Chapter 18 Audit

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

An audit of internal control over financial reporting ordinarily assesses internal control: (1) As of the last day of the fiscal period. (2) As of the last day of the auditor's fieldwork. (3) For the entire fiscal period. (4) For the entire period plus the period of the auditor's fieldwork.

(1) An audit of internal control over financial reporting ordinarily assess internal control at an "as of date"—ordinarily the last day of the fiscal period

In an integrated audit, which of the following must be communicated by management to the audit committee? Known Material Weakness Known Significant Deficiencies (1)Yes Yes (2)Yes No (3)No Yes (4)No No

(1) Management must communicate both material weaknesses and significant deficiencies to the audit committee.

Which of the following is most likely to be considered a material weakness in internal control? (1) Ineffective oversight of financial reporting by the audit committee. (2) Restatement of previously issued financial statements due to a change in accounting principles. (3) Inadequate controls over nonroutine transactions. (4) Weaknesses in risk assessment.

(1) PCAOB AS 2201 includes ineffective oversight of financial reporting by the audit committee as an indicator of a material weakness in internal control.

In an integrated audit, which of the following must the auditors communicate to the audit committee? Known Material Weakness Known Significant Deficiencies (1)Yes Yes (2)Yes No (3)No Yes (4)No No

(1) PCAOB AS 2201 requires that the auditors to communicate both material weaknesses and significant deficiencies to the audit committee.

Recall that the relevant assertions about accounts and classes of transactions are:

(1) existence or occurrence; (2) completeness; (3) valuation or allocation; (4) rights and obligations; and/or (5) presentation and disclosure.

Which of the following is defined as a weakness in internal control that allows a reasonable possibility of a misstatement that is material? (1) Control deficiency. (2) Material weakness. (3) Reportable condition. (4) Significant deficiency.

(2) A material weakness involves a reasonable possibility of a material misstatement.

In an integrated audit, which of the following lead(s) to an adverse opinion on internal control? Known Material Weakness Known Significant Deficiencies (1)Yes Yes (2)Yes No (3)No Yes (4)No No

(2) An audit report on internal control is modified for material weaknesses, not significant deficiencies.

Management's documentation of internal control ordinarily should include information on: Controls Designed to Prevent Fraud Controls Designed to Ensure Employee Personal Integrity (1)Yes Yes (2)Yes No (3)No Yes (4)No No

(2) Management's documentation must include information on controls designed to prevent fraud, but not on controls designed to ensure employee personal integrity

The auditors identified a material weakness in internal control in August. The client was informed and the client corrected the material weakness prior to year-end (December 31); the auditors concluded that management eliminated the material weakness prior to year-end. The appropriate audit report on internal control is: (1) Adverse. (2) Qualified. (3) Unqualified. (4) Unqualified with explanatory language relating to the material weakness.

(3) An unqualified opinion with no explanatory language is appropriate when the material weakness has been eliminated (remediated) prior to the "as of date," year-end.

Which of the following is not a typical question asked during a walk-through? (1) Have you ever been asked to override the process or controls? (2) What do you do when you find an error? (3) What is the largest fraudulent transaction you ever processed? (4) What kind of errors have you found?

(3) Auditors will not ordinarily ask what was the largest fraudulent transaction an individual ever processed. The other three replies are recommended questions.

A material weakness is a control deficiency (or combination of control deficiencies) that results in a reasonable possibility that a misstatement of at least what amount will not be prevented or detected? (1) Any amount greater than zero. (2) A greater amount than zero, but an amount that is at least inconsequential. (3) A greater amount than inconsequential. (4) A material amount.

(4) A material weakness involves a material amount.

A procedure that involves tracing a transaction from origination through the company's information systems until it is reflected in the company's financial report is referred to as a(n): (1) Analytical analysis. (2) Substantive test. (3) Test of a control. (4) Walk-through.

(4) A walk-through involves tracing a transaction from origination through a company's information systems until it is reflected in the financial reporting system.

Extent (Test of Operating Effectiveness)

-Depend on frequency of control

Nature (Test of Operating Effectiveness)

-Inquiries, inspections, observations, and reperformance -Vary the tests when possible (make them unpredictable)

Tests of controls

-Same for internal control audit and financial statement audit -Evidence from internal control audit can be used for financial statement audit

Timing (Test of Operating Effectiveness)

-Sufficient period of time -Periodic controls - may have to wait to after report date

Management assessment must understand concepts of

-control deficiency -significant deficiency -material weakness

Findings from substantive procedures may affect audit of internal control:

1. Could provide evidence of effectiveness or ineffectiveness of internal control over financial reporting Example: Identification of material misstatement in financial statements is indicative of at least a significant deficiency in internal control

Communicate to audit committee

1. Material weaknesses 2. Significant deficiencies and that all other deficiencies have been communicated to management

Tests of Operating Effectiveness

1. Nature 2. Timing 3. Extent

Objective of Management's Evaluation of Internal Control

1. Provide a reasonable basis for its annual assessment 2. Process -Evaluate design effectiveness of controls -Evaluate operating effectiveness of internal control -Document the process -Issue the report

Transactions are classified as:

1. Routine transactions 2. Nonroutine transactions 3. Accounting estimates

The following information must be included in management's report on internal control over financial reporting:

1. State that it is management's responsibility to establish and maintain adequate internal control. 2. Identify management's framework for evaluating internal control. 3. Include management's assessment of the effectiveness of the company's internal control over financial reporting as of the end of the most recent fiscal period, including a statement as to whether internal control over financial reporting is effective. 4. Include a statement that the company's auditors have issued a report on management's assessment.

Form an opinion, evaluate:

1. The results of their evaluation of the design 2. The results of tests of the operating effectiveness of controls 3. Negative results of substantive procedures performed during the financial statement audit 4. Any identified control deficiencies.

Integrated audit requires tests of controls for all major account and relevant assertions:

1. Will lead to decreased scope of substantive procedures 2. Significant deficiencies or material weaknesses could lead to more substantive procedures 3. Not acceptable to omit substantive procedures completely

Auditors must first test

1. design effectiveness 2. test operating effectiveness -tests of operating effectiveness will not ordinarily be performed when the design is ineffective.

Management's Responsibility

1.Accept responsibility for effectiveness 2.Evaluate the effectiveness using suitable criteria 3.Support the evaluation with sufficient evidence 4.Provide a report on internal control

Management's four overall responsibilities relating to internal control over financial reporting:

1.Accept responsibility for the effectiveness of internal control. 2.Evaluate the effectiveness of internal control using suitable control criteria. 3.Support the evaluation with sufficient evidence. 4.Provide a report on internal control.

Although any number of inquiries may be made, inquiries such as the following are suggested:

1.Can you describe the part of the processing of the transaction with which you are involved? 2.What do you do when you find an error? 3.What kind of errors have you found? 4.What happened as a result of finding the errors, and how were the errors resolved? 5.Have you ever been asked to override the process or controls? If yes, why did it occur and what happened?

Efficient planning requires coordination with financial statement audit, consider matters such as:

1.Client's industry 2.Regulatory matters 3.Client's business 4.Recent changes in the client's operations

Components of Internal Control (CRIME)

1.Control Activities 2.Risk Assessment 3.Information System 4.Monitoring 5.Control Environment

Auditors of large public companies should report on:

1.Financial statements 2.Internal control over financial reporting

Transactions that are indicators of material weaknesses in internal control:

1.Identification of fraud, whether or not material, on the part of senior management 2.Restatement of previously issued financial statements to reflect the correction of a material misstatement. 3.Identification by the auditor of a material misstatement in circumstances that indicate that the misstatement would not have been detected by the company' internal control. 4.Ineffective oversight of the company's external financial reporting and internal control by the company's audit committee.

Levels of severity of control deficiencies

1.Less than a significant deficiency 2.Significant deficiency - less severe than material weakness yet important enough to merit attention 3.Material weakness - reasonable possibility that a material misstatement will not be prevented or detected

Antifraud programs include effective:

1.Management accountability. 2.Audit committee. 3.Code of conduct/ethics. 4."Whistleblower program." 5.Hiring and promotion procedures. 6.Remediation of significant deficiencies, material weaknesses, and fraud.

Reporting on Whether a Previously Reported Material Weakness Continues to Exist:

1.Management believes material weakness has been eliminated 2.Auditor engaged to report on whether material weakness continues to exist 3.Engagement focused on evidence regarding material weakness

Factors that should be considered in deciding whether an account is significant include its:

1.Size and composition. 2.Susceptibility of loss due to errors or fraud. 3.Volume of activity, complexity and homogeneity of individual transactions. 4.Nature of the account. 5.Accounting and reporting complexity. 6.Exposure to losses. 7.Likelihood of significant contingent liabilities 8.Existence of related party transactions. 9.Changes from the prior period.

Factors of a significant account

1.Size and composition. 2.Susceptibility of loss due to errors or fraud. 3.Volume of activity, complexity, and homogeneity of individual transactions. 4.Nature of the account. 5.Accounting and reporting complexity. 6.Exposure to losses. 7.Possibility of significant contingent liabilities. 8.Existence of related party transactions. 9.Changes from the prior period.

Management's Report on Internal Control includes:

1.State that it is management's responsibility to establish and maintain adequate internal control. 2.Identify management's framework for evaluating internal control 3.Include management's assessment of the effectiveness of the company's internal control over financial reporting as of the end of the most recent fiscal period, including a statement as to whether internal control over financial reporting is effective. 4.If, applicable, include a statement that the company's auditors have issued an attestation report on management's assessment.

Once the auditors understand entity-control controls and the flow of transactions, the auditors are in a position to:

1.Verify points within the company's processes at which a misstatement could arise that could be material 2.Identify the controls management has implemented to address these potential misstatements 3.Identify the controls management has implemented to prevent or detect on a timely basis unauthorized acquisition, use, or disposition of the company's assets that could result in a material misstatement

Walk-through provides evidence to:

1.Verify that the auditors have identified points at which a significant risk of misstatement to a relevant assertion exists. 2.Verify their understanding of the design of controls, including those related to the prevention or detection of fraud. 3.Evaluate the effectiveness of the design of controls. 4.Confirm whether controls have been placed in operation (implemented).

Walkthroughs provide the auditors with evidence to:

1.Verify that they have identified points at which a significant risk of misstatement to a relevant assertion exists. 2.Verify their understanding of the design of controls, including those related to the prevention or detection of fraud. 3.Evaluate the effectiveness of the design of controls. 4.Confirm whether controls have been place in operation (implemented).

Which of the following need not be included in management's report on internal control under Section 404(a) of the Sarbanes-Oxley Act of 2002? (1) A statement that the company's auditors have issued an audit report on management's assertion. (2) An identification of the framework used for evaluating internal control. (3) Management's assessment of the effectiveness of internal control. (4) Management's acknowledgment of its responsibility to establish and maintain internal control that detects all significant deficiencies.

4) Management's report on internal control under Section 404a of the Sarbanes-Oxley Act of 2002 need not state that it has a responsibility to establish and maintain internal control that detects ALL significant deficiencies.

Circumstance: Managements Report on Internal Control is Incomplete or Improperly Presented. The report does not acknowledge a material weakness identified by the auditor Auditors Opinion?

Adverse

Circumstance: Material Weakness Exists Auditors Opinion?

Adverse

Frequency of Testing, number of items to test

Annual: 1 Quarterly: 2 Monthly: 3-6 Weekly: 10-20 Daily: 20-40 Multiple times per day: 30-60

A weakness in the design or operation of a control that does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis

Control deficiency

Differences between small and large clients

Degree of complexity of operations

Circumstance: Scope Restriction Auditors Opinion?

Disclaimer of Withdraw from Engagement

Communicate to board of directors

If conclude oversight of financial reporting and internal control is ineffective

Those transaction flows that have a meaningful bearing on the totals accumulated in the company's significant accounts and, therefore, have a meaningful bearing on relevant assertions

Major classes of transactions

A control deficiency, or a combination of control deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis

Material weakness

Difference between material weaknesses and significant deficiencies

Material weaknesses result in adverse internal control audit reports, while significant deficiencies do not.

Does existence of significant deficiency result in required modification of managements assessment and auditors report?

No

Differences between audits

Objectives are different

Does existence of control deficiency result in required modification of managements assessment and auditors report?

Only if it is a material weakness

The primary section of the Sarbanes-Oxley Act dealing with management and auditor reporting on internal control over financial reporting

Section 404

An account for which there is a reasonable possibility that it could contain misstatements that individually, or when aggregated with others, could have a material effect on the financial statements

Significant account

Integrated audit

Testing should be spread through the year to satisfy both objectives

Difference between audit of internal control and audit of financial statements

Time period

Walk-through

Tracing a transaction from its origination through the company's information system until it is reflected in the company's financial reports

Circumstance: Material Weakness Existed during Year, Auditors do not have sufficient time to test new system Auditors Opinion?

Treat as scope restriction

Circumstance: Material Weakness Existed during Year, Auditors test the new system and material weakness eliminated Auditors Opinion?

Unqualified

Circumstance: Managements Report on Internal Control is Incomplete or Improperly Presented. Other Issues. Auditors Opinion?

Unqualified (but with an explanatory paragraph)

Tracing a transaction from origination through the company's information systems until it is reflected in the company's financial reports

Walk-through

Does existence of material weakness result in required modification of managements assessment and auditors report?

Yes

A significant deficiency is

a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.

A material weakness is

a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis

Management assessment evaluation must use an

accepted "control framework" such as Internal Control-Integrated Framework created by COSO

Accounting estimates are

activities involving management's judgments or assumptions Examples: determining the allowance for doubtful accounts, estimating warranty reserves, and assessing assets for impairment

Section 404a requires

an internal control report prepared by management in which management acknowledges its responsibility for establishing and maintaining adequate internal control and an assessment of internal control effective as of the end of the most recent fiscal year.

Audit of internal control happens

as of date

The objectives of tests of controls for financial statement audits is to

assist the auditors in planning the audit and to assess control risk. To assess control risk at less than the maximum, the auditors are required to obtain evidence that the relevant controls operated effectively during the entire period upon which the auditors plan to place reliance on those controls.

Whether the auditors must perform tests at each location depends upon the individual importance of each location. Tests need only be performed

at locations (or business units) that, individually or when aggregated, could create a material misstatement of the financial statements.

Top-Down Approach starts

at the top

Both significant deficiencies and material weaknesses must

be communicated to the audit committee

The auditors may also issue a

combined report on control over financial reporting and the financial statements. -The reports include the components of both of the separate reports.

Management can be assisted by

consultants but not by the CPA firm that conducts the audit of financial statements

Communicate in writing to management all

control deficiencies regardless of severity

hen the auditors are engaged to report on whether a previously reported material weakness continues to exist, they plan and perform an engagement that focuses on

controls that are relevant to the particular weakness. If they determine that the controls are now effective, the auditors may issue an unqualified report indicating that the material weakness no longer exists.

Compensating controls are ordinarily controls performed to

detect, rather than prevent, a misstatement from occurring

Estimation transactions (sometimes referred to as nonsystematic transactions) are activities involving management's judgments or assumptions, such as

determining the allowance for doubtful accounts, establishing warranty reserves, and assessing assets for impairment.

The opinion paragraph concludes

directly on internal control.

A management imposed scope limitation is most likely to result in a

disclaimer of opinion on the company's internal control over financial reporting, or possibly withdrawal from the engagement.

walk-throughs are not required

during an audit of internal control over financial reporting. They may be performed by the auditors or by the client personnel under proper supervision of the auditors.

Audit of financial statements happens during the

entire financial statement period

Top-Down Approach goal

focus on testing those controls that are most important to auditor's conclusion on internal control, avoiding those that are less important

Routine transactions are

for recurring activities Examples: sales, purchases, cash receipts and disbursements, and payroll.

although a material weakness exists related to internal control, the financial statements may still follow

generally accepted accounting principles and an unqualified audit report may be appropriate.

In evaluating the design effectiveness of the company's internal control, the auditors ask themselves

if the controls are operating effectively, are internal controls effective?

Management assessment must understand definition of

internal control adopted by the SEC

When reporting on internal control over financial reporting, the opinion is on whether

internal control is effective "as of" a particular date, ordinarily the last day of the client's fiscal year. This is in contrast to reporting on the effectiveness of internal control over the entire year.

The evidence for an Auditors Objective

is gathered for an opinion as of the date specified in management's assessment - normally the last day of the company's fiscal year

Relevant assertions are those that have

meaningful bearing on whether account is presented fairly

An account is significant if there is

more than a remote likelihood that it could contain misstatements that individually, or when aggregated with others, could have a material effect on the financial statements.

In evaluating design effectiveness, the auditors often consider the

nature of the transactions making up the account.

Redundant controls do not

need to test if duplicate control is tested

The objective of tests of controls in an audit of internal control is to

obtain evidence about the effectiveness of controls to support the auditors' opinion on whether management's assessment of the effectiveness of internal control is fairly stated as of a point in time and taken as a whole.

Nonroutine transactions occur

only periodically; they generally are not part of the routine flow of transactions Examples: transactions such as counting and pricing inventory, calculating depreciation expense, or determining prepaid expenses.

Entity-level controls have a pervasive effect on the achievement of

overall control objectives (e.g., tone at the top) rather than a specific control objective.

Auditors' Objective is to

plan and perform the audit to obtain reasonable assurance about whether material weaknesses exist to express an opinion on the company's internal control over financial reporting

Selecting Controls, Design tests for

preventive and/or detective controls -Complementary contorls

An account is significant if there is a

reasonable possibility that it could contain a misstatement that individually or in aggregate has a material effect on financial statements

Sarbanes-Oxley Act of 2002, Section 404(b)

requires CPA firm to audit internal control and express an opinion on effectiveness of internal control. (Exempt: In general, companies with less than $75 million in market capitalization or less than $100 million in revenues in preceding year).

Sarbanes-Oxley Act of 2002, Section 404(a)

requires annual report filed with SEC to include an internal control report by management -Management acknowledges responsibility for establishing and maintaining adequate internal control -Report provides assessment of internal control effectiveness at end of fiscal year

Routine transactions are for recurring activities, such as

sales, purchases, cash receipts and disbursements, and payroll.

Auditors must communicate both

significant deficiencies and material weaknesses to the audit committee.

The auditors may use the work of others as a part of an audit of internal control. One would ordinarily expect that the work of others would involve

testing more low-risk, routine transactions rather than pervasive and control environment controls -the auditors should evaluate the competence and objectivity of those individuals and test the work they have performed.

The performance of substantive tests may be affected by

tests of controls in circumstances in which a control deficiency is identified. Substantive procedures may be increased to identify any possible material misstatement.

. PCAOB AS 2201 requires

that additional evidence beyond inquiry alone be gathered.

When a substantive procedure identifies a misstatement, this will ordinarily indicate

that controls have not operated effectively

Section 404b requires

that the CPA firm attest to and report on the assessment made by management as well as provide its own opinion on internal control.

Based on provisions of PCAOB Standard No. 5

the audits of internal control and financial reporting should be integrated

Control deficiencies exists when

the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis

Nonroutine transactions occur only periodically, such as

the taking of physical inventory, calculating depreciation expense or adjusting for foreign currencies; nonroutine transactions generally are not a part of the routine flow of transactions.

Entity-level controls

those in control environment or monitoring components of internal control -Emphasize those relating to audit committee effectiveness, fraud, and period-end process -Direct or indirect effect

Selecting Controls, it is not necessary

to perform tests of all controls

A walk-through involves literally

tracing a transaction though the entire information system from inception to financial reporting.


Ensembles d'études connexes

Central problem of economics quiz

View Set

Computer Science A Level 1.1.3 Input, Output and Storage

View Set

HEALTH CHAPTER 3: Managing Stress

View Set

Intro to South America Lesson 14

View Set