ACC 401: Audit Final Exam
Audit Testing Hierarchy
*evidence decision process for testing classes of transactions or significant balances -risk assessment procedures -test of controls -substantive analytical procedures -Remaining assurance needed from tests of details
LO 6-5: 5 Components of COSO Framework
-Control environ -risk assessment -control activities -info and comm -monitoring activities
Examples of Type II Events
-Loss of the entity's manufacturing facility or assets results from a casualty such as a fire or flood that occurred after the balance sheet date but prior to issuance of the financial statements -Purchase or disposal of a business by the entity after the balance sheet date but prior to issuance of the financial statements -Capital stk or bond issuance by the entity after the balance sheet date but prior to issuance of the financial statements -Losses on receivables caused by conditions such as a business failure arising subsequent to the balance sheet date
"Assurance Bucket"
-Must be filled with sufficient appropriate evidence to obtain the level of assurance necessary to support the auditor's opinion -top down audit testing hierarchy
Ex. of Engagement Letter Order
-addressed to audit committee chair, address, date -integrated audit of the financial statements and internal control over financial reporting-services and related report -our responsibilities and limitations -mgmt's responsibilities -Document retention -other documents -timing and fees -signed by audit partner, approved with signature by audit committee chair, date of approval
Examples of Type I Events
-an uncollectible AR resulting from deterioration in a customer's financial condition prior to year end, about which the holder of the receivable is unaware. The customer declares bankruptcy after the balance sheet date but prior to the issuance of the financial statements -settlement of a lawsuit after the balance sheet date but prior to issuance of the financial statements for an amt different from the amt recorded in the year end financial statements as a contingent liability
Trend Analysis
-analysis of changes in an account over time -compares last year's account balance (expectation) w/ the current balance -can encompass multiple time periods including comparing trends with budget amounts and with competitor and industry info -number of time periods used is a function of predictability and desired precision
Assess Compliance with Ethical and Independence Requirements
-annual independence questionnaire: auditor's financial or business relationships w/ clients -at engagement level, partner-in-charge should ensure all individuals assigned to engagement are independent from the entity by reviewing the annual independence reports from each member of the audit team or through the firm's independent database -unpaid client fees: firms adopt policy of not completing the current audit until all of the prior year's fees are paid -consulting services for client: does not impair independence but audit team must remain objective; under SOX the auditor is not permitted to provide certain types of consulting services for audit clients
Additional items the engagement letter might include
-arrangements involving the use of specialists or internal auditors -any limitation of the liability of the auditor or client, such as indemnification to the auditor for liability arising from knowing misrepresentations to the auditor by mgmt or alternative dispute resolution procedures -additional services to be provided relating to regulatory requirements -arrangements regarding other services (ex. assurance, tax, consulting services)
Substantive Analytical Procedures
-develop an expectation -define a tolerable difference -compare the expectation to recorded amt -investigate differences greater than the tolerable difference -conduct other audit procedures or propose an audit adjustment or accept the amount if the explanation and corroborative evidence is adequate
Analytical Procedures
-evaluations of financial info made through analysis of plausible relationships among both financial and nonfinancial data -auditing standards require the auditor to perform analytical procedures as risk assessment procedures (aka planning/preliminary analytical procedures) -such procedures assist the auditor in understanding the entity and its environment and in identifying areas that may represent specific risks relevant to the audit -helpful in identifying the existence of unusual transactions or events and amounts, ratios and trends that might have implications for audit planning -ex. revenue
Assertions about account balances, and related disclosures, at the end of the period: (6)
-existence -rights and obligations -completeness -accuracy, valuation, and allocation -classification -presentation
Reasonableness Analysis
-forming an expectation using a model -because it forms an explicit expectation, reasonableness analysis typically forms a more precise expectation than trend or ratio analysis
Inquiries the successor auditor should ask from the predecessor auditor
-info that might bear on the integrity of mgmt -disagreements w/ mgmt -communications to audit committees or others w/ equivalent authority and responsibility regarding fraud, illegal acts by clients and internal control related matters -predecessor auditor's understanding for the reasons for the change of auditors -predecessor auditor's understanding of the nature of the company's relationship and transactions w/ related parties and significant unusual transactions
Audit Procedures for Subsequent Events (from ppt slides, see textbook info on google doc.)
-inquire of mgmt -Reading meeting minutes -inquiry of legal council -examine the books of the original entries -read interim financial statements -evaluating entity's policies and procedures to properly record subsequent events as part of its internal control over financial reporting
Final Analytical Procedures
-objective is to assist the auditor in assessing the conclusions reached and evaluating the overall financial statement presentation -requires reviewing the trial balance, financial statements and footnotes in order to: 1. judge the adequacy of the evidence gathered in order to support any unusual or unexpected balances investigated during the audit 2. determine if any other unusual balances or relationships have not been investigated
Assertions about classes of transactions and events, and related disclosures for the period under audit: (7)
-occurrence -completeness -authorization -accuracy -cutoff -classification -presentation
Difference between analytical procedures used as risk assessment procedures (planning) and as final analytical procedures
-planning: auditor is not required to obtain corroborative evidence because planning analytical procedures are not intended to provide substantive audit evidence regarding specific assertions. The auditor normally determines whether the planned audit procedures need to be revised due to the results of the preliminary analytical procedures -final: auditor investigates unexpected differences by first going to the working papers to determine if sufficient appropriate evidence has already been gathered to explain the difference. If no sufficient evidence is found in the working papers, auditor would formulate possible explanations, conduct additional testing and seek an explanation from the entity's personnel
LO 3-3 Establish an Understanding with the Entity
-reduces risk of misinterpretation -the terms of the engagement (in engagement letter) should include: objectives of engagement, mgmt's responsibilities, auditor's responsibilities, and the limitations of the engagement -Topics discussed: (i) engagement letter, (ii) using the work of the internal auditors, (iii) role of the audit committee
Ratio Analysis
-the comparison across time or to a benchmark of relationships between financial statement accounts or between an account and nonfinancial data -includes "common size" analysis which is the conversion of financial statement amounts to percentages -industry or competitor ratios are often used to benchmark the entity's performance -more effective at identifying risks and potential misstatements than trend analysis because comparisons of relationships between accounts and operating data are more likely to identify unusual patterns than is an analysis only focused on an individual account
Documentation Requirements when substantive analytical procedures are used
-the expectation and how it was developed -results of the comparison of the expectation to the recorded amounts or ratios developed from recorded amounts -any additional auditing procedures performed in response to any significant differences identified
Dual Date
-when a subsequent event occurs after the date where the auditor has obtained appropriate audit evidence but before financial statements are issued. -ex. "feb. 15, 2019 except for Note 10, which is as of March 1, 2019" *limits auditor's responsibility
Phases of the Audit that Relate to Audit Planning
1. Client Acceptance and Continuance 2. Preliminary Engagement Activities 3. Plan the Audit
Control Environment-Principles #1-5
1. Org demonstrates a commitment to integrity and ethical values 2. BOD demonstrates independence from mgmt and exercises oversight of the development and performance of internal control 3. Mgmt est. w BOD oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives 4. Org. demonstrates a commitment to attract, develop, and retain competent individuals in alignment w/ objectives 5. Org holds individuals for their internal control responsibilities in the pursuit of objectives
Examples of procedures that can help the auditor identify contingent liabilities include:
1. Reading the min of meetings of the BOD, committee of the board and stockholders 2. Reviewing contracts, loan agreements, leases and correspondence from gov. agencies 3.Reviewing tax returns, IRS reports and schedules supporting the entity's income tax liability 4. Confirming or otherwise documenting guarantees and letters of credit obtained from financial institutions or other lending agencies 5. Inspecting other docs for possible guarantees or other similar arrangements
Under current auditing standards, mgmt assertions fall into 2 categories:
1. assertions about classes of transactions and events, and related disclosures for the period under audit 2. assertions about account balances, and related disclosures at the end of the period
LO 3-2 Preliminary Engagement Activities
1. determining audit engagement team requirements 2. ensuring the audit team and audit firm are in compliance with ethical and independence requirements 3. Est. an understanding with the entity
Specific additional steps to identify contingent liabilities (should be done near the completion of the engagement)
1. inquiry of and discussion w/ mgmt regarding the entity's policies and procedures for identifying, evaluating, and accting for contingent liabilities 2. Examining docs in the entity's records such as correspondence and invoices from attorneys for pending or threatened lawsuits 3. Obtaining a legal letter that describes and evaluates any litigation, claims or assessments 4. Obtaining a written representation from mgmt that all litigation, asserted and unasserted claims, and assessments have been disclosed in accordance w/ FASB ASC Topic 450 "Contingencies"
3 categories for the likelihood that the future event will result in a loss when a contingent liability exists are:
1. probable 2. reasonably possible 3. remote
8 Elements for the Standard Unqualified audit report for public companies:
1. report title 2. addressee 3. "Opinion" 4. "Basis for Opinion" 5. "Critical Audit Matters" 6. Name/signature of the audit firm 7. Indication of how long the auditor has served as the company's auditor 8. Audit report location and date
3 Types of Analytical Procedures
1. trend analysis 2. ratio analysis 3. reasonableness analysis
Control Activities-Principles #10-12
10. Org. selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives and acceptable levels 11. Org. selects and develops general control activities over tech to support the achievement of objectives 12. Org. deploys control activities through policies that est. what is expected and procedures that put policies into action
Info and Comm-Principles #13-15
13. Org. obtains or generates and uses relevant, quality info to support the functioning of the other components of internal control 14. Org. internally communicates info including objectives and responsibilities for internal control, necessary to support the functioning of other components of internal control 15. Org. communicates w/ external parties regarding matters affecting the functioning of other components of internal control
Monitoring Activities-Principles #16-17
16. Org. selects, develops and performs ongoing and/or separate evals to ascertain whether the components of internal control are present and functioning 17. Org. evals and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior mgmt and BOD if appropriate
Risk Assessment-Principles #6-9
6. Org. specifies objectives w/ sufficient clarity to enable the ID and assessment of risks relating to objectives 7. Org. identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed 8. Org. considers the potential for fraud in assessing risks to the achievement of objectives 9. Org. ID's and assesses changes that could significantly impact the system of internal control
Control Activities
Actions est. by policies and procedures to help ensure that mgmt directives to mitigate risks to the achievement of objectives are carried out; performed at all levels of the entity and at various stages w/n business processes & tech. enviro; 4 types: (i) performance reviews, (ii) physical controls, (iii) segregation of duties, (iv) info. processing controls, including authorization and document based controls
Completeness (end of period)
All assets, liabilities and equity interests that should have been recorded have been recorded, and all related disclosures that should have been included in the financial statements have been included
Authorization (during the period)
All transactions and events have been properly authorized
Completeness (during the period)
All transactions and events that should have been recorded have been recorded, and all related disclosures that should have been included in the financial statements have been included
Accuracy (during the period)
Amounts and other data relating to recorded transactions and events have been recorded appropriately, and related disclosures have been appropriately measured and described
When can the auditor determine the size of the assurance bucket?
An auditor can determine the size after the auditor has determined the risks associated with the assertions for an account balance
Presentation (end of period)
Assets, liabilities and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework
Existence (end of period)
Assets, liabilities and equity interests exist
Classification (end of period)
Assets, liabilities and equity interests have been recorded in the proper accounts
Accuracy, valuation and allocation (end of period)
Assets, liabilities, and equity interests have been included in the financial statements at appropriate amounts, and any resulting valuation or allocation adjustments have been appropriately recorded, and related disclosures have been appropriately measured and described
LO 4-4 Auditor's Risk Assessment Process
Auditor's objective is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including their internal controls
Remote
Chance of the future event occurring is slight
Reasonably Possible
Chances of the future event occurring is more than remote but less than likely
Probable
Future event is likely to occur
LO 5-2 Management Assertions
In representing the financial statements are in accordance with the applicable financial reporting framework, mgmt implicitly or explicitly makes assertions regarding recognition, measurement and presentation of classes of transactions and events, account balances, and disclosures
Info & Comm
Info is necessary for the entity to carry out internal control responsibilities in support of achievement of its objectives; Communication occurs both internally and externally and provides the org w/ the info needed to carry out day to day internal control activities; Comm enables personnel to understand internal control responsibilities and their importance to the achievement of objectives and allow for upward flow of operating info to mgmt
Who is responsible for the fair presentation of the financial statements?
Management
Monitoring Activities
Ongoing evals, separate evals, or some combo of the two are used to ascertain whether each of the 5 components of internal control, including controls to effect the principles w/n each component, are present and functioning; findings are evaluated and deficiencies are communicated in a timely manner, w/ serious matters reported to senior mgmt and to the BOD
Prospective Client Acceptance
Public accounting firm must consider these issues before accepting a new client: -has the capabilities to perform the engagement -complies with legal and relevant ethical requirements -has considered the integrity of the client
Control Environment
Set of standards, processes and structures that provide the basis for carrying out internal control across the organization; BOD and senior mgmt est. the tone regarding the importance of internal control and expected standards of conduct
COSO's Internal Control-Integrated Framework
System of internal control is designed and carried out by an entity's BOD, mgmt and other personnel to provide reasonable assurance about the achievement of the entity's objectives in the following categories: 1. reliability, timeliness and transparency of internal and external financial and nonfinancial data 2. Effectiveness and efficiency of ops, including safeguarding assets 3. Compliance w/ applicable laws and regs
Rights and Obligations (end of period)
The entity holds or controls the rights to assets, and liabilities are the obligations of the entity
Presentation (during the period)
Transactions and events are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework
Cutoff (during the period)
Transactions and events have been recorded in the correct accounting period
Classification (during the period)
Transactions and events have been recorded in the proper accounts
Occurrence (during the period)
Transactions and events that have been recorded or disclosed have occurred, and such transactions and events pertain to the entity (aka validity)
T/F: appropriate evidence in the working papers should support any differences from the auditor's expectations?
True
T/F: The successor auditor should request permission of the prospective client before contacting the predecessor auditor?
True; the Code of Professional Conduct doesn't allow an auditor to disclose confidential client info without the client's consent
2 types of subsequent events require consideration by mgmt and evaluation by the auditor:
Type I Type II
If event is reasonably possible or the amount cannot be estimated it is recorded as...
a disclosure of the contingency is made in the footnotes to the financial statements
If event is probable and the amount of loss can be reasonably estimated, the loss associated with the contingency is recorded as...
accrued by a charge to income
Contingent Liability
an existing condition or set of circumstances involving uncertainty as to possible loss that will ultimately be resolved when some future event occurs or fails to occur; ex. litigation
For lower risk, well controlled accounts
assurance bucket may be entirely filled with tests of controls and substantive analytical procedures
Management assertions also guide the auditor in designing
audit procedures to collect the needed evidence, as well as assisting the auditor in evaluation the appropriateness and sufficiency of evidence
Size of assurance bucket can vary depending on
auditor's risk assessment and the assertion being tested; certain assertions will be more important/present greater risks for some accounts than others; ex. largest bucket for AP is completeness assertion
How can an entity achieve effective internal control?
by applying all 17 principles underlying the components of internal control
Transaction related and balance related assertions help the auditor
conceptualize, plan and perform audit procedures
what type of relationship exists between objectives, components, and the structure of the entity
direct relationship
Auditing standards definition of analytical procedures
evaluations of financial info through analysis of plausible relationships among both financial and nonfinancial data; can facilitate an effective audit by helping the auditor understand the entity's business, directing attention to high risk areas, identifying audit issues that might not be otherwise apparent, providing audit evidence, and assisting in the evaluation of audit results
Subsequent Events
events that occur after the balance sheet date but before the issuance of the financial statements that materially affect the financial statements; require recognition/disclosure
Type I (recognized events)
events that provide additional evidence about conditions that existed at the date of the balance sheet and that affect the amounts or est. involved in the financial statement prep process; require adj. of the numbers in the financial statements
Type II (unrecognized events)
events that provide evidence about conditions that did not exist at the date of the balance sheet but that arose subsequent to that date; usually require disclosure in the notes of the financial statements; sometimes if the effect is very significant, pro forma financial statements may be required in order to prevent the statements from being misleading
Determine the Audit Engagement Team Requirements
factors include: engagement size and complexity, level of risk, special expertise, personnel availability, and timing of work to be performed
Purpose of Framework
help mgmt better achieve the orgs. objectives and provide BOD an added ability to oversee internal control
Size of the assurance bucket means
how much assurance is needed
the auditor is mainly concerned with
how the 5 components, evaluated individually and in terms of how they operate together, affect the external financial reporting objective
Entity's Risk Assessment Process
involves a dynamic and iterative process for identifying and analyzing risks to achieving the entity's objectives, thereby forming a basis for determining how risks should be managed; mgmt considers possible changes in the external enviro and w/n its own business model that may impede its ability to achieve its objectives
Structure of the entity
operating units, legal entities and other
Client Continuance
public accounting firms should evaluate periodically whether to continue with their current clients; must take place at or near the end of an audit or when a significant event occurs
What type of assurance that the risk of not achieving an entity objective is reduced to an acceptable level does an effective system provide?
reasonable assurance
In performing analytical procedures:
the auditor should develop expectations about plausible relationships that are expected to exist, based on the understanding of the entity and its environment
If event is remote..
then neither accrued on the financial statements nor disclosed in the footnotes
Analytical procedures are commonly used to gather substantive evidence because
they are effective at detecting misstatements, inexpensive to perform, ability for audit teams to perform a wide range of analytics that both identify client risk and provide evidence regarding mgmt's assertions
LO 3-4 The Engagement Letter
used to formalize the arrangements reached between the auditor and the entity; contract outlining responsibilities of both parties and preventing misunderstandings
objectives
what an entity is striving to achieve
Components
what the entity needs to do in order to achieve the objectives
After accepting client, new auditors should request entity to allow old auditors to send their working papers to new auditors
working papers are reviewed by new auditors and they need info about beginning balances and consistent application of GAAP