Audit Exam 2
what is audit risk?
-
what are some common fraud rationalizations ?
- "I'll pay the money back" - "nobody will get hurt" - "a successful image is important"
employee fraud :
- also called misappropriation of assets - usually involves some type of falsification - generally includes a cover up
what happens when an auditor receives an oral response to a confirmation?
- also need to get a written response - alternative audit procedures may be warranted
when are substantive procedures performed in the revenue cycle?
- always performed in the revenue cycle
materiality and significant accounts and disclosures
- an account or disclosure can be significant even though the balance is below materiality
if a control is missing or ineffective :
- auditors need to design substantive procedures related to control failure - the risk of material misstatement increases
access to accounts receivables records gives an individual what ?
- authorization - recording responsibility
what is the primary document used to test the cash balance in the financial statements ?
- bank reconciliation
when should an auditor define a significant difference when completing analytical procedures related to comparing expectations with recorded amounts
- before
what do general business sources include?
- business newspapers - specialized trade magazines and journals - registration statements and 10K filings
detection risk is .....
- calculated and derived from other risks - the amount of risk the auditor can allow
existence is riskier than completeness for what account?
- cash
difficulties in estimating the allowance for undoubtful accounts can be due to :
- change in customer base - revised credit policies - changing economic conditions
what does the audit team do with regards to internal control of a company ?
- communicates internal control issues to help management carry out internal control monitoring responsibilities - must communicate significant deficiencies and material weaknesses identified during the audit
effects of finding out a client is planning to acquire another company in terms of auditor
- component of understanding the nature of the company - results in additional risks for the auditor
what are good justifications for not using confirmations?
- confirmations would be ineffective - receivables are not material - other procedures provide sufficient, competent evidence
what is true regarding confirmations for AR?
- confirming a specific transaction is often more effective than confirming the account balance - confirmation returned as "undeliverable" are always a red flag
five basic of properly designed internal control system defined by COSO are
- control environment - risk assessment - control activities - monitoring - information and communication - work together (not independently of each other)
What does Sec 302 of SOX do?
- designed to ensure proper "tone at the top" - allows managers to make their own judgements about the necessity of specific controls - makes management responsible for monitoring, supervising, and maintaining control activities - makes managers responsible for establishing a control environment - requires management to assess the risks it wishes to control
what is the focus of AS 2201?
- determine whether a material weakness exists at the end of the year being reported on
what model did COSO develop to facilitate the assessment and mitigation of business risks a company faces?
- enterprise risk management
what is the result of a material weakness exists at the end of the year being reported on ?
- entity's internal control over financial reporting can't be considered effective
which documents should be matched before recording revenue?
- evidence of shipment - Customer invoice - customer sales order
what is part of the fraud risk assessment?
- examine journal entries and other adjustments, especially those made close to year end
what are business risks?
- factors, events, and conditions that can prevent the organization from achieving its objective
procedures related to internal control in an integrated audit performed under AS 2201 are _______ than those in a GAAS audit for a nonpublic entity ?
- far more extensive
what is employee fraud?
- fraudulent means to misappropriate funds or other property from one employer's definition
a code of conduct for employees .........
- helps send the right message from the top - is more likely to be supported if the board chairman follows it - must be supported by the control environment
obtaining an understanding of the information system relevant to financial reporting includes understanding
- how the information system captures events and conditions other than transactions significant to the financial statements - the nature of the underlying accounting records, information and accounts used to execute a transaction
facts about company's fraud prevention program
- in an electronic payment environment, lack of controls can lead to costly fraud - it is essential that management establish a strong control environment
what three things make up the fraud triangle?
- incentive/pressure - attitude/rationalization - opportunity
what are related parties?
- individuals or organizations that can influence or be influenced by the decisions of the company, possibly through family ties or investment relationships
an accounts significance is based on its _____ risk
- inherent
the risk of material misstatement is a combination of what types of risks?
- inherent and control risks
in a well-functioning internal control system, once the risk's to management's objectives have been identified, ______________________ are established to eliminate, mitigate, or compensate for the risks
- internal control activities
if preliminary findings indicate the possibility of fraud what should auditors do?
- involve fraud examination professionals
a proof of cash:
- is used to discover unrecorded cash transactions - is an effective procedure to verify cash transactions - reconciles the bank balance, bank reports of cash deposited and paid general ledger entries
the requirement of auditors to communicate significant deficiencies and material weaknesses in internal control that come to their attention during the performance of a PCAOB audit for which types of companies?
- issuers and non-issuers
two ways to classify employee fraud ?
- larceny/defalcation - embezzlement
section 302 of SOX requires ....
- makes management responsible for monitoring, supervising, and maintaining controls - allows managers to Make their own judgements about the necessity of specific controls - is designed to ensure the proper "tone at the top"
when developing an expectation for an account balance, auditors should
- may consider non-financial info - may use vertical and horizontal analysis - may consider third party info
what should auditors do when doing fraud risk assessment with revenue?
- must assume improper revenue recognition is a risk
a typical white collar criminal has :
- no arrest record - some type of religious affiliation - attended college - generally acting alone - socially conforming
what is an auditor's primary objective in related parties ?
- obtain evidence needed to determine if transactions with them have been properly accounted for and disclosed in the financial statements
the assessment of inherent risk needs to .....
- occur for each significant financial disclosure and account - to be evaluated without regards to internal controls
what is true about test of controls over cash?
- often support a reduction in control risk - most audit clients have strong controls over cash
typical ways companies cause F/S to be misstated through fraud or aggressive financial reporting
- omitting info from disclosures - overstating assets and understating liabilities
when gaining an understanding of internal control, assertions should be ....
- only be considered if they are relevant
control activities often take away the what for a fraudster to commit a fraud ?
- opportunity
what items must be included in the documentation in working papers during the risk assessment process?
- other conditions causing auditors to plan additional procedures - significant decisions during discussion - discussion with engagement personnel - specific risks identified and audit team responses - procedures to identify and assess risk - results of audit procedures, specifically procedures regarding management override
what is true regarding fraud?
- possibility of detection can be an effective fraud deterrent - control violation may be the audit team's first indication of fraud
what is inherent risk?
- probability that in absence of internal controls, material errors or frauds could enter the accounting system used to develop financial statements
what is control risk?
- probability that the client's internal control activities will fail to prevent or detect material misstatements provided they enter or would have enter the accounting system
what is not a basic activity in the revenue and collection cycle for a typical manufacturing company?
- purchasing raw materials
COSO internal control categories include _______ of financial reporting and _______ with applicable laws and regulations
- reliability - compliance
regarding the revenue process, management should ....
- review merchandise returns - continually review revenues and compare them to budgets and forecasts - scrutinize total write-offs of accounts receivable
what are some common monitoring controls?
- self-assessments by boards regarding the effectiveness of their oversight - periodic evaluation of controls by internal audit - supervisory review of controls - self-assessments by management regarding the tone they set - analysis of and follow up on items that might be indicative of a control failure - quality assurance review of the internal audit department
inherent risk components
- susceptibility of account to misstatement - not created by the auditors
what happens in the revenue cycle?
- tests of controls often support a reduction in control risk - it consists of routine transactions - there is always a presumptive risk of fraud
what factors relate to the susceptibility of accounts to misstatement or fraud?
- volume of transactions - size of account balance
fraudster behavior usually includes
- working too late - irritabilty - drinking too much - working standing up - inability to relax - defensiveness
what is detection risk?
The probability that the auditor's own procedures will fail to detect material misstatements provided that any have entered the accounting system
substantive procedures over cash will ....
always be performed
it is usually best to have an anonymous employee hotline responded to by who
an outside third-party agency
The risk that an unqualified opinion will be issued on financial statements that contain a material misstatement is the definition of ______ risk.
audit risk
detection risk is based on the level of ________ __________ and risk of material misstatement
audit risk
when a material misstatement is not prevented or detected by the client's internal controls or auditors substantive procedures __________ _________ has been manifested
audit risk
An entity's auditors, accountants and security personnel must be acquainted with the basics of fraud awareness ______.
because not all fraud schemes can be thwarted or detected
the auditor assesses inherent risk to determine where a material misstatement could enter the process ____________ the consideration of any internal controls
before
the form the carrier signs to verify goods are shipped is called what
bill of lading
All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as __ __, that can prevent the organization from achieving it objectives.
business risks
giving managers and employees the freedom to do business -
can mean giving them freedom that enables committing fraud
AS 2201 encourages the audit team to use the work of internal auditors but the audit team must evaluate their __________ and __________ and perform some tests of their work.
competence and objectivity
specific actions a client's management and employees take to help ensure management's directives are carried out are called
control activities
integrity, ethical values, and competence of the entity's people are all __________ factors
control environment
the foundation for all other components of internal control is the
control environment
verifying the dates on sales documents helps reduce the risk of misstatement related to the _______ assertion of revenue
cutoff
the assessment of inherent risk and control risk lead to a determination of _________ risk
detection
auditors can and do influence both the level of ....
detection risk only
Auditors must gain an understanding of internal controls that are in place to mitigate assessed fraud risk and, at a minimum,______.
document that understanding in the workpapers
most common motivation in business frauds is
economic benefits
COSO internal control categories include
effectiveness and efficiency of operations
misappropriation of assets is another word for
employee fraud
Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of ______ testing.
exception
using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of _________ testing
exception
AR confirmation is a substantive procedure designed to obtain evidence of the _________ and rights and obligations of customer's balances directly from the customer
existence
when customers are not willing or able to return confirmations, examining subsequent cash receipts, sales orders, invoices, and shipping documents, and correspondence files for past-due accounts are alternative procedures that may be performed in order to ensure what
existence
accounts receivable confirmation is a substantive procedure designed to obtain evidence of the ____________ of customers' balances directly from the customer
existence rights and obligations
true or false - the auditor is only required to communicate significant deficiencies and material weaknesses in internal control that come to their attention during the performance of a PCAOB audit for an issuer
false - both issuers and non-issuers
true or false: auditing standards recommend but generally do not require the use of confirmations for AR
false - confirmations are a required auditing procedure
True or False: for audits of internal control the audit team must understand and evaluate internal controls for the entire period
false - true for financial statement audits but internal control audits just done at end of year
the higher the assessment of control risk - the ______ the assessment of risk of material misstatement
higher
what can general business sources relate to?
industry or individual company
Audit risk is manifested when a material misstatement enters the financial reporting process, which is known as ______ risk.
inherent
for each relevant assertion identified by the auditor, professional standards require auditors to first gain an understanding of the __________ _______________ that have been designed to mitigate the risk of material misstatement
internal controls
after understanding and documenting internal control, an audit team should be able to
make a preliminary assessment of control risk
the reason for a person to take a fraudulent action that is to be unsharable with others is a ....
motive
Under SOX , an audit of the internal control system over financial reporting must is required and .....
must be integrated with the financial statement audit
the assessment of risk of material misstatement at the assertion level is completed to give the audit team a basis for planning the audit and determining the ________, _________, and _________ of further audit procedures to be conducted for the financial statement audit
nature, timing, and extent
renumbered documents are important in testing which two assertions?
occurrence and completeness
failure to count inventory on a regular basis provides what to commit fraud
opportunity
improper SOD provides _________ to commit fraud
opportunity
a strong entity-level control in the revenue process is .....
overall performance review by management
a description of the goods being shipped as well as the quantity shipped is found on the ________
packing slip
a method to discover unrecorded transactions in a four-column bank reconciliation is called what
proof of cash
"I am underpaid and due additional compensation" example of fraud .....
rationalization
according to auditing standards, revenue must be ____________ or ___________ and earned to be recognized
realized or realizable
COSO definition deals with what and what about internal control and achievement of objectives in 3 categories
reasonable assurance
the SOX act of 2002 _______ an anonymous employee hotline for reporting ethical problems
requires
sales must be realizable and earned in order to be recorded under the accounting standards related to what
revenue recognition
gaining an understanding of internal controls should start with identifying .....
significant accounts and disclosures and their relevant assertions
the most effective alternative procedure to confirmations to ensure existence is examining what
subsequent cash receipts
what is fraud?
the act of knowingly making material misrepresentations of fact with the intent of inducing someone to believe the falsehood and act on it and, thus, suffer a loss or damage
professional standards recognize that to make effective decisions, managers must have access to _______, _______, and _______ information
timely, relevant, and reliable
true or false: the bank reconciliation is an opportunity for management to monitor the SOD between cash receipts and disbursements
true
Knowing if a client is centralized or decentralized is a component of ______.
understanding the nature of the company
When the auditor evaluates the reasonableness of the allowance for doubtful accounts, ______ is a high risk assertion.
valuation