BUS 169, Ch4-6
Internally generated performance measures includes ___.
- Budgets -Variance analysis -subsidiary info & divisional, departmental, other performance reports - comparisons of an entity's performance with that of competitors.
The susceptibility of an assertion in an account or disclosure to a misstatement due to error or fraud that could be material is known as ___ risk.
- Inherent Risk
A management statement that the entity is making payments and has control of a leased asset is an example of the ___ assertion.
- Rights and obligation
Information processing controls:
- made up of two broad categories referred to as general and application controls
Performance Reviews:
- managers should periodically check the quality of subordinates' work
Segregation of duties:
- separating the custody of assets, authorization of transactions and recording of transaction
Under current auditing standards, management fall into categories of assertions about ___.
-Account balances and related disclosures at the period end -Classes of transactions and events and related disclosures for the period audit
Whether amounts and other data relating to recorded transactions and events have been recorded appropriately is addressed by the _______ assertions
-Accuracy
When management discloses the fair value of stock or bond investments, it is asserting which of the following?
-Accuracy -Valuation
The ___ and ___ assertion address whether financial information and other information is disclosed fairly and in appropriate amounts.
-Accuracy and valuation
Misstatements in the entity's records are corrected with ______ entries
-Adjusting
Which of the following statements are correct?
-An auditor may unknowingly rely on fraudulent audit evidence -Most fraudulent financial reporting involves management override of controls -Withholding evidence or misrepresenting information may conceal fraud.
Evaluations of financial info made through the study of plausible relationships among both financial and non financial data are referred to as ___ ___.
-Analytical procedures
Expressed or implied representations by management regarding the recognition, measurement, presentation and disclosure of information in the financial statements and related disclosures are referred to as _____
-Assertions
Items that may result in significant risks include __.
-Assertions identified with fraud risk factors. - Nonroutine or unsystematically processed transactions. -Significant accounting estimates and judgments. -Highly complex transactions. -Application of new accounting standards. -Revenue recognition -Industry specific issues.
If an auditor has determined that material misstatements were or may have been the result of fraud and is unable to determine if the effect is material, the auditor should____.
-Attempt to obtain audit evidence to determine whether, in fact, material fraud has occurred and, if so, its effect. -Consider the implications for other aspects of the audit. -Discuss the matter and the approach to further investigation with an appropriate level of management that is at least one level above those involved in committing the fraud and with senior management. -Suggest that the appropriate level of management consult with legal counsel.
The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated in known as ___ risk.
-Audit
Whenever the auditor finds evidence of fraud that causes a material misstatement of the financial statements, it should be reported directly to the ___.
-Audit committee
The ___ assertion relates to whether all transactions have been properly approved.
-Authorization
The audit team is required to hold discussions, referred to as ___ ___, about the entity's financial statements' susceptibility to fraud.
-Brainstorming sessions
Examining ______ _______ and their related accounts allow the auditor to gather evidence by understanding the processing of related transactions through the information system from their origin to their ultimate disposition in the accounting journals and ledgers
-Business processes
The purposes of the ___ Framework is to help management better control the organization and to provide boards of directors an added ability to oversee internal control.
-COSO
Risk Factors Relating to the Misappropriation of Assets. Opportunities:
-Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation (for example, large amounts of cash on hand or processed). -Inadequate internal control over assets may increase the susceptibility of misappropriation of those assets. For example, misappropriation of assets may exist because there is inadequate management oversight of employees responsible for assets (for example, inadequate supervision or monitoring of remote locations).
An example of the ______ assertion is that ordinary repairs to assets are charged to the repairs and maintenance expense account and not capitalized
-Classification
The risk of material misstatements is also referred to as ___ risk because it stems from decisions made by the entity.
-Client
This assertion addresses whether all assets, liabilities and equity interests that should have been included as ending balances on the financial statements have been included.
-Completeness
Whether all disclosures that should have been included in the financial statements have been included is the basis of the _____ assertion
-Completeness
Whether all transactions and events that occurred during the period have been recorded relates to the ____ assertion.
-Completeness
In deciding on the nature and extent of the understanding of internal control needed for the audit, the auditor should consider the entity's operations and systems __________
-Complexity -Sophistication
Controls that may be relevant to the audit when they have an impact on daya the auditor uses to apply audit procedures include ___ controls.
-Compliance -Operations
In order to set control risk below high level, the auditor must ___.
-Conclude on the achieved level of control risk -Perform test of the identified controls -identify specific controls that will be relied upon
The risk that a misstatement could occur in an assertion and would not be prevented, or detected and corrected, on a timely basis by the entity's internal control is known as ___ risk.
-Control
The tone of an organization is set tand the foundation for implementing the entity's system of internal control is established by the ___ ___.
-Control environment
The effectiveness of the audit procedures and how well the procedures are applied by the auditor determines the ___ risk.
-Detection
Risk Factors Relating to the Misappropriation of Assets. Attitudes/rationalizations:
-Disregard for the need for monitoring or reducing risks related to misappropriations of assets. -Disregard for internal control over misappropriation of assets by overriding existing controls or by failing to correct known internal control deficiencies. -Changes in behavior or lifestyle that may indicate assets have been misappropriated.
Example of misappropriation of assets include ___.
-Embezzling cash received. -Stealing physical assets and intellectual property. -Causing the entity to pay for goods or services not received. -Using an entity's assets for personal use.
Although some control can be exercised through the careful acceptance and continuance of clients, ___ risk cannot be directly controlled by the auditor.
-Engagement
Which of the following statements are correct?
-Entity personnel may be asked to explain unexpected differences. -During planning the auditor determines whether planned procedures need to be revised due to preliminary analytical procedures. -Unexpected differences may be addressed by reviewing the working papers for sufficient evidence.
Unintentional Misstatements of amounts or disclosures in financial statements are referred to as ____.
-Errors
A management statement that the inventory shown on the balance sheet was available for sale at the balance sheet date is an example of the ___ assertion.
-Existence
Factors that can impact the effectiveness of the board of directors or audit committee include ____________
-Experience and stature of members and independence from management. -Extent of involvement with and scrutiny of the entity's activities. -Information availability and willingness/ability to act on information. -Extent to which difficult questions are raised and pursued with management. -Nature and extent of interactions with internal and external auditors
T/F: Monitoring is an effective component of internal control, whether or not deficiencies are communicated to those with oversight responsibilities in a timely manner.
-False
The auditor's understanding of an entity's internal control over financial reporting are documented using diagrammatic representation known as a(n) ___.
-Flowcharts
Incentive, opportunity and rationalization are three conditions that are sometimes referred to as the ___ ___ triangle.
-Fraud Risk
The accuracy assertion is based on ___.
-GAAP
When both audit risk and the risk of material misstatement are low, detection risk will be ____.
-High
The extent of an entity's use of ____ can affect internal controls because this function affects the way transactions are initiated, authorizes, recorded, processed and reported.
-Information technology
This is an important audit procedure that is used extensively throughout the audit and is often complementary to performing other audit procedure.
-Inquiry
On most audit engagements, ___ makes up the bulk of the evidence gathered by the auditor.
-Inspection of records or documents
The entity's policy and procedures designed to provide reasonable assurance about the achievement of the entity's objective is labeled ___ ___.
-Internal Controls
When the entity's system of ___ ___ is considered effective, evidence generated by the accounting system is viewed as reliable.
-Internal controls
Duplicate copies of sales invoices and shipping remittances are examples of _________ documents Internal documents
-Internal documents
When documenting the quantity of evidence gathered through inspection of documents or confirmation of balances, the auditor should identify the _____
-Items tested
When an auditor considers management's selection of an accounting policy to be inappropriate, a(n) ___ misstatement arises.
-Judgmental
Auditing standards state that audit risk must be reduced to at least a ___ level
-Low
When audit risk is low and the risk of material misstatement is high, detection risk will be set at ___.
-Low
Interim tests of controls give auditors time to inform the ___ so that likely misstatements can be located and corrected before the rest of the audit is performed.
-Management
Responsibility for establishing mechanisms to communicate and hold individuals accountable for performance of internal control responsibilities across organization rests with __________
-Management -Board of directors
The ___ of the audit evidence refers to the form or type of information, which includes accounting records and other available information.
-Nature
The auditor should obtain info about the conduct of operations, joint ventures, planned acquisitions, and major subsidiaries as part of learning about the __.
-Nature of the entity
Looking at a process or procedure being performed by others is referred to as ________
-Observation
This is useful in helping auditors understand the entity's processes but is generally not considered very reliable.
-Observation
Which of the following types of evidence may be gathered during the application of risk assessment procedures, tests of controls or substantive.
-Observation -Inquiry -Scanning -Confirmation
The ___ assertion relates to whether all recorded transactions and events have happened and pertain to the entity.
-Occurrence
When management presents capitalized lease transactions on the balance sheet as leased assets, the related liabilities as long-term debt and the related footnote, it is asserting:
-Occurrence and Rights and Obligation
Designated lines of authority and responsibility are presented on an entity's ___ ___.
-Organizational chart
Designated lines of authority and responsibility are presented on an entity's ______ _______
-Organizational charts
If the auditor determines that internal controls are properly designed and implemented and the auditor intends to rely on those controls, the auditor will _________
-Perform tests of controls to obtain audit evidence that controls are operating effectively -Make an assessment of control risk based on the result of test of controls
Risk Factors Relating to the Misappropriation of Assets. Incentives/pressures:
-Personal financial obligations may create pressure for management or employees with access to cash or other assets susceptible to theft to misappropriate those assets. -Adverse relationships between the entity and employees with access to cash or other assets susceptible to theft may motivate those employees to misappropriate those assets.
The primary concern of ___ is simply whether the relationship used to test the assertion makes sense.
-Plausibility
A rule or guideline that calls for certain activities to take place in certain circumstances is knowns as a(n) ___
-Policy
The quality of an expectation is referred to as the ___ of the expectation.
-Precision
The reliability of analytical procedures is a function of the ___.
-Precision of the expectation and the rigor of the investigation -Plausibility and predictability of the relationship being tested -availability and reliability of the data used in the calculations
The function of audit documentation are to ___.
-Provide principle support that the audit was conducted in accordance with GAAS -Provide the basis for the review of the quality of work -Aid in the planning, performance, and supervision of the audit
Determining whether an explanation or error can explain the observed difference is called _____
-Quantification
Explanations for significant differences observed for substantive analytical procedures must be followed up and resolved through ____.
-Quantification -Corroboration -Evaluation
Checking the mathematical accuracy of documents or records is referred to as ___.
-Recalculation
To properly present info on the financial statements a(n) ___ entry that affects either the income statement or the balance sheet must be made.
-Reclassification
If an entity's response to identified risks is adequate, the risk of material misstatement may be ___.
-Reduced
The relationship of audit evidence to the assertion being tested is called the ___ of the evidence.
-Relevance
If the auditor relies on evidence that is unrelated to the assertion, an incorrect conclusion may be reached because the evidence used was not ______
-Relevant
When an auditor decides to follow a(n) _______ strategy, he or she has to understand the control activities that relate to assertions for which a lower level of control risk is expected
-Reliance
The independent execution by the auditor of procedures or controls that were originally performed by company personnel is called ___.
-Reperformance
Analytical procedures can be used by auditors to accomplish ______ procedures
-Risk assessment procedures -Substantive analytical procedures -Final analytical procedures
Which of the following statements are correct?
-Senior management may override an entity's internal control -Violations of internal control raise serious questions about management integrity
Assume an entity has 2,500 customer. If the audit mails confirmation to 25 of the largest customers and only 20 respond the auditor must ___.
-Still gather sufficient evidence on each of the 25 accounts
Which are correct?
-The auditor should understand the control procedures used by the entity to provide financial statement assurance -Understanding the information system requires knowing how IT is involved data processing
Which of the following statements are correct?
-The auditor should understand the control procedures used by the entity to provide financial statement assurance -Understanding the information system requires knowing how IT is involved in data processing.
When a substantive analytical procedure is used as the principal substantive procedure for significant financial statement assertion, the auditor should document ___.
-The expectation and how it was developed. -Results of the comparison of the expectation to the recorded amounts or ratios developed from recorded amounts. -Any additional auditing procedures performed in response to any significant differences identified.
The reliability of evidence obtained through external confirmations may be affected by the _______
-The form of the confirmation. -Prior experience with the entity. -The nature of the information being confirmed. -The intended respondent.
The auditor decide to follow a substantive strategy for some or all assertions because __________
-The implemented controls do not pertain to the assertion the auditor is considering. -The implemented controls are assessed as ineffective. -Testing the operating effectiveness of the controls would be inefficient.
To obtain info about an entity and its environment, auditor may make inquiries of ___.
-Those charged with governance (e.g., board of directors or audit committee). -Internal audit function. -Employees involved in initiating, authorizing, processing, or recording complex or unusual transactions. -In-house legal counsel. -Production, marketing, sales, and other personnel.
First selecting a source document and then following it into the journal or ledger is referred to as ___.
-Tracing
The controls that are of most direct relevance to a financial statement are those that contribute to financial statement ___.
-Transparency -Timeliness -Reliability
(T/F) Although the auditor owns the audit documents, they cannot be shown to outside parties without the entity's consent, except under certain circumstances.
-True
T/F: An entity's mix of manual and automated controls varies with the nature and complexity of the entity's use of IT.
-True
Substantive procedures:
-Used to detect material misstatements at the relevant assertion level.
Risk Assessment Procedures:
-Used to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and relevant assertion levels
Test of controls:
-Used to test the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the relevant assertion level.
Assertions about ______ or ________ address whether assets, liabilities and equity interests included in the financial statements are at appropriate amounts and any resulting adjustments are appropriately recorded
-Valuation; allocation
Which of the following statements are correct?
-Violations of internal control raise serious questions about management integrity -Senior management may override an entity's internal controls
Selecting an item for testing from the accounting journals or ledgers and then examining the underlying source document is referred to as ______
-Vouching
After planned tests of controls have been completed, the auditor should reach a conclusion on the ___ level of control risk.
-achieved
If the auditor assesses the ___ level of audit risk as being less than or equal to the ___ level of audit risk, an unqualified report can be issued.
-achieved -planned
The measure of the quality of audit evidence is referred to as ___.
-appropriateness
Auditors assess the risk of material misstatement at the ___ level.
-assertion
Consideration of audit risk at the account balance and disclosure levels is known by the term ___.
-assertion
The use of the audit risk model ___.
-assists the auditor in determining the scope of audit procedures -Involves considerable auditor judgement
People that significantly influence the control consciousness of the entity and must take their fiduciary responsibilities seriously and actively oversee the entity's accounting and reporting policies and procedures include the ___.
-board of directors -audit committee
To understand the nature of the entity, auditors should obtain info about the entity's: ___.
-business operations -investments and investment activities -financing and financing activities -financial reporting
Threats from sign. Events that could adversely affect an entity's ability to achieve its objectives and execute its strategies are ___ ____.
-business risk
Whether transaction and events have been recorded in the proper accounts is the concern of the ___ assertion.
-classification
The assertion related to these address whether financial information is appropriately presented and described, and disclosures are clearly expressed.
-classification and understandability
Within an entity, there's always a risk of fraud of ____ between individuals will destroy the effectiveness of segregation of duties.
-collusion
Which of the following areas require documentation related to the auditor's risk assessment and response?
-communication about error and fraud made to management and others -Discussion among the engagement team -Evaluation of management's response to identified risk
When management asserts that material disclosures have been omitted from the footnotes and other disclosures accompanying the financial statements, it is making an assertion about:
-completeness
Audit evidence obtained by the auditor as a direct written response to the auditor from a third party in paper form or by electronic or other medium is called a(n) ___.
-confirmation
If the results of audit tests indicate a significant risk of fraud, the auditor should ___.
-consider withdrawing from the engagement and communicating the reasons for withdrawal to the audit committee or others with equivalent authority and responsibility.
Assignment of authority and responsibility for operating activities and the establishment of reporting relationships and authorization hierarchies are part of the ___ environment principle.
-control
Examination of supporting evidence, inquiries of independent persons and evaluating evidence obtained from other auditing procedure are all common ___ procedures.
-corroborating
An audit examines shipping documents to ensure that no prior period sales have been recorded in the current year to test the ___ assertion.
-cutoff
The auditor can manipulate ___ risk by changing the scope of the auditor's test procedures.
-detection
An effective accounting system establishes methods and records that will ___.
-determine the proper time period in which transactions occurred -identify and record all valid transaction -describe transactions in sufficient detail to permit proper classification
Knowledge of the information system is important to understand the related accounting records when they are ___.
-electronic or manual
Audit documentation should ____.
-enable a knowledgeable reviewer to determine who performed the work -demonstrate how the audit complied with appropriate standards -show that standards of fieldwork have been followed
Possible causes of significant differences are ____.
-errors -accounting changes -fraud -economic conditions
Documents originating within the entity but circulated to independent sources outside the entity and documents generated outside the entity are referred to as ___ documents.
-external
How management identifies risks relevant to the preparation of financial statements, estimates their significance, assesses the likelihood of their occurrence and decides on how to manage them is most directly relevant to the ___.
-external auditor
Misstatements about which there is no doubt are called ___ misstatements.
-factual
(T/F) Inspecting tangible assets provides significant assurance for the rights and obligations assertion.
-false
Controls over network operations are included as part of ____ controls which relate to the overall information processing environment.
-general
if an auditor judges an entity's inherent risk and control risk to be ____, the auditor would accept a ____ level of detection risk in order to achieve the planned level of audit risk
-high -lower
An effective accounting system establishes methods and records that will ___.
-identify and record all valid transactions -determine the proper time period in which transactions occurred -present transaction and disclosures in a manner than ensures profitability for the entity -describe transaction in sufficient detail to permit proper classification
Audit documentation is the property of the ___.
-independent auditor
Which of these are generally low-reliability types of evidence because they require further corroboration by the auditor?
-inquiry, observation,
Counting cash on hand and examining inventory are examples of ___ of tangible assets.
-inspection
The approach to taking and monitoring business risks and attitudes and actions toward financial reporting are characteristics that may signal important information to the auditor about management's ___ and ___ values.
-integrity and ethical
There is a(n) ___ relationship between the sufficiency and appropriateness of audit evidence.
-inverse
If the auditor determines that internal controls are properly designed and implemented and the auditor intends to rely on those controls, the auditor will ___.
-make an assessment of control risk based on the result of tests of controls -perform tests of controls to obtain audit evidence that controls are operating effectively
The competence level for a particular job should be specified and translated into a job description that details the specific knowledge and skills required. This task should be done by ___.
-management
Who has the responsibility to design and maintain a system of internal control that provides reasonable assurance that assets and records are properly safeguarded, and that the entity's information system generates that is reliable for decision making?
-management
The operating effectiveness of the control can be affected by whether the control is performed ___ or is ___.
-manually or is automated
Assessing the quality of internal control performance over time is the intention of ___ of controls.
-monitoring
The heading of all audit documentation should include the _____
-name of the entity, -the title of the working paper, and -the entity's year-end date
Audit evidence is subject to human error which is referred to as ___ risk.
-nonsampling
A direct relationship exists between ___ which reflect what an entity is trying to achieve, ___ which represent what the entity needs to do to achieve them, and the ___ of the entity.
-objectives, components, structure
To obtain an understanding of an entity's internal controls auditors may use ___.
-observation of entity activities and operations - inquiry of appropriate personnel -inspection of entity documents and reports
The auditor should ____.
-obtain an understanding of how the audit committee exercises its oversight activities, including direct inquiry of audit committee members. -The auditor also should inquire of the internal audit function about its assessment of the risk of fraud, including whether management has satisfactorily responded to internal audit findings during the year. -The auditor should consider inquiries from others within the entity and third parties (e.g., vendors, customers, or regulators). It can be uncomfortable to inquire about potentially fraudulent activities; however, it is much more uncomfortable to fail to detect a material fraud.
Tests of controls directed toward ___ ___ are concerned with assessing how the control was applied, the consistency with which it was applied during the audit period and by whom it was applied.
-operating effectiveness
How authority and responsibilities are delegated and monitored and the framework within which the entity's activities for achieving entity wide objectives are planned, executed, controlled and reviewed are defined by the entity's ___ ___.
-organizational structure
An auditor makes inquiries of an entity's customers and discovers the customers received large quantities of unordered products just before year-end. This is an indicator of ___.
-overstated revenues
Financial statements level risks are ___ risks in that they apply to multiple components of the financial statements.
-pervasive
Which of the following communicate policies and procedures to the entity's personnel?
-policy manuals -accounting manuals -memoranda manuals
An auditor uses the misstatements identified in an audit sample to estimate the misstatements in the entire population. This is an example of a ___ misstatement.
-projected
An effective internal control system provides ___ assurance that the risk of not achieving an entity objective is reduced to an acceptable level.
-reasonable
Information that is capable of making a difference in user decisions has the characteristic of ___.
-relevance
Evidence is considered appropriate when it provides information that is both ___ and ___.
-relevant and reliable
The ability to develop precise expectations is influenced by the _____ of the available data
-reliability
The independence of the source of the evidence, the effectiveness of internal controls and the auditor's direct personal knowledge all affect the ___ of data for developing expectations.
-reliability
Whether a particular type of evidence can be depended upon signal the true state of an assertion is referred to as the __ of evidence.
-reliability
When the auditor intends to depend on the entity's controls, a(n) ___ strategy is chosen.
-reliance
Setting an audit strategy ___.
-requires a detailed understanding of the entity's internal controls
Searching for large and unusual items in the accounting records and reviewing transactions for errors are examples of ___.
-scanning
Allowing the individual who opens mail and receives cash payments to have access to the accounts receivable subsidiary ledger is a violation of the ___ ___ ___ principle.
-segregation of duties
If auditor determines that internal controls are not properly designated or not implemented the auditor will ___.
-set the level of control risk at high -use substantive procedures to reduce the risk of material misstatement to an acceptable level
In deciding on the nature and extent of the understanding of internal control needed for the audit, the auditor should consider the entity's operations and systems ___.
-sophistication -complexity
The risk that material misstatements are present in financial statements may be increased by conducting ___ procedures only at an interim date.
-substantive
When an auditor decides to follow a(n) ___ strategy, little work is done on understanding specific control activities.
-substantive
When the auditor has decided not to rely on the entity's controls and instead use procedures as the main source of evidence about the assertions in the financial statements, the auditor will choose a(n) ___ audit strategy.
-substantive
If management chooses not to eliminate an identified material misstatement, appropriate audit opinions include _____.
-the auditor should issue a qualified/modified or adverse opinion.
The 2nd step in the analytical procedures decision process is to define a ___ difference.
-tolerable
If the uncorrected total misstatements do not cause the financial statements to be materially misstated, the auditor should issue an ____ opinion.
-unqualified
Assertion about ___ or ___ address whether assets, liabilities and equity interests included in the financial statements are at appropriate amounts and any resulting adjustments are appropriately recorded.
-valuation or allocation
Factors that affect the reliability of evidence include ___.
-whether it is obtained internally or externally -the format of the evidence -the effectiveness of the entity's internal controls
Three conditions are generally present when material misstatements due to fraud occur:
1. Management or other employees have an incentive or are under pressure that provides a reason to commit fraud. 2. Circumstances exist that provide an opportunity for a fraud to be carried out. 3. Those involved are able to rationalize committing a fraudulent act. Some individuals possess an attitude, character, or set of ethical values that allow them to knowingly and intentionally commit a dishonest act.
Identify the three steps involved in the auditor's use of the audit risk module at the assertion level.
1. Setting a planned level of audit risk. 2. Assessing the risk of material misstatement. 3. Solving the audit risk equation for the appropriate level of detection risk.
Three steps are involved in the auditor's use of the audit risk model at the assertion level:
1. Setting a planned level of audit risk. 2. Assessing the risk of material misstatement. 3. Solving the audit risk equation for the appropriate level of detection risk.
The Sarbanes-Oxley Act and the PCAOB standards require that audit documentation be retained for _______ years from the date of completion of the engagement
7
Checks, invoices, contracts, ledgers, worksheets and spreadsheets are all part of auditing evidence referred to as ____ ______
Accounting records
After planned tests of controls have been completed, the auditor should reach a conclusion on the ________ level control risk
Achieved
The process of evaluating the effectiveness of an entity's internal control in preventing, or detecting and correcting, material misstatements in the financial statements is called __________ control risk
Assessing
The document that outlines the auditor's understanding of the entity and potential risks as well as the strategy to be followed by the auditor is called the ___ ___.
Audit Plan
If properly designed, _______ controls should operate more consistently and are not typically subject to human errors or mistakes in its application
Automated
The purpose of the ________ Framework is to help management better control the organization and to provide boards of directors an added ability to oversee internal control
COSO
Perhaps the most commonly used analytical procedure is _____
Comparison of Current Year Financial Information with Comparable Prior Period(s) after Consideration of Known Changes
Assignment of authority and responsibility for operating activities and the establishment of reporting relationships and authorization hierarchies are part of the _______ environment principle
Control
The policies and procedures that help ensure that management's directives are carried out and implemented to address risks identified in the risk assessment process are _____________ activities
Control
_____ risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
Detection
Monitoring is done to:
Determine if internal control components are present and functioning
Inbound receipt of relevant information and providing internal control related information to parties outside the organization in response to requirements and expectation is enabled by ____________ communication
External
Large public companies are required to engage a(n) ____________ auditor to express an opinion as to the effectiveness of their systems of internal control over financial reporting
External
How management identifies risks relevant to the preparation of financial statements, estimates their significance, assesses the likelihood of their occurrence and decides on how to manage them is most directly relevant to the ________
External auditors
T/F: The auditor is required to obtain corroborative evidence for planned analytical procedures
False
The auditor's understanding of an entity's internal control over financial reporting are documented using diagrammatic represented known as a(n) ___________
Flowchart
Controls over network operations are included as part of ____________ controls which relate to the overall information processing environment
General
In many entities, this produces much of the knowledge used in monitoring:
Information systems
The extent of an entity's use of _________ can affect internal controls because this function affects the way transactions are initiated, authorized, recorded, processed, and reported
Information technology
The susceptibility of an assertion in an account or disclosure to a misstatement due to error or fraud that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls ______.
Inherent risk
Seeking information or knowledgeable persons within the entity or outside the entity is the basis of ______
Inquiry
Observation and inspection audit procedures include ___.
Inspection of documents, records, and internal control manuals. Reading reports prepared by management, the audit committee or those charged with governance, and the internal audit function. Visits to the entity's premises and plant facilities. Tracing transactions through the information system relevant to financial reporting, which may be performed as part of a walkthrough.
Information processing controls:
Made up two broad categories referred to as general and application controls
Interim tests of controls give auditors time to inform the _______ so that likely misstatements can be located and corrected before the rest of audit is performed
Management
The competence level for a particular job should be specified and translated into a job description that details the specific knowledge and skills required. This task should be done by ________
Management
Who has the responsibility to design and maintain a system of internal control that provides reasonable assurance that assets and records are properly safeguarded, and that the entity's information system generates information that is reliable for decision making
Management
Assessing the quality of internal control performance over time is the intention of ___________ of controls
Monitoring
If an entity's accounting system has control weaknesses that result in a high level of assessed control risk, substantive procedures will probably _________
Not be conducted at interim dates
These assertions address whether disclosed events, transactions, and other matters have happened and pertain to the entity
Occurrence and rights and obligation
Authorization requirements for access to computer programs and periodic counting and comparison with amounts shown on control records are examples of __________________
Physical controls
Which of the following communicate policies and procedures to the entity's personnel
Policy manuals, accounting and reporting manuals, and memoranda
A policy might call for two people to sign all checks over a certain dollar amount and the ________ is the action of having two people sign a check
Procedure
Information that is capable of making a difference in user decisions has the characteristic of _________________
Relevance
Consideration of possible changes in the internal or external environment because changes can introduce or change risks to the entity's objectives are part of the ________ identification process
Risk
The auditor's exercise of professional judgement to review accounting data to identify significant or unusual items to test is referred to as ________
Scanning
Ensuring that asset custody, transaction authorization and transaction recording are all assigned to different people is the basis for the control principle ____________ _____________ ______________
Segregation of duties
In order to provide evidence to support the lower level of control risk when using a reliance strategy, the auditor performs ________ ___________ __________
Test of controls
When reliance strategy is chosen, ________
Tests of controls are used to assess the achieved level of control risk
T/F An entity's risk assessment process should consider the possibility of events that threaten the achievement of objectives T/F An entity's risk assessment process should consider the possibility of events that threaten the achievement of objectives
True
Substantive procedures:
Used to detect material misstatements at the relevant assertion level. Substantive procedures include tests of details and substantive analytical procedures.
Risk assessment procedures:
Used to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and relevant assertion levels.
Tests of controls:
Used to test the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the relevant assertion level.
Standards require extensive ___ of the auditor's risk assessment procedures (including fraud risk assessment) and audit responses to identified risks.
documentation
The primary distinction between ____ is whether the misstatement was intentional or unintentional.
errors and fraud
the risk of material misstatement refers to misstatements caused by ____ or ___.
errors or fraud
Identify the fraud risk factors that organizations must consider in assessing risks to the achievement of objectives
incentives, pressures, opportunities, rationalize or justify
Active and qualified board of directors and independent audit committee members
internal control
A ___ ___ for detection risk implies that the auditor will conduct a more careful or thorough investigation of this account than if the assessment of detection risk were high.
low assessment
____ addresses business risks by implementing a risk assessment process
management
Performance review:
managers should periodically check the quality of subordinates' work
Physical Controls:
periodic counting and comparison with amounts shown on control records
Physical control :
periodic counting and comparison with amounts shown on control records
Authorization requirements for access to computer programs and periodic counting and comparison with amounts shown on control records are example of ___________
physical controls
Brainstorming: Emphasize the importance of maintaining ____ throughout the audit regarding the potential for material misstatement due to fraud
professional skepticism
Due to the subjectivity involved in judging the audit risk model's components, many public accounting firms find it more appropriate to use ___ ___, rather than percentages, in the model.
qualitative terms
The greater the incentive or pressure, the more likely an individual will be able to ____.
rationalize the acceptability of committing fraud.
The entity's audit committee should assume an active role in oversight of the assessment of the ___ __ ___.
risk of fraud.
Segregation of duties:
separating the custody of assets, authorization of transactions and recording of transactions
The last step in the decision process is performing _______ procedures
substantive
Risk factors relating to opportunities to report fraudulently include
— Assets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate. — Significant related party transactions. — There is a complex or unstable organizational structure.
Attitudes/rationalizations that may suggest misappropriation of assets include
— Disregard for the need for monitoring or reducing risks related to misappropriations of assets. — Disregard for internal control over misappropriation of assets by overriding existing controls or by failing to correct known internal control deficiencies. — Changes in behavior or lifestyle that may indicate assets have been misappropriated.
Risk factors relating to incentives/pressures to report fraudulent include ___.
— High degree of competition or market saturation, accompanied by declining margins. — Profitability expectations of external parties — Need to obtain additional debt or equity financing to stay competitive.
