Audit Exam 2
___________: -> The cutoff test attempts to determine whether all revenue transactions and related accounts receivable are recorded in the proper period --> Test a few shipping documents just PRIOR to year-end --> Test a few shipping documents just after year-end
Cutoff
Data Validation Controls: ___________ Test: -> A check on a field to ensure that it contains either all numeric or all alphabetical characters
Field
________ Risks in Revenue Recognition: -> Side agreements -> Channel stuffing -> Related party transactions -> Bill and hold sales
Fraud
_____________ of the Revenue Process: -> Order entry -> Credit authorization -> Shipping -> Billing -> Cash receipts -> Accounts Receivable -> General Ledger
Functions
Controls in an IT Environment: _________ Controls: -> Relate to the overall info processing environment and have a pervasive effect on the entity's computer operations: ---> Data center and network operations ---> System software acquisition, change, and maintenance ---> Access security ---> Application system acquisition, development, and maintenance
General
________ __________: -> Proper accumulation, classification, and summarization of revenues, collections, and receivables in financial statement account
General Ledger
Controls in an IT Environment: What are the 2 Types?
General and Application
__________: When an auditor traces a transaction from each major class of transactions from origination through the entity's information system until it is reflected in the entity's financial reports.
Walkthroughs
Audit Procedures for Identifying Contingent Liabilities: -> Read minutes of meeting of the BOD, committees of the board, and stockholders -> Review contracts, loan agreements, leases, and correspondence from government agencies -> Review tax returns, IRS reports, and schedules supporting the entity's income tax liability -> Confirm or otherwise document guarantees and letters of credit -> Inspect other documents for ________ __________ or other similar arrangements
possible guarantees
_________: -> Issuance of sales invoices to customers for goods shipped or services provided; and, processing of billing adjustments for allowances, discounts, and returns
Billing
Type _____ Report: -> A report on Mgmt's description of a service org's systems and the suitability of the design of controls
1
The 2 types of decision errors due to sampling risk: -> Type _____ -> Type _____
1 2
Statistical Sampling Techniques: 1) _________ Sampling 2) _______-_______ Sampling 3) ________ ________ Sampling
1) Attribute 2) Monetary-Unit 3) Classical Variables
Types of Evidence/If audit sampling is commonly used: 1) Inspection of tangible assets/______ 2) Inspection of records or documents/ ________ 3) Reperformance/__________ 4) Recalculation/ ________ 5) Confirmation/ _________ 6) Analytical Procedures/ ___________ 7) Scanning/ ________ 8) Inquiry/ _________ 9) Observation/ __________
1) Yes 2) Yes 3) Yes 4) Yes 5) Yes 6) No 7) No 8) No 9) No
Circumstances that require explanatory language to be added to the Standard Unqualified/Unmodified Report: -> 1) The auditor performs an ____________ audit and issues separate reports on the company's financial statements and internal control over financial reporting -> 2) The auditor decides to refer to the report of ____-__-- auditors as the basis, in part, for the auditor's own report -> 3) Substantial doubt about the company's ability to continue as a _______ ______ -> 4) The financial statements are not ____________ (e.g. changes in the use of accounting principles between periods or corrections a material misstatement in previously issued financial statements) -> 5) Management is required to report on the company's internal controls over financial reporting but such report is not required to be audited, and the auditor has not been engaged to perform an audit of management's assessment of the _____________ of the company's internal control over financial reporting -> 6) Circumstances in which the auditor wishes to _____________ a matter
1) integrated 2) other 3) going concern 4) comparable 5) effectiveness 6) emphasize
An auditor may reduce control risk below high ONLY on the basis of a service auditor's Type ______ report
2
Type _____ Report: -> Goes further by providing assurance on the operating effectiveness of there service org's controls based on the auditor's tests of controls
2
Type 2 Decision Error: Risk of Incorrect ___________: -> Risk that the sample supports a conclusion that the control is operating effectively when, in fact, it IS NOT operating effectively (risk of overreliance or of assessing control risk TOO LOW and having an UNEFFECTIVE audit) -> In substantive testing, it is the risk that the sample supports the recorded balance when its is, in fact, materially misstated
Acceptance
_______ _________: -> Recording of all sales invoices, collections, and credit memoranda in individual customer accounts
Accounts Receivable
__________ Control Activities: -> Internal verification of amounts and calculations -> Monthly reconciliation of subsidiary records by an independent person
Accuracy
___________: -> Amounts and other data relating to recorded revenue and cash receipt transactions and events have been recorded appropriately and related disclosures have been appropriately measures and described
Accuracy
__________ of Statistical Sampling: 1) Design an efficient sample 2) Measure the sufficiency of evidence obtained 3) Quantify sampling risk
Advanatages
IFCR Report Types: ________: There is a material weakness
Adverse
__________: "because of the effects of the matters discussed in the following paragraph, the financial statements referred to above do not present fairly, in conformity with accounting principles generally accepted. . . "
Adverse
___________ ____________ __________ _________: -> The difference between the expected and tolerable deviation rate
Allowance for Sampling Risk
Controls in an IT Environment: _________ Controls: -> Apply to the processing of specific computer application and are part of the computer programs used in the accounting system: ---> Data capture controls ---> Data validation controls ---> Processing controls ---> Output controls ---> Error controls
Application
___________ about Classes of Transactions and Events, and Related Disclosures: -> Occurence -> Completeness -> Authorization -> Accuracy -> Cutoff -> Classification -> Presentation
Assertions
_________ Sampling: -> Used to estimate the proportion of a population that possesses a specified characteristic. The most common use of this is for TEST OF CONTROLS Ex.: -> The entity's controls require that all checks have 2 independent signatures -> The auditors plan a test of that control using attribute sampling
Attribute
________ __________: -> Used to estimate the proportion of a population that possesses a certain characteristic
Attribute Sampling
Letters of _________ ________: -> A letter of audit inquiry sent to the entity's attorneys is the primary means of obtaining or corroborating info about litigation, claims, and assessments. Possible types of litigation: ---> Breach of contract ---> Patent infringement ---> Product liability
Audit Inquiry
__________ Control Activities: -> General and specific authorization of transactions at important control points by approved authorizers
Authorization
____________: -> all revenue and cash receipt transactions and events have been properly authorized
Authorization
___________ and _______ ________: -> Sales where the customer agrees to purchase goods but the seller retains possession until the customer requests shipment. Lack of delivery generally indicates no sale
Bill and Hold Sales
Types of _______ _______: -> General cash account -> Imprest cash accounts -> Branch accounts
Bank Accounts
8 Elements for a Public Company: 1. Report Title 2. Addressee 3. The "opinion" section (including a reference to the opinion on the audit of internal control over financial reporting when that report is presented separately) 4. The "______ _______ ________" section 5. The "Critical Audit Matters" section 6. The name/signature of the audit firm 7. An indication of how long the auditor has served as the company's auditor 8. The audit report location and date
Basis for Opinion
__________ ________: -> Processing of the receipt of cash from customers
Cash Receipts
Cash and Cash Equivalents: -> "Cash" reported: in the financial statements represent currency on hand on deposit in bank accounts, including certificates of deposit, time deposits, and savings accounts -> "______ ________" are frequently combined with cash for presentation in the financial statements: --> Definition: Short-term highly liquid investments that are readily convertible to cash or so near their maturity that there is little risk of change in their value
Cash equivalents
__________ _________: -> Inducing distributors to buy substantially more inventory than they call promptly sell
Channel Stuffing
Data Validation Controls: ___________-__________ Verification: -> A numerical value computed to provide assurance that the original value was not altered
Check-Digit
Tests of Details - Investments: ____________ and Presentation: -> Debt needs to be properly classified as held-to-maturity, trading, and available-for-sale -> All trading securities should be classified as current assets -> Held-to-maturity securities and individual available-for-sale securities should be classified as current or non-current assets based on whether management expects to convert them to cash within 12 mo.
Classification
___________ Control Activities: -> Secure chart of accounts
Classification
___________: -> All revenue and cash receipt transactions and events have been recorded in the proper accounts
Classification
Data Validation Controls: ___________ __________ Verification: -> A process that takes data entered into the system to find and present other related info, thus enabling the user to verify the correctness of the original data entry
Closed Loop
_______________: -> Long-term contracts to purchase raw materials or sell their products at a fixed price -> To obtain a favorable or predictable pricing arrangement -> To secure the availability of raw materials -> Commitments can apply to various types of assets
Commitments
AR ________________: -> The auditor's primary concern is whether all AR have been included in the AR subsidiary ledger and general ledger AR account -> Reconciliation of the aged trial balance to the general ledger account should detect an omission of a receivable from either the subsidiary of general ledger
Completeness
__________ Control Activities : -> Prenumbered documents that are accounted for -> Segregation of duties -> Daily or monthly reconciliation of subsidiary records w independent review
Completeness
__________: -> All revenue and cash receipt transactions and events that should have been recorded have been recorded and all related disclosures that should have been included in the financial statements have been included
Completeness
____________ of AR: -> Audit evidence that is direct written repose from third parties about the account receivable balance -> Good source of evidence about the existence of the AR -> The process should be controlled by the auditor
Confirmation
__________ __________: Potential obligations to outside parties that arose from past events but for which the final resolution is uncertain, depending on the outcome of future events
Contingent Liability
________ ________: -> Actions established by policies and procedures to help ensure that management directives to mitigate risks to the achievement of objectives are carried out -> Performed at all levels of the entity and at various stages within business processes, and over the technology environment
Control Activities
________ _________: -> Appropriate approval of customer order for creditworthiness
Credit Authorization
New Changes: -> The Opinion section of the report is now presented first, followed by the Basis for Opinion section, which explains the rationale for the opinion -> The respective responsibilities of management and the auditor are more clearly described -> The requirement that the auditor be independent of the entity is explicitly stated -> The key features of an audit are more clearly laid out, including the fact that amounts and disclosures are examined "on a test basis," and that "the accounting principles used and significant estimates made by management" are evaluated by the auditor -> ________ ________ _______ that involve especially challenging, subjective, or complex auditor judgement are explicitly disclosed and described in a separate section of the report
Critical audit matters
_________: -> All revenue and cash receipt transactions and events have been recorded in the correct accounting period
Cutoff
__________ Control Activities: -> Procedures for checking prompt recording of transactions -> Internal review and verification
Cutoff
___________ Bank Statement: -> A cutoff bank statement normally covers the 7 to 20 day period after the date on which the bank account is reconciled -> For reconciliation purposes, any item should have cleared the entity's bank account during the 7 to 20 day period (sometimes longer)
Cutoff
Deficiencies in the ___________ of Controls: -> Inadequate design of internal control over a significant account -> Inadequate documentation of the components of internal control -> Inadequate segregation of duties within a significant account or process -> The absence of an internal process to report deficiencies
Design
________ ________ _______: -> The probability that the true but unknown measure of the characteristic of interest is within specified limits
Desired Confidence Level
__________ of Statistical Sampling: 1) Cost of training auditors in proper use 2) Cost to design and conduct sampling application 3) Lack of consistent application across audit teams
Disadvanatges
IFCR Report Types: ________: A serious (more than minor) scope limitation
Disclaimer
Scope Limitation: ______________: -> "We do not express an opinion on these financial statements"
Disclaimer
_________ Issues for Cash: 1) Accounting policy for defining cash and cash equivalents 2) Any restrictions on cash such as a sinking fund requirement for funds allocated by the entity's BOD for special purposes 3) Contractual obligations to maintain compensating balances 4) Cash balances restricted by foreign exchange controls 5) Letters of credit
Disclosure
Circumstances in which the auditor wishes to emphasize a matter: -> If the auditor wishes to draw special attention to a particular matter other than the ones discussed previously and the matter is properly presented or disclosed in the financial statements, the auditor may choose to include an __________ ____________ in the auditor's report Ex.: -> Significant transactions with related parties -> Important subsequent events -> Accounting matters that affect the comparability of the financial statements with those of the preceding period (other than those involving a change in accounting principles) -> Uncertainty relating to the future outcome of significant litigation or regulatory actions
EMPHASIS PARAGRAPH
Examples of ______-Level Controls: -> Controls within the control environment (e.g., tone at the top, assignment of authority and responsibility, consistent policies and procedures, and entity wide programs, such as codes of conduct and fraud prevention, that apply to all locations and business units) -> Controls over management override -> The entity's risk assessment process -> Centralized processing and controls, including shared service environments -> Controls to monitor results of operations -> Controls to monitor other controls, including activities of the internal audit function, the audit committee, and self-assessment programs -> Controls over period-end financial reporting process -> Policies that address significant business control risk management practices
Entity
Auditing Investments: -> ________ Securities: --> Common stock --> Preferred stock -> ________ Securities: --> Notes --> Bonds -> _________ Securities: --> Convertible Bonds --> Convertible Stocks
Equity Debt Hybrid
Data Validation Controls: _________ (Validity) Test: -> A test of an ID number or code by comparison to a file or table containing valid ID numbers or code
Existence
___________: Auditing Standards state that the auditor should perform one of the following procedures when gathering evidence for existence: --> Physical examination --> Confirmation with the issuer --> Confirmation with the custodian --> Confirmation of unsettled transactions with the broker-dealer --> Confirmation with the counter-party --> Reading executed partnership or similar agreements
Existence
Subsequent Discovery of _________ Existing at the Date of the Auditor's Report -> Notify the entity that the auditor's report must no longer be associated with the financial statements. -> Notify any regulatory agency that have jurisdiction over the entity that the auditor's report can no longer be relied upon. -> Notify each person known to the auditor to be relying on the financial statements.
Facts
_______ and ________:: -> Info is necessary for the entity to carry out internal control responsibilities in support of achievement of its objectives -> Communication occurs both internally and externally and provides the org w the information needed to carry out day-to-day internal control activities -> Communication enables personnel to understand internal control responsibilities and their importance to the achievement of objectives and allows for upward flow of operating info to mgmt
Information Communication
Reliance on Internal Controls: -> Assess control risk and identify specific controls that will be relied upon (identify "key controls") -> Perform tests of controls: ---> __________ of appropriate entity personnel (inquiry alone is insufficient) ---> ___________ of documents indicating the performance of the control ---> ____________ of the application of the control ---> ____________ of the application of the control by the auditor -> Conclude and document achieved level of control risk
Inquiry Inspection Observation Reperformance
_______ _______ Method: -> Assesses income statement errors based on the amount by which the income statement would be misstated if the accumulated amount of the errors that remain in the BS at the end of the period were corrected through the income statement during that period
Iron curtain
_________: -> Practice of covering a cash shortage resulting from theft by an employee -> The employee covers the cash shortage by transferring money from one bank account to another and recording transactions improperly on the entity's books -> Done by preparing a check on one account before year-end but not recording it as a cash disbursement in the account until the next period (paper checks are still commonly used, particularly by small businesses) -> The check is deposited and recorded as a cash receipt in a 2nd account before year-end -> The employee makes this deposit close enough to year-end that the check will not clear the first bank account before the end of the year
Kiting
Evaluating the Audit Findings: -> When the auditor has completed the planned substantive procedures, the likely misstatement (projected misstatement plus an allowance for sampling risk) for AR is determined -> Aggregate misstatement __________ THAN tolerable misstatement ---> Accept the account as fairly presented -> Aggregate misstatement __________ THAN tolerable misstatement: ---> Account is not fairly presented
LESS GREATER
Data Validation Controls: _________ Test: -> A test to ensure that a numerical value does not exceed some predetermined value
Limit
__________ ________: -> A deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected, on a timely basis
Material Weakness
________-_______ Sampling: -> Uses attribute sampling theory and techniques to estimate the dollar amount of misstatement for a class of transactions or an account balance -> Used extensively because it has a number of advantages over classical variables sampling
Monetary-Unit
___________ __________: -> Ongoing evaluations, separate evaluations, or some combo of the 2 are used to ascertain whether each of the 5 components of internal control, including control to affect the principles within each component, are present and functioning -> Findings are evaluated and deficiencies are communicated in a timely manner, w serious matters reported to senior mgmt and to the board -> Monitoring of controls is a process that assesses the quality of internal control performance over time
Monitoring Activities
Documenting the Understanding of Internal Control: -> Procedure manuals and organizational charts -> Flowcharts -> Internal control questionnaires -> _______ ________
Narrative description
Specific Audit Procedures Conducted _________ __________ of Audit: -> Inquire and discuss with mgmt about its policies and procedures for identifying, evaluating, and accounting for litigation, claims and assessments -> Obtain from management a description and evaluation of any relevant litigation, claims, or assessments, including matters the entity has referred to legal counsel -> Examine documents in the entity's records concerning litigation, claims, and assessments, including legal expenses and any correspondence and invoices from attorneys -> Obtain a written representation from management affirming that all relevant matters, including asserted claims and any unasserted claims that are probable of assertion, have been disclosed in accordance with FASB ASC 450
Near Completion
_________ (Judgmental) Sampling: -> Auditor does not use statistical techniques to determine either -> the sample size, OR -> the sample selection technique AND It does not statistically measure sampling risk when evaluating results
Nonstatistical
__________ __________: -> Relies on the auditor's judgement to determine sample size, select the sample, or evaluate results
Nonstatistical Sampling
__________ Control Activities: -> Segregation of duties -> Pre-numbered documents that are accounted for -> Daily or monthly reconciliation of subsidiary records with independent review
Occurence
___________: -> All revenue and cash receipt transactions and events that have been recorded or disclosed have occurred, and such transactions and events pertain to the entity
Occurence
Failures in the _________ of Internal Control: -> Failure in the operation of effectively designed controls over a significant account or process -> Failure of controls designed to safeguard assets from loss, damage, or misappropriation -> Failure to perform reconciliations of significant accounts
Operation
_________ ________: -> Acceptance of customer orders for goods and services into the system in accordance with management criteria
Order Entry
Limitations of Internal Control: -> Management __________ of Internal Control -> Human Errors or Mistakes -> Collusion
Override
Effect of Materiality: ____________: Pervasive effects on the financial statements are those that: 1) Are not confined to specific elements, accounts, or items of the financial statements; 2) If so confined, represent or could represent a substantial proportion of the financial statements, OR 3) With regard to disclosures, are fundamental to users' understanding of the financial statements
Pervasiveness
Type of Confirmation Request: -> ___________: Requests that customers indicate whether they agree with the amount due to the client. A response is expected whether the customer agrees or disagrees with the balance indicated -> ____________: Requests that the customer respond only when they disagree with the amount due to the client. Used when the client has many small account balances and the control risk is assessed as low
Positive Negative
Indicators of __________ __________ ________: -> Financial Conditions: ---> Recurring operating losses ---> Accumulated deficits ---> Negative net worth ---> Negative working capital/cash flow ---> Inability to meet interest payments -> Other Financial Difficulties: ---> Default on loans ---> Dividends in arrears ---> Restructuring of debt ---> Denial of trade credit by suppliers ---> Lack of additional sources of financing -> Internal Matters: ---> Work stoppages ---> Uneconomic long-term commitments ---> Dependence on the success of one particular project -> External Matters: ---> Legal proceedings ---> Loss of major customer or supplier ---> Loss of key franchise, license, or patent
Potential Financial Distress
____________ Control Activities: -> Internal review and verification
Presentation
_____________: -> All revenue and cash receipt transactions and events are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework
Presentation
Scope Limitation: ___________: "except for"
Qualified
Engagement ________ ________ Procedures -> Discussing with the audit team any significant matters related to the financial statements and internal controls, including the audit team's identification of material weaknesses and audit procedures to address significant risks. -> Evaluating judgments about materiality and the disposition of corrected and uncorrected identified misstatements. -> Reviewing the engagement team's evaluation of the firm's independence in relation to the engagement . -> Reviewing the related audit documentation to determine its sufficiency -> Reading the financial statements, management's report on internal control, and auditor's report. -> Confirming with the lead audit partner that there are no significant unresolved matters. -> Determining if appropriate consultations have taken place on difficult or contentious matters. -> Evaluating whether the auditor documentation supports the conclusions reached by the engagement team with respect to the matters reviewed. -> Assessing whether appropriate matters have been communicated to audit committee members, management, and other appropriate parties. -> Evaluating whether appropriate levels of supervision and reviews of individual audit tasks were completed adequately during the audit.
Quality Reviewer
Data Validation Controls: _________ Test: -> A check to ensure that the value in a field falls within an allowable range of values
Range
__________ used for comparative purposes include: 1) Receivables turnover and days outstanding in AR 2) Aging categories on aged trial balance of AR 3) Bad-debts expense as a percent of revenue 4) Allowance for uncollectible accounts as a percent of AR or credit sales 5) Large customer account balances compared to last period
Ratios
5 Step Approach to Revenue ___________: 1) Identify the contract(s) with a customer 2) Identify the performance obligations in the contract 3) Determine the transaction price 4) Allocate the transaction price to the performance obligations in the contract 5) Recognize revenue when the entity satisfies a performance obligation
Recognition
Type 1 Decision Error: Risk of Incorrect ___________: -> Risk that the sample supports conclusion that control is operating effectively, when IT IS operating effectively (risk of under-reliance, or risk of assessing control risk TOO HIGH and being INEFFICIENT)
Rejection
_______ _______ _______: -> Transactions that are not arms-length
Related Party Transactions
COSO's Internal Control Integrated Framework: -> A system of internal control is designed and carried out by an entity's BOD, mgmt and other personnel to provide reasonable assurance abt the achievement of the entity's objectives in the following categories: ----> ___________, timeliness, and transparency of internal and external Financial and Nonfinancial Reporting ----> Effectiveness and Efficiency of Operations ----> Compliance with Laws and Regulations
Reliability
Factors Affecting the ____________ of AR Confirmations: -> Type of confirmation request -> Prior experience with the client or similar engagements (response rate, accuracy of returned confirmations, misstatements identified) -> The intended respondent (competence, knowledge, ability, and objectivity)
Reliability
_________ Approach: -> Obtain understanding of internal control to develop a preliminary or "planned" assessment of control risk -> Plan to rely on internal control and assess control risk at a LOWER level -> From a practical standpoint, the level of control risk is normally set in terms of the assertion abt classes of transactions and events, and related disclosures, for the period under audit
Reliance
___________: -> The process of correcting a material weakness in the ICFR
Remediation
Indicators of Material Weaknesses: -> Identification of fraud, whether or not material, committed by senior management -> __________ of previously issued financial statements to reflect the correction of a material misstatement -> Identification by the auditor of a material misstatement of financial statements in the current period in circumstances that indicate that the misstatement would not have been detected by the entity's ICFR -> Ineffective oversight of the entity's external financial reporting and ICFR by the entity's audit committee
Restatement
3 Types of Transactions Typically Processed through the ___________ Process: -> Sales Transactions -> Cash receipts transactions -> Sales return and allowance transactions
Revenue
__________: Inflows or other enhancements of assets of an entity or settlements of its liabilities (or a combination of both) from delivery or producing goods, rendering services, or other activities that constitute the entity's major or central operations
Revenue
The 4 Inherent ______ _______ that may Affect the Revenue Process Are: 1) Industry-related factors 2) The complexity and contentiousness of revenue recognition issues 3) The difficulty of auditing transactions and account balances 4) Misstatements detected in prior audits
Risk Factors
Evaluation of current year misstatements is to be under both the: -> __________ approach, and -> Iron Curtain approach
Rollover
_________ Method: -> Assesses income statement errors based on the amount by which the income statement for the period is misstated - including the reversing effect of any prior period errors. Identified misstatements in the previous period that were not corrected need to be considered to determine any "carryover effects"
Rollover
Audit __________: The selection and evaluation of less than 100% of the items in a population of audit relevance selected in such a way that the auditor expects the sample to be representative of the population and thus likely to provide a reasonable basis for conclusions about the population
Sampling
_________ __________: -> All or a subset of the items that constitute the class of transactions
Sampling Population
_________ _________: -> The possibility that the sample drawn is not representative of the population
Sampling Risk
__________ ____________: The possibility that the sample drawn is not representative of the population and leads to an incorrect conclusion
Sampling Risk
Conditions for Departure from Unqualified/Unmodified Report: -> _________ ________: ---> Results from an inability to obtain sufficient appropriate evidence about some component of the financial statements ---> Issue a qualified opinion or a disclaimer -> ___________ from __________: ---> Results when financial statements are materially affected by a departure from GAAP ---> Issue a qualified opinion or adverse opinion -> ________ of ________ ________ ---> Issue disclaimer
Scope Limitation Departure from GAAP Lack of Auditor Independence
Data Validation Controls: _________ Check: -> A check to determine if input data are in proper numerical or alphabetical sequence
Sequence
____________: Shipping of goods that has been authorized
Shipping
____________ ____________: -> Arrangements used to alter the terms and conditions of recorded sales to entice customers to accept delivery of goods/services
Side Agreements
Data Validation Controls: ___________ Test: -> A check to ensure that the data in a field have the proper arithmetic sign
Sign
________ _________: -> A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance
Significant Deficiency
____________ Sampling: -> Uses the laws of probability to compute sample size, select the sample and evaluate the results. The auditor is able to use the most efficient sample size and quantify sampling risk.
Statistical
Types of _____________ Events: -> Type I Event -> Type II Event
Subsequent
__________ Approach: -> After obtaining an understanding of internal control, an auditor may choose to follow a substantive strategy and set control risk at HIGH for some or all assertions bc of one or all of the following factors ----> Controls do not pertain to an assertion ----> Controls are assessed as ineffective ----> Testing the effectiveness of controls is inefficient ----> Reporting on internal control is not required
Substantive
2 Approaches to Audit
Substantive Approach Reliance Approach
Control Environment: -> The set of standards, processes and structures that provides the basis for carrying out internal control across the organization -> The BOD and senior mgmt establish the ___ ____ ____ ____ regarding the importance of internal control and expected standards of conduct
TONE AT THE TOP
_________ ___________ ___________: The maximum deviation rate from a prescribed control that an auditor is willing to accept
Tolerable Deviation Rate
Types of Financial Statement Audit Reports: -> Unqualified/____________ -> Qualified ("except for") -> Adverse -> Disclaimer
Unmodified
IFCR Report Types: ________: ICFR is designed and operating effectively (no material weaknesses)
Unqualified
Alternative Procedures: When the auditor does not receive responses to positive confirmations, ____________ audit procedures are used. These alternative procedures include: 1) Examination of specific subsequent cash receipts 2) Examination of shipping documentation 3) Examination of other client documentation
alternative
Control Activities Principles: -> The org selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to __________ levels: ----> Performance Reviews, Physical Controls, Segregation of Duties, Info Processing Controls -> The org selects and develops general control activities over technology to support the achievement of objectives -> The org deploys control activities through policies that establish what is expected and procedures that put policies into action
acceptable
Management Responsibilities under Section 404: -> Requires mgmts of publicly traded companies to: ----> Issue a report that accepts responsibility for establishing and maintaining "___________" internal control over financial reporting (ICFR) and ----> Assert whether ICFR is effective as of the end of the fiscal year
adequate
Type I Event: -> Conditions existed at the BS date and affect estimates that are part of financial statements ---> Requires __________ of the financial statements
adjustment
AR Accuracy, Valuation, and Allocation: -> AR should be shown on the BS at net realizable value (gross amount less allowance for uncollectible accounts) -> The auditor must verify the adequacy of the allowance for uncollectible accounts -> The first step is to prepare an _______ _______ _______ and discuss results with the credit manager -> Next, a comparison with last year's results should be examined
aged trial balance
Risk Assessment (The Entity's Process): -> Risk assessment involves a dynamic and iterative process for identifying and analyzing risks to achieving the entity's objectives, thereby forming a basis for determining how risks should be managed -> Management considers possible changes in the external environment and within its own _______ _________ that may impede its ability to achieve its objectives
business model
Factors to Consider in Determining if an IT Specialist is Necessary: -> The ___________ of the entity's IT systems and controls and the manner in which they are used in conducting the entity's business -> The significance of changes made to existing systems, or the implementation of new systems -> The extent to which data are shared among systems -> The extent of the entity's participation in e-commerce -> The entity's use of emerging tech, such as blockchain, robotics, or AI -> The significance of audit evidence that is available only in electronic form
complexity
Evaluate financial statement presentation and disclosure: -> Auditor reviews the financial statements to ensure ____________ with GAAP, proper presentation of accounts, and inclusion of all necessary disclosures
compliance
Special Reports: Financial statements prepared on a _____________ basis of accounting other than GAAP: -> Regulatory basis -> Tax basis -> Cash (or modified cash) basis -> Contractual basis Specified elements, accounts, or items of a financial statement Compliance with aspects of contractual agreements or regulatory requirements related to audited financial statements
comprehensive
Final Evidential Evaluation Processes: -> Perform final analytical procedures: ---> The objective of conducting analytical procedures near the end of the engagement is to help the auditor assess the ___________ reached on the financial statement components and evaluate the overall financial statement _____________
conclusions presentation
3 Important Factors in Determining Sample Size: 1) The desired level of assurance in the results (or _______ ________) 2) Acceptable defect rate (or _____ _______), AND 3) The historical defect rate (or _______ _______)
confidence level tolerable error expected error
AR Existence and Rights and Obligations: -> Existence is one of the more important assertions for AR because the auditor wants assurance that this account balance is not overstated through the inclusion of fictitious customer accounts or amounts. ___________ is the major audit procedure used for testing this assertion -> The auditor must determine that all AR are owned by the entity. This is usually not a problem; however, in some cases, AR may be sold or factored with or without recourse
confirmation
Other Information in Documents Containing Audited Financial Statements: -> The auditor has no responsibility beyond the financial info contained in the report, and he or she has NO OBLIGATION to perform any audit procedures to corroborate the other info -> However, the auditor is required to read the other info and consider whether It is ____________ with the info contained in the audited financial statements
consistent
A _____ _______ is when it is REASONABLY POSSIBLE OR PROBABLE that the control will cause a misstatement that is not material or significant A _____ _______ is when it is REASONABLY POSSIBLE OR PROBABLE that the control will cause a misstatement that is not material but significant A _____ _______ is when it is REASONABLY POSSIBLE OR PROBABLE that the control will cause a misstatement that is material All are REASONABLY POSSIBLE OR PROBABLE
control deficiency significant deficiency material weakness
A ______ _______ is reported to management A _____ _______ is reported to the audit committee and to management A _____ ______ is reported externally, to the audit committee, and to management
control deficiency significant deficiency material weakness
Substantive analytical procedures have either limited or no use. This limited applicability of substantive analytical procedures is normally offset by: 1) Extensive tests of ____________ and/or substantive tests of transactions for cash receipts and disbursements, OR 2) Extensive tests of the entity's bank reconciliations
controls
Lack of Comparability: Can happen when there is a change in accounting principle or method of application, OR When there is a ___________ of a material misstatement in previously issued financial statements, OR -> A change from the INAPPROPRIATE use or application of accounting principles in prior years to an ACCEPTABLE accounting principle in the current year -> A change from an incorrect to a correct classification of transactions or balances on the financial statements -> An adjustment to account balances to correct a material error in previously issued financial statements
correction
Monitoring Activities Principles: -> The org selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning -> The org evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking ___________ action, including senior mgmt and the BOD, as appropriate
corrective
Kiting typically looks like: Recording the transfer to the receiving bank account in the _________ year and recording the transfer from the disbursing bank account in the _________ year, correct?
current following
Control Deficiency: -> When the _______ or ________ of a control does not allow management or employees, in the normal course of performing their assigned function, to prevent or detect and correct, misstatements on a timely basis
design operation
Type II Event: -> Conditions did not exist at the BS date and do not affect the accuracy of the financial statements ---> Requires ___________ and possibly pro forma financial statements
disclosure
Key Audit Matters (KAMs): -> Those matters that, in the auditor's professional judgement, were of most significance in the audit of the financial statements of the current period. The basics of communicating KAM 1. why the auditor judged a matter to be of most significance in the audit, 2. how that matter was addressed in the audit, AND 3. whether there is reference to any related financial statement ___________
disclosures
The auditor should also inquire about and examine, for this subsequent period, the following: -> Relevant internal audit reports issued during the subsequent period -> Regulatory agency reports on ICFR -> Info about the ____________ of ICFR obtained from other engagements
effectiveness
Auditing Revenue Related Accounts: -> The auditor's testing of control for revenue processing impacts the detection risk and therefore the level of substantive procedures -> Substantive analytical procedures are used to examine plausible relationships among revenue related accounts -> Tests of details focus on transactions, account balances, or disclosures: ---> Tests of details concentrate on the ________ __________ for accounts receivable and related accounts as well as related disclosures
ending balance
Testing All Items with a Particular Characteristic: -> When an account or class of transaction is made up of a _____ ______ ______, the auditor may examine all the items in the account or class of transaction -> When a small number of large transactions make up a relatively large recent of an account or class or transactions, auditors will typically test all the transactions _______ ________ a particular dollar amount
few large items GREATER THAN
2 Major Types of Material Misstatements: 1) Sales to ___________ customers 2) Recording revenue when goods have not been shipped or services have not been performed
fictitious
Usually, firms' nonstat guidelines seek to provide 2 benefits: 1) simplify the judgements required by field auditors - experts at firm HQ make _________ judgements 2) improve consistency in sampling applications within and across engagement teams
firmwide
To understand likely sources of potential misstatements, auditor must: -> Understand the. ________ of transactions related to the relevant assertions -> Identify the _______ within the entity's processes at which a misstatement could arise that would be material -> Identify the controls that management has ___________ to address these potential misstatements -> Identify the controls that management has implemented over the prevention or timely detection of ___________ acquisition, use, or disposition of the company's assets that could result in a material misstatement of the financial statements
flow points implemented unauthorized
Testing Only One or a Few Items: -> Automated info systems process transactions consistently unless the system or programs are changed -> The auditor may test the _______ _______ over the system and any program changes, but test only a few transactions processed by the IT system
general controls
Completing the Audit Engagement: The following areas are addressed by the auditor in connection with completing an audit: -> Contingent liabilities -> Commitments -> Subsequent events -> Going-concern considerations -> Evaluating misstatements -> Communications with those charged with __________ (audit committee) and management
governance
SELECTING THE SAMPLE ITEMS: Nonstatistical sampling allows the use of random or systematic selection, but also permits the use of other methods such as __________ sampling
haphazard
When ___________ sample selection is used, sampling units are selected without any conscious bias (no special reason for including or omitting items from the sample)
haphazard
The Role of Risk Assessment and the Risk of Fraud: -> The auditor should devote more attention to areas that have a _______ risk of material weakness -> A major part of risk assessment is assessing the ______ of fraud
high risk
Omitting Confirmations: -> AR balance is ____________ -> External confirmations would be ineffective (based on prior experience) -> The auditor's assessed level of risk of material misstatement at the relevant assertion level is low, and the other planned substantive procedures adress the assessed risk
immaterial
If there is a lack of comparability that DOES NOT involve _______________ in the use of accounting principles or correction of material misstatements in previously issued financial statements: Ex. Change in accounting estimate Ex. Reclassification from an acceptable classification to another THESE DO NOT REQUIRE AN EXPLANATORY PARAGRAPH IN THE AUDITOR'S REPORT They are disclosed in the NOTES to the financial statements
inconsistency
Archiving and Retention: Sarbanes-Oxley Act and PCAOB's Documentation Standard: -> Require audit firms to archive their public-company audit files for retention not more than 45 days after the report release date. -> Require audit firms to retain audit documentation for 7 years from the date of completion of the engagement, as indicated by the date of the auditor's report, except in cases in which a longer period of time is required by law. -> Require audit firms to retain all documents that "form the basis for the conclusion reached." -> Require audit firms to include in the audit file for significant matters any document created, sent, or received, including documents that are _____________ with a final conclusion. Significant changes in audit plans or conclusions must also be documented.
inconsistent
Control Environment Principles: -> (1) The organization demonstrates a commitment to integrity and ethical values -> (2) The BOD demonstrates ___________ from management and exercises oversight of the development and performance of internal control -> (3) Mgmt establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives -> (4) The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives -> (5) The org holds individuals accountable for their internal control responsibilities in the pursuit of objectives
independence
Auditor Responsibilities under Section 404 and Auditing Standard 5: -> The entity's independent auditor must audit and report on the effectiveness of ICFR. The auditor is required to conduct an ______ ________ of the entity's ICF and its financial statements
integrated audit
Auditors of public companies are responsible to report on any changes in ________ _________ that might adversely affect financial reporting between the end of the reporting period and the date of the auditor's report
internal control
The results of substantive procedures are considered in the evaluation of ______ ________
internal control
An integrated audit is composed of: -> The audits of ______ _______ and the ________ ________
internal controls financial statements
Control Risk Assessment - Investments: -> Some of the more important assertions for ____________: ---> Occurrence and authorization ---> Completeness ---> Accuracy and Classification
investments
Critical Audit Matters (CAMs): -> Any matters arising from the audit of the financial statements that are communicated, or required to be communicated, to the audit committee and that: 1. relate to accounts or disclosures that are material to the financial statements, AND 2. involved especially challenging, subjective, or complex auditor _________
judgement
Scaling the Audit: -> Size and complexity of the company, its business processes, and business units may affect the way in which the company achieves many of its control objectives -> The auditor should recognize that the concepts behind achieving effective internal control can be scaled for companies of different size and complexity consistent with the risk-based approach -> A small, _______-_______ entity might achieve its control objectives differently from a large, complex entity
less-complex
Dual Dating: -> When a subsequent event is recorded or disclosed in the financial statements after sufficient, appropriate audit evidence has been obtained but before the issuance of the financial statements, the auditor considers the following options for dating the auditor's report: 1) "Dual date" the report (original date of report plus date of subsequent event - _________ liability) 2) Change the date of the auditor's report to the date of the subsequent event - _________ liability
limits extends
Mgmt's Assessment Process: -> Mgmt must follow a top-down, risk-based approach: ---> 1) Identify financial reporting risks and related controls ---> 2) Consider which _________ to include in the evaluation ---> 3) Evaluate evidence about the operating effectiveness of ICFR
locations
Controls include procedure that: 1) Pertain to the ___________ of records that accurately and fairly reflect the transactions and dispositions of the assets of the company 2) Provide reasonable assurance that transactions are properly __________ and recorded in accordance with GAAP 3) Provide reasonable assurance regarding prevention or timely ___________ of unauthorized acquisition, use or disposition of the company's assets
maintenance authorized detection
The auditor uses risk assessment procedures to: ---> Obtain an understanding of the entity's internal control ---> Identify key controls ---> Recognize the types of potential ___________ ---> Design tests of controls and substantive procedures
misstatements
Auditor Documentation Requirements 1) The auditor's understanding and evaluation of the design of each of the components of ICFR 2) The process used to determine the points at which misstatements could occur within significant accounts and disclosures 3) The extent to which the auditor relied upon the work of others 4) The scope of testing 5) The evaluation of any deficiencies discovered or other findings which could result in a report __________
modification
Factors to consider when identifying controls to test: -> Points at which errors or fraud could occur -> The ________ of the controls implemented by mgmt -> The significance of each control in achieving the objectives of the control criteria and whether more than one control achieves a particular objective -> The risk that the controls might not be operating __________
nature effectively
Risk Assessment Principles: -> The org specifics __________ w sufficient clarity to enable the identification and assessment of risks relating to objectives -> The org identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed -> The org considers the potential for _______ in assessing risks to the achievement of objectives -> The org identifies and assesses changes that could significantly impact the system of internal control
objectives fraud
To ____________ cash flow, an entity implements procedures for: -> Accelerating the collection of cash receipts, AND -> Delaying the pmt of cash disbursements, to the extent delay is appropriate
optimize
Final Evidential Evaluation Processes: -> Obtain a management representation letter: ---> Auditing standards require that auditor obtain REPRESENTATION LETTER from management. The purpose of this letter is to document, in writing, significant ________ representations made to auditor by management
oral
Examples of Audit Procedures: -> Inquire of management -> Read minutes of meetings -> Read interim financial statements -> Inquire of legal counsel -> Examine the books of ______ ________ for the subsequent events period and look for unusual transactions or information
original entry
Tests of Details - Investments: Accuracy, Valuation, and Allocation: -> The auditor must also determine if there has been any "______ ______ ______" or permanent decline in the value of an investment security
other than temporary
Communicating Results of the Audit: -> Share the auditor's views about ___________ aspects of the entity's significant and critical accounting practices, including accounting policies, estimates, and financial statement disclosures, and communicate the auditor's conclusions about the quality of accounting policies and practices -> Discuss critical estimates and significant unusual transactions, and considerations relating to assessment of going concern -> Disclose disagreements with management, if any
qualitative
Auditing Fair Value Measurements: -> Obtain an understanding of how management makes the fair value measurements -> Consider whether specialized skills or knowledge are required -> Test the entity's fair value measurements -> Evaluate the _____________ of the fair value measurements
reasonableness
Control Risk - Cash: -> The reliability of the entity's controls over cash affects the nature and extent of the auditor's test of details: ---> Controls for cash receipts ---> Controls for cash disbursements -> A major control that directly affects the audit of cash is the completion of a monthly bank ____________ by entity personnel who are independent of the handling and recording of cash receipts and cash disbursements
reconciliation
Info and Communication Principles: -> The org obtains or generates and uses ________ quality info to support the functioning of internal control -> The org internally communicates info, including ___________ and responsibilities for internal control, necessary to support the functioning of internal control -> The org communicates w _________ parties regarding matters affecting the functioning of internal control
relevant objectives external
ICFR: -> A process designed to provide reasonable assurance regarding the _________ of financial reporting and the preparation of financial statements in accordance with GAAP.
reliability
Mgmt must comply with the following requirements in order for the external auditor to complete an audit of ICFR: -> Accept ___________ for effectiveness of the entity's ICFR -> Evaluate the __________ of the entity's ICFR using suitable control criteria -> Support the evaluation with sufficient __________, including documentation -> Present a written ___________ regarding the effectiveness of the entity's ICFR as of the end of the entity's most recent fiscal year
responsibility effectiveness evidence assessment
Planning the Audit of ICFR: -> The planning process is performed in conjunction with the audit of financial statements -> Consider the following: ---> Role of ______ ________ and the risk of fraud ---> Using the work of others ---> Scaling the audit
risk assessment
Internal Control - Management: -> Mgmt has the responsibility to design and maintain controls that provide reasonable assurance that: ---> The entity's assets and records are properly __________ ---> The info system generates reliable info for decision making ---> The auditor needs assurance about the reliability of the data generated by the info system
safeguarded
Auditing Accounting Applications Processed by Service Organizations: -> In some instances, an entity may have some or all of its acctg transactions processed by an outside service org -> Bc the entity's transactions are subjected to the controls of the service go, one of the auditor's concerns is the internal control system in place at the ________ org -> It is not uncommon for service orgs to have an auditor issue one of 2 types of reports on their operations: ---> TYPE 1 ---> TYPE 2
service
Use of Service Organizations: -> Management and the auditor should perform the following procedures with respect to the activities performed by the service org: 1) Obtain an understanding of the nature and _________ of the services provided by the service org and their effect on the user entity's internal control relevant to the audit, sufficient to identify and assess the risks of material misstatement; and 2) Design and perform audit procedures responsive to those risks 3) Use of Type.1 or Type 2 reports
significance
Assess the following risk factors in order to identify ____________ accounts and disclosures and their relevant assertions: -> Size and composition of the account -> Susceptibility to misstatement due to errors or fraud -> Volume of activity, complexity, and homogeneity of the individual transactions processed through the account or reflected in the disclosure -> Accounting and reporting complexities associated with the account or disclosure -> Exposure to losses in the account -> Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure -> Existence of related party transactions in the account -> Changes from the prior period in account or disclosure characteristics
significant
2 General Approaches to Audit Sampling: -> __________ sampling -> __________ sampling
statistical non statistical
The auditor's understanding of the internal control is a major factor in determining the overall audit ________.
strategy
Going Concern: There needs to be a going concern paragraph if there is ________ _________ about the entity's ability to continue as a going-concern
substantial doubt
Steps in the Auditor's Going Concern Evaluation: -> Independently evaluate whether the results of audit procedures performed during the planning, performance, and completion stages of the audit indicate whether there is _______ ________ about the entity's ability to continue as a going concern for a reasonable period of time (defined as one year from the issuance of the financial statements) -> If there is substantial doubt, obtain info about management's plans to mitigate the going concern problem and assess the likelihood that such plans will be successfully implemented -> Conclude, in light of management's plans, whether it is probable that the entity will be able to continue as going concern; if not, consider the adequacy of the entity's disclosures about its ability to continue and include an explanatory paragraph with an appropriate title in the auditor's report, immediately following the opinion paragraph -> Assess management's going concern evaluation and related disclosures
substantial doubt
Control testing impacts planned _______ procedures
substantive
Final Evaluation of Audit Results: -> Concerned primarily with 2 issues: ---> the ______________ of the audit evidence, AND ---> the effects of detected misstatements in the financial statements
sufficiency
For a public company, the standard unqualified report is issued when: -> the auditor has gathered ___________ appropriate evidence -> the audit has been performed in accordance with PCAOB standards, AND -> the financial statements conform to GAAP
sufficient
If a material weakness is corrected before the "as of" date: -> There must be sufficient _______ for both management and the auditor to test the operating effectiveness of the control (if not, neither management or the auditor can conclude that ICFR is effective)
time
Confirmation Procedures: -> The auditor should mail confirmation requests outside the entity's facilities -> A record should be maintained of the confirmations mailed and those returned -> A second request may be necessary in some cases -> For each exception received, the auditor should examine the reasons for the difference between the balance on the client's book and the balance indicated by the customer ---> In many cases, exceptions result from what are referred to as _______ ________. Such differences occur because of delays in recording transactions in either the client's or the customer's records
timing differences
Obtain an Understanding of Internal Control: -> The auditor should obtain an understanding of each of the 5 components of internal control in order to plan the audit. This knowledge is used to: ---> Identify ________ of potential misstatement ---> Pinpoint controls meant to ________ the risk of material misstatement ---> Design tests of controls (unless not necessary) and substantive procedures to reduce the risk of misstatement to an acceptably low level
types mitigate
The auditor has a responsibility to: -> Obtain an ____________ of internal control, AND -> Assess control risk
understanding
Controls that are critically important in terms of fraud deterrence and detection are controls . . . : -> Over significant, ________ transactions, particularly those that result in late or unusual JEs -> Over JEs and adjustments made in the period-end financial reporting process -> Over ________ party transactions -> Related to significant management ________ -> That mitigate __________ for, and pressures on, management to falsify or inappropriately manage financial results
unusual related estimates incentives
Factors that affect whether the control might not be operating effectively include: -> Whether there have been changes in the ________ or nature of transactions that might adversely affect control design or operating effectiveness -> Whether there have been changes in the __________of controls -> The degree to which the control _________ on the effectiveness of other controls -> Whether there have been changes in key _________ who perform the control or monitor its performance -> Whether the control relies on performance by an individual or is ___________; and -> The complexity of the control
volume design relies personnel automated
Control Risk Assessment: -> Understand the design of controls by performing __________ -> Document the revenue process based on a reliance strategy -> Plan and perform tests of controls on revenue transactions -----> The auditor systematically examines the entity's revenue process to identify relevant risks of material misstatement and controls that help to prevent, or detect and correct, those misstatements -> Set and document the control risk for the revenue process
walkthroughs
The auditor performs "___________" of the business processes to obtain an understanding of internal controls
walkthroughs
Obtain an independent review of the engagement: -> An engagement quality review for publicly traded companies and for privately held companies whose financial statements are expected to be ________ __________ -> Engagement quality reviewer is a partner who is associated with the details of the engagement and thus can provide an independent, objective review
widely distributed
Final Evidential Evaluation Process: -> Review __________ ________: ---> All audit work should be reviewed by an audit team member who is senior to person preparing the WORKING PAPERS
working papers