks to the firm
    • 3. to ensure that the engagement can be completed in a timely fashion
  21. Engagement letter
    • 1. objectives of the engagement
    • 2. management's responsibilities
    • 3. auditors responsibilities
    • 4. limitations of the engagement
  22. Enterprise Risk Management (ERM)
    a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives
  23. 8 elements of ERM
    • 1. Internal environment: the "risk consciousness" of the organization and includes the organization's risk management philosophy and "risk appetite," its integrity and ethical values, and the environment in which it operates. the internal enviornment restablishes how the organization responds to risk
    • 2. Objective setting: is mgmt's responsibility to determine the goals and objectives of the organization.
    • 3. Event Identification: is the identification of conditions and events, either internal or external to the organization, that could adversely affect mgmt's objectives.
    • 4. Risk assessment: is the systematic process for estimating the likelihood of adverse conditions occurring.
    • 5. Risk response: addresses how the organization will prevent or respond to the adverse conditions if they actually occur.
    • 6. Control activities: are policies and procedures to ensure that risk responses are appropriate given the circumstances and environment in which the organization operates.
    • 7. Information and communication: link all components of the ERM.
    • 8. Monitoring: includes regular management and supervisory activities over risk management activities.
  24. 3 ways that management can mitigate risk
    • avoid it
    • control it
    • share it
  25. Analytic Procedure Steps (5)
    • 1. Develop an expectation
    • 2. Define a significant difference
    • 3. Calculate predictions and compare them with the recorded amount
    • 4. investigate significant diffrences
    • 5. Document each of the above steps
  26. Analytic Procedures:
    Stages of use
    Preliminary planning: required as an attention-getting approach

    Substantive testing: optional (mix of procedures to control DR at appropriate level)

    Final Review: Required as an overall test of reasonableness
  27. Electronic equipments effect on audit engagement
    The auditor must evaluate the impact of technology on the client's operations

    The auditor must evaluate computer controls implemented by the client in the auditor's study and evaluation of the client's internal controls and assessment of CR

    The auditor can use the computer's speed and accuracy to assist in the audit
  28. Effect of computer processing on transactions
    • Transaction trails
    • Uniform processing of transactions
    • Segregation of duties
    • Potential for fraud
    • Potential for increased management supervision
    • Initiation or subsequent execution of transactions by computer
  29. Audit Planning considerations (dealing with technology)
    • Extent to which computers are used
    • Complexity of computer operations
    • Organizational structure of computer processing
    • Availability of data
    • Use of CAATs
    • Need for specialized skills
  30. Audit Documentation Requirments
    • Should be prepared in sufficent detail to enable an experienced auditor having no previous connection to the engagement to:
    • -understand the nature timing, extent and results of procedures, evidence obtained and conclusions reached
    • -Determine who performed the work, date of work, reviewer and date of review

    • Audit documentation should provide a clear link to significant findings or issues and
    • -demonstrate compliance with PCAOB standards
    • -support basis for conclusions on every relevant assertion
    • -document that accounting records agree with financial statements
  31. Documentation
    must be retained 7 years from report release date

    documentation may not be deleted or discarded after report release date

    • Additions must indicate
    • -date the information was added
    • -name of preparer
    • -reason for the addition

    • Ownership
    • auditors maintain ownership, even after auditor-client relationship is over

    • Confidentiality
    • only can be made public with permission, or if subpoenaed, or as part of a peer review of firm practices, or as part of an ethics investigation of firm personnel.
  32. Responsibility for Internal Control
    • Management Responsibility:
    • Responsibility for establising and maintaining adequate internal control
    • Assess and report on internal control over financial reporting
    • SOX

    • Auditor Responsibility:
    • Assess RMM
    • Auding Standard No. 5: an audit of internal control over financial reporting that is integrated with an audit of financial statements
  33. Management's Responsibility for Internal Control (SOX)
    Certify company's financial statements

    report on the company's internal control over financial reporting

    • Must include:
    • -statement that management is responsible
    • -statement identifying the IC framework (usually COSO)
    • -statement providing management's assessment
  34. If an audit of internal control over financial reporting is done for non-public
    its called an attestation engagement
  35. An Integrated Framework (COSO)
    • Internal Control
    • -the process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives including:
    • 1. reliability of financial reporting
    • 2. compliance with applicable laws and regulations
    • 3. effectiveness and efficiency of operations
  36. _____are the key component of an entity's internal control.
  37. Internal control provides _____, not _______, that control objectives will be achieved.
    reasonable assurance

    absolute assurance
  38. Inherent limitations of Internal controls
    • Human Error
    • Collusion
    • Management overide of controls
    • Cost/benefit analysis
  39. COSO Components
    • Control Activities
    • Risk Assessment
    • Information and Communication
    • Monitoring
    • Environment (control)
  40. Control Environment
    "tone at the top"

    • General principles:
    • Integrity and ethical values
    • BOD
    • mgmt's philosophy and operating style
    • organizational structure (decentralized)
    • financial reporting competencies
    • Authroity and responsibility
    • HR
  41. Audit Committee
    • Provides a Buffer between the audit team and operating mgmt
    • Must be financially literate
    • At least on financial expert
  42. Audit Committee Duties
    Appointment, compensation, and oversight of the public accounting firm

    Resolution of disagreements betweeen mgmt and audit team

    oversight of entity's internal audit function

    approval of (allowed) nonaudit services provided by the firm performing audit
  43. Risk Assessment
    Mgmt's identification and analysis of relevant risks to achievement of its objectives

    Possibly using COSO's ERM framework

    • 3 principles
    • financial reporting objectives
    • financial reporting risks
    • fraud risks
  44. Principles of control activities
    integration with risk assessment

    selection and development of control


    policies and procedures

    information technology
  45. Segregation of Duties
    Separate the tasks of

    • authorization
    • custody
    • recording
  46. Information and communication principles
    • Financial reporting information
    • internal control information
    • internal communication
    • external communication
  47. Gernal Phases of internal control evaluation
    • 1. Phase 1: understand and document design and operation of internal control
    • 2. Phase 2: assess preliminary control risk
    • 3. Phase 3: Testing and reassessment
  48. Phases of the Engagement
    Step 1
    • Plan the audit:
    • Consider knowledge of industry
    • Consider knowledge of business
    • Consider extent of changes in operations
    • Consider extent of changes in Internal control
    • Evaluate controls for all relevant assertions for all significant accounts or disclosures
  49. Phases of the Engagement
    Step 2
    • Use a top-down approach to gain an understanding:
    • Identify entify-level controls
    • Perform walkthroughs
    • Auditor must perform work related to company-wide anti-fraud programs and controls that have a pervasive effect
    • Auditor can incorporate work of internal auditors and others
  50. Phases of the Engagement
    Step 3a
    • Test Controls: Design Effectiveness
    • Design effectiveness determines whether the controls over financial reporting, if operating effectively, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements
  51. Phases of the Engagement
    Step 3b
    • Test Controls: Operating Effectiveness
    • Operating effectiveness is whether the control is operating as designed and whether the person performing the control possesses the necessary authority and qualifications to perform the control effectively
  52. Phases of the Engagement
    Step 4a
    • Evaluate control deficiencies
    • Design deficiency is a problem relating to either a necessary control that is missing or an existing control that is so poorly designed that if fails to satisfy the control's objectives
    • Operating deficiency occurs when a properly designed control is either ignored or inappropriately applied
  53. Phases of the Engagement
    Step 4b
    • Identify significant deficiencies
    • Significant deficiencies are defined as conditions, or combinations of conditions, that could adversely affect the organziation's ability to initiate, record, process, and report financial data in the financial statements
  54. Phases of the Engagement
    Step 4c
    • Identify Material Weaknesses
    • deficiencies that result in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis

    • 3 categories of dificiencies
    • -internal control deficiency
    • -significant dificiency
    • -material weakness

    **the difference between a significant deficiency and a material weakness is the likelihood and materiality that a potential misstatement would not be detected on a timely basis
  55. The presence of even one material weakness will result in
    an adverse opinion
  56. The combined effect of 2 or more significant deficiencies can result in
    a material wekness in internal control
  57. Phases of the Engagement
    Step 5
    • Wrapping Up: Forming an opinion on the effectiveness over financial reporting
    • auditors issue an opinion
    • evaluate mgmt's report
  58. Phases of the Engagement
    Step 6
    • Reports on internal control
    • -separate report on internal control
    • -integrated audit report and report on internal control
    • ---includes auditor's opinions on 1)internal control effectiveness, and the 2) fairness of the company's financial statements
  59. Phases of the Engagement
    • Review for subsequent changes
    • obtain management representations
    • Review internal auditor reports
    • review regulatory agency reports
    • obtain evidence from other engagements
  60. 7 phases of the engagement
    • 1. Plan the audit
    • 2. Use a top-down approach to gain an understanding
    • 3a. Test controls- design effectiveness
    • 3b. Test controls- operating effectiveness
    • 4a. Evaluate control deficiencies
    • 4b. Identify significant deficiencies
    • 4c. Identify Material weaknesses
    • 5. Wrapping Up
    • 6. Reports on Internal control
    • 7. review for subsequent changes
  61. Inherent risks of in Revenue and collection cycle
    • Improper Revenue Recognition
    • -cut-off
    • -bill and hold
    • -channel stuffing
    • Returns and Allowances
    • Collectibility of receivables
    • "lapping" of receivable payments
  62. Revenue Recognition
    Must be 1) realized or realizable and 2) earned

    • SEC guidance (SAB 104)
    • -persuasive evidence of an arrangement exists
    • -delivery has occured or services have been rendered
    • -the seller's price to the buyer is fixed or determinable
    • -collectibility is reasonably assured
  63. Potential Errors: Sales
    • sales recorded but goods not shipped
    • goods shipped but not recorded
    • sale invoiced but not recorded
    • sale invoiced but improperly costed
    • sale amount recorded incorrectly
    • sale recorded to wrong customer account
    • goods shipped to poor credit risk
    • sales misclassified
    • sale recorded in wrong period
  64. Potential errors: Cash receipts
    • cash receipts recorded but not deposited
    • cash receipts deposited but not recorded
    • cash receipts not recorded or deposited
    • cash receipts amount recorded incorrectly
    • cash receipts credited to wrong customer account
    • cash receipts recorded in wrong period
  65. Revenue and collection cycle:
    Key control procedures
    • Separation of duties
    • Authorization of transactions
    • Access to assets
    • Adequate documents and records
    • Independent checks on performance
  66. Auditing A/R
    • Test A/R aged trial balance
    • Test reconciliation of A/R control with A/R subsidiary ledger
    • Confirm selected balances
    • Perform analytical procedures
    • Test sales cut-off
  67. Positive confirmations
    • request reply regardless
    • -small number of accounts are involved
    • -large number of errors are anticipated
  68. Negative confirmations
    • request reply is it disagrees
    • a large number of of small balances involved
    • the auditor has no reason to believe that the recipients of the requests are unlikely o give them considerations
  69. Blank confirmations
    should be used if the recipient is likely to return a positive confirmation without verifying the accuracy of the information
  70. Expanded field confimations
    • to increase response rate
    • multiple choice
  71. confirmation considerations
    • responses to positive and blank confirmations provide more reliable evidence than negative non response
    • recipients of A/R confirmations may not report understatements
    • Auditors must have heightened professional skepticism for electronic responses
    • non-response to positive/blank confirmation request
    • --follow up with second and third requests
    • --a lower than expected response rate could be indicative of fictitios customer accounts
    • --alternative procedures
    • non response to negative confirmation requests
    • --only limited vevidence concerning financial statement assertions
    • --alternative procedures are not neccessary for unreturned negative confirmation request
    • follow up on all reported exceptions
  72. Alternative procedures
    • vouch subsequent cash collections
    • examine shipping documents
    • examine client-generated supporting documentation, such as invoice copies
    • inspect correspondence files
  73. Uncollectible accounts
    • Inspect customer files for collectibility
    • Recalculate allowance and bad debt expense
    • Verify reasonableness of ALLOWANCE and BAD DEBT EXPENSE
  74. Inherenct risks of Acquisition and Expenditure cycle
    • unrecorded liabilities
    • noncancelable purchase agreements
    • capitalized expenses
  75. typical activities of acquisition and expenditure cycle
    • purchase goods and services
    • receiving the goods or servicies
    • recording the asset or expense and related liability
    • paying the invoice through the cash disbursement process
  76. Information processing controls
    • Information processing controls:
    • compare PO # on BOL with company PO
    • Compare Quantities agains receiving report and PO
    • compare prices against quoted price or catalog listing
    • Mathematically verify vendor's invoice
    • determine when to pay invoice and prepare voucher
  77. Acquisition and Expenditure cycle
    Separation of duties
    • authorization of the purchase is done by puchasing dept.
    • Custody of inventory is held by receiving dept. and requesting dept.
    • transactions are recorded by general accounting and A/P depts
    • reconcile liabilities to vendor statements and general ledger account
    • Bids are received by someone independent of the purchasing decision
  78. Fraud Red Fags
    • Photocopies of invoices
    • invoices in numerical order
    • round numbers
    • slightly below authorization thresholds
    • P.O. Boxes with no other addresses
    • no listed Phone #
    • Vendor and employee addresses the same
    • Multiple vendors at same location
  79. Inherent Risks in the Payroll Cycle
    • Payroll is inflated/employees are overpaid
    • Payroll is understated/employees are underpaid
    • Employees are paid for work not done
    • Errors in payroll calculations
    • Phantom ("ghost") employees
    • Payments to terminated employees
  80. Typical Audit tests with payroll
    • Test of year-end accruals
    • payroll test
    • "Hires & Fires"--select new hires & former employees to ensure removal
    • Third-party payments
    • Surprise payoffs
    • Reconciliation of payroll & related accounts
  81. Payroll Transactions: Controls
    • Separate checking account-imprest basis
    • Separate bank reconciliation
    • Control & investigation of unclaimed wages
    • Suprise payoffs
    • Timely investigation of employee complaints
Card Set
Audit Exam 2
Note cards made for Exam 2 in ACCT 6611: Auditing