Mid-term

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

What are the differences between an integrated audit for public companies (PCAOB standard 5) & non-public companies (AT 501)

...

What standards provide guidance for performing the internal control portion of an integrated audit for an non-public company

AT 501

Strong indicator or significant deficiency in hiring and promotion procedures

Failure to perform substantive background investigations for individuals being considered for employment or promotion to a position of trust

Auditors have traditionally relied primarily on evidence from substantive procedures rather than testing controls in audit areas when a substantive approach was considered the most cost-effective approach (is this still allowed with PCAOB-5?)

No, since auditors now must report on the effectiveness of internal control

When a client has multiple locations, must the auditors design and perform tests at all locations

No, the auditor should assess the risk of material misstatement to the financial statements of each location and base the amount of testing on the degree of risk

Strong indicator or significant deficiency in mgmt code of conduct/ethics

Non-existence code of code that fails to address conflicts of interest, related party transactions, illegal acts, and monitoring by management and the board

How may these two difference (financial vs internal control) be reconciled in an integrated audit?

PCAOB Standard No.5, for purposed of the internal control audit, allows the auditor to obtain evidence about operating effectiveness at different times throughout the year- provided that the auditors update those test or obtain other evidence that the controls still operated effectively at the end of the year

Can auditors use the work of others (ex. if client personnel have already performed certain procedures that the auditors had intended)

Yes, because PCAOB standard No.5 allows auditors to use the work of others

If management prior to year end indentifies a material and corrects this before year end, can the auditors issue an unqualified opinion on internal control?

Yes, but only if the auditors have sufficient evidence to provide reasonable assurance that the new control is operating effectively (much easier for controls that happen frequently as opposed to monthly or quarterly)

Are the types of tests of controls performed for an internal control audit the same as those performed for a financial statement audit?

Yes, the auditor must consider the differences in the objectives of the test

May the evidence from test performed for an internal control audit be used for the financial statement audit?

Yes, the auditor must consider the differences in the objectives of the test

Auditors can issue what in addition to the separate report

a combined report for both financial statements and internal audit

Scope limitations may result in either

a disclaimer or withdrawal from the engagement depending on the extent of the limitation

What is an example of a direct effect control

a monitoring control that detects only large misstatement

what types of account are more prone to fraud

accounting estimates & non-routine transactions

Management's report on internal control is incomplete or improperly presented & report does not acknowledge a material weakness indentified by the auditor

adverse

Material weakness exists

adverse

The auditor report is already

adverse due to the existence of a material weakness

Walk throughs can be performed________

alone or supervise the work of others who provide assistance to them

One or more material weaknesses in internal control result in

an adverse opinion

For example, it the material weakness is not indentified until after year end, then what type of opinion would be issued

an adverse opinion (timing is very important)

Systems approach

an approach which heavy reliance on internal control evidence

Why is audit committee important

an effective audit committee exercises oversight responsibility over both financial reporting and internal control

The auditors must test controls every year

and cannot rotate analysis of various transaction types between various years

accounting estimates

are activities involving management's judgment or assumptions, such as determining the allowance for doubtful accounts, estimating warranty reserves, and assessing assets for impairment

Entity-Level Controls

are those included in the control environment or monitoring components of internal control

Relevant assertions for an account

are those that have a meaningful bearing on whether the account is presented fairly

Major classes of transactions

are those that materially affect significant financial statement accounts, either directly through entries in the general ledger or indirectly through the creation of rights or obligations that may or may not be recorded in the general ledger

Transaction cycles

are those transaction flows that have a meaningful bearing on the totals accumulated in the company's significant accounts and, therefore, have a meaningful bearing on relevant assertions

The objective of tests of controls for a financial statement audit is to

assess control risk

Strong indicator or significant deficiency in audit committee

audit committee passively conducts oversight, it does not actively engage the topic of fraud.

Should communication to management and the audit committee happen before or after the audit report

before the audit report

When the principal auditors decide to refer in their report to the work of the other auditors, this reference is included

both in describing the scope of the audit and in expressing an opinion

What must be considered in the evaluation of are significant deficiencies or material weaknesses

both quantitative and qualitative factors

What is an example of a performance measure designed to tract the operation of controls

budgets

The auditor specifically (for testing design of controls)

considers whether the controls, if functioning, would reduce the risks to an appropriately low level

When is communication in writing necessary to management

control defficieny, sig defficieny, & material weakness

The auditors test the design effectiveness of controls by

determining whether the company's controls, if operating properly, satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements

Controls may have either a_____ or ______ effect on the likelihood of misstatement

direct or indirect

Scope restriction

disclaimer or withdraw from engagement

What entity level controls are emphasized in Standard No. 5

entity level controls relating to audit committee effectiveness, fraud, and the period end financial reporting process

Two objectives

evaluate design of control to identify controls and risks, evaluate the operation of the control

In all cases in which the work of others is used the auditors should

evaluate the competence and objectivity of those individuals and test the work they have performed

Compensating control

exists to either prevent or detect the possible misstatement

Control deficiency

exists when the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis

Strong indicator or significant deficiency in remediation

failure to take appropriate and consistent remedial actions with regard to identified significant deficiencies, material weaknesses, actual fraud, or suspected fraud

In the case of detection of significant deficiencies or material weaknesses have been identified, the auditors must obtain assurance that such deficiencies

have not resulted in undetected material misstatements

For example

identification of a material misstatement in the financial statements is considered; indicative of at least a significant deficiency in internal control

When would an audit of the financial statements not access the operation effectiveness of a control

if it is accessed at the maximum level

Additional examples of substantive findings that might affect the internal control audit are

illegal acts, related party transactions, the reasonableness of accounting estimates, and the client's overall selection of accounting principles

Historically, auditors minimized testing of controls aimed at preventative controls and emphasized the testing of detective controls to save on costs in a financial statement audit (how does this relate to the audit over internal control?)

in an audit of internal control, the auditors are more likely to use an approach that includes testing of both preventative and detective controls

Even though a control presents low risk overall in that there is a low inherent risk, a low degree of complexity, few changes in controls, and the previous revealed no deficiencies

in such a case the auditors may determine that sufficient evidence of operating evidence could be obtained by performing a walk-through

Complementary controls

in that they work together to achieve a particular control objective

Strong indicator or significant deficiency in mgmt internal audit

inadequate communication, involvement, and interaction with the audit committee

Strong indicator or significant deficiency in mgmt whistleblower program

inadequate process for responding to allegations of suspicions of fraud

Strong indicator or significant deficiency in mgmt internal audit

inadequate scope of activities

Strong indicator or significant deficiency in mgmt code of conduct/ethics

ineffective communications to all covered persons

Procedures utilized in testing the design effectiveness of controls

inquiry of appropriate personel, observation of the company's operations, and inspection of relevant documentation

All internal control systems no matter who well designed have

internal control limits

A walk-through _______& may be the________

involves literally tracing a transaction from its origination through the company's information system until it is reflected in the company's financial reports, most effective way to obtain an understanding of the likely sources of misstatement

Significant deficiency

is a control deficiency, or a combination of control deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough o merit attention by those responsible for oversight of the company's financial reporting

Material weakness

is a control deficiency, or combination of control deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis

Significant defficieny

is less severe than a material weakness, yet important enough to merit the attention of the audit committee

If deficiencies have been identified, then the ________ is key to indentifying the proper opinion to issue

likelihood and potential amount of misstatement

Self-assessment procedures

made by employees and management

What are the steps to engage an auditor subsequent to a material weakness

management must first gather sufficient evidence to demonstrate that the material weakness has been eliminated, document this evident, and provide a written assertion stating that the material weakness no longer exists

What type of situation may a non-public company engage in an integrated audit

management of the non public company may be considering taking the company public in the relatively near future

Do you need more testing for manual controls or automated controls

manual controls

What types of weaknesses must be communicated to the audit committee

material & significant defficienies

After a change in auditors, the successor auditors may issue such a report(subsequent to advere report, to gain clean opinion), but they first

must obtain a sufficient understanding of the entity and the related material weakness

What must auditor do in regards to period end reporting process

must thoroughly evaluate this process, including the manner in which financial statements are produced, the extend of information technology involved, who participated from management, the locations involved, and the types of adjusting entries and oversight by appropriate parties

An unqualified audit opinion may be issued when

no material weaknesses in internal control have been identified as existing at the as of date (year-end) and when there have been no restrictions on the scope of the auditor's work

Strong indicator or significant deficiency in mgmt whistleblower program

no program for anonymous submissions

Are nonpublic companies required to undergo integrated audits

no required, but the option is available

Does inquiry alone provide sufficient evidence to support the operating effectiveness of a control

no, auditors should substantiate the responses to inquires by performing other procedures, such as inspecting reports or other documents relating to the inquiries

Can substantive tests be omitted completely in areas in which controls have been found to operate effectively

no, regardless of the assessed level of control risk, the auditors must perform substantive procedures for all relevant assertions related to all significant accounts and disclosures

Does the tone at the top have a direct effect

not for any particular assertion, may lead to more effective lower control performance and decrease other testing

The objective of test of controls in an audit of internal control is to

obtain evidence about the effectiveness of controls to support the auditors' opinion on whether management's assessment of the effectiveness of internal control (a point in time)

non-rountine transactions

occur only periodically

What distinguishes entity level controls from other controls designed to achieve the specific objectives

pervasiveness

What are the five stages of the audit

plant the engagement, use a top-down approach to identify controls to test, test and evaluate design effectiveness of internal control, test & evaluate operating effectiveness of internal control & form an opinion on the effectiveness of internal control

Ex of compensating control

reconciliation of cash accounts by a competent individual who is otherwise independent of the cash function

Example, a weakness in cash disbursements can be mitigated by what type of compensating control

reconciliation of the bank account by an individual otherwise independent of the cash function

routine transactions

recurring activities

Direct effect controls allow auditors to

reduce, but not eliminate, the testing of other controls

What risk is associated when using the work of others

relatively low-risk areas

What is an example of a non entity level control

requiring accounting for all shipping documents

The results of substantive procedures may affect the ______ of substantive procedures & the results of substantive procedures may affect______the audit of internal control

scope &

Strong indicator or significant deficiency in mgmt accountability

senior management conducts effective oversight of antifraud programs and controls

The auditors who are able to serve as principal auditors of the financial statements ordinarly

serve as principal auditors of internal control

What are the four type of controls over issues that have a heightened risk of fraud

significant unsusual transactions, related party transactions, significant management estimates, & incentives for management to falsify or inappropriately manage financial results

"top down approach"

starts at the top, the financial statements and entity-level controls and links the financial statement elements and entity level controls to significant accounts, relevant assertions and to the major class of transactions

The integrated nature of nature of the two audits suggests that

testing should be spread throughout the year

PCAOB standard No.5 requires the auditor to obtain sufficient evidence about the effectiveness of controls for all relevant assertions related to all significant accounts means

that the auditor must design procedures to provide a high level of assurance that the controls related to each relevant assertion are operating effectively

Auditors must consider not only the misstatements indentified, but also

the amount that could occur with a reasonable possibility

If, while performing the engagement( subsequent to adverse report, to gain clean opinion) the auditors discover an additional material weakness, the auditors should inform

the audit committee and the matter, but they are not required to modify their report

What is the difference between the audit of internal control and the consideration of internal control in financial statement audit

the audit of internal control is considered about the effectiveness of internal control at a point in time (as of date) (controls performed significantly less than the entire year), as opposed to the financial statement audit where internal control helps plan the audit and to assess control risk for the entire transactions occurring throughout the year to provide sufficient evidence to support the opinion on internal control and asses control risk

In deciding how to design tests of operations effectiveness

the auditor must focus on; the nature, timing and extent of the tests (NET)

To fulfill the objective of the test of controls in an audit of internal control

the auditor must obtain evidence about the effectiveness of controls over the relevant assertions for all significant accounts and disclosures in the financial statements

If management does not disclose a material weakness properly

the auditor should state that the material weakness is not included in management's assessment and describe it in the audit report

How is an adverse opinion be expressed

the auditor's report must define a material weakness, indicate that one has been indentified, and refer to the description of it in the management's report

When management believes that the material weakness has been eliminated (after math of adverse opinion)

the auditors may be engaged to report on whether the material weakness continues to exist

How is the report on internal controls reported

the auditors may issue separate reports on the financial statements and internal control or a combined report

As an example, if controls over the recording of revenues are considered ineffective

the auditors must determine whether the audit procedure designed into their audit program must be modified to obtain more evidence about the fairness of revenue

When management's report on internal control is found to be inadequate

the auditors should modify their report to include an explanatory paragraph describing the reasons for this determination

Tests of the operating effectiveness of control determine whether

the control functions as designed and whether the person performing the control possesses the necessary authority and qualifications

The auditors generally must merely extend the tests to cover (internal control provides significant evidence for every sig transaction)

the financial statement period in order to assess control risk at a low level for purposes of the financial statement audit

Generally, the more frequently controls operate

the more auditors should test them

When the auditors' original report included other material weaknesses that are not being considered in this engagement

the report should be modified to disclose that the other weaknesses are not addressed by the opinion

In addition to utilizing the "cumulative audit knowledge" (knowledge obtained from prior audits) to trim work, the auditors should consider

the various risk factors related to a control as well (NET, the results of previous years testing of controls, & whether there have been changes in the control, or the significant process in which it operates, since the previous audit

The auditor should test those controls that are important to

their conclusion about whether the company's controls sufficiently address the risk of misstatement for each relevant assertion

An account is significant if

there is a reasonable possibility that it could contain a misstatement that, individually or when aggregated with others, has a material effect on the financial statements, considering both the risks of understatement and overstatement

If the auditors decide to assess control risk at less than the maximum

they are required to obtain evidence that the relevant controls operated effectively during the entire period upon which they plan to place reliance on

What are auditors responsible for in regards to subsequent events

they have the responsibility to make inquires of management about whether there have been any such changes

What happens when the auditors conclude that the oversight of the company's external financial reporting and internal control over financial reporting is ineffective

they must communicate that conclusion in writing to the board of directors

If the auditors are unable to determine the effect of the subsequent event

they should issue a disclaimer

If the auditors obtain knowledge of subsequent events that materially and adversely affect the effectiveness of internal control

they should issue and adverse opinion

In an event that the auditors indentify a material weakness and management takes steps to correct the material weakness prior to year-end, if the auditors are unable to obtain sufficient evidence that the new controls are effective for a sufficient period of time

they will issue a disclaimer of opinion on internal control

If there is a reasonable possibility that a material weakness could occur

this is a material weakness

Redundant controls

those that duplicate other controls

A compensating control lowers a significan deficiency to what level

to a control deficiency

Standard No. 5 states that the auditors should vary the exact tests performed when possible

to introduce unpredictability into the audit process

What are examples of entity level controls

tone at the top, assignment of authority and responsibility, and corporate codes of conduct, technology general controls over program development, program changes, and computer controls

Material weakness existed during the year, system changed prior to the as of date, auditors do not have sufficient time to test new system

treat as scope restriction

The auditor's test can be performed only at the time the controls are operating (true or false)

true

Material weakness existed during the year, system changed prior to the as of date, auditors test new system and material weakness eliminated

unqualified

Other issues

unqualified (but with an explanatory paragraph)

What kind of report can the auditor issue after they find that a previous adverse opinion is now possessing effective controls

unqualified report indicating that the material weakness no longer exists

For controls that happen only periodically it may be necessary to wait

until after the date of management's report to test them

What is an example of a relevant assertion

valuation may be very relevant to determining the amout of A/R, but it is not ordinarily relevant to cash unless currency translation is involved

Report on subject matter and/or assertion? Only on subject matter Subject matter or assertion when no material weakness exists

when a material weakness exists, subject matter

The auditors must also consider qualitative factors

when evaluating materiality

Examples of qualitative factors include

whether the weakness relates to related party transactions and whether there are changes in account characteristics in relation to the prior year

Strong indicator or significant deficiency in mgmt whistleblower program

whistleblower program significantly defective in design or operation

Is the auditor responsible for the work of others

yes, and they cannot share responsibility with those others


Set pelajaran terkait

CCSP - Certified Cloud Security Professional - All Domains, CCSP Full, CCSP Review Assessment, Managing Cloud Security, Managing Cloud Security - PreAssessment C838

View Set

Chapter 37 - Respiratory - Pharmacology & Nursing Process

View Set

logistics ch 5 supply chain management

View Set

Chapter 34: Management of Patients With Hematologic Neoplasms

View Set

Cognitive Psychology Exam 2: Practice Questions and Key Terms/Concepts

View Set