A3
evaluate fraud risk factors
(1) incentives/pressures (2) opportunities (3) rationalization/attitude risk is greatest when all three are present however, you can still have risk even with only one condition present
inquire of entity personnel regarding their views of fraud risk
- make direct inquiries to mgmt, EEs involved in financial reporting, operating personnel, internal auditors, in-house legal counsel, those charged with governance - inquires are regarding- overall risk of fraud, identified or suspected instances of fraud, process for identifying/responding to fraud, mgmt's code of ethics, mgmt report on internal control and how it detects/prevents fraud, oversight the audit committee provides, internal audit procedures to identify fraud, whether the company has entered into any significant unusual transactions
For actual or potential litigations, the auditor should obtain audit evidence relevant to:
- the period in which the underlying cause of legal action occurred - the degree of probability of an unfavorable outcome - the amount or range of potential loss
three types of misstatements
-Factual misstatements- misstatements which there is no doubt - judgmental misstatements- differences arising from the judgments of management concerning accounting estimates that the auditor considers unreasonable or the selection or application of an accounting policies that the auditor considers inappropriate -projected misstatments- auditor's best estimate of misstatements in a population
Limitations of ratios
-few industry benchmarks to compare - dissimilar business units -inflation can reduce the comparability of B/S items - manipulation of ratios by mgmt can occur - choice of different GAAP can affect ratios and reduce comparability - generalizations are difficult to make - ratios may use accounting data that do not reflect FMV (ex. fixed assets)
Variable sampling
-used to estimate the numerical measurement of a population, such as a dollar value -objective= to obtain evidence about the reasonableness of monetary amounts - auditor estimates the true value of the population by computing a point estimate
in order to reduce audit risk to an acceptably low level the auditor must develop the following responses to the assessed risks of material misstatement:
1 an overall response to address F/S level risks 2 response at the relevant assertion level, whereby the nature, extent, and timing of audit procedures are designed to address risks related to specific assertions 3 a response to significant risks
With respect to fraud, the auditor should perform the following procedures:
1 discuss fraud risk with engagement personnel 2 obtain information to identify specific fraud risks 3. access fraud risk and develop an appropriate response 4 evaluate audit evidence regarding fraud
Advantages to statistical sampling
1 measure the sufficiency of the audit evidence obtained 2 provide an objective basis for quantitatively evaluating sample results 3 design an efficient sample 4 quantify sampling risk to limit risk to an acceptable level
Financial statement level risks include weaknesses related to:
1 the process used to prepare F/S, including the development of significant accounting estimates and the preparation of F/S footnotes 2 overall control environment- culture 3 lack of qualified personnel in financial reporting roles 4 the selection and application of significant accounting policies
obtaining evidence for testing the design and operating effectiveness of controls includes:
1 whether the controls were applied at relevant times 2 how controls were applied 3 the consistency with which controls were applied 4 by whom or by what means controls were applied
Fraud risk factors
1. Incentives/Pressures→ a reason to commit fraud 2. Opportunity→ a lack of effective controls 3. Rationalization/attitude→ an attempt to justify fraudulent behavior
Types of Substantive Procedures:
1. Test of Details- applied to transaction classes, account balances, and disclosures. Used to gather evidence to support the account balances. performed on ending balances, the details of transactions or combination of the two 2. substantive analytical procedures- evaluations of financial information made by a study of plausible relationships. generally involve comparisons of recorded amounts to independent expectations
Examples of accounting estimates involving relatively high estimation uncertainty include:
1. accounting estimates relating to the outcome of a litigation 2. fair value accounting estimates for derivative financial instruments not publically traded 3. fair value accounting estimates that are highly specialized, entity-developed model is used, assumptions/inputs cannot be observed in the marketplace
Substantive Procedures include:
1. agreement of the F/S to the underlying accounting records 2. examination of material journal entries or adjustments made while preparing the F/S 3. Evaluation of the overall presentation of the F/S in accordance with the applicable financial reporting framework, including disclosures
hierarchy of audit evidence (most reliable to least reliable)
1. auditor's direct personal knowledge 2. external evidence 3. internal evidence 4. oral evidence
Examples of indicators of possible management bias:
1. changes in accounting estimate, or the method for making it, when mgmt has made a subjective assessment that there has been a change in circumstances 2. the use of an entity's own assumptions for the FMV of accounting estimates when they are inconsistent with observable market assumptions 3. the selection or construction of significant assumptions that yield a point estimate favorable for mgmt objectives 4. the selection of a point estimate that may indicate a pattern of optimism or pessimism
Substantive Analytical Procedures- steps
1. determine the analytical procedure that is suitable 2. evaluate the reliability 3. develop an expectation of recorded amounts or ratios 4. perform the analytical procedures and compare results with expectations 5. investigate and significant differences- inquire of management, perform other audit procedures
Conditions identified during fieldwork
1. discrepancies in the accounting records 2. conflicting or missing evidential matter 3. problematic relationships between the auditor and management 4. objections by management to the auditor meeting privately with the audit committee 5. accounting policies that appear inconsistent with industry practices that are widely recognized and prevalent 6. frequent changes in accounting estimates- with no changing circumstances 7. tolerance of violations of the company's code of conduct
Audit procedures regarding fraud
1. discuss fraud risk with engagement personnel 2. obtain info to identify specific fraud risks 3. assess fraud risk and develop an appropriate response 4. evaluate audit evidence regarding fraud 5. make appropriate communications about fraud 6. document the auditor's consideration of fraud
response addressing risks related to management override
1. examine journal entries- focus on nonstandard/unusual entries 2. review accounting estimates for biases- compare year to year 3. evaluate the business purpose for significant unusual transactions
reporting to regulatory and enforcement authorities in the following circumstance, the auditor has the duty to disclose outside the entity:
1. in response to inquiries from an auditor to a predecessor auditor 2. in response to a court order 3. in compliance w/ requirements for the audits of entities that receive federal financial assistance from a government agency
Obtaining information about Fraud
1. inquire of entity personnel regarding their views of fraud risk 2. consider the results of analytical procedures 3. evaluate fraud risk factors
four factors for the efficiency and effectiveness of analytical procedures
1. nature of the assertion being tested- most effective and efficient for assertions in which potential misstatements are not apparent from an examination of a detailed evidence or when such detail is unavailable. 2. plausibility and predictability of the data relationship- auditor must have a clear understanding of the relationships among data, based on predictable data, involve I/S rather than just B/S, involve transactions that are less subject to mgmt discretion 3. availability and reliability of data used to develop the expectation-data that is readily available and better if received from third parties/external rather than internal, effective internal controls 4. precision of the expectation-better if more precise
Contingent liabilities may arise from:
1. pending and threatening litigation 2. actual or possible claims and assessments 3. guarantees of the indebtedness of others 4. product warranties 5. income tax disputes
documentation requirements with regards to fraud
1. planning discussion 2. procedures performed 3. specfic identified risks 4. if the auditor has not identified improper revenue recognition as a fraud risk, support the conclusion 5. results of procedures 6. other conditions and analytical relationships 7. nature of communications
Auditor should perform these procedures with regards to contingent liabilities
1. review minutes 2. review correspondence and invoices from lawyers 3. review contracts, loan agreements, leases, and correspondence from taxing authorities 4. review bank confirms for hidden bank loans, discounted drafts, guarantee of notes etc 5. discuss LT purchase commitments w/ the purchasing agent 6. review the status of LT leases 7. discuss sales contracts w/ sales manager 8. review the interim F/S after YE 9. obtain a client representation letter 10. send an inquiry letter to the client's attorney
The auditor's ability to detect fraud depends on:
1. skillfulness of the perpetrator 2. the frequency and extent of manipulation 3. degree of collusion involved 4. relative size of the individual amounts manipulated 5. seniority of the individuals involved
Attributes of Risk
1. type of risk- financial reporting or misappropriation of assets 2. significance of risk 3. likelihood of the risk 4. pervasiveness of the risk- F/S as a whole or specific accounts/transcations
net profit margin
= net income/ net sales - indicates profit ratio and when used that the asset turnover ratio, indicates the rate of return on assets
return on assets (alternative version)
= net profit margin x total asset turnover = (net income/ net sales)x (net sales/ average total assets)
upper deviation rate formula
= sample deviation rate + allowance for sampling risk
Activity ratios
A/R turnover= net credit sales/ average net receivable -- indicates the receivables' quality and indicates the success of the firm in collecting outstanding receivables. faster turnover gives credibility to the current and acid- test ratios A/R turnover in days= average net receivables/ (net credit sales/365) -the ratio indicates the average number of days required to collect A/R inventory turnover= (COGS/Average inventory) --measures how quickly inventory is sold- an indicator of enterprise performance. the highest turnover, the better the performance Inventory turnover in days= average inventory/ (COGS/365) -- average number of days required to sell inventory operating cycle= AR turnover in days+ inventory turnover in days -- indicates the # of days b/w acquisition of inventory and realization of cash from selling the inventory working capital turnover= sales/ average working capital -- indicates how effective working capital is used total asset turnover= net sales/ average total assets -- an indicator of how the company makes effective use of its assets. a high ratio indicates effective asset use to generate sales A/P turnover= purchases/ average accounts payable -- number of times trade payables turn over during the year. low turnvoer indicates a delay in payment from a shortage in cash. purchases may be calculated based on the equaltion= Beg inv. + purchases- COGS= ending inv. days in accounts payable= average accounts payable/ (purchases/365) --indicates length of time trade payables are outstanding before they are paid
Audit Risk Model
Audit Risk = Risk of Material Misstatement X Detection risk AR= RMM x DM = IR x CR x DM DR = AR/(IR xCR) AR should be low RMM assessed by auditor DR controlled by auditor The risk that the auditor will issue the wrong opinion
identify the procedures used in an audit
C the FIVE CARROT WARS confirmations footing, cross-footing, and recalculation inquiry vouching examination/inspection cutoff review analytical procedures reperformance reconciliation observation tracing walk-through auditing related accounts simultaneously representation letter- should be obtained from management at the conclusion of the fieldwork subsequent events review
Assertions for transactions and events
COVER U Completeness- transactions, and events that should have been recorded, have been recorded CutOff- correct accounting period Valuation, allocation, accuracy- recorded appropriately existence and occurrence- occurred and pertain to the entity understandability and classification- recorded in the proper accounts Revenue- focus on existence because they tend to be overstated Expense transactions- focus on completeness because they tend to be understated
control risk
CR= the risk that a material misstatement will not be detected on a timely basis by the entity's internal control CR is high if -no effective controls, not operating effectively, or it would not be efficient to test the operating effectiveness of controls
Relevant assertions for Account Balances
CVER Completeness- all assets, liabs, and equity accounts that should have been recorded, have been recorded valuation, allocation, and accuracy- are recorded fairly and at appropriate amounts existence and occurrence- they exist rights and obligations- entity holds or controls the rights to assets and liabilities are obligations when auditing asset balances--> existence bc they are more likely to be overstated when auditing liability balances--> completeness bc they are more likely to be understated
Presentation and Disclosure
CVRU Completeness- have been included Valuation, allocation, accuracy- Financial info is disclosed failry and appropriate amounts Rights and obligation, and occurrence- have occurred and pertain to the entity understandability and classification- appropriately presented and described and disclosures are clearly expressed
Higher RMM, what happens to Detection risk and the amount of work?
High RMM= lower DR (more work)
inherent risk definition when IR is high, more or less chance of having a material misstatemetn
IR= error or omission in F/S not due to control occurs when transactions are of high volume, complex calculations, amounts derived from estimates, cash IR is high if the account is more likely to have a material misstatment
Inherent vs Control Risk
Inherent--> clients accounting system has error (prevent)- ex new accounting pronouncements Control--> client's internal control does not catch it--> think CONTROL both are client systems that the auditor assesses
Managements responsibility for detecting fraud
Mgmt is responsible for designing and implementing programs and controls to prevent, deter and detect fraud
NET and RMM
Nature- purpose (test of control v substantive procedure) and type ( inspection, observation, inquiry, confirmation, recalculation, reperformance, analytical procedure)- higher the RMM, the more reliable and relevant the audit evidence must be Extent- quantity to be performed, (such as number of observations), higher RMM, the greater the extent of audit procedures Timing- audit tests can be performed at interim date or at period end- higher the RMM, closer to the period end is when substantial procedures should be performed
Risk of Material Misstatement Formula
RMM= inherent risk x control risk 'exists independelty of the F/S audit
steps required in assessing audit risk during engagement planning are as follows:
Step 1: determine audit risk Step 2: assess inherent risk Step 3: Assess control risk Step 4: Determine detection risk on the assessed levels of inherent risk and control risk (inverse relationship between DR and RMM (= IR xCR)
selection of substantive procedures
Substantive analytical procedures- large volume, predictable transactions-- test of controls determined that controlers were operating effectively test of details- obtain evidence regarding existence and valuation of account balances-- controls are not operating effectively or were not tested
liquidity ratios
Working capital= current assets- current liabilities current ratio= current assets/ current liabilities acid-test ratio= (cash equivalents + marketable securities+ A/R)/ current liabilities Cash ratio= (Cash equivalents+ marketable securities)/ current liabilities
dual purpose testing
accomplishes both test of controls and test of details test of controls- evaluate the operating effectiveness of a control test of details- support relevant assertions or to detect material misstatements
Noncompliance
an act of omission or commission by an entity, whther intenational or unintentional which is contrary to prevailing laws and regulations can result in fines, litigation, or other consequences to the entity that may have a material effect on the F/S
attribute sampling and variable sampling
attribute sampling- is primarily used for testing internal controls, deals with test of controls, rate of occurrence variable sampling- used in substantive testing of account balances- numerical quantity, dollar value
Auditor's responsibility for detecting fraud
auditor has the responsibility to plan and perform the audit to obtain reasonable assurance about whether the F/S are free from material misstatement, whether caused by error or fraud. specficially assess the risk of material misstatement fraud risk assessment is an ongoing process and should be considered in every phase of the audit fraud can occur regardless of any past experience
cutoff review
auditor should perform on year-end transactions especially inventory, cash, purchases, sales and accruals
classic variable sampling and the three commonly used classical variables sampling plans
classic variable sampling- measures sampling risk by using the variation of the underlying characteristic of interest Mean-per-unit (MPU) estimation= average value x # accounts uses the average value of the items in the sample to estimate the true population value. estimate= average sample value x number of items in population ratio estimation= (audited value/ book value) X total value uses the ratio of the audited (correct) values of items to their book values to project the true population value. highly efficient technique when the calculated audit amounts are approximately proportional to the client's book amounts difference estimation= total valu - [((book value- audited value)/ sample) x # accounts] uses the average difference b/w the audited (correct) values and their book value to project the actual population value. used when the differences are not nearly proportional to book values.
stratified sampling
commonly used when population has high variable amounts - seperated into relatively homogenous groups - each sample is then treated as a different group
when to perform test of controls
controls= operating effectively substantive procedures alone are insufficient- entity makes extensive use of IT auditor can test the operating effectiveness of controls concurrently with obtaining an understanding of internal control
Footing, cross footing
footing- adding down cross footing- adding across
vouching
going from F/S back to supporting documents objective- gather evidence regarding possible overstatement errors- existence and occurence assertions
Accounting records includes:
initial entries and any supporting documents includes- checks, records of electronic fund transfers, invoices, contracts, ledgers, journal entries, worksheets analytical and substantive- retracing procedural steps, recalc, reconciliation
when an auditor has identified a significant related party transaction, they should:
inspect the contract and evaluate: 1. business rationale 2. terms 3. have been appropriately accounted for and disclosed obtain audit evidence that the transaction has been authorized and approved
what type of relationship is there between RMM and Detection risk
inverse relationship
Define liquidity ratios, activity ratios, profitability ratios, investor ratios, LT debt paying ability ratios (coverage ratios)
liquidity ratio- measures the firms ST ability to pay maturing obligations activity ratios- measures how effective an enterprise is using its assets profitabiltiy ratios- measure the financial performance of an enterprise for a given time period investor ratios- measures that are of interest to investors LT debt paying ability ratios (coverage ratios): measures of security for LT creditors/investors
corrobating evidence
minutes of meetings, confirmations, industry analysts' reports, data about competitors and info obtained through observation, inquiry, and inspection provides additional support and gives validity to the recorded accounting records
extent of test of controls
more extensively a control is tested, the greater the evidence obtained from that test - the frequency of the performance on the control during the period - length of time during which the auditor wishes to rely on the control - relevance and reliability of the evidence to be obtained - the extent to which other tests provide audit evidence about the same assertion - the extent to which other tests provide audit evidence about the same assertion - the extent to which the auditor wishes to rely on the operating effectivess of the control to reduce substantive procedures - the expected deviaiton rate from the control
return on total assets
net income/ average total assets
substantive approach
only substantive procedures occurs when control risk is assessed at maximum because - there are no effective controls - the implemented controls are assessed as ineffective - it would not be efficient to test the operating effectiveness of controls
Consider the results of analytical procedures
performed in planning the audit - look at unusual or unexpected relationships - required to look at revenue and identify any unusual relationships - procedures performed are usually at a high aggregated level and therefore only gives a broad indication regarding fraud risk
positive vs negative confirmation
positive- third party responds directly with the auditor by stating if they agree or disagree negative- third party only responds if they disagree
Related Parties
reporting entity's affiliates, principal owners, management, members of immediate families
significant risks
require special audit consideration uses professional judgment look at the nature of the risk, magnitude and likelihood of the potential misstatement only looks at inherent risk- does not take control risk into consideration significant risk = high inherent risk
sampling risk is test of controls
risk of assessing control risk too low- the risk that the assessed level of CR based on the sample is less than the true risk based on the actual operating efficiency of the control risk of assessing control risk to high- risk that the assess level of control risk based on the sample is greater than the true risk based on the actual operating effectiveness of the control
factors that may be indicative of signifcant risks include:
risk of fraud significant recent economic, accounting or other developments related parties and related party transactions improper revenue recognition nonroutine, unusual, or complex transactions accounting estimates or other subjective measurements of financial information noncompliance with laws and regulations accounting principles that are subject to different interpreations
Sampling risks in substantive testing
risk of incorrect acceptance- the risk that the sample supports the conclusion that the recorded account balance is not materially misstated when in fact it is materially misstated- sample results fail to identify an existing material misstatement risk of incorrect rejection- risk that the sample supports the conclusion that the recorded account balance is materially misstated when in fact it is not materially misstated- sample results mistakenly indicate a material misstatement
Detection risk
risk that the auditor will not detect a material misstatement that exists in a relevant assertion - some DR will always exist CPA controls NET (nature, extent, time) if test at interim- increase DR
assertion level risks
risks that relate to specific transactions, account balances, or disclosures
tracing
start with the source document and trace forward to provide assurance that the event was given proper recognition objective- gather evidence regarding a possible understatement error (completeness assertion)
Attribute sampling
statistical sampling used to estimate the rate (percentage) of occurrence (exception) of a specific characteristic (attribute) usually yes/no questions
statistical sampling vs nonstatistical sampling
statistical sampling- auditor specify the sampling risk they are willing to accept and then calc the sample size that provides the degree of reliability- results are evaluated quantitatively nonstatistical sampling- the sample size is not determined mathematically, auditors use their judgment in determining sample size and sample results are evaluated using auditor judgment
tests of controls may be required
substantive procedures alone may not be sufficient test of controls are required when - an entity conducts its business using IT, and no documentation of transactions is produced/maintained, other than through the IT system - audit assertions are related to routine day-to-day business transactions that permit highly automated processing with little or no manual intervention -audit evidence was obtained in electronic form
PPS Sampling and formula to find the sample size
technique in which the sampling unit is defined as an individual dollar in a population. once a dollar is selected, the entire account (containing the dollar) is audited. hybrid method because it uses attribute sampling theory to express a conclusion in dollar amounts rather than as a rate of occurrence advantages- emphasizes larger items by stratifying the sample, proportionate to its dollar amount sampling interval= tolerable misstatment/ reliability factor sample size= recorded amount of the population/ sampling interval
Under GAAP, when do contingent liabilities have to be accrued and disclosed?
they are probable and reasonable estimated
tolerable deviation rate vs deviation rate
tolerable deviation rate= tolerable misstatement= risks of material misstatements-- how many mistakes can we tolerate deviation rate= the sample is the auditor's best estimate of the deviation rate in the population from which it was selected, we are guessing on how many errors there are
Combined Approach
uses both tests of operating effectiveness of controls and substantive procedures usually if controls are operating effectively, less assurance will be required from substantive procedures