AuditInstitutions
substantive analytical procedures
a form of substantive procedures in which you develop an exception based on independent or audited data (developed from relevant financial or non-financial data) and compare the expectation with recorded amounts for the purpose of concluding on the recorded amounts... ; data analytics can be used effectively in the performance of these procedures by incorporating external data (stock/inventory exchange indices, etc) as well as internal information (ie customer database) into developing our expectation)
acceptable audit risk
a measure of how willing the auditor is to accept that the F/S may be materially misstated after the audit is completed and unmodified opinion has been issued
acceptable audit risk (audit assurance = 1 -AAR)
a measure of how willing the auditor is to accept that the f/s may be materially misstated after the audit is completed and un unmodified opinion has been issued; when its lower they want to be more certain that the f/s are not materially misstated
attestation services
a type of assurance service in which the CPA firm issues a report about a subject matter or assertion that is made by another party
attestation service
a type of assurance service in which the CPA firm issues a report about a subject matter or assertion that is made by another party; i.e. audit of historical FS, audit of ICOFR, reiview of historical FS
related parties
affiliated company, principal owner of the client, company or any other party with which the client deals, where one of the parties can influence the mgmt or operating policies of the other - must be disclosed if material
audit program
after evidence mix is approved, the in-charge auditor prepares and designs this; designed in three additional parts (besides risk assessment procedures performed in planning); 1) tests of controls and substantive tests of transactions, substantive analytical procedures, tests of details of balances
SEC
agency of federal govt. that assists in providing investors with reliable info upon which to make investment decisions,, must submit registration statement to them for approval when company plans to issue new securities to public (requires F/s and opinion of public acct-form S-1)
substantive analytical procedures
an analytical procedure in which the auditor develops an expectation of recorded amounts or ratios to provide evidence supporting an account balance; 2 important purposes of them in the audit of acct balances are: 1_) indicate possible misstatements in the f/s, 2) provide substantive evidence (emphasize overall reasonableness of transactions and GL balances)
professional skepticism
an attitude that includes a questioning mind and a critical assessment of audit evidence; mindset that recognizes the possibility that a MM due to fraud could be present, regardless of any past experience with the entity and regardless of the auditor's belief about mgmts honesty and integrity, ongoing questioning of whether the info and evidence obtained suggest a MM.... occurred)
governmental accountability office auditor
an auditor working for the US Govt Accountability Office, a nonpartisan agency in the legislative branch of the federal govt. ... The GAO reports to and is responsible solely to Congress; Perform the audit fn for Congress Use sophisticated stat sampling and computer risk assessment technqiues (federal agencies
control test deviations
an exception in a test of control; only indicates the likelihood of misstatements affecting the dollar value of the F/S (meanwhile an exception in a substantive test is a financial statement misstatement)
assurance service
an independent professional service that improves the quality of info for decision makers
inherent risk
assessing it represents the auditor's attempt to predict where misstatements are most and least likely in the financial statement segments; this assessment affects the amount of evidence that the auditor needs to accumulate, the assignment of staff, and the review of audit documentation; auditor's begin their assessment of this during the planning phase and update the assessments throughout the audit ; auditor should consider several major factors when assessing it ---> nature of clients business, results of previous audits, initial vs. repeat engagement, related parties, complex or nonroutine transactions, judgement required to correctly record acct balances and transactions, makeup of population,
tests of control
audit procedures to test the operating effectiveness of controls in support of reduced assessed control risk; may include: inquiries of client personnel, examine docs, records, reports, observe control-related activities, reperform client procedures ; the amount of additional evidence required for them depend on: 1) the extent of evidence obtained in gaining the understanding of internal control, 2) the planned reduction in control risk
audit risk
auditors accept some level of uncertainty in performing the audit fn; this assessment is a matter of professional judgement rather than a precise measurement; the risk that the f/s contain a material mistatement due to fraud or error prior to the audit ; exists at 2 levels--> overall F/s level, assertion level
5 (1. determine materiality for the F/s as a whole, 2. determine performance materiality, 3. estimate the amount of misstatements in each segment, 4. estimate the combined misstatement, 5. compare combined estimate with preliminary or revised judgement about materiality )
auditors follow ______ (how many?) related steps in applying materiality
four-step (1. apply the transaction-related audit objectives to the class of transactions being tested, such as sales, 2. identify key controls that should reduce CR for each transaction-related audit objective, 3. develop appropriate tests of controls for all internal controls that are used to reduce the preliminary assessment of CR below maximum, 4. for potential types of misstatements related to each transaction-related audit objective, design appropriate substantive tests of transactions, considering deficiencies in internal control and expected results of the tests of controls)
auditors follow a _______ - step approach to reduce assessed control risk
fact; appearance
auditors must be independent in both ______ and __________
statistical outliers
box & whisker; data points outside it are statistical outliers
bottom whisker
box & whisker; it extends to the lowest data point above theoretical fence
fence
box & whisker; they are evenly spaced above and below the box, but they are only theoretical
box
box&whisker; it will always contain 50% of the data points; the smaller the height of it, the more tightly clustered (or less variation) in the data; the height of it is known as the interquartile range (IQR)
substantive tests of transactions
used to verify transactions recorded in the journals, posted in the GL, and disclosed in the f/s
revised judgement about materiality
change in auditors preliminary judgement made when auditor determine the judgement was too large or small;
compliance audit
conducted to determine whether the auditee is following specific procedures, rules or regulates set by some higher authority (i.e. determine whether a mortgage bank is in compliance w new enacted govt. regs, reported to mgmt)
GAAP
contents of financial statements are guided by ______
early
do you want to do control testing early or late
operational audit
evaluates the efficiency and effectiveness of any part of an organization's operating procedures and methods (processing payroll transactions); more difficult to objectively evaluate.. whether efficiency and effectiveness of operations meets established criteria than it is for the other audits
realizable value, rights and obligations, presentation
even when all transaction-related audit objectives are met the auditor will still rely primarily on substantive tests of balances to meet the following balance-related audit objectives: (3)
risk assessment procedures
examples = inquiries of mgmt and others within the entity (PCAOB requires auditor to inquire of audit committee), analytical procedures, observation and inspection, discussion among engagement team members,
audit report
final stage in auditing process is preparing this; it is the communication of audit findings to users
auditors
focus on determining whether recorded information (done by company mgmt) properly reflects the economic events that occurred during the accounting period, under GAAP
tests of details of balances
focus on the ending general ledger balances for both balance sheet and income statement accounts, including related disclosure (primary emphasis is on the balance sheet); they're substantive tests; i.e. confirmation of customer balances for A/R
quality control
for a CPA firm, it comprises the methods used to ensure that the firm meets its professional responsibilities to clients and others; they're established for entire CPA firm; auditing standards are applicable to individual engagements; each firm should document its QC policies and procedures; the system of QC should include policies and procedures that address these 6 elements: leadership responsibilities for quality within the firm, relevant ethical requirements, acceptance and continuation of client relationships, human resources, engagement performance, monitoring
lower
for a ______ materiality level, more testing of details is required
AICPA
voluntary organization of CPAs that sets professional requirements, conducts (professional org.); membership restricted to CPAs, but not all practicing as independent auditors; largest professional association for CPAs; their standards are referred to as US GAAS
Principles underlying and audit
framework helpful in understanding and explaining an audit; provides structure for the codification of statements on auditing standards; provides the framework to help auditors fulfill these two objectives when conducting an audit: obtain reasonable assurance about whether F/S are free from MM, report on the F/S and communicate as required by GAAS
audit risk model
helps auditors decide how much and what types of evidence to accumulate for each relevant audit objective (PDR = AAR/(IR * CR)
substantive tests of transactions
if CR is assessed at maximum, only _____________? will be used, assuming the audit is of a smaller public company, a nonpublic company, or another type of entity
increased; reduced
if tests of controls support the control risk assessment, planned detection risk in the audit risk model is __________ and planned substantive tests can therefore be _________
lower (0 risk is certainty, 100% risk is complete uncertainty)
if the auditor wants to be more certain that f/s are not materially misstated will they set acceptable audit risk higher or lower
meet with client
if you find a control deficiency or one error: communicate type of deficiency with client prior to expanding testing; if significant or material weakness---> discuss with mgmt how it will be communicated to audit committee chair and then the entire audit committee; timing will be determined based upon magnitude of deficiency, communication must be in writing, material weakness is externally reported; sometimes there is a change in auditor afterwards
assess impact to audit-specific risk
if you find a control deficiency or one error: identify the cycle, assertions and realted GL accounts impact, if mitigating controls exist, expand contorl testing, if no mitigating controls, determine impact to switching to noncontrol reliance with higher risk and adjust substantive testing approach and/or scope, determine impact in scope of audit with partner and EQCR ; conclude on type of deficiency - deficiency, signficant deficiency, material weakness
top whisker
in a box & whisker; it extends to the highest data point below theoretical fence;
5 (risk assessment procedures, and further audit procedures)
in developing an audit strategy auditors use ____ types of tests to determine whether financial statements are fairly stated
fraud triangle
incentive (recent market events, debt compliance issues, large bonus or other financial awards can be earned if certain goals are achieved, pressure to meet or beat analyst estimates, other pressure) opportunity (staffing cuts have affected controls, mgmt override of controls, mgmt influence, lack of segregation of duties), attitude (low ethical standards, doing it to save job or the company, "it's only temporary")
Risk Assessment Procedures (other considerations---> the amount of audit risk may be adjusted lower for qualitative factors such as: first year engagement, control weaknesses, mgmt turnover, high market pressures, high fraud risk, higher than normal risk of bankruptcy)
include inquiries of mgmt, analytical procedures, observation and inspection, discussion among engagement team members, others
audit planning
includes gaining an understanding of the client's business and industry, developing an overall audit plan and strategy, making a preliminary judgement about materiality
inherent risk
inclusion of this risk in model indicates that auditors should attempt to predict where misstatements are most and least likely in the f/s segments; factors affecting it = nature of client's business, results of previous audits, initial vs. repeat engagement, related parties, complex or nonroutine transaction, judgement required, makeup of population
audit committee
independent directors comprise these group; they're a component of the BOD; responsibilities = encompass the appointment, compensation, retention and regular communications with the independent external auditor'; have year-round communication with mgmt on financial reporting and ICOFR related matters
key audit matters; critical audit matters
international auditing standards and PCAOB auditing standards require communication of _____ ______ ______; or _____ ______ ________ in the standard unmodified audit report; (AICPA reporting standards don't require this communication); they are included in a section following the basis for opinion section
Initial audit planning
involves these 4 four things which should be done early in the audit: 1. decide whether to accept a new client/continue serving an existing one (investigate co. to determine acceptability;), identify why the client wants/needs an audit, 3. obtain understanding with client about the terms of the engagement (engagement letter-- required by auditing standards), develop strategy for audit (engagement staffing/required specialist)
Auditing Standards (ASB)--> SAS
issues pronouncements on matters in US for all entities other than publicly traded companies and broker-dealers registered with SEC
SOX 2002
law that demands that managers of public companies evaluate and annually report on the effectiveness of their internal controls over financial reporting
firm-level business metrics
leverage, revenue per partner, earnings per partner, margin, revenue per professional, rate per hour (engagement fees/ETC hours-estimate to complete), utilization (charge hours worked/available hours; monitor but don't weight it heavily even though you can somewhat control it)
higher
lower acceptable audit risk = _______ audit fees
risk assessment procedures, tests of controls, substantive analytical procedures, substantive tests of transactions, and tests of details of balances
what are the 5 types of tests that auditor use to determine whether financial statements are fairly presented? auditor uses a combo of these four in response to risks identified by auditor's risk assessment procedures
Auditing Standards, Preparation, compilation and review standards, other attestation standards, code of professional conduct
what are the four major areas in which the AICPA has authority to set standards and make rules
planned detection risk, inherent risk, control risk, acceptable audit risk
what are the four risks in the audit risk model
acceptable audit risk, client business risk, risk of material misstatement (much of early planning deals with obtaining info to help auditors assess these risks)
what are the risks that influence conduct and costs of audits
risk assessment, tests of details, substantive analytical procedures
what are the three primary areas for analytics
educational requirement (150 credits), uniform CPA exam (AUD, FAR, REG, BEC), experience requirement (by state board.. no experience to 2 yrs, NASBA provides info, meet continuing ed. and licensing requirements)
what are the three requirements that must be met to become a CPA
operational audit, compliance audit, financial statement audit
what are the three types of audits performed by CPAs
auditor expertise; independence (of the external public company auditor)
what are the two key cornerstones of audit quality
nonassurance services provided by CPAs
what are these services an example of: accounting and bookkeeping services, tax services, mgmt consulting services
SOX
what established the PCAOB
tests of details of balances (sending confirmations, counting inventories)
what is the least costly type of test
assess impact to audit-specific risk, assess impact to Audit-IT, meet with client
what to do when you find a control deficiency and other errors (3 things)
more
when AAR risk (not value) goes up (so value goes down...), is more or less evidence needed
more
when Inherent risk increases; is more or less evidence needed
more
when control risk goes up is more or less evidence needed
materiality
major consideration in determining the appropriate audit report to issue; defined as magnitude of misstatements that individually, or when aggregated with other misstatements, could reasonably be expected to influence the economic decisions of users made on the basis of F/S ; first determine this for F/S as a whole; then deetermine PM, (part of planning), then estimate the amt of misstatements in each segment as they evaluate audit evidence, then estimate combined misstatement and then compare that with preliminary or revised judgement about it (last 3 steps are evaluating results)
performance materiality
materiality for segments of the audit (Classes of transactions, acct balances, related disclosures); set by auditor at less than materiality for the f/s as a whole to reduce an appropriately low level the prb that the aggregate of uncorrected/detected misstatements exceeds materiality for f/s as a whole; commonly set at 50-75 % of overall materiality
SEC
who appoints and oversees the PCAOB
audit committee
who is responsible for hiring auditor for public companies- according to SOX
substantive analytical procedures (making cals and comparisons)
most expensive type of test
COSO cube
one side: control environment, risk assessment, control activities, information and communication, monitoring activities; one side: operational, reporting, compliance; one side: entity, division, operating unit, function
information risk (the risk that info upon which a business decision is made is inaccurate)
out of the 3 factors that determine what rate of interest bank charge when making a loan which does auditing have an effect on: 1. risk free interest rate, 2. business risk for the customer, 3. information risk
audit strategy
overall approach to the audit that considers the nature of the client, risk of significant misstatements, and other factors (past effectiveness of client controls); sets the scope, timing and direction of the audit;
preliminary analytical procedures
part of risk assessment procedures; helps identify areas with increased risk of misstatements that require further attention during the audit
1
phase ___ of the audit process: plan and design audit approach, risk assessment procedures (inspection, inquiries, analytical), august timing
4
phase ____ of the audit process; complete the audit and issue an audit report--- substantive tests of transactions, tests of details, analytical procedures, timing normally february
3
phase ____ of the audit process; perform substantive analytical procedures and tests of details of balances, substantive analytical procedures, tests of details of balances, end of october through january timing
2
phase ____ of the audit process; perform tests of controls and substantive tests of transactions, procedures to obtain understanding of tests of controls, substantive tests of transactions, timing end of september
labor
planning is about allocating _______
PCAOB
provides oversight for auditors of public companies, establishes standards, performs inspections of audit engagements and of quality controls at audit firms
Center for Audit Quality (CAQ)
public policy organization dedicated to enhancing investor confidence and public trust in the global capital markets
engagement level metrics
rate per hour (engagement fees/ETC hours), margin (gross margin on engagement --> (fees less standard talent costs)/fees, leverage by level (PCAOB reviews), realization rates (engagement level, fees/gross fees), budget to actual (typically a weekly analytics
direct
relationship between control risk and substantive evidence is ______
inherent risk
represent the auditors assessment of the susceptibility of an assertion to MM before considering the effectiveness of the client's internal controls; may be higher for accounts whose valuations are dependent on complex calculations or acctg estimates subject to significant estimate judgement
significant risk
represents an identified and assessed RoMM that in the auditor's professional judgement, requires special audit consideration; likely to be included in company audit reports as CAMs; often relate to nonroutine transactions, matters that require significant judgement, fraud risk
control risk
represents the auditor's assessment of the risk that a material misstatement could occur in an assertion and not be prevented or detected and corrected on a timely basis by client's internal controls; may be higher if the client's internal control procedures fail to include independent review and verification by other client personnel of complex calcs used (client's risk)
risk assessment procedures
required by auditing standards; performed to obtain an understanding of the entity and its environment, including the entity's internal control; to identify and assess risks of MM; understand the industry and external environment, business operations and processes (i.e. related parties), mgmt and governance (corporate minutess), objectives and strategies, measurement and performance
management
responsible for preparing financial statements and furnishing financial information to relevant market participants (under US financial reporting framework) ; they can provide F/S info at the lower cost bc they have firsthand knowledge of the organization and access to necessary info ; responsible for designing, implementing and monitoring needed internal controls to ensure valid data go inot the acctg system and that the system is secure and the info coming out of the system is reliable with GAAP
sampling risk
results bc the auditor has sampled only a portion of the pop. and there is a risk that the sample does not accurately represent the pop.
uncertainty; magnitude (or size) (together they measure the uncertainty of amounts of a given magnitude)
risk is a measure of ______; materiality is a measure of ________
2 (the overall financial statement level, the assertion level for classes of transactions and events and accts balances (consists of two components-IR, CR))
risk of MM exists at ____ levels?
higher
risk of not detecting MM due to fraud is ________; examples of fraud risk = forgery of approvals, intentional efforts not to record a transaction
FASB
since 1973 the SEC has recognized this as the US GAAP standards-setter; its mission is to establish and improve financial accounting and reporting and to set acctg standards to provide decision-useful info to investors and other users of financial reports
top-down, risk-based
the ICOFR audit follows a _____, _______ approach; focus on controls that are most susceptible to material misstatement of the financial statements
lower
the _________ the dollar amount of the judgement about materiality, the more evidence required
audit risk
the acceptance by auditors that there is some level of uncertainty in performing the audit
auditing
the accumulation and evaluation of evidence about info to determine and report on the degree of correspondence between the info established criteria; done by competent, independent person (info - is the quantifiable info like F/S and more subjective info like effectiveness of computer systems)
performance materiality
the amount set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole; its inversely related to the amount of evidence an auditor will accumulate
tolerable misstatement
the application of performance materiality to a particular sampling procedure
independent
the auditor's report must included a statement that the auditor is required to be ___________
evidence mix
the combination of the types of tests to obtain sufficient appropriate evidence for a cycle; there are likely to be variations in the mix from cycle to cycle depending on the circumstances of the aduit' (i.e. for a large company with sophisticated internal controls and low inherent risk--> extensive tests of controls, reduced substantive tests, extensive substantive analytical procedures, reduced substatntive tests of transactions and tests of details)
management's responsibility
the financial statements are the auditee's responsibility; they are responsible for adopting sound accounting policies and for establishing and maintaining internal control
materiality
the magnitude of misstatements that individually or when aggregated with other misstatements, could reasonably be expected to influence the economic decisions of users made on the basis of the financial statements
preliminary judgement about materiality
the maximum amount by which the auditor believes that the statements could be misstated and still not affect the decisions of reasonable users; used in audit planning- must be documented ; used to help plan appropriate evidence to accumulate;
audit planning
8 major parts: 1. accept client and perform initial audit plan, 2. understand the client's business and industry, 3. perform preliminary analytical procedures, 4. set preliminary judgement of materiality and performance materiality, 5. identify significant risks due to fraud or error, 6. assess inherent risk, 7. understand internal control and assess control risk, 8. finalize overall audit strategy
standardized form of the unmodified opinion auditor's report
the opinion will appear in the first section of the auditor's report and section titles have been added to guide the reader (all firms are the same); there are 8 distinct parts (AICPA): report title, auditor report address, opinion section, basis for opinion, management's responsibility, auditor's responsibility, critical audit matters (PCAOB), signature and address of CPA firm, tenure of CPA firm (PCAOB), audit report date, [Internal Control (PCAOB)]
tolerable misstatement
the process of determining performance materiality is referred to as the allocation of the preliminary judgement about materiality; the determination of it is based on professional judgement and reflects the amount of misstatement an auditor is willing to accept in a particular segment; PCAOB refers to this amount as __________ _________
leverage ratio
the ratio of partner to number of staff; consulting is a lot flatter --- 1 to a whole bunch of staff
accounting
the recording, classifying and summarizing of economic events in a logical manner for the purpose of providing financial info for decision making; distinguishment between this and auditing is that auditors must possess expertise in the accumulation and interpretation of audit evidence; proper audit procedures, determining number and types of items to test, evaluating results
tests of details of balances
the results of substantive analytical procedures directly affect the extent of ________
risk of material misstatement
the risk that financial statements contain a material misstatement due to fraud or error prior to the audit (susceptibility of the f/s to misstatement and effectiveness of client's controls in preventing or detecting and correcting the misstatements)
engagement risk
the risk that the audit firm will suffer harm after the audit is finished
client business risk
the risk that the entity fails to achieve its objectives or execute its strategies; caused by significant changes in industry conditions, regulatory changes
corporate governance
the system by which companies are directed and controlled- BOD - responsible for governance of their companies, they're elected by shareholders; audit committees are an important component of BOD
inherent risk and control risk
these are both the client's risk; they exist independent of the audit
preliminary judgment
this amount of materiality may be adjusted lower for qualitative factors such as: first-year engagement, control weaknesses, mgmt turnover, high market pressures, high fraud risk, higher than normal risk of bankruptcy
audit data analytics (ADAs)
this and other technologies are increasingly being used throughout the audit; they can be used in each of the 5 types of tests, and are used as part of the procedures performed during completion of the audit
independent auditors
CPAs or accounting firms that perform audits of commercial and noncommercial entities
professional skepticism
Due professional care requires the auditor to exercise this; it is an attitude that includes a questioning mind and critical assessment of audit evidence. Regardless of past experience with the entity or belief in managements honesty, the audit should be conducted with an awareness that a material misstatement due to fraud may exist and ongoing questioning of whether the evidence suggests that such fraud has occurred
internal revenue agents
IRS.. (enforcing federal tax laws) auditing taxpayer's returns = compliance audit; these agents perform these examinations
auditor's responsibility
to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement whether due to error or fraud
audit quality
tradeoff between expertise and independence;
non-routine transactions
transactions that are unusual (due to size or nature) and infrequent in occurrence; significant risks often relate to these; related party transactions often reflect these characteristics (complex calcs, etc); relate to matters that require significant judgement
reports on internal control over financial reporting
PCAOB auditing standards require the audit of internal control to be integrated with the audit of the financial statements; auditor may choose to issue separate reports or a combined report --> the combined report addresses both the financial statements and mgmt's report on internal control over financial reporting
True (burden with initiating communication rests on the successor--- predecessor is required to respond... must obtain permission from client before - code of professional conduct)
true or false; for prospective clients previously audited by another CPA firm, the new auditor is required by auditing standards to communicate with predecessor auditor
true
true or false; standards require auditor to presume that risk of fraud exists in revenue recognition --> presumed to be significant risks in most audits (must perform substantive tests related to assertions deemed to have significant risks)
true
true or false; when controls are effective and control risk is assessed as low, auditors put heavy emphasis on tests of controls
risk assessment
Planning ______ _______; 1-3 = planning 1.plan risk assessment procedures, 2. design the data analytic, 3. understand the underlying data, 4. (performing) perform the data analytic, (5-6=evaluating) 5. address outlier and nonoutlier populations, 6. evaluate the results of the data analytic
Peer Review
Public acctg firms must be enrolled in an AICPA approved practice-monitoring program; its the review by CPAs of another CPA firm's compliance with its quality control system; conducted every 3 years, firms requirement to be registered with and inspected by PCAOB must be reviewed by AICPA national Peer review committee
Securities Acts of 1933 (the act of 1934 created the SEC)
Requires companies that wish to sell securities (e.g., stocks, bonds) to the public to register with the SEC and requires these registered companies (a.k.a., SEC registrants) to provide a prospectus containing audited financial statements to potential investors prior to an initial sale of securities.
PCAOB
SOX created this board to oversee the audits of public companies and adopt standards for auditing, quality control, ethics, independence and other standards; has authority to conduct inspections of audit engagements and audit firm quality control systems and to investigate and discipline auditors or firms for violations