Audit 402 - Ch 1 - 5 FRQ

Identify the role of the following bodies in the auditing standards-setting process: (1) the AICPA; (2) the PCAOB; (3) the SEC.

(1) AICPA established the self-regulated standards used in public entities in audits until 2002 and was replaced with the PCAOB. It is now the rule-making body of nonpublic entities only and uses SASs; (2) PCAOB was created as a result of Sarbanes-Oxley to provide external and independent oversight over the audits of public entities. It is also responsible for registering public accounting firms, establishing and enforcing standards for audit engagements, and inspecting the quality of audits conducted by registered public accounting firms; (3) SEC makes the final approval of the PCAOB's issued Auditing Standards (ASs).

How does the source of evidence affect its reliability?

(1) Evidence created by sources external to the entity is more reliable than that created by the entity. From most to least reliable, sources of evidence are auditors auditor evidence, external evidence, and internal evidence; (2) Evidence created by sources outside the entity is more reliable when received directly from the external source than when received from sources internal to the entity, (3) Evidence obtained from entities with more effective internal controls is more reliable than that obtained from entities with less effective internal controls, (4) Evidence obtained from original source documents is more reliable than that obtained from photocopies, facsimiles, or electronic documents.

How frequently are firms required to have PCAOB inspections?

(1) For firms performing audits of more than 100 public entities, and are conducted on an annual basis, (2) For firms performing audits of 100 or fewer public entities, and are conducted at least every three years.

What is a system of quality control? Identify the six elements of a system of quality control.

(1) Leadership responsibilities for quality within the firm ("tone at the top"), (2) Relevant ethical requirements (independence and due care), (3) Acceptance and continuance of client relationships and specific engagements considerations (management's reputation, legal compliance, etc.), (4) Human resources (quality and quantity needed), (5) Engagement performance (work is planned, assistants are supervised, the work is performed in compliance with GAAS, work is reviewed, and deficiencies are addressed, (6) Monitoring (policies and procedures are operating effectively and as practiced).

Identify the three fundamental principles underlying GAAS.

(1) The Responsibilities Principle defines objectivity and identifies the important role that objectivity plays in the audit; (2) The performance principle requires, among other things, auditors to plan the work (i.e., conduct the audit using a "systematic process") and to "obtain and evaluate evidence" through assessing the risk of material misstatement and gathering sufficient appropriate evidence, (3) The Reporting Principle provides guidance for "communicating the results" of the audit about whether the financial statements are prepared using "established criteria" (an applicable financial reporting framework, or GAAP).

What factors should auditors consider in deciding whether to accept or continue the engagement with a particular client? What should firms do if they decide to withdraw from an engagement?

(1) The integrity and business reputation of the client (2) The firm's ability to adequately perform the engagement with an appropriate level of professional competence, (3)The firm's ability to comply with legal and ethical requirements related to the engagement. The purpose of this process is to avoid association with a client whose management lacks integrity and to ensure that the firm can perform the engagement at an appropriate level. If this happens, SQCS 8 notes that the firm should document significant issues, consultations, conclusions, and the basis for any conclusions related to its decision.

What are the four types of audit opinions? What is the conclusion of each one

(1) Unmodified (or Unqualified) Opinion that concludes that the entity's financial statements present its financial condition, results of operations, and cash flows in conformity with GAAP, (2) An adverse opinion that concludes that the entity's financial statements are not presented in conformity with GAAP (or another financial reporting framework such IFRS), (3) A qualified opinion concluding that except for a relatively isolated (usually limited) departure, the entity's financial statements are presented in conformity with GAAP (or another financial reporting framework, such as IFRS), (4) In some cases (for example, if the auditors lack independence), auditors may choose not to express an opinion on the entity's financial statements. This type of report is referred to as a disclaimer of opinion. (A disclaimer of opinion is an indication that an opinion cannot be expressed.)

What is an audit plan? During which stage of the audit is an audit plan prepared?

(Formerly referred to as an audit program ) is a list of the audit procedures that auditors need to perform to gather sufficient appropriate evidence on which to base their opinion on the financial statements. It is the second stage of the audit after Obtain (or Retain) Engagement and before Risk Assessment.

What are the advantages and disadvantages of documenting internal control by using (1) an internal control questionnaire, (2) a narrative memorandum, and (3) a flowchart?

(a) Advantages of an internal control questionnaire: • Is easy to complete. • Has a checklist of questions. • Decreases chance of overlooking something important. Disadvantages: • May contain numerous irrelevant questions. • Tends to be treated like another form to fill out. (b) Advantages of a narrative memorandum: • Can explain the precise controls applicable to the particular client (precise tailoring). • Requires penetrating analysis. • Minimizes tendency toward perfunctory review. Disadvantages: • Is difficult to write and often lengthy. • Is difficult to revise in subsequent years. (c) Advantages of flowchart: • Provides graphic presentation of systems. • Shows the steps required and the flow of forms and documents. • Is easy to read and analyze. • Is easy to update in subsequent years. Disadvantages: • Takes a significant amount of time to complete. • Can be quite complex, requiring specific skills to complete.

What are (a) internal control deficiency, (b) a significant deficiency, and (c) a material weakness?

(a) An internal control deficiency is a condition that exists when the design or operation of a control does not allow the company's management or employees to detect or prevent misstatements in a timely fashion. (b) A significant deficiency is defined as a deficiency or a combination of deficiencies in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance. (c) A material weakness in internal control is defined as a deficiency or combination of deficiencies that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis.

What information would you expect to find in a permanent audit file?

1. Charter, bylaws 2. Leases, bonds 3. History of company 4. Meeting minutes 5. C/forward accounts (R/E) 6. Prior years' financial statements 7. Client org chart

What are the five types of general analytical procedures? List five sources of information for analytical procedures.

1. Compare current-yr account balance to previous year (COGS this year and last year) 2. Compare current-yr account balances to anticipated results (current COGS compared to budgeted amt) 3. Compare Acct 1 (current pd) with Acct 2 (current pd) 4. Current year ratios compared with industry average 5. Relationships between account balances and nonfinancial info

Define and describe the five basic components of internal control and specify some of their characteristics.

1. Control Environment- factors include integrity, ethical values, board of directors, management's philosophy and operating style, organizational structure, finance reporting competencies, authority and responsibility, human resources. The most important feature of the control environment is the people who make the system work. The entity's audit committee is a key factor in the control environment. 2. Risk assessment- Management should take steps to identify risks, estimate their significance and likelihood, and consider how to manage the risks. Te following principles

What are the five steps involved with the use of preliminary analytical procedures?

1. Develop an expectation 2. Define a significant different 3. Compare expectation with recorded amount 4. Investigate significant differences 5. Document each of the preceding steps

How does an audit team use materiality on an audit engagement?

1. Guide to planning substantive testing procedures 2. Performance materiality (make sure aggregate doesn't exceed whole) 3. Guide for making decisions about the audit report

Identify and then briefly explain the eight general audit procedures used to gather evidence. Next, please provide an example for each of the eight procedures.

1. Inspection of records and docs 2. Inspection of tangible assets 3. Observation 4. Inquiry 5. Confirmation 6. Recalculation 7. Reperformance 8. Analytical procedures

What is meant by the nature of the company, and why is it important to inherent risk assessment?

1. Org structure 2. Sources of funding 3. Significant investments 4. Company's operating characteristics 5. Sources of company earnings, related parties If control risk is high, then inherent risk is the only factor that can lower your risk of material misstatement. For example, a high control risk and a low inherent risk results in a moderate risk of material misstatement. Why is this important? Lower RMMs provide the basis for less substantive work.

Identify the four cycles featured in Dunder-Mifflin's accounting system featured in Exhibit

1. Rev and collection cycle (cash, A/R, Sales, BD exp) 2. Acquisition and expenditure cycle (cash, inv, fixed assets, A/P, general expenses) 3. Production cycle (cash, inv, COGS, depr. exp) 4. Finance and investment cycle (cash, notes, stock, R/E, divs, int exp)

What are the two primary ways to conduct substantive tests? Explain how the tests are different.

1. substantive analytical procedures (more efficient) are the audit processes or methods that auditors perform to detect material misstatement that could occur in financial statements. Auditor must develop an independent expectation of the balance 2. tests of details (more effective) Generally requires sampling

What is a control activity?

A control activity is an action taken for the purpose of preventing, detecting, or correcting errors and frauds in transactions to eliminate, mitigate, or compensate for risks identified by management.

What is a financial reporting framework? How is it related to the auditors' reporting responsibilities?

A set of criteria used to determine the measurement, recognition, presentation, and disclosure of material items in the financial statements; The three examples of financial reporting frameworks are GAAP, International Financial Reporting Standards (IFRS), or a special purpose framework (such as cash or tax bases)

What are tests of control activities?

A test of control activities is an audit procedure designed to produce evidence about the operating effectiveness of a client's control activity. A test of controls is completed using some combination of inquiry, observation, document examination, and/or reperformance.

Audit risk Model and RMM

AR = IR * CR * DR RMM = IR * CR AR = risk that the auditor issues an incorrect opinion when a material misstatement exists IR = the susceptibility of an assertion to material misstatement before considering controls CR = the likelihood a material misstatement will not be caught by the clients controls DR = the likelihood a material misstatement will not be caught by the auditor

Where can an auditor find a client's documentation of the accounting system?

An auditor can find client's documentation of the accounting system in a number of places, including: Chart of accounts. Accounting manual—definitions and instructions about measuring and classifying transactions. Computer systems and program documentation. Systems and procedures manuals. Flowcharts of transaction processing. Various paper forms.

Understand the importance of planning the audit engagement so that it is conducted in according with professional standards.

Are we exercising the appropriate amount of skepticism? Are we considering alternatives, evaluating evidence objectively, etc. when making judgments? Would any other auditor do this in the same manner, with similar personnel?

How are the sufficiency and appropriateness of evidence related to detection risk?

As auditors require a higher quality of evidence (lower detection risk), they must gather more relevant and reliable evidence (appropriateness) and evaluate more transactions or components (sufficiency). Page 55 Exhibit 2.2

Define audit risk.

Audit risk is the probability that an audit team will express an inappropriate audit opinion when the financial statements are materially misstated (i.e., give an unmodified opinion on financial statements that are misleading because of material misstatements that the auditors failed to discover).

Define audit risk and describe how it can be broken down into the three separate components of the audit risk model to help assess and respond to such risks during the audit planning process.

Audit risk is the risk (likelihood) that the auditor may unknowingly fail to modify the opinion on financial statements that are materially misstated (e.g., an unqualified opinion on misstated financial statements.) The AUDIT RISK MODEL decomposes overall audit risk into three components: inherent risk (IR), control risk (CR), and detection risk (DR):

Define audit trail. How could a computerized system's transaction audit trail in an advanced System differ from one in a simple system or a manual system

Audit trail: chain of evidence provided through coding, cross-references, and documentation connecting account balances and other summary results with the original transaction source docs. Some designed so that trail only exists for a short amount of time (to prevent fraud)

What reports (other than auditors' reports) on internal control do audit teams give to an entity's management, board of directors, or audit committee?

Auditors must communicate significant deficiencies and material weaknesses that come to their attention in the performance of the audit to management, the board of directors, or its audit committee. Auditors often issue a type of report to management called a management letter. This letter may contain commentary and suggestions on a variety of matters in addition to internal control matters.

What is considered the most important content of the auditor's current audit documentation files?

Auditors' conclusions. Include 1. reconcile 2. work planned 3. understand client internal control 4. sufficient appropriate audit evidence

What is the auditor's responsibility regarding fraud risk?

Auditors' primary responsibility is to design procedures to provide reasonable assurance that frauds that materially misstate the financial statements are detected.

What are some of the ratios that can be used in preliminary analytical procedures?

Bal-sheet: current, debt/equity Ops: Receivables TO, Inventory TO Financial Distress Ratios: work cap/tot assets

What are some types of knowledge and understanding about a client's business and industry that an auditor is expected to obtain? What are some of the methods and sources of info for this understanding?

Client's industry, client company itself, compensation arrangements with managers. General bus sources: trade magazines, WSJ, etc. Company sources: charter/bylaws, legal proceedings, meeting minutes

Fraud Risk Factors: Industry conditions

Company profits lag the industry. New requirements are passed that could impair stability or profitability. The company's market is saturated due to fierce competition. The company's industry is declining. The company's industry is changing rapidly.

Explain auditors' responsibility for fraud risk assessment and define and explain the differences among several types of fraud and errors that might occur in an organization.

Company profits lag the industry. New requirements are passed that could impair stability or profitability. The company's market is saturated due to fierce competition. The company's industry is declining. The company's industry is changing rapidly.

Why do predecessor auditors need to obtain the client's consent to give information to prospective auditors? What information should prospective auditors try to obtain from predecessor auditors?

Confidentiality. If a potential client refuses to allow a new auditor to talk to a predecessor, big RED FLAG. Attempt to obtain basic information regarding issues reflecting integrity of management.

Define control risk and explain the role of control risk assessment in audit planning.

Control risk is the probability that the client's internal control activities will fail to prevent or detect material errors and frauds that enter the data processing system. Assessing control risk is part of using the audit risk model in the planning stage of the audit. That is, auditors determine the nature, timing, and extent of further substantive audit procedures (i.e., set detection risk) based, in part, on the assessment of control risk for each relevant financial statement assertion. The other important assessment that auditors have to make to determine the nature, timing and extent of further audit procedures is the inherent risk assessment.

Describe the fundamental principle of performance and identify the major activities performed in an audit.

To express an opinion, the auditor obtains reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. To obtain reasonable assurance and quality work, the auditor: (1) Plans the work and properly supervises any assistants, (2) Determines and applies appropriate materiality level or levels throughout the audit, (3) Identifies and assesses risks of material misstatement, whether due to fraud or error, based on an understanding of the entity and its environment, including the entity's internal control (4) Obtains sufficient appropriate audit evidence about whether material misstatements exist, through designing and implementing appropriate responses to the assessed risks.

4.11 Why should auditors understand their clients' performance measures when assessing inherent risk?

To see what managers think is important. (related to compensation?) also indicators of materiality

What are some audit procedures that can be performed using CAATs?

Used for recalculation, confirmation, document examination, scanning, analytical procedures, fraud investigation

What is meant by (a) vouching, (b) tracing, and (c) scanning? What is the difference between vouching and tracing?

Vouching-financial item followed back to origin (source doc). Provides evidence for existence and occurrence, NOT for completeness, sometimes helps with valuation and allocation Tracing-financial item followed forward from source doc to journal/ledger entry. Provides evidence for completeness, sometimes for valuation and allocation Scanning-"eyes-open" approach of looking for anything unusual

When are analytical procedures required during an audit engagement?

When planning the audit and when performing final review. Also to test assertions.

What is the difference between document examination and reperformance when conducting tests of controls?

When testing controls, document examination or inspection refers to auditors determining whether client personnel actually stamped, initialed, or left other signs on documentary evidence that their assigned control activities had been performed. When testing controls, reperformance refers to auditors actually completing the control activity (again) that were supposed to have been performed by the client personnel (recalculating, looking up the right price, comparing quantities, and so forth). The key difference between document examination and reperformance is that with the former, audit teams inspect documents for evidence that employees have performed the control activity; reperformance provides evidence that the control activity was (or was not) done correctly.

What advantages are derived from using CAATs in the financial statement audit? When answering this question please specifically consider performing when an auditor has to perform recalculations and selecting a sample of accounts receivable balances to be confirmed.

a) Speed and accuracy. b) Eliminates human error

7When planning an audit engagement, what matters should be considered about a client's Computerized processing environment?

a. Extent used b. Complexity c. Org structure d. Availability of data e. CAATs available f. Need for specialized skills

What are the general characteristics of significant transactions that are typically computerized?

data processing

What information would you expect to find in a current audit file?

engagement letter, staff assignment notes, prelim analytic procedures results, risk assessment, materiality assessments. Often summarized in PLANNING MEMO.

A material weakness

in internal control is defined as a deficiency or combination of deficiencies that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis.

(a) An internal control deficiency

is a condition that exists when the design or operation of a control does not allow the company's management or employees to detect or prevent misstatements in a timely fashion.

What is an audit committee? What are its duties?

is a subcommittee of the board of directors that is generally composed of three to six "outside" members (those not involved in the entity's day-to-day management) of the organization's board of directors. Each member must be financially literate, and one member must be a "financial expert." Important Duties: Appointment, compensation, and oversight of the public accounting firm conducting the entity's audit. Resolution of disagreements between management and the audit team. Oversight of the entity's internal audit function. Approval of nonaudit services provided by the public accounting firm performing the audit engagement.

A significant deficiency

is defined as a deficiency or a combination of deficiencies in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.

Indirect-effect noncompliance

is not related to specific accounts or disclosures on the financial statements (e.g., violations relating to insider securities trading, occupational health and safety, food and drug administration, environmental protection, and equal employment opportunity). Auditor's responsibility—Follow up on suspected violations material to the financial statements

Control risk -

is the risk of a material misstatement in the financial statements arising due to absence or failure in the operation of relevant controls of the entity. Organizations must have adequate internal controls in place to prevent and detect instances of fraud and error. Control risk is considered to be high where the audit entity does not have adequate internal controls to prevent and detect instances of fraud and error in the financial statements. Assessment of control risk may be higher for example in the case of a small sized entity in which segregation of duties is not well defined and the financial statements are prepared by individuals who do not have the necessary technical knowledge of accounting and finance.

Explain an auditor's responsibility to assess inherent risk, including a description of the type of risk assessment procedures that should be performed when assessing inherent risk on an audit engagement.

is the risk of a material misstatement in the financial statements arising due to error or omission as a result of factors other than the failure of controls (factors that may cause a misstatement due to absence or lapse of controls are considered separately in the assessment of control risk). generally considered to be higher where a high degree of judgment and estimation is involved or where transactions of the entity are highly complex. For example, the inherent risk in the audit of a newly formed financial institution which has a significant trade and exposure in complex derivative instruments may be considered to be significantly higher as compared to the audit of a well established manufacturing concern operating in a relatively stable competitive environment

Inherent Risk -

is the risk of a material misstatement in the financial statements arising due to error or omission as a result of factors other than the failure of controls (factors that may cause a misstatement due to absence or lapse of controls are considered separately in the assessment of control risk). generally considered to be higher where a high degree of judgment and estimation is involved or where transactions of the entity are highly complex. For example, the inherent risk in the audit of a newly formed financial institution which has a significant trade and exposure in complex derivative instruments may be considered to be significantly higher as compared to the audit of a well established manufacturing concern operating in a relatively stable competitive environment

What are the primary reasons for conducting an evaluation of an audit client's internal control?

is to give the auditors a basis to determine the nature, timing, and extent of further substantive audit procedures. On a public company audit, Sarbanes-Oxley requires auditors of public companies to perform an audit of internal control over financial reporting that is integrated with the financial statement audit.

What is meant by material information in accounting and auditing?

material=important. Requires professional judgment. Rule of thumb: <5% not material, >5% is material

List some items normally documented in a planning memorandum.

nature, timing, and extent of procedures to be performed to assess risk of material misstatement at the financial statement and assertion level. Then nature, timing, extent of control and substantive tests designed to mitigate risks to acceptable level

Direct-effect noncompliance

produces direct and material effects on the financial statements. The law or regulation can be identified with a specific account or disclosure (e.g., income tax evasion). Auditor's responsibility--design procedures to provide reasonable assurance

What is the concept of reasonable assurance?

reasonable assurance recognizes that the cost of an organization's internal control should not exceed the benefits obtained by the control. Management is responsible for assessing the cost and benefits of internal controls in their own organizations, hence their reasonable assurance. Auditors get into the act of reasonable assurance assessment when they audit internal controls and when they consider whether to make recommendations about control improvement in a management letter. Both parties must consider that the SEC regards reasonable assurance as a high standard that means the probability of controls not detecting or preventing material misstatements is remote.

Detection Risk -

risk that the auditors fail to detect a material misstatement in the financial statements. An auditor must apply audit procedures to detect material misstatements in the financial statements whether due to fraud or error. Misapplication or omission of critical audit procedures may result in a material misstatement remaining undetected by the auditor. Some detection risk is always present due to the inherent limitations of the audit such as the use of sampling for the selection of transactions. Detection risk can be reduced by auditors by increasing the number of sampled transactions for detailed testing. For example, if an auditor sampled 100 of 1,000 accounts, there would be a higher detection risk than if the auditor sampled 900 of the 1,000 accounts.

How do control risk affect the nature, timing, and extent of further audit procedures?

the higher the assessment of control risk, the higher the assessment of RMM. (INVERSE) Audit teams' assessment of control risk as high implies that the controls are not effective at preventing or detecting material misstatements and could not be relied on by audit teams. In this situation, audit teams would likely use substantive tests of details designed to obtain the highest quality of external evidence (nature) at or near the entity's fiscal year-end (timing) with large sample sizes (extent).

Distinguish between independence in fact and independence in appearance. Can auditors be independent in fact yet not be perceived to be independent in appearance?

Independence in Fact: A mental attitude where auditors are expected to be unbiased and impartial with respect to the financial statements and other information they audit, which allows auditors to form an opinion without being affected by influences that might compromise that opinion. Independence in Appearance Relates to others' (particularly financial statement users') perceptions of auditors' independence and unbiased state of mind. Note: Yes, the auditor could own a single share of stock in a client and not let it influence their mental attitude. However, most third-party users would perceive the auditor as not independent in appearance. AICPA and SEC rules primarily relate to independence in appearance.

Define materiality and explain its importance in the audit planning process.

Information is material if it is likely to influence financial statement users' decisions Auditors must consider whether certain accounts or disclosures for which there is a substantial likelihood of misstatements of lesser amounts than the set materiality level would influence the judgment of a reasonable investor.

Define audit evidence.

Information that auditors use in arriving at the conclusions on which to base the audit opinion and includes the underlying accounting data and all available corroborating information. Examples include minutes of meetings, confirmations with independent third parties, invoices, analyst reports, and all other information that permits auditors to reach valid, logical conclusions. Methods use to evaluate this evidence are referred to as substantive procedures, which are performed following the auditors' risk assessment process.

Define and describe what is meant by internal control.

Internal control is the process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the following three categories: • Reliability of financial reporting • Effectiveness and efficiency of operations • Compliance with applicable laws and regulations. Internal control can help prevent and detect many errors, but it cannot guarantee that they will never happen. Human error due to judgment, fatigue, and carelessness can still occur. Other limitations include deliberate circumvention, management override, and improper collusion

What is the basic relationship between the effectiveness of the client's internal control and the necessary effectiveness of substantive procedures?

Inverse- If the client's internal controls are high, the necessary effect of substantive procedures is low. If the client's internal controls are low, the necessary effect of substantive procedures needs to be high.

Understand the fundamental principle of reporting and identify the basic contents of the auditors' report

It is based on evaluation of the evidence obtained, the auditor expresses in the form of a written report, an opinion in accordance with the auditor's findings, or states that an opinion cannot be expressed. The opinion states whether the financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework.

Define reasonable assurance. How does the audit team provide reasonable assurance in the engagement?

It recognizes that a GAAS audit may not detect all material misstatements and auditors are not "insurers" or "guarantors" regarding the fairness of the entity's financial statements. However, auditors should provide a high level of assurance (or confidence) regarding their work. Auditors provide reasonable assurance through considering various risks relating to the likelihood of material misstatement in the financial statements and performing audit procedures to control the overall risk to an acceptably low level. This is done through the risk assessment process, an additional element of the performance principle

Understand the role of a system of quality control and monitoring efforts in enabling public accounting firms to meet appropriate levels of professional quality

Its purpose is to provide the firm reasonable assurance that the firm and its personnel (1) comply with professional standards and applicable regulatory and legal requirements, (2) Issue reports that are appropriate in the circumstances. Simply stated, a system of quality control is implemented by firms to ensure that their work is of high quality and meets the expectations of professional standards.

Why is the timing of the auditors' appointment an important matter in the conduct of a financial statement audit?

Late appointments can result in an inability to plan and perform the audit on a timely basis, therefore the auditing company would be unable to meet the deadline for filing its client's financial statements with the SEC and will be fired or dismissed.

Fraud Risk Factors: Management's Characteristics and Influence

Management has a motivation to engage in fraudulent reporting. Management decisions are dominated by an individual or a small group. Management fails to display an appropriate attitude about internal control. Managers' attitudes are very aggressive toward financial reporting. Managers place too much emphasis on earnings projections.

Distinguish between the responsibilities of management and auditors regarding an entity's internal control.

Management is responsible for establishing a controlled environment, assessing risks it wished to control, specifying information and communication channels and content, designing and implementing control activities, and monitoring, supervising, and maintaining the controls. They can estimate benefits and weigh them against costs. Sarbanes -Oxley requires management to assess and report on the entity's internal control over financial reporting. Management also must disclose any material weaknesses in internal control. To assess control risk auditors must evaluate existing control activities and assess the control risk for the period under audit. In addition, specific controls related to misstatement due to fraud must be evaluated including control over unusual transactions, control over period-end journal entries, control over related party transactions, controls related to significant estimates, control related to areas where management has incentives and pressures to manipulate financial statements.

What is management's responsibility for reporting on internal control over financial reporting?

Management is responsible for establishing and maintaining effective internal control over financial reporting; performing an evaluation and concluding about the effectiveness of the entity's internal control over financial reporting; and disclosing to the audit team any frauds resulting in a material misstatement to the entity's financial statements (as well as any other immaterial fraud that involves key managers), all significant deficiencies, and any material weaknesses identified during its evaluation. Management cannot use the auditors' procedures performed during the audits of internal control over financial reporting or the financial statements as part of the basis for its assessment of the effectiveness of internal control over financial reporting.

What are management's and auditors' respective responsibilities regarding internal control?

Management's responsibility Responsibility for establishing and maintaining adequate internal control over financial reporting A statement identifying the framework used for evaluating the effectiveness of internal control (e.g., COSO) Assess and report on the effectiveness of internal control over financial reporting Auditors' responsibility For public companies, must audit and issue an opinion about the effectiveness of the internal control over financial reporting For each fraud risk, must evaluate whether controls are in place to mitigate the fraud risk Must assess control risk to determine the nature, timing and extent of substantive procedures to be performed

What must external auditors do to use the work of internal auditors in the audit of an entity's financial statements?

Must determine the objectivity and competence of internal auditors

What options are available to the auditor for presenting reports on the entity's financial statements and internal control over financial reporting?

One option is to have two separate reports: one on the fairness of the entity's financial statements and one on internal control over financial reporting. Each report would be separately titled, dated (although using the same date), and signed. The second option is to prepare a combined report that expresses one opinion on the financial statements and a second on the effectiveness of internal control over financial reporting. The combined report is far more common in the practice of auditing.

What is the difference between preventive controls and detective controls? Give an example of each.

Preventive Controls designed to keep misstatements from occurring, Examples of preventive controls would be hiring competent people, requiring approvals, creating separation of duties, and safeguarding assets Detective Controls Detective controls are designed to find misstatements if they occur. Examples of detective controls would be account reconciliations, business performance reviews, and control totals.

Define professional skepticism and professional judgment. During what stages of the audit are auditors required to demonstrate these characteristics?

Professional skepticism is a state of mind that is characterized by appropriate questioning and a critical assessment of audit evidence. Professional judgment is the application of relevant training, knowledge, and experience in making informed decisions about appropriate courses of action during the audit engagement. Both are necessary responsibilities of auditors throughout the entire audit process.

Who is responsible for developing standards for the audits of public entities? Who is responsible for developing standards for the audits of nonpublic entities?

Public Entities: Public Company Accounting Oversight Board (PCAOB) and use Auditing Standards (ASS) Nonpublic Entities: AICPA Auditing Standards Board (ASB) and use Statements on Auditing Standards (SASs).

What is materiality? During what stages of the audit do auditors consider materiality?

Recognizes that auditors should focus on matters that are important to financial statement users. It is commonly established based on percentages of key financial statement subtotals, such as net income, sales or revenues, or total assets. Auditors are responsible only for providing reasonable assurance that misstatements material to the entity's financial statements are identified. Used in the planning stages.

Understand the development and source of generally accepted auditing standards.

Relates to the personal integrity and professional qualifications of auditors and most issues are addressed before a firm accepts a prospective client; Auditors are responsible for (1) Having appropriate competence and capabilities to perform the audit, (2) Complying with relevant ethical requirements (3) Maintaining professional skepticism and exercising professional judgment, throughout the planning and performance of the audit.

Distinguish between relevance and reliability as these concepts relate to audit evidence. How are relevance and reliability associated with the appropriateness of audit evidence?

Relevance refers to the nature of the information of interest provided by the audit evidence; Reliable means the evidence is trustworthy.

What are the three goals of an internal control system according to the COSO report? Which of the three is most important to auditors?

Reliability of financial reporting (most important to auditors) Primary concern for auditors because it directly affects our ability to provide reasonable assurance regarding the F/S Effectiveness and efficiency of operations May provide information relevant to external auditor with regard to particular assertions/accounts, such as valuation of inventory Compliance with applicable laws and regulations Directly affects external auditors ability to provide reasonable assurance regarding the direct-effect illegal acts

What are the documentation retention requirements of AS 1215?

Retained for 7 years after the audit release date!

Provide examples of procedures that firms have used to monitor their quality control policies and procedures.

Reviews of selected administrative and personnel records. Reviews of engagement documentation, reports, and the client's financial statements. Discussions with firm personnel. Assessments of the (1) appropriateness of the firm's guidance materials and professional aids, (2)compliance with policies and procedures on independence, (3) effectiveness of continuing professional education, and (4) decisions regarding the acceptance and continuance of client relationships and specific engagements. (All could be on-going procedures or targeted inspections procedures)

What are the key limitations of an internal control system?

The key limitations in an internal control system generally relate to the people operating within the system. People make the system work at every level of company management. People establish the objectives, put control mechanisms in place, and operate them. There are at least four types of breakdowns related to people. They are human error, deliberate circumvention, management override, and improper collusion among people who are supposed to act independently. Internal control can help prevent and detect these people-caused failures, but it cannot guarantee that they will never happen.

What is the purpose of performing preliminary analytical procedures in audit planning?

Identify potential problem areas, starting place for becoming familiar with client's business

what type of opinion would be issued by the audit team as the result of a scope limitation on the examination of internal control over financial reporting?

If a scope limitation exists, the auditors would issue a disclaimer of opinion or would withdraw from the engagement, depending on the significance of the scope limitation. Ultimately, the decision would depend on the exact facts and circumstances of the engagement.

What are the four major elements of the broad definition of assurance services?

Independence CPAs want to preserve their reputation and competitive advantage by always preserving integrity and objectivity when performing assurance services Professional services Virtually all work performed by CPAs is defined as "professional services" as long as it involves some element of judgment based on education and experience. Improving the quality of information or its context The emphasis is on "information," CPAs' traditional area of expertise. CPAs can enhance quality by assuring users about the reliability and relevance of information, and these two features are closely related to the familiar credibility-lending products of attestation and audit services."Context" is relevance in a different light. For assurance services, improving the context of information refers to improving its usefulness when targeted to particular decision makers in the surroundings of particular decision problems. For decision makers As the "consumers" of assurance services, decision makers are the beneficiaries of the assurance services. Decision makers may or may not be the "client" that pays the fee and may or may not be one of the parties to an assertion or other information, but they personify the consumer focus of new and different professional work.

What sources of information can auditors use in connection with deciding whether to accept a new client?

Independence & Objectivity Competence & Expertise Available Resources Acceptable Level of Engagement Risk Background checks of Senior Management Inherent risks of the industry Communication w/Predecessor Auditor Obtain & review financial information Inquire of key parties - Legal Counsel, Bankers, Analysts

List and describe the required pre engagement activities that auditors undertake before beginning an audit engagement.

- Do we (the firm/personnel) have the ability to conduct this audit? The required skills, adequate # of professionals, the appropriate specialists? Is there anything that would compromise our independence? Do we perform other services for this company? Is the partner we want to put on this job related to people in upper management?

What benefits are obtained by having an engagement letter? What is a termination letter?

Engagement letter [objectives, mgt responsibility, auditor responsibility, limitations of engagement] acts as a contract (reduces misunderstandings, avoids legal liability). Termination letters [future access to audit docs, reissuance for SEC purposes, future fee arrangement] help prospective auditors.

What is the purpose of a planning memorandum?

Establish overall strategy and make a comprehensive list of the specific audit procedures the audit team needs to perform to gather sufficient appropriate evidence on which to base their opinion on the financial statements.

What is the major concern for auditors related to evidence obtained from related parties?

Evidence may be biased. Valuation may be skewed when transactions are not at arm's-length

Define external, external-internal, and internal documentary evidence.

External: Evidence provided by parties external to the entity, External - Internal: evidence produced by external parties but received and provided by sources internal to the company Internal documentary evidence: evidence provided by parties internal to the entity.

List and describe the eight general types of audit procedures for gathering evidence. FIVE CARROTS

Footing and Cross footing verifying the mathematical accuracy of columns of numbers by adding down and across Inquiry written or oral information in response to questions from the auditor Vouching Directional testing from accounting records back to the supporting documents Examination, inspecting, and reviewing Physical examination is the examination or inspection of tangible assets: Confirmation describes the receipt of a direct response from a 3rd party verifying the accuracy of information that was requested by the auditor Analytical Procedure Use comparisons and relationships to assess whether account balances appear reasonable given expectations, required during planning and completion phases Reperformance Auditor's independent tests of client accounting procedures or controls Recalculation Involves rechecking a sample of calculations made by the client Observation Use of the senses to assess client activities. Requires corroboration Tracing -Directional testing from source documents to accounting records Subsequent events The auditor is required to perform procedures for the period after the balance sheet date up to the date of the auditor's report

What kinds of functional responsibilities should be performed by different departments or persons in a control system with a good separation of duties? Note: Four kinds of functional responsibilities that should be separated to promote strong internal control:

Four kinds of functional responsibilities that should be separated to promote strong internal control: Authorization to execute transactions. Recording of transactions in the accounting system. Custody of assets. Periodic reconciliation (comparison) of existing (real) assets to recorded amounts.

For what reasons do auditors obtain an understanding of a client's internal control?

Satisfactory internal control reduces the probability of frauds or errors in the accounts, helps determine the number of substantive procedures to do in a particular area.

What is the purpose of an audit strategy memorandum? What information should it contain?

Sets scope, timing, and direction for auditing each relevant assertion. Should outline nature, timing, and extent of resources necessary to perform engagement.

What must external auditors do to use the work of audit specialists in the audit of an entity's financial statements?

Specialist must be unrelated, and auditor must obtain an understanding of a specialist's methods and assumptions

What are the five components of management's internal control?

The COSO Report states that management's internal control consists of five interrelated components: • Management's control environment. • Management's risk assessment. • Management's control activities. • Management information and communication systems. • Management's monitoring of controls.

List and discuss matters of planning that auditors should consider related to the client's computer environment and describe how CAATs can be used to improve the efficiency of the audit process.

The auditor must evaluate the client's computerized environment (i.e. potential for errors or fraud, use of cloud computing applications) The auditor must consider: The extent to which computers are used The complexity of computer operations Availability of data Need for specialized IT auditors) CAATs (Computer Assisted Audit Techniques): Used for recalculation, confirmation, document examination, scanning, analytical procedures, fraud investigation With CAATS, the auditor is able to access and extract client information without disrupting data processing.

Fraud Risk Factors: Operating Characteristics

The company is not able to generate sufficient cash flows to ensure that it is a going concern. There is pressure to obtain capital. The company operates in a tax haven jurisdiction. The company has many difficult accounting measurement and presentation issues. The company has significant transactions or balances that are difficult to audit. The company has significant and unusual related-party transactions. Company accounting personnel are lax or inexperienced in their duties. A weak internal control environment prevails

What is the control environment?

The control environment sets the tone of the organization. It is the foundation for all other components of internal control. It provides discipline and structure. Control environment factors include the integrity, ethical values, and competence of the company's people. The following are general elements of an internal control environment: Integrity and ethical values Board of directors Management's Philosophy and operating style Organizational structure Financial reporting competencies Authority and responsibility Human Sources

What is meant by the information and communications component of an effective internal control system? How can an auditor evaluate whether a client's internal control system is functioning properly for this component?

The information and communication component is closely related to the accounting information system. The accounting information system produces a trail of activities from the identification of data elements in a transaction all the way to the general ledger (i.e., financial reports). This trail of activities is referred to as the audit trail. Audit trails by using tracing and vouching

What is meant by the terms nature, timing, and extent of further audit procedures?

The nature of an audit procedure refers to the type of procedure (e.g., observation, recalculation, inquiry) and the purpose of the procedure (e.g., test of controls, substantive procedure). When determining the nature of the audit procedure, the auditor is considering what to do. Timing refers to when the audit procedures will be completed. To do so, the auditor typically considers whether to complete the procedures at an interim date or at the balance sheet date. While confirmation of accounts receivable may be performed at an interim date, auditors are expressing an opinion on year-end balances. The closer the procedures are performed to year-end (the balance sheet date), the more effective they are because there is less chance of a material misstatement occurring between the interim confirmation date and year-end. Extent refers to the number of tests performed. Clearly, the larger the number of accounts receivable confirmations that are mailed to customers, the greater the chance of finding errors and fraud, and therefore, the lower the detection risk.

What is the primary difference between a material misstatement due to fraud or error?

The primary difference between a material misstatement due to fraud or due to error is intent. Specifically, did a manager or employee at the client intend to commit fraud? or, was the misstatement due to an error made by an employee or manager? The intent of the employee or manager is the absolute key.

What is the purpose of risk assessment for an entity?

The purpose of risk assessment is to identify and control for those factors, events, and conditions that may prevent the organization from achieving its business objectives. Management should take steps to identify risks, estimate their significance and likelihood, and consider how to manage the risks. By setting management objectives, management can identify critical success factors and institute policies and procedures to help ensure that they are met.

What is due care? To what standards are auditors held with respect to due care?

The second ethical requirement identified by the responsibilities principle. It reflects a level of performance that would be exercised by reasonable auditors in similar circumstances. Under Due Care, auditors are required to have the skills and knowledge and must plan to perform the audit with an appropriate level of professional skepticism.

What steps do audit teams follow in examining internal control over financial reporting?

The steps for auditing internal controls over financial reporting are: (a) Plan the engagement (b) Use a top-down approach to gain an understanding. (c) Test controls. (d) Evaluate identified control deficiencies. (e) Wrap up by forming an opinion on the effectiveness of internal control over financial reporting. (f) Report on internal control. The steps for auditing internal controls over financial reporting are:

Define what is meant by the proper form and content of audit documentation.

The written record of the basis for the auditor's conclusions that provides the support for the auditor's representations, whether those representations are contained in the auditor's report or otherwise. Objectives Improve audit quality Enhance public confidence

What role does the PCAOB play in connection with monitoring and regulating public accounting firms?

They are charged with monitoring the quality of work performed by firms auditing public entities and bringing appropriate action against those firms if substandard work is identified.

How is the audit risk model used to plan the audit?

They set the desired level of audit risk, assess the inherent and control risk to solve for detection risk. Detection risk is then used to plan the audit, and sets how much testing to do on the audit.

Must the overall understanding of internal control always be followed by assessment and testing phases? Explain.

This answer can be either, depending on whether it is a public or privately held audit client and on whether the auditor plans to rely on internal controls to reduce substantive testing. For every audit of a public company, the auditors must assess and test controls because they will have to issue an opinion on the effectiveness of internal controls. However, for a privately held client, the phase 1 understanding must always be followed by a control risk assessment phase and the auditors' documentation of their understanding of the internal control system. Control risk that is assessed at less than 100% implies that the auditors plan to rely on controls to reduce substantive procedures. If that is the case, the auditors must ultimately test the operating effectiveness of internal controls to confirm their preliminary assessment of control risk. If not, there is no need to conduct any testing on internal controls.

What are CAATs (Computer-assisted audit techniques)?

allows auditor to work on personal laptop, used on most audits in which client's acc records are stored in computer files or in a database

For a typical audit engagement, describe the people and skills that are normally assigned to a full service audit team.

audit engagement partner, audit manager, an IT audit specialist, a tax partner, a quality assurance partner, and audit staff.