Audit Exam 2

Ace your homework & exams now with Quizwiz!

Which of these represents how willing the auditor is to accept F/S might be misstated after a clean opinion is issued audit risk or AAR

AAR

What are the risks under the auditor's control? What are the risks NOT under the auditor's control?

AAR and PDR engagement risk, RMM, IR, CR, and audit risk

Which type of evidence is NOT used by the auditor to obtain an understanding of the design and implementation of internal controls A. inquiry B. observation C. confirmation D. inspection

C

For statistical samples, the auditor will compare ____ and _____

CUER and TER

what formula is used for sample evaluation? aka the formula for cuer explain

CUER= SER + allowance for sampling risk CUER= SER + (TER- SER) theoretically, CUER should = TER

What are the two questions monitoring activities answer

Are controls operating as intended? Are controls modified as appropriate as conditions change?

Which audit evidence is stronger: When determining the cutoff of sale? Bill of lading dated after YE vs cash receipt after YE

BOL

what does an AAR of 0% mean? What about 100%?

0% is certainty 100% is complete uncertainty

Inherent risk is ordinarily assessed by the auditor during planning and a. may vary by each major cycle and by each account. b. may vary by each major cycle but is held constant for each account c. is held constant for each major cycle but may vary by each account d. is held constant for each major cycle and each account

A

Audit programs should be designed so that: A. All required procedures can be performed as interim B. IR is assessed at a sufficiently low level C. The auditor can make constructive suggestions to mgmt. D. The audit evidence gathered supports the auditor's conclusions

D

What are some limitations of the ARM

Desired level of audit risk may not actually be achieved It does not consider potential auditor error There is no way of knowing what the preliminary level of risk actually was

what types of sampling does non-probabilistic sampling entail? describe them

Haphazard- items selected without conscious bias; most commonly used Block- several items in sequence Directed- larger items, likelier to contain errors, contain some characteristic and auditor chooses items based on judgment

Which risk is the systemic risk of an organization

IR

audit may make a combined assessment of IR and CR known as RMM, which works because...

IR and CR do not affect PDR low IR and high CR has same effect as high IR and low CR

Based on this scenario, is there a significant deficiency or material weakness? Company B processes a significant number of intercompany transactions on a monthly basis. Individual intercompany transactions are frequently material. Reconciliations of accounts are not performed on a timely basis and differences in accounts are frequent and significant. Mgmt does not perform any alternative controls to investigate significant intercompany account differences.

Material weakness. The magnitude of a misstatement would reasonably be expected to be material. Additionally, actual unreconciled differences have been material

in looking at the direction of tests, ____ and ____ are done in opposite directions what do each of them test?

Occurrence tests that there are no non-existent transactions recorded; this is done through vouching. Completeness tests that there are no omitted transactions; this is done through tracing.

Give an example of a risks in the sales and collections cycle for each transaction-related audit objective

Occurrence- sales could be recorded twice or for a nonexistent customer Completeness- sales are not recorded for products shipped Accuracy- sales are recorded at an incorrect selling price or recorded using incorrect quantity Timing/cutoff- sales/AR are recorded in wrong period Classification- related party sales are recorded as trade sales

Which risk sounds like sampling and non-sampling risks from chpt 15

PDR because its risks we fail to identify

What are some limitations of IC

Personnel errors (misunderstanding, careless, tired) Mgmt override Collusion Cost-benefit tradeoff- aka perfect controls means business does not run the best it can

What are the 4 phases in an auditor's process for evaluating ICFR

Phase 1: plan and design an audit approach based on risk assessment procedures Phase 2: Perform tests of controls and substantive tests of transactions Phase 3: Perform substantive analytical procedures and tests of details of balances Phase 4: Complete the audit and issue an audit report

What are the list of control activities

Proper authorization of transactions Physical controls over assets and records Adequate dox and records Segregation of duties Independent checks on performance- trust but verify

what does audit risk consist of

RMM and PDR

what types of sampling does probabilistic sampling entail? describe them

Random- each item has an equal chance of being included in the sample With or without replacement Systematic- every nth item chosen Probability proportional to size (PPS)- each dollar has an equal chance of being included in the sample Stratified- separate pop into sub pops based on size (or other criteria) and choose samples for each sub pop

TOC Example 1: The control is credit is approved automatically by computer by comparison to credit limit The TOC is reperformance What management assertions about balance relate to this? What risk of material misstatement would this prevent/detect?

Related to accuracy, valuation, and allocation because you don't want to sell above what a customer can pay. The risk of material misstatement is having a higher ADA because of collection issues.

IC are the policies and procedures designed to provide reasonable assurance that the company achieves its objectives in...

Reliable fin reporting Compliance with laws Effective and efficient ops

what is the auditor's best estimate of the deviation rate in the pop

SER

For non-statistical samples, the auditor will compare _____ and _____

SER and TER

What test emphasizes the verification of transactions recorded in the journals and then posted in the GL

STOT

_____ validate acct records to source dox and test for misstatements directly affecting _______ by determining whether ________ are met

STOT F/S balances transaction-related audit objectives

Using the example of an AR t chart, demonstrate how STOT and TODOB are related

STOT is used for sales, cash receipts, and uncollectible amounts TODOB is used for ending balance

what is the difference btw sampling and non-sampling risk?

Sampling risk- risk that auditor reaches wrong conclusion because they chose a non-representative sample Non-sampling risk- risk that auditor reaches incorrect conclusion because audit tests do not uncover expectations in the sample

Based on this scenario, is there a significant deficiency or material weakness? Company A has a significant number of routine intercompany transactions on a monthly basis. Individually they are not material and primarily relate to B/S activity. Since there is no process to ensure performance of the required monthly reconciliation of accounts, detailed reconciliations are not performed on a timely basis. Mgmt does perform monthly procedures to investigate selected large-dollar intercompany account differences.

Significant deficiency because transactions are not material and compensating controls should detect material misstatement. Because detective controls are designed only to detect material misstatements, controls do not address detection of non-material significant misstatements. Also, transactions are restricted to bal sheet accounts, so it is reasonably possible that a misstatement could occur.

What is inherent risk

Susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material BEFORE considering related controls

what is formula for allowance for sampling risk

TER-SER

attribute sampling uses which two tests

TOC STOT

If you are looking at a random invoice with information from the master price list and the invoice is used in updating the sales journal, what is an example a dual purpose test here?

TOC: verify that correct price is pulled from master price list STOT: vouch from the sales journal to the invoice and recalculate the invoice

The results of which two types of tests have a significant effect on the remainder of the audit

TOCs and STOTs

Exceptions discovered during TOCs do not necessarily indicate a F/S misstatement. How?

The auditor's objective in an audit of internal control over financial reporting is to express an opinion on the effectiveness of the company's internal control over financial reporting. Even though an identified misstatement indicates a control deficiency exists, it does not indiciate a F/S misstatement, but the auditor should use it as a warning that the F/S might be misstated and proceed with testing.

A deficiency uncovered in the audit of IC indicates what about the F/S misstatement?

The likelihood of the misstatement

TOC Example 2: The control is separation of duties btw billing, recording sales, and handling cash receipts. The TOC is observation and inquiry. What management assertions about balance relate to this? What risk of material misstatement would this prevent/detect?

The risk we are worried about it booking sales that don't exist (existence) or taking extra cash for themselves (occurrence).

When assessing control risk, many auditors use...

a control risk matrix

the use of an appropriate sample selection technique cannot ensure....

a representative sample

Tests of controls are done by testing ____ from the applicable period. It concludes that the control operated...

a sample effectively and consistently over a period of time

what is ARO depends on assessed.... is the auditor's measure of...

acceptable risk of overreliance; risk we are willing to take of relying on the control when it doesn't work as well as we need it to; matter of auditor judgment depends on assessed CR auditor's measure of sampling risk

attribute sampling requires setting a standard for what is working well enough, computing an estimate of ________ in the pop, and comparing the standard to the estimate to decide where _____ and ______ need revision

actual performance CR audit program

What 3 key control activities did we discuss relating to the sales and collection cycle?

adequate segregation of duties proper authorizations adequate dox and records

Tests of design are required for (all/ICFR) audits. It is done (once/throughout the audit). Tests of op effectiveness (aka TOC) are required for (all/ICFR) audits. It is done (once/throughout the audit).

all; once ICFR; throughout the audit

- Mgmt. is responsible for internal controls, but auditors are responsible for _____ control risk

assessing

what are the different types of sampling? describe them

attribute sampling- used to estimate the proportion of a pop containing a certain characteristic or attribute sampling of balances- used to estimate amount of misstatement present in account balances

plan the sample example: if risk is occurrence of sales... what is the attribute you would test? what is the pop? what is the sampling unit? what is an exception?

attribute: every invoice is supported by shipping doc pop: all the invoices in sales journal sampling unit: 1 sales invoice exception: no shipping doc

What is ARM?

audit risk model decides how much and what types of evidence to accumulate for each relevant audit objective AAR= (IR*CR)* PDR

When assessing risk, it is important to remember that detection risk can be determined after...

audit risk, inherent risk, and control risk are determined

The purpose of obtaining an understanding of IC is to determine whether the client is ____, to identify potential ____, and to design ___

auditable material misstatements tests of controls and substantive tests

Substantive analytical procedures compare recorded info and _____ Use of AP as a substantive test relies on the _____ of the account and the ability to form a precise ____

auditor's expectations predictability estimate

Tests of details of balances are used to determine whether ______ are met What are the types of audit procedures

balance-related objectives physical examination, confirmation, inspection, inquiry, reperformance, and recalculation

How do we decide the extent of our procedures for TOC

based on desired PDR or desired achieved CR

how often is IR assessed?

begins during planning and is updated throughout the audit for each cycle, account, and assertion

what are the two components of sampling

calculation of sample size and selection of the sample items to test

non-statistical calculation (must/can) use which types of selection techniques

can use probabilistic or non-probabilistic

Auditors (can/cannot) ignore controls affecting internal mgmt info

cannot

Which audit evidence is stronger: When determining completeness of cash? Cash receipts journal vs cash receipts log + bank statement

cash receipts log + bank statement

When an audit team traces a sample of shipping dox to the related sales invoice copies, they are primarily trying to find relevant evidence for shipments to customers were invoiced. This is an example of testing for...

completeness of invoices

what is CUER

computer upper exception rate; highest estimated exception rate in the population for a given ARO and sample result; this is our estimate of performance in the population

If SER> TER... IF SER< TER...

conclude that control is not operating effectively auditor should consider risk that true pop exception rate is > TER; calculate allowance for sampling risk

If allowance for sampling risk is too low... If allowance is large enough...

conclude that the control is not operating effectively conclude that control is operating effectively

What are the different reportable conditions? Describe them

control deficiency- remote and inconsequential; when the operations of a control does not allow mgmt or employees to prevent or detect misstatements on a timely basis material weakness- material and reasonably possible; an IC deficiency where there is reasonable possibility that a material misstatement of F/S will not be prevented or detected on a timely basis significant deficiency- an IC deficiency that is less severe than a material weakness yet important enough to merit attention

what are exceptions in attribute sampling called? which tests do they relate to?

control deviation- for TOCs monetary misstatements in transactions- STOTs

If TER>= CUER... If TER < CUER...

control works well enough to rely on it; generally, accept the same results as supportive of assessed CR and planned testing; risk is less than ARO; control fails less than TER control not working as expected; conclude that the risk is higher than ARO and that the control fails more than tolerable (TER); initial CR assessment not supported, must revise planned level of substantive tests

The goal of testing controls is to determine whether... Some procedures include...

controls are operating effectively performing a walkthrough, inquiring of client personnel, examining docs, observing control activities, and reperforming control procedures

proper authorizations require: ____ authorized before sale shipping where ___ is authorized and ____ is approved _____ including terms, freight, and discounts being authorized

credit credit; customer prices

If investors heavily rely on F/S, auditor will (increase/decrease) AAR

decrease

What effect on sample size does this change warrant? Increase ARO

decrease initial sample size

What effect on sample size does this change warrant? Increase TER

decrease initial sample size

Issuing an audit opinion on operating effectiveness of ICFR requires identifying... if even one.....

deficiencies, significant deficiencies, and material weaknesses if even one material weakness, issue adverse opinion

What are the factors of AAR

degree to which external users rely on F/S likelihood of client financial difficulties after the audit auditor's evaluation of mgmt's integrity

What are the two types of control deficiencies? Describe them

design deficiency- a necessary control is missing/not well designed/not properly implemented operation deficiency- a well-designed control does not operate as designed or the person performing hte control is not qualified

assessment of AAR is based on... define it

engagement risk risk that auditor will suffer harm after the audit is finished, even through the audit report was correct (meaning they have to defend their work)

what is EPER

estimated population exception rate; our estimate of the control's failure rate before we begin sampling; need this to plan the sample size; use preceding year's audit results or a small preliminary sample

What are the main procedures of understanding IC and assessing control risk

evaluating prior experience with the client a walkthrough (when you take one individual transaction and find out what starts that process) inquiry examining dox observing activities

What are mgmt's assertions about account balances and their balance-related audit objectives?

existence- same completeness- same A,V,A- accurancy, cutoff, detail tie-in, and realizable value classification- same rights and obligations- same

Mgmt must identify ______ used to evaluate the effectiveness of ICFR

framework

Remember that there other risks such as ___ or ____ which make risk assessment tricky

fraud significant risks- areas that need special audit consideration

assess CR as _____ if auditor does not want to rely on IC at all (normally for what types of companies?)

high small public or private

_____ (higher/lower) IR areas are audited more thoroughly, but IR.... based on what auditor does why?

higher does not change because IR is based on the entity's inherent risk, so no auditor work can change it

(Higher/Lower) ARO allows (more/less) risk, so (larger/smaller) sample size

higher -> more risk -> smaller sample lower -> less risk -> larger sample

If companies are the exact same size, you might have the same materiality level, but you might do a lot more work for one than the other because of...

higher or lower IR and CR

Explain risk assessment

identification and analysis of risks to achieving objectives hand in hand with control activities

Non-sampling risk can be caused by... How can you minimize non-sampling risk

inappropriate audit procedures, unreliable evidence, human error designing good tests and recognizing exceptions by using experienced auditors or avoiding boredom/exhaustion

If a company is a startup, auditor will (increase/decrease) AAR

increase

What effect on sample size does this change warrant? Increase EPER

increase initial sample size

Explain info and comm

info used internally and externally for decision making there has to be sufficient detail that a new person can come in and understand it

A system of IC ought to provide reasonable assurance that F/S are fairly stated despite... its effectiveness depends on..., meaning it cannot prevent...

inherent limitations on controls competency/dependability of people cannot prevent collusion

Describe the filtering diagram

inherent risk is input, the control system filters out misstatements in control risk, audit procedures filter out misstatements in PDR, and the output is AAR

What pattern does the flow in flowcharts follow

input -> processing -> output

What types of audit procedures are used for SAPs

inquiries and AP

What are the main procedures/evidence used for TOC

inquiry (ask) inspection (look) observation (watch) reperformance (do)

What types of audit procedures (evidence) are used for STOT

inspection inquiry reperformance recalculation

in analyzing exceptions, an auditor must ask if they were _______, confined to...., or caused by _____

intentional/fraud a specific process/person/time period misunderstanding/carelessness

PDR has a _____ relationship with amount of evidence auditors plan to collect. This means that a lower PDR requires (more/less) evidence to achieve AAR

inverse more

CR is ______ related to PDR and ______ related to planned evidence

inversely positively

Inherent risk is ______ related to PDR and _____ related to planned evidence

inversely positively

Which audit evidence is stronger: when determining whether a sale occurred Sales order vs sales invoice Sales invoice vs bill of lading Bill of lading vs cash receipt

invoice BOL cash receipt

Which audit evidence is stronger: When determining the accuracy of sale? Sales invoice vs bill of lading For quantity shipped: sales invoice vs packing slip For amount billed to customer: sales invoice vs packing slip

invoice packing slip invoice

The bigger the difference btw TER and EPER, the (more/less) precision required, so the (larger/smaller) the sample

less smaller

What is PDR

likelihood that audit procedures fail to detect material misstatement; is determined by AAR, IR, and CR (bc of calculation AAR/RMM) is the auditor's risk

What is AAR?

likelihood that material misstatement exists after auditor issued unqualified opinion

What is mgmt's responsibility for all companies

mgmt. must establish and maintain a system of IC

What is mgmt's responsibility for public companies?

mgmt. must maintain IC system for fin reporting (ICFR) and assess its effectiveness at year end through filings for design and implementation and operating effectiveness

What effect on sample size does this change warrant? Increase pop size

minor increase in initial sample size

What is auditor's responsibility for large public clients?

must audit ICFR and issue audit opinion on operating effectiveness

statistical calculation (must/can) use which types of selection techniques

must use probabilistic

3 common methods of documenting the understanding of IC are

narratives, flowcharts, and IC questionnaires

PDR is used to determine ___, ___, and ___ of audit work

nature, extent, and timing

Should all controls be considered in the control risk assessment process? Each control can be used to satisfy ____ audit objective(s)

no one or more

If the assessed level of CR= the planned CR... If it is > the planned CR...

no change to substantive tests increase substantive tests

allowance for sampling risk is only used for (statistical/non-statistical) samples

non-statistical

This is a strong way to provide evidence for the (existence/occurrence) of a sale: select a sample of sales invoices recorded in the sales journal and trace to the related bill of lading to make sure each sale was shipped

occurrence

What are mgmt's assertions about transactions and their transaction-related audit objectives?

occurrence- same completeness- same accuracy- accuracy and posting + summarization classification- same cutoff- timing

Tests of design walk through.... and concludes that the organization... It also allows the auditor to assess...

one transaction designed the control they claim to have preliminary CR

Of the two types of control deficiencies, which one would require an auditor to determine if it is a significant deficiency or a material weakness

operation deficiency

What activities are included in the sales transaction of the sales cycle

order entry credit authorization shipping billing and recording

While planning procedures to obtain audit evidence, auditors consider risk at both... explain

overall F/S level- issues with mgmt's integrity/competence and ineffective BOD oversight or ineffective IC systems relevant assertion level- assertions and risks for each assertion for each balance, transaction, and disclosure where each risk is comprised of IR and CR

What are the types of audit evidence

physical examination inquiry inspection observation recalculation reperformance AP confirmation

what are the steps in sampling?

plan sample select sample and perform tests evaluate results analyze exceptions

The auditor uses control risk assessment and results of tests of controls to determine...

planned detection risk and related substantive tests

Audit risk and materiality are considered in what three stages?

planning and performing the audit evaluating the results forming an opinion on the F/S

Explain control activity

policies that help ensure mgmt. goals are carried out what to do about risks filters the CR in AAR formula

AAR is ______ related to PDR and ______ related to planned evidence

positively inversely

Mgmt is not responsible for understanding and testing IC of fin reporting if

private

_______ selection is required for all statistical sampling methods it is not acceptable to evaluate a _________ sample using statistical methods

probabilistic non-prob

what are the two different types of selections of sample items to test?

probabilistic non-probabilistic

Explain monitoring activities

process to access quality of IC performance over time making sure people are following thru on controls

the components of ARM may be assessed in ____ and ____ terms

quantitative like % non-quantitative like low, med, high

Analytical procedures emphasize the overall ______ of transactions and balances

reasonableness

What are the 5 classes of transactions in the sales and collection cycle and their accompanying JEs

recording of sales (DR AR, CR sales) cash receipts (DR $, CR AR) sales returns and allowances (DR sales returns and allowances, CR AR) writing off uncollectible accounts (DR ADA, CR AR) estimating BDE (DR BDE, CR ADA)

For an example, if a test of IC is to inspect bank reconciliation for the appropriate signature (aka control), a substantive test would likely..

reperform the bank reconciliation

assessment of CR updated throughout audit based on...

results of control procedures

what are some options if sample results dont support the assessed CR

revise TER or ARO? expand sample? revise CR?

What are the 5 types of audit tests?

risk assessment procedures TOC STOT SAP TODOB

What is audit risk

risk that an auditor expresses an inappropriate (clean) opinion on materially misstated F/S

What is control risk

risk that internal control will not timely prevent or detect and correct a material misstatement that could occur in an assertion

adequate segregation of duties requires: credit function separate from ____ _____ separate from billing cash receipts separate from ___

sales shipping AR

Example: sales order -> proof of delivery -> invoice -> sales journal if we are testing occurrence of sales, the population is ___ which is used to...

sales journal vouch to evidence for invoices, proof of delivery, and sales order

the credit function being separate from sales lowers the risk of..

sales to customers who are not credit worthy and risk of increasing BDE

what is SER

sample exception rate; number of exceptions divided by sample size

______ is required whenever auditor does not test the entire group of transactions or all items in a balance

sampling

audit risk is impacted by which risks

sampling and non-sampling risks

a sample of all items eliminates.... but does not necessarily impact....

sampling risk non-sampling risk

what are the two types of calculations for sample size? describe them

statistical- requires random sample and uses probability to choose a more efficient sample size non-statistical- may use non-random sample and relies more on auditor's judgment

If a company doesn't have good controls, auditor will use a (control/substantive) based approach and place a (high/low) CR for everything

substantive high

What type of test is designed to test for dollar misstatements? Which is most likely to detect monetary errors?

substantive tests SAP

Tests of transactions and _____ are also complimentary

tests of balances

Do tests of design or tests of controls require the auditor to update CR? In which scenario?

tests of controls If he finds the control is not operating effectively

CR is assessed based on how well IC are operating, not set UNLESS...

the auditor is not relying on IC

The most significant effect of sales testing is on ...

the confirmation process of AR where type of confirmation, the size of the samples, and timing are all affected

When testing controls, an auditor will consider whether the results of their tests applied to a sample provide evidence that... When conducting substantive tests of transactions, an auditor will consider whether the results of their tests applied to a sample provide evidence that....

the control is effective within the entire pop the class of transaction is fairly stated (audit objectives)

The difference btw IC and substantive tests is, testing IC requires proof that... while a substantive test collects evidence that...

the control was executed correctly JE are substantiated by source dox or other evidence

If errors are found in a sample, calculate for the pop....

the deviation rate for controls misstatement for class of transactions

What is RMM? What is it comprised of

the entity's risks= IR*CR risk that F/S are materially misstated prior to audit

we expect the sample to provide a reasonable basis for drawing conclusions about ____. this is called a _____ sample because the _____ in the sample are the same as those in the _____

the population representative characteristics population

cash receipts being separate from AR lowers the risk of...

theft of cash being covered up in acct records (aka lapping)

When considering internal controls, auditors are concerned with the client's internal controls over the safeguarding of assets if...

they affect the fin statements

The goal of assessing CR is..

to determine whether IC design will prevent misstatements from occurring OR will detect and correct misstatements that have occurred

What is TER depends on assessed...

tolerable exception rate; highest deviation rate we can find and still rely on the control; this is the standard; matter of auditor judgment depends on assessed materiality and importance of attribute

Explain control environment requires??

tone at the top (aka mgmt./parents making sure that workers/kids doing what they should by following same standards) influences control consciousness of its people requires BOD or audit committee participation

Assess CR for each

transaction-related audit objective for each major transaction in each cycle

many tests of _______ are dual-purpose tests for both ____ and ____, making these two complimentary considering _____

transactions TOCs and STOTs cost effectiveness

the shipping function being separate from billing lowers the risk of...

unauthorized shipments and theft of goods

What is an auditor's responsibility for all clients?

understand IC system well enough to perform audit

the initial assessment of CR is obtained through...

understanding the entity and the control environment evaluating design and implementation of controls

The ______ in statistical attribute sampling is a statistical measure at a specified confidence level of the maximum rate of occurrence of an attribute

upper precision limit (CUER)

Auditor can minimize sampling risk by... What are some consequences of sampling risk?

using a larger sample size or better sample selection techniques wrong opinion + potential legal liab gathering too much evidence -> lower profit

in the final step of sampling, the auditor must analyze the character of the exceptions to determine.... and whether additional work should be done EVEN if...

what weakness in IC caused them TER >= CUER


Related study sets

ATI Mental Health Theories & Therapies Assessment

View Set

Chapter 11: Real Estate Calculations

View Set

Pediatrics TEST BANK: The Child with Respiratory Dysfunction

View Set

General Insurance Chapter Test - Life and Health Insurance; Oregon; ExamFX.

View Set

ATI - DCSMA - Critical Care Medication

View Set

Grammar and Composition II Test 11

View Set

Managing People and Organizations Exam #2

View Set