Audit Exam
What information risk exists in F/S?
- missing disclosures - understatement or overstatement - manipulation ***the users of financial information do not have access to the incentives a company is motivated by
Auditing
- systematic process - obtaining and evaluating evidence - evaluate evidence regarding assertions about economic actions and events - evaluate evidence to ascertain the correspondence between the assertions and the established criteria (GAAP) -After evaluating evidence, auditors communicate the results to interested users
The auditing process: 4 key phases
1 pre-engagement phase 2. risk assessment phase 3. risk response phase 4. reporting phase
three fundamental principals of the basic GAAS
1. Responsibilities principle 2. performance principle 3. reporting principle
analytical procedures carried out at three levels
1. comparison of client data with similar prior-period data 2. comparison of client data with industry data 3. comparison of preliminary client data with expectations developed from industry trends, client budgets, other account balances, and auditor expectations
Basic GAAS: responsibilities principle (responsibilities of the individual auditor)
1. competence/capabilities 2. independence 3. due care 4. professional skepticism and judgement
critical skills and attributes of an auditor
1. critical thinkers 2. skepticism and judgement 3. independence
Basic GAAS: reporting principle
1. express a written opinion on the FS 2. assess FS against a financial reporting framework
What are the critical attributes of an assurance provider?
1. independence 2. skepticism and judgement 3. critical thinker
auditors typically calculate and care about the following ratios
1. liquidity 2. solvency 3. profitability
Bsaic GAAS: performance principle (what are you doing as the auditor?)
1. planning and supervision 2. materiality considerations 3. risk assessment 4. sufficient, appropriate audit evidence
The fundamental GAAS has three principles. What are they?
1. responsibilities principle (general) 2. Performance principle (fieldwork) 3. Reporting principle
GAAS requires that analytical procedures are used at two separate points during the audit
1. the preliminary planning phase 2. Final review analytical procedures are optional during fieldwork testing
The concept of tying the audit risk to the risk of material misstatement to the amount of work that the auditor is going to perform is conceptualized as the....
Audit risk model
GAAP VS GAAS
GAAP is used when accountants put together their financial statements (GAAP is put together by FASB) GAAS is used by auditors when they are performing audits (GAAS is put together by PCAOB for public companies and AICPA audit standards board for private companies)
In performing an audit, auditors follow which standards?
GAAS
RMM
Risk of material misstatement due to error or fraud - made up of IRxCR - also called auditee risk and environmental risk
More about RMM
Risk of material misstatement is out of the hands of the auditor - it happens in an account due to the type of account and the way those transactions are processed
Who is the rule making body and what do we call the standards made for audits of private companies?
Rule making body: AICPA auditing standards board (ASB) Standards: Statements on auditing standards (AU-C's SASs)
Who is the rule-making body and what do we call the standards made for audits of public companies?
Rule making body: public company accounting oversight board (PCAOB) Standards: auditing standards (ASs)
SOX
Sarbanes-Oxley Act Impacted the audit process by requiring that an auditor make a statement on their opinion of the financial statements as well as the internal controls in the audit report
Private company audits: the AICPA audit standards board
The AICPA is responsible for creating the audit standards for public companies. This task is done by the ASB (a subcommittee of the AICPA) and the audit standards are in the form of SAS (statements on auditing standards) wording in SAS: "must" standards are unconditional and "should" standards have to be done unless there is a good reason not to
Internal control
a process effected by an entity's bod, management, and other personnel designed to provide reasonable assurance regarding the achievement of the organization's objectives: 1. reliability of financial reporting (auditor's emphasis on this one) 2. compliance with laws and regulations 4. effectiveness and efficiency of operations
auditing services
a type of assurance service that provides assurance on F/S and issuing a report to a third party
attestation service
a type of assurance service that provides assurance on specific assertions made by management - not necessarily F/S information
profitability and management effectiveness/efficiency
ability to generate earnings and manage cash flow
Vertical analysis
aka common size analysis - a comparison of account balances to a single line item (base) in the financial statements. Typically, total assets; total liabilities and shareholder's equity and total sales/revenue - trying to see how much each account contributes to a base and how is that changing each year
financial statements contain management assertions
also called "positive statements" or "declarations"
audit phase 1: the pre-engagement phase
also known as the client acceptance and continuance phase - during this phase the auditor determines whether or not to accept or continue with a client
An audit failure refers to when...
an auditor releases an opinion that a financial statement presents fairly but it does not (an audit failed to uncover error or fraud)
why might a company need a review (not an audit - just in need of negative assurance)
applying for a bank loan
knowing what _________ we are testing drives the audit procedures that we perform
assertation
solvency
assesses long term viability of the company
what are the two main auditor risks
audit risk and engagement risk
The basic GAAS
audit standards are quality guides that apply to audits- promote consistency among work - they are not audit procedures that are the specific actions that auditors take
Is auditing an example of positive or negative assurance?
auditing is an example of positive assurance: auditors release a statement at the end of the audit "in our opinion, these F/S present fairly"
What are the two main entity level client risks
business risk and financial reporting risk
Information risk can be reduced
by an auditor lending assurance - lending assurance is the lending or credibility
Horizontal analysis
comparison of account balances over time - auditor calculates the % change in account from one year to the next, ideally for 3 years
tests designed to identify valid sales that occurred before year end but that were recorded in subsequent year's books would provide assurance about
completeness and cutoff (was the cutoff on your revenue correct?)
assertation of concern: expenses
completeness and valuation/accuracy
Examples of persons who rely on the financial reports
creditors, investors, suppliers
solvency: points to possible long term survivial or debt covenant issues
debt to equity: total liabilities/equity a high debt to equity ratio indicated that a client will not be able to meet its debt obligations times interest earned: income before taxes and interest/interest expense
DR
detection risks - the risk that the auditor's procedures fail to detect misstatements
What factors drive inherent risk?
dollar size of the account, liquidity, volume of transactions, complexity of transactions, subjectivity of estimates, history of misstatements in the account
when do we consider internal controls?
during the planning phase and then during fieldwork compliance testing of controls is done
audit phase 2: risk assessment phase
during this phase the auditor gains and understanding of the client, performing risk assessment (identifying factors that may increase the risk of material misstatement) developing an audit strategy, and setting materiality
goal of analytical procedures performed during the planning phase
enhanced understanding of the client's business and to identify specific areas of concern/risk
audit phase 4: reporting phase
evaluating results of testing and forming an opinion on the FS
when auditing accounts receivable on the balance sheet, an auditor's procedures most likely would focus on management's assertation of
existence (does this asset really exist?)
What are the 5 assertations?
existence or occurrence rights and obligations completeness valuation or allocation presentation and disclosure
why do we have audits?
financial statements contain information risk and auditors reduce the information risk
SEC
for public companies, the SEC has delegated the creation of accounting standards to FASB and the creation of audit standards to PCAOB
Negative assurance
giving a moderate amount of assurance - you may also hear it called a "review" if it is given on a FS - less work on the auditor (example: quarterly reviews)
gross margin ratio
gross profit/net sales measures if the company has a sufficient markup on goods sold to cover operating expenses
internal auditors
hired and work full time for a specific company - companies also sometimes outsource their internal auditors - they do compliance audits and operational audits
positive assurance
in my opinion, these financial statements present (fairly, or fairly except)
audit risk and engagement risk are ______ related
inversely
If engagement risk is high, then the auditor must perform a more rigorous audit which means the audit risk is set...
low (the auditor is only willing to live with a very low percentage chance that they will overlook a material misstatement)
audit tests and procedures are driven by
management assertions
government auditors
may perform financial or performance audits - financials must follow government accounting standards - performance audits ensure that the use of government funds (taxpayer dollars) is being used efficiently
return on eauity or return on assets
net income/average total equity or net income/average total assets
net profit margin
net income/net sales measures profit earning capacity
activity ratios
payables turnover payables turnover in days the lower the better
audit phase 3: risk response phase
performance of detailed testing of controls, transactions, and account balances
Positive assurance and negative assurance
positive assurance is the strongest level of assurance and results from the performance of n audit negative assurance is a less strong level of assurance - called negative because the statement is in the - comes from a review - negative: ex: we believe these statements to be accurate because evidence has NOT been found that leads us to believe the contrary
profitability
profitability and management effectiveness and efficiency ratios can be helpful in highlighting possible fraudulent activity ratios: gross margin net profit margin return on equity
activity ratios
receivables turnover: net credit sales/average net receivables receivables tunrover in days 365/receivables turnover measures how quickly sales are converted to cash - lower the bettwe
liquidity
reflected the company's ability to meet short term debt obligations current ratio: current assets/current liabilities Quick ratio: (cash+short term investments + receivables (net) / current liabilites) - basically, the same thing but we are removing the less liquid assets
sufficient and appropriate evidence: what do we mean by appropriate?
relevance and reliability
three key tenets of internal controls
risk is pervasive, there is a relationship between risk and controls, and good risk management and internal controls are necessary for the long-term success of all organizations
Assurance services
services designed to improve the quality of decision making by lending credibility to specific information (examples of assurance services are attestation services and F/S auditing is also an example of assurance services)
Detection risk is set by the auditor
set low and the auditor will have to do a lot of work
firm level quality control standards
six categories - provide firms with reasonable assurance that the firm and its personnel comply with professional standards and requirements
Public company audit
the PCAOB sets standards for public company audits (audit standards = ASs) - they are a young organization with only 5 members - they also audit the accounting firms
how does the auditor communicate the results of an audit to interested users?
the auditor's report
what is the output of the pre-engagement phase of the audit?
the client engagement letter
Ratio analysis
the consideration of economic relationships between two or more accounts - auditors compare the trend in ratios over time and/or as compared to industry averaged
Positive Assurance
the highest level of assurance - typically associated with an audit to the financial statement (you might also hear this called reasonable assurance or examination)
Control risk
the likelihood that internal controls fail to prevent or detect a material misstatement
If audit risk is set low, then the auditor must do more work. The decision regarding where this extra effort is put in is done at the account level by assessing...
the risk of material misstatement at the account level
Detection risk
the risk that a material misstatement happened but would not be caught by procedures performed by the auditor - detection risk relates to the effectiveness of audit procedures and their application - detection risk is controlled by the auditor and is part of audit planning
Information risk
the risk that information circulated will be false or misleading: information risk is present whenever someone must make a decision without having complete knowledge
times interest earned ratio
the times interest earned ratio is a solvency ratio that measures the ability of earnings to cover interest payments - the higher the ratio the better
what would happen if we did away with audits?
there would be a decline in the quality of financial reporting because the incentives or management might override their goal of accurate financial reporting this would also lead to a lack of trust by users in the F/S information provided
assertation of concern: assets
typically concerned with existence and valuation
assertation of concern: revenues
typically concerned with occurrence (not existence because revenues occur over a period of time not a point in time measurement)
assertation of concern: liabilities
typically concerned with valuation and completeness
when looking at current ratio and quick ratio
we want a current ratio greater than 1 and a quick ratio the higher the better - we are looking to see, if the company was in a crunch, could they get the cash
Types of preliminary analytical procedures: trend analysis
year to year comparisons of account balances, financial data, key rations (includes horizontal analysis, vertical analysis, and ratio analysis)