Audit Exam Two
Audit procedures
Inspection Observation Inquiry Confirmation Recalculation Reperformance
Items Included in Engagement Letters
Name of the entity management responsibilities auditor responsibilities
One may change the scope of audit procedures by changing the (NTE, or re-ordered as NET):
Nature (type and form) Timing (when performed) Extent (quantity of evidence obtained)
inventory turnover formula
cost of goods sold/average inventory
The risk of loss or injury to the auditors' reputation by association with a client that goes bankrupt or one whose management lacks integrity
engagement risk
e.g., determining the allowance for doubtful accounts
estimation transactions
obtaining a written response about a particular item from a third party (e.g. debot, creditor)
external confirmation
Operational actions to achieve objectives
operating and financial strategies
use of professional judgement to review accounting data to identify significant unusual items that will be tested
scanning
To obtain an understanding of the client and its environment, including its internal control, to assess the risks of material misstatement
Risk assessment procedures
A reasonableness test differs from regression analysis in that it is less formal and is not based on a statistical model.
true
Auditing is not limited to the examination of financial records, and working papers are not confined to schedules and analyses. During the course of an audit, the auditors may gather expository material to substantiate their report. One common example is copies of minutes of directors' and stockholders' meetings. Other examples of corroborating documents include copies of articles of incorporation and bylaws; copies of important contracts, bond indentures, and mortgages; memoranda pertaining to examination of records; audit confirmations; and representation letters from the client and from the client's legal counsel.
true
Auditing standards require the application of analytical procedures at the risk assessment stage and near the end of the audit. The auditors also may decide to use them during the audit as substantive procedures to provide evidence as to the reasonableness of the specific account balances.
true
Auditor must obtain sufficient appropriate audit evidence.
true
Due to lack of employees, internal control is seldom strong in small businesses
true
as an auditor you do not care about efficiency of controls, only that the internal controls are effective/designed effectively
true
print page 4 chapter 5
true
Management's description of the system and the suitability of the design of controls
type 1
Review ratios over time
Horizontal analysis
The time interval from the beginning of audit work to the balance sheet date. Many audit procedures can be performed during the interim period to facilitate early issuance of the audit report.
Interim period
Factors that affect inherent risk:
Nature of the client and its environment Nature of the particular financial statement element
documents and memoranda included in the working papers that substantiate representations contained in the client's financial statements
corroborating documents
inputs of observable quoted prices, generally for similar assets or liabilities in active markets Ex. Company discounts future cash flows on its not publicly traded debt securities at rate used by market for publicly traded debt securities
level 2
Audit documentation should include all significant audit findings and the actions taken to address them
true
In each area of internal control (reporting, operations and compliance) Control objectives and Sub objectives exist
true
The various controls designed to achieve a control objective often overlap. That is, the controls are complementary in that they function together to achieve the same control objective
true
When auditors assess risks at the relevant assertion level, they consider both the design of the control and its implementation
true
every 10k has two reports one by management (404a) and one by auditors (404b)
true
Identify risks while obtaining an understanding of the client and its environment, including its internal control Relate the identified risks to what can go wrong at the relevant assertion level Consider whether the risks are of a magnitude that could result in a material misstatement Consider the likelihood that the risks could result in a material misstatement
Assess the risks of material misstatement General approach
Preparing the period-end financial statements, including the development of significant accounting estimate and preparation of the notes The selection and application of significant accounting policies IT general controls The control environment
Assessing Risks at the Financial Statement Level
The unit of storage for a specific audit engagement. The audit documentation each year's audit of a company is included in its audit file.
Audit file
a written or electronic document that includes the nature, timing, and extent of audit procedures to be performed by the audit team members in order to obtain sufficient audit evidence. It includes planning risk assessment procedures, planned audit procedures, and other necessary audit procedures.
Audit plan
The audit plan. Although the professional standards use the term audit plan, many use the term _________
Audit program
Understanding the Client's Business—Nature of the Client
Competitive position Organizational structure Accounting policies and procedures Ownership Capital structure Product and service lines Critical business processes Internal control
provide processing services to customers who decide not to invest in their own processing of particular data Examples: Outsource processing of payroll or Internet sales.
Computer service organizations
Similar to risk assessment as document discussion, procedures used to identify fraud risks, fraud risk and response, any other conditions that caused fraud-related procedures and communications with management or audit committee.
Consideration of fraud
For purposes of audit documentation, an individual who has practical audit experience and a reasonable understanding of (1) audit processes, (2) Statements on Auditing Standards and applicable legal and regulatory requirements, (3) the business environment in which the entity operates, and (4) auditing and financial reporting issues relevant to the entity's industry. Having practical audit experience is equivalent to possessing the competencies and skills that would have enabled the experienced auditor to perform the audit.
Experienced Auditor
The magnitude of an omission or misstatement of financial information that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information could have been changed or influenced by the omission or misstatement.
FASB (included in SASs)—
list of control activities
Performance reviews Transaction control activities Physical controls Segregation of duties
Materiality used in
Planning the audit Evaluating audit findings
Risks at the financial statement level are those that relate to the overall financial statements and potentially affect many individual assertions. The following are examples of risks at the financial statement level:
Preparation of the financial statements, including the development of significant accounting estimates and the preparation of the notes. Selection and application of significant accounting policies. IT general controls (these controls are discussed in further detail in Chapter 8). The control environment.
Accounts are described and classified in accordance with generally accepted accounting principles, and financial statement disclosures are complete, appropriate, and clearly expressed
Presentation and Disclosure
Auditors' consideration of internal control is often organized around client's major transaction cycles (examples)
Revenue cycle Acquisition cycle Conversion cycle Payroll cycle Investing cycle Financing cycle
The auditors that have accepted an engagement or who have been invited to make a proposal for an engagement to replace the CPA firm that formerly served as auditor
Successor auditors
A report on a management's description of a service organization's system and the suitability of the design and operating effectiveness of controls (throughout the period covered by the service auditor's report).
Type 2 report
Audit Procedures should be linked with the what?
assessed risks of material misstatement at the relevant assertion level
A trail of evidence that links source documents, journal entries and ledger entries
audit trail
Risk responses fall in the following categories
avoidance reduction sharing acceptance
This response involves exiting the activity that gives rise to the risk.
avoidance risk
A transaction involving management's judgments or assumptions, such as determining the allowance for doubtful accounts, establishing warranty reserves, and assessing assets for impairment
estimation transaction
auditors can only assess which risks?
inherent and control
seeking information of knowledgeable persons within or outside the organizations; inquiry may be oral or written
inquiry
examining a record or document
inspection of records or documents
physically examining an asset
inspection of tangible assets
a fundamental character trait that enables a CPA to prevail in the face of a client or superior's influence, which might otherwise lead to the subordination of individual judgement.
integrity
Inputs to use in applying valuation techniques (FAS 157)
level 1-3
e.g., taking of inventory, calculating depreciation expense
non-routine transactions
Aimed at avoiding the occurrence of misstatements in the financial statements Example: Segregation of duties
preventive
revenue, purchases, and cash receipts and disbursements
routine transactions
The auditors' use of professional judgement to review accounting data to identify significant unusual items that will be tested
scanning
For a given level of audit risk, detection risk varies inversely with the risk of material misstatement; for example, the greater the risk of material misstatement, the less the detection risk that can be accepted by the auditors.
true
How long should audit documentation be retained? The professional standards require a period of not less than five years, while the Sarbanes-Oxley Act of 2002 requires that auditors maintain documentation for seven years. Thus, for public clients, auditors must retain working papers for seven years, but they may destroy them after five years if the client is a nonpublic company.
true
Results of the risk assessment are used to design the nature, timing, and extent of further audit procedures
true
Tests of details of balances directly address whether there are misstatements in the ending balance of an account (e.g., confirmation of ending accounts receivable balances). Tests of details of transactions (also referred to as direct tests of transactions) address whether particular types of transactions (e.g., sales transactions) are valid and have been properly accounted for during the period. Tests of details of disclosures address whether financial statement disclosures are properly presented.
true
The auditors' selection of further audit procedures is based on the materiality of the account balances, transactions, and disclosures being audited and the assessed risks of material misstatement. These further audit procedures include substantive procedures for all relevant assertions and, if needed, tests of controls. Tests of controls are needed when the auditors' risk assessment includes an expectation that controls are operating effectively, or when substantive procedures alone do not provide sufficient appropriate audit evidence. Chapters 10 through 16 include detailed illustrations of tests of controls and substantive procedures. Here we simply provide an overview of factors that may affect the nature of further audit procedures.
true
The degree of reliance to be placed on documents created and used only within the organization depends on the effectiveness of the internal control.
true
The design of further audit procedures depends upon the results obtained while obtaining an understanding of internal control and assessing the risks of material misstatement. The auditors make decisions about the proper combination of tests of controls (which allow a lower assessment of control risk) and substantive procedures (which restrict detection risk).
true
The major external mechanisms of corporate governance include regulators (such as the SEC), external auditors, creditors, underwriters, securities analysts, and major shareholders.
true
All assets, liabilities, equity interests, and transactions that should have been recorded have been recorded and recorded in the correct accounting period
Completeness/Cutoff
Evaluating the results of audit tests Discovery of fraud
Consideration of Fraud Throughout the Audit
Activities that create accounting estimates Higher inherent risk
Estimation transactions
Assets, liabilities, and equity interests exist and recorded transactions have occurred
Existence or Occurrence
Two types of fraud
Fraudulent financial reporting (management fraud) Misappropriation of assets (defalcations)
At the overall financial statement level Allocate to individual accounts
Planning the audit
Basic Approaches to Auditing Accounting Estimates
Review and test management's process for developing the estimate. Independently develop an estimate to compare to management's estimate. Review subsequent events or transactions bearing on the estimate.
The company holds rights to the assets, and liability are the obligations of the company
Rights and Obligations
Discussion of the audit team, elements of understanding, assessment of risk of material misstatement and risks identified
Risk assessment
Analyze relationships within a period "Common size" statements prepared
Vertical analysis
Needed to remedy the situation uncovered by detective controls Example: Backups of master file
corrective
Example of this threat is when the CPA or CPA firm might be influenced by a close personal relationship with the client. Like when a member of the engagement team has an immediate family member who serves in a financial reporting role with the client entity.
familiarity
As a result, detection risk is the only risk that is completely a function of the sufficiency of the procedures performed by the auditors.
true
Regression analysis has advantages over other forms of analysis in that more variables may be used to predict the financial statement balance, and the reliability and precision of the expectation may be precisely measured.
true
Substantive procedures include analytical procedures and tests of details. These tests are part of the auditors' further audit procedures because their nature, timing, and extent are based on the results of the risk assessment procedures.
true
The reliability of evidence is dependent on the circumstances in which it is obtained
true
significant deficiency and material weakness are reported to the audit committee
true
a technique that involves comparing financial statement amounts and ratios for a particular company year to year.
Horizontal analysis
Recurring financial statement activities recorded in the accounting records in the normal course of business Lower inherent risk
Routine
Types of Transactions
Routine Nonroutine Estimation transactions
cost of goods sold formula
beginning inventory + purchases - ending inventory
The organizational structure of an entity should separate responsibilities for
(1) authorization of transactions, (2) record keeping for transactions, and (3) custody of assets.
For the risk assessment, the auditors should document
(1) the discussion of the audit team concerning the risk of material misstatements due to error or fraud, (2) the key elements of the understanding of the entity and its environment, (3) the assessment of the risk of material misstatement at both the financial statement level and the relevant assertion level, and (4) the risks identified
time interest earned
(Net Income + Interest Expense + Income Tax Expense) / Interest Expense
return on common shareholder equity
(net income - preferred dividends)/ avg. common shareholder equity
Identify three safeguards to protect against subordination of judgment.
- External review of a CPA firm's quality control system. - A governance structure (i.e. audit committee) to ensure appropriate decision making, oversight, and communications regarding a CPA firm's services. - Documented independence policies regarding the identification of threats, evaluation of their significance, and identification and application of safeguards to eliminate the threats or reduce them to acceptable level.
Controls over Financial Reporting
- Preventive - Detective - Corrective - Controls Overlap
Monitoring of controls, the last component of internal control, is a process to assess the quality of internal control performance over time. The basic principles are that the organization should (two types include ongoing and separate evaluations)
- Select, develop, and perform ongoing and separate monitoring evaluations to determine that the components of internal control are present and functioning. - Evaluate and communicate internal control deficiencies in a timely manner to those responsible for taking corrective action, including senior management and the board of directors and its audit committee as appropriate.
In response to fraud risks, the auditors may modify their overall approach to the audit in one or more of the following ways:
- professional skepticism and audit evidence - assigning personnel and supervision - accounting principles - predictability of auditing procedures
inherent and control has a direct impact on what?
detection/audit risk
Tests of controls address:
How controls were applied The consistency with which controls were applied By whom or by what means (e.g., electronically) the controls were applied
The representations generally fall into the following broad categories:
1. All accounting records, financial data, and minutes of directors' meetings have been made available to the auditors. 2. The financial statements are complete and were prepared in conformity with generally accepted accounting principles. 3. Management believes that the adjusting entries brought to its attention by the auditors and not recorded are not material, individually or in the aggregate. 4. Management acknowledges its responsibility to design and implement programs and controls to prevent and detect fraud and to disclose information to the auditors on alleged or suspected fraud. 5. All items requiring disclosure (such as loss contingencies, noncompliance with laws and regulations, and related party transactions) have been properly disclosed.
Tests of controls include:
Inquiries of appropriate client personnel Inspection of documents and reports Observation of the application of controls Reperformance of the controls
An organization's accounting information system consists of the methods and records established to initiate, authorize, record, process, summarize, and report an entity's transactions and to maintain accountability for the related assets, liabilities, and equity. Accordingly, an accounting information system should
1. Identify and record all valid transactions. 2. Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting. 3. Measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements. 4. Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period. 5. Present properly the transactions and related disclosures in the financial statements.
Effects of changes in numerators and denominators of ratios greater than zero
1. Increasing the numerator of a ratio always increases the ratio. 2. Increasing the denominator of a ratio always decreases the ratio. 3. Increasing the numerator and denominator of a ratio by the same amount: a. Decreases the ratio if the ratio is greater than b. Increases the ratio if the ratio is less than
Types of Audit Procedures
1. Inspection of records and documents 2. Inquiry of knowledgeable persons within outside the entity 3. External confirmation 4. Inspection of tangible assets 5. Observation of processes or procedures being performed by others 6. Recalculation of mathematical accuracy. 7. Reperformance of procedures 8. Analytical procedures
After obtaining a client, the audit process includes:
1. Plan the audit 2. Obtain an understanding of the client and its environment, including internal control 3. Assess the risks of material misstatement and design further audit procedures 4. Perform further audit procedures 5. Complete the audit 6. Form an opinion and issue the audit report
The internal control audit may be viewed as having the following five stages:
1. Plan the engagement. 2. Use a top-down approach to identify controls to test. 3. Test and evaluate design effectiveness of internal control. 4. Test and evaluate operating effectiveness of internal control. 5. Form an opinion on the effectiveness of internal control over financial reporting.
Obtaining Clients 2 steps
1. submit a proposal 2. communicate with the predecessor auditor
Perform risk assessment procedures, including: Inquiries of management and others within the entity Analytical procedures Observation and inspection relating to client activities, operations, documents, reports and premises. Other procedures, such as inquiries of others outside the company (e.g., legal counsel, valuation experts) and reviewing information from external sources such as analysts, banks, rating organizations, journals.
2. Obtain an Understanding of the Client and its Environment
average collection period
365/accounts receivable turnover
days in inventory formula
365/inventory turnover
Auditing standards require that auditors determine materiality for the financial statements as a whole (also referred to as overall financial statement materiality, or overall materiality). Auditors may use rules of thumb related to a financial statement base, such as net income, total revenues, or total assets, to develop these estimates of materiality. Rules of thumb that are commonly used in practice include
5 percent to 10 percent of net income before taxes. ½ percent to 1 percent of total assets. ½ percent to 1 percent of total revenues. 1 percent of total equity.
Audit Risk formula
AR = IR x CR x DR
Section 404 of the Sarbanes-Oxley Act is composed of two subsections. Section 404(a) requires each annual report (e.g., Form 10-K) filed with the Securities and Exchange Commission to include a report in which management (1) acknowledges its responsibility for establishing and maintaining adequate internal control over financial reporting (hereafter, internal control) and (2) provides an assessment of internal control effectiveness as of the end of the most recent fiscal year (the "as-of date"). To have an adequate basis to issue this report, management must
Accept responsibility for the effectiveness of internal control. Evaluate the effectiveness of internal control using suitable control criteria. Support the evaluation with sufficient evidence.
including processes, procedures, and policies for initiating purchases of inventory, other assets, and services; placing purchase orders, inspecting goods upon receipt, and preparing receiving reports; recording liabilities to vendors; authorizing payment; and making and recording cash disbursements.
Acquisition (or purchases and disbursements) cycle
working papers, specifically designed to help the auditors in the planning and administration of the engagement, such as audit plans, internal control questionnaires and flowcharts, time budgets, and engagement memoranda.
Administrative working papers
Substantive Procedures
Analytical procedures Tests of details
Top level objective Detailed level applied to A/R sub objectives
Area of reporting
Engagement Letters—Optional Items
Arrangements regarding - Conduct of the audit (e.g., timing, client assistance) - Use of specialists or internal auditors Obtaining information from predecessor auditors - Fees and billing - Other services to be provided, such as examination of internal control over financial reporting Limitation of or other arrangements regarding liability of auditors or client Conditions under which access to the auditors' working papers may be granted to others
The theory and development of computer systems able to perform tasks that normally require human intelligence
Artificial intelligence
representations of management that are communicated, explicitly or implicitly, by the financial statements
Assertions
Overall approach Particularly consider (Inherent/fraud risks) Design further audit procedures
Assess the Risks of Material Misstatement and Design Further Audit Procedures
Failure to recognize an impairment loss on a long-lived asset affects only the valuation assertion Inaccurate counting of inventory at year-end affect the valuation of inventory and the accuracy of cost of goods sold
Assessing Risks at the Assertion Level
Barriers to entry Strength of competitors Bargaining power of suppliers of raw materials and labor Bargaining power of customers
Attractiveness of the industry
a committee composed of outside directors (members of the board of directors who are neither officers nor employees) charged with responsibility for appointing, compensating, and overseeing the auditors
Audit Committee
Risk assessment procedure results consideration of fraud
Audit Documentation
At the overall engagement level, this is the risk that the auditors may unknowingly fail to appropriately modify their opinion on financial statements that are materially misstated. At the financial statement assertion level, it is the risk that a particular assertion about an account balance is materially misstated
Audit Risk
Auditor should obtain understanding of the outsourced function by following one or more of:
Contacting service organization to obtain information. Visiting service organization an performing necessary procedures. Obtaining a report from service organization
Understanding the Client's Business—Measuring and Reviewing Performance
Budgets Key performance indicators Variance analysis Segment performance reports Balanced scorecard External parties
Risks that threaten management's ability to achieve the organization's objective
Business risks
payout ratio
Cash Dividends declared on common stock/Net Income
Risk assessment is management's process for identifying, analyzing, and responding to such risks. In performing effective risk assessment, organizations should
Clearly specify objectives to allow the identification and assessment of risks related to those objectives. Identify and analyze risks to the achievement of its objectives to determine how they may be managed. Consider potential fraud relating to the achievement of objectives. Identify and assess changes that could impact internal control.
The basic principles of the control environment include
Commitment to integrity and ethical values. Board of directors that demonstrates independence from management and exercises effective oversight of internal control. Establishment of effective structure, including reporting lines, and appropriate authorities and responsibilities. Commitment to attract, develop, and retain competent employees. Holding employees accountable for internal control responsibilities.
FS that present each amount as a % of some financial statement base.
Common-size financial statements
Understanding the Client's Business, Industry, Regulatory, and Other Factors
Competitive environment Supplier and customer relationships Technology developments Major laws and regulations Economic conditions Attractiveness of the industry
Commitment to integrity and ethical values. Board of directors demonstrates independence from management and exercises oversight of internal control. Establishment of effective structure, including reporting lines, and appropriate authorities and responsibilities. Commitment to attract, develop, and retain competent employees. Holding employees accountable for internal control responsibilities.
Control Environment Factors
Risk that a material misstatement in an assertion will not be prevented or detected on a timely basis by the company's internal control.
Control Risk
Auditors must consider all five internal control components
Control environment Accounting information system Risk assessment Control activities Monitoring
including processes, procedures, and policies for storing materials, placing materials into production, assigning production costs to inventories, and accounting for the cost of goods sold.
Conversion (production) cycle
as included in the PCAOB auditing standards, a matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that (1) relates to accounts or disclosures that are material to the FS and (2) involved especially challenging, subject, or complex auditor judgment
Critical audit matter (CAM)
Analyze ratios of similar firms at a point in time
Cross sectional analysis
A difference of opinion concerning accounting and auditing matters relative to a particular phase of the audit arises between an assistant auditor and the auditor responsible for the engagement. After appropriate consultation, the assistant auditor asks to be disassociated from the resolution of the matter. The working papers would probably: A. Remain silent on the matter since it is an internal matter of the auditing firm. B. Note that the assistant auditor is completely dissociated from responsibility for the auditors' opinion. C. Document the additional work required because all disagreements of this type will require expanded substantive procedures. D. Document the assistant auditor's position and how the difference of opinion was resolved.
D
The date on which the auditor has obtained sufficient appropriate audit evidence to support the opinion on the financial statements or other financial information being reported upon
Date of the auditor's report
All goods shipped are accurately billed in the proper period Invoices are accurately recorded for all authorized shipments and only for such shipments Authorized and only authorized sales returns and allowances are accurately recorded The continued completeness and accuracy of A/R is ensured Accounts receivable records are safeguarded
Detailed level applied to A/R sub objectives
Risk that the auditors' procedures will lead them to conclude that a material misstatement does not exist in an assertion when in fact such misstatement does exist.
Detection Risk
Audit Planning—Overall
Develop an overall audit strategy and an audit plan Plan use of client's staff Plan involvement of other CPAs Arrange for specialists
General on Analytical Procedures Steps involved
Develop expectation of account (or ratio) balance Determine amount of difference that can be accepted without investigation Compare the company's account (ratio) with the expectation Investigate and evaluate significant differences
Assertions with high inherent risk Involve:
Difficult to audit transactions or balances Complex calculations Difficult accounting issues Significant judgment by management Valuations that vary significantly based on economic factors
An audit procedure that serves as a test of controls and a substantive test of the details of the transactions that occurred during the year. For example, a test of controls over equipment acquisitions may address authorization (providing evidence on control effectiveness) and whether the transaction tested has been properly recorded in the year's acquisitions (providing substantive evidence on the dollar amounts). As another example, a substantive procedure may reveal a misstatement and be extended to determine the nature of the control that did not operate effectively, thereby providing evidence on operating effectiveness
Dual-purpose procedure
Audit documentation should be sufficient to do what 3 things?
Enable an experienced auditor to understand the work performed and the significant conclusions reached Identify who performed and reviewed the work Show that the accounting agree or reconcile to the financial statements
COSO issued a new internal control framework in 2004 on enterprise risk management. It does not replace the original COSO internal control framework. It goes beyond internal control to focus on how organizations can effectively manage risks and opportunities. The auditing standards are still structured around the original COSO internal control framework.
Enterprise Risk Management (ERM)
Management responsibilities
Financial statements Establishing effective internal control over financial reporting Compliance with laws and regulations Making records available to the auditors Providing written representations at end of the audit, including that adjustments discovered by the auditors and not recorded to the financials are not material
including processes, procedures, and policies for authorizing, executing, and recording transactions involving bank loans, leases, bonds payable, and capital stock
Financing cycle
Systems flowcharts
Flowcharts
Requires an effective system of internal control Makes illegal payment of bribes to foreign officials
Foreign Corrupt Practices Act
Passed in 1977 in response to American corporation practice of paying bribes and kickbacks to officials in foreign countries to obtain business
Foreign Corrupt Practices Act (created by COSO)
(management fraud)
Fraudulent financial reporting
Material misstatement of financial statements by management with the intent to mislead financial statement users
Fraudulent financial reporting (management fraud)
The understanding of internal control is used to help the auditor to
Identify types of potential misstatements Consider factors that affect the risks of material misstatement. Design tests of controls (when applicable) and substantive procedures.
In making a judgment about the extent of the understanding of internal control that is necessary, the auditors should realize that the information will subsequently be used to
Identify types of potential misstatements. Consider factors that affect the risks of material misstatement. Design tests of controls (when applicable) and substantive procedures.
Business characteristics indicative of high inherent risk: (5)
Inconsistent profitability of client Operating results highly sensitive to economic factors Going concern problems Large known and likely misstatements detected in prior audits Substantial turnover, questionable reputation, or inadequate accounting skills of management
For recurring audits, the auditors should assess whether the terms of the audit engagement need to be revised. Examples of factors that may make such revision appropriate include
Indication that management misunderstands the objective and scope of the audit. A change of senior management. A significant change in the nature or size of the client. A change in reporting requirements.
Risk of a material misstatement occurring in an assertion assuming no related internal controls.
Inherent Risk
risk of material misstatement formula
Inherent Risk x Control Risk
The risk of material misstatement of an assertion about an account without considering internal control
Inherent risk
Designed to discover misstatements after they have occurred Example: Monthly bank reconciliations
detective
A working paper with columnar headings similar to those in a working trial balance, set up to combine similar ledger accounts, the total of which appears in the working trial balance as a single amount.
Lead Schedule
Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc. Controls that depend on the segregation of duties may be circumvented by collusion Management may override the structure Compliance may deteriorate over time
Limitations of Internal Control
types of ratio analysis
Liquidity (e.g., current ratio) Leverage (e.g., debt to equity) Profitability (e.g., gross profit percentage) Activity (e.g., inventory turnover)
Acknowledgment of responsibility for internal control An assessment of internal control effectiveness as of the last day of the company's fiscal yearn using suitable criteria Support the evaluation with sufficient evidence
Management's Report on Internal Control under Section 404a
(defalcations)
Misappropriation of assets
Theft of client assets by an employee or officer of the organization
Misappropriation of assets (defalcations
Involve activities that occur only periodically such as the taking of physical inventories High inherent risk
Nonroutine
Understanding the Client's Business—Objectives, Strategies & Business Risks
Objective Operating and financial strategies Business risks
Identify and record valid transactions Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions Measure the value of transactions appropriately Determine the time period in which the transactions occurred to permit recording in the proper period Present properly the transactions and related disclosures in the financial statements
Objectives of an Accounting System
Also consider areas difficult to control like non-routine transactions
Obtain an understanding of the client and its environment, including internal control
Principles—Audit evidence is ordinarily more reliable when it is
Obtained from knowledgeable independent sources outside the company rather than nonindependent sources Generated internally through a system of effective controls rather than ineffective controls. Obtained directly by the auditor rather than indirectly or by inference Documentary in form rather than oral Provided by original documents rather than copies
Much of the work performed by internal auditors is similar in nature to that performed by external auditors. This raises the question of how the work of internal auditors may be used by the external auditors. AICPA AU-C 610 and PCAOB AS 2605 indicate that the external (independent) auditors may use the work of internal auditors in the following two ways:
Obtaining audit evidence by using the internal auditors' work performed as a part of their normal responsibilities and Using internal auditors to provide direct assistance on the external audit.
Work of Internal Auditors may be used in two ways:
Obtaining audit evidence by using the internal auditors' work performed as a part of their normal responsibilities, and Using internal auditors to provide direct assistance on the external audit
Those account balances that exist at the beginning of the period. Opening balances are based upon the closing balances of the prior period and reflect the effects of transactions and events of prior periods and accounting policies applied in the prior period. Opening balances also include matters requiring disclosure that existed at the beginning of the period, such as contingencies and commitments
Opening balances
Internal control objectives
Operations Reporting, and Compliance
This strategy involves determining overall characteristics of the engagement that define its scope, determining the engagement's reporting objectives to plan the timing of procedures, and considering important factors that will determine the focus of the audit team's efforts. When the overall audit strategy has been established, the auditors start the development of a more detailed audit plan to address the various matters identified in the audit strategy
Overall audit strategy
Professional skepticism and audit evidence Assigning personnel and supervision Accounting principles Predictability of auditing procedures
Overall response
General on Analytical Procedures Developing an expectation
Prior period information Anticipated results Relationships among elements of financial information within a period Industry information Relationships between financial information and relevant nonfinancial data.
Overall responses, nature, timing and extent of further audit procedures, linkage of procedures with assessed risks, results of audit procedures, conclusions reached about operating effectiveness of controls, significant risk identified, circumstances in which substantive procedures alone will not provide sufficient evidence
Procedure results
Typically standardized by firm
Questionnaires
Documenting the Understanding of Internal Control
Questionnaires Written Narratives Flowcharts Walk-through
compare relationships between two or more financial statement accounts or comparisons of account balances to nonfinancial data
Ratio analysis
Regularly performed supervisory and management activities Example: Continuous monitoring of customer complaints
Regularly performed supervisory and management activities
The date the auditor grants the client permission to use the auditor's report. This date is ordinarily close to the audit report date.
Report release date
Examining journal entries Review accounting estimates for biases Evaluating the business rationale for significant unusual transactions
Response to the possibility of management override
including processes, procedures, and policies for obtaining orders from customers, approving credit, shipping merchandise, preparing sales invoices (billing), recording revenue and accounts receivable, and handling and recording cash receipts.
Revenue (or sales and collections) cycle
Segregate authorization, recording and custody of assets
Segregation of duties
Control activities are policies and procedures that help mitigate the risk that the organization's objectives are not met. The basic principles are that management should
Select and develop control activities that mitigate risks of the achievement of organization objectives to acceptable levels. Select and develop general control activities over technology to support organization objectives. Deploy control activities through policies that establish what is expected and in procedures that put policies into action.
Performed on nonroutine basis Example: Periodic audits by internal audit
Separate evaluations
Conduct by some enterprises that discharge one independent auditing firm after seeking out another firm that will sanction a disputed accounting principle or financial statement presentation
Shopping for accounting principles
Identified and assessed risks of material misstatement that, in the auditor's judgment, require special audit considerations
Significant risks
Contact the audit committee Make fee arrangements
Submit a proposal
Tests of account balances and transactions designed to detect any material misstatements in the financial statements. The nature, timing, and extent of substantive procedures are determined by the auditors' assessment of risks and their consideration of the client's internal control
Substantive procedures
Auditor may follow the audit trail in either of two directions related to the direction of testing
Test for existence or occurrence Test for completeness
Tests directed toward the design or operation of a control to assess its effectiveness in preventing or detecting material misstatements of financial statement assertions
Tests of controls
Types of audit procedures
Tests of controls Analytical procedures Tests of details of transactions and balances
3. If a CPA learns of a client's illegal actions and the client refuses to correct the matter or take appropriate actions, can the CPA fulfill his/her professional responsibilities by resigning? Why or why not. How does Rule 301 come into play?
That is because resigning does not negate disclosure responsibilities to regulatory authorities or external accountants (third parties). Rule 301 comes into play by stating that the confidentially requirement should not be construed to prohibit a member's compliance with applicable laws and government regulations. Such as if a company registered with the SEC takes no action to fix faulty Financial statements, auditors are then required to inform the SEC within one of day of notification
For the risk assessment, the auditors should document (1) the discussion of the audit team concerning the risk of material misstatements due to error or fraud, (2) the key elements of the understanding of the entity and its environment, (3) the assessment of the risk of material misstatement at both the financial statement level and the relevant assertion level, and (4) the risks identified. After the procedures have been performed, the auditors should document
The auditors' overall responses to address the assessed risk of misstatement at the financial statement level. The nature, timing, and extent of further audit procedures performed. The linkage of those procedures with the assessed risks at the relevant assertion level. The results of the audit procedures. With regard to the use of audit evidence, the conclusions reached about the operating effectiveness of controls obtained in a prior audit (this is discussed in Chapter 7). Significant risks identified and related controls. Those circumstances in which substantive procedures alone will not provide sufficient evidence
Identify the five components of an effective framework for internal control over financial reporting.
The five components of effective framework for internal control over financial reporting are the control environment, risk assessment, control activities, information and communication, and monitoring.
Holding other factors such as the nature and timing of procedures constant:
The greater the risk of material misstatement, the greater the needed extent of substantive procedures The main way to increase the extent of audit procedures is to examine more items Sample sizes should reduce detection risk so as to restrict audit risk to a low level
An understanding of the client and its environment encompasses
The nature of the client, including the client's application of accounting policies. The industry, regulatory, and other external factors affecting the client. The client's objectives and strategies and related business risks. Methods used by the client to measure and review performance. The client's internal control.
The auditors should establish an understanding with the client regarding the terms of the audit engagement. This understanding should include
This understanding should include (1) the objective and scope of the audit, (2) auditor and management responsibilities, (3) inherent limitations of an audit, (4) the applicable financial reporting framework (e.g., GAAP), and (5) the expected form and content of reports to be issued by the auditors.
An estimate of the time required to perform each step in the audit
Time budget
the application of performance materiality to a particular sampling procedure.
Tolerable mistatement
The sequence of procedures applied by the client in processing a particular type of recurring transaction. The term cycle reflects the idea that the same sequence of procedures is applied to each similar transaction. The auditor's' consideration of internal control often is organized around the client's major transaction cycles
Transaction cycle
analyze changes in accounts of a company over time
Trend analysis
Considerations in identifying fraud risks
Type Significance Likelihood that it will result in a material misstatement Pervasiveness
A report on a management's description of a service organization's system and the suitability of the design of controls.
Type 1 report
AICPA AT-C 320 and PCAOB AS 2601 present two types of reports that service auditors may provide:
Type 1 report—A report on a management's description of a service organization's system and the suitability of the design of controls. Type 2 report—A report on a management's description of a service organization's system and the suitability of the design and operating effectiveness of controls (throughout the period covered by the service auditor's report).
Inquiries of management Industry Accounting and Auditing Guides Industry Risk Alerts Trade journals and news stories Government publications Prior company annual reports and SEC filings Prior tax returns Electronic sources Ex. www.fasb.org, web pages for company Tour of plant and offices Analytical procedures The statement of cash flows and obtaining an understanding of the client
Understanding the Client's Business—Sources of Information
Analytical procedures are most likely to detect:
Unusual transactions.
All transactions, assets, liabilities and equity interests are included in the financial statements at proper amounts
Valuation, Allocation and Accuracy
Need knowledge and understanding of how a client's internal control works:
What controls exists Who performs them How various types of transactions are processed and recorded What accounting records and supporting documentation exist
working capital formula
Working Capital = Current Assets - Current Liabilities
Memos that describe flow of transactions
Written Narratives
This response involves taking no action because the risk is consistent with the risk tolerance of the organization.
acceptance risk
Tests of details
account balances classes of transactions disclosures
Relevant assertions are those that, without regard for controls, have a reasonable possibility of containing a material misstatement; types
account balances classes of transactions and events presentation and disclosure
evaluations of financial information through analysis of plausible of relationships among both financial, prior years, budgets, nonfinancial data, or industry averages.
analytical procedures
a measure of the quality of the evidence obtained
appropriate
Decisions are made here as to the appropriate combination of tests of controls and substantive procedures
assertion level (responses)
is a checklist, standard form, or computer program that helps the auditors make a particular decision by ensuring that they consider all relevant information or by assisting them in combining the information to make the decision.
audit decision aid
The possibility that the auditors may unknowingly fail to appropriately modify their opinion on financial statements that are materially misstated
audit risk
This is the risk that the auditors will issue an unqualified opinion on financial statements that contain a material departure from GAAP.
audit risk
Threats to achieving objectives
business risks
the actions established through policies and procedures that help ensure that management's directives to mitigate risks to the achievement of objectives are carried out
control activites
is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.
control environment
may be viewed as the foundation for the other internal control components; it is defined by the standards, processes, and structures that guide individuals in carrying out their duties
control environment
It is a function of the effectiveness of both the design and operation of internal control in achieving the client's objectives relevant to the preparation of its financial statements.
control risk
The risk that a material misstatement that could occur in an account will not be prevented or detected on a timely basis by internal control
control risk
Complementary - function together Redundant - address same assertion or control objective Compensating - reduces risk existing weakness will result in misstatement
controls overlap
a technique that involves comparing the client's ratios for the current year with those of similar firms in the same industry
cross sectional analysis
Current year working papers Index and cross-referencing
current files
Types of Working Files
current//permanent files
the process of determining that transactions occurring near the balance sheet date are assigned to the proper accounting period
cuttoff
the examination of raw data with the purpose of drawing conclusions about that information
data analytics
over financial reporting exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect material misstatements on a timely basis.
deficiency in internal control
auditors control what risk?
detection
Use professional judgment and based on reasonable person
determining materiality
what considers both quantitative and qualitative factors
determining materiality
Communication to appropriate level of management If fraud involves senior management or material misstatement communicate to audit committee
discovery of fraud
The date on which audit documentation should be completed. This is within 60 days (45 days for public companies) from the audit report release date.
documentation completion date
A computer network between companies that allows the interchange of data from one company's computer to the other's
electronic data interchange
are a form of insurance in which a bonding company agrees to reimburse an employer, within limits, for losses attributable to theft or embezzlement by bonded employees.
fidelity bonds
The four categories of risks identified by COSO
financial, strategic, operational, and compliance.
Gross Profit Rate Formula
gross profit/net sales
Approaches to ratio analysis
horizontal analysis cross sectional analysis vertical analysis regression analysis (reasonableness test)
There are two basic approaches to ratio analysis:
horizontal analysis and cross-sectional analysis
that would allow him or her to both perpetrate and conceal errors or fraud in the normal course of his or her duties.
incompatible duties
policies to ensure information is available for the entity to carry out internal control responsibilities to support the achievement of its objectives.
information and communcation
test for existence order
ledger to journal to source documents
unsigned document example of what?
less than significant
Relationships Among Deficiencies
less than significant significant deficiency material weakness
inputs of observable quoted prices in active markets for identical assets or liabilities Ex. A closing stock price in WSJ
level 1
This letter serves as a valuable reference document for management and also may serve to minimize the auditors' legal liability in the event of a defalcation or other loss resulting from a weakness in internal control. Many auditing firms place great emphasis upon providing clients with a thorough and carefully considered management letter.
management letter
is a deficiency in internal control over financial reporting (or a combination of deficiencies) such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis.
material weakness
misapplication of GAAP, client does not do testing for impairments of long lived assets are examples of what?
material weakness
responsibility possibility that there will be a material misstatement
material weakness
an amount (or disclosure) that could influence decisions that users make on the basis of the financial information of a specific reporting entity. From the auditor's perspective, it may be viewed as the maximum amount that the auditor believes the FS could be misstated and still fairly present the client's financial position, results of operations, and cash flows
materiality
A formal record of the issues discussed and actions taken in meetings of stockholders or the board of directors
mintues
including ongoing evaluations, separate evaluations, or some combination of the two used to ascertain whether each of the five components of internal control, including controls to affect the principles within each component, is present and functioning.
monitoring
obtain more reliable evidence often externally generated evidence.
nature
Holding the extent of procedures constant, one may increase the scope of procedures (make them more effective) by either changing the
nature or timing
free cash flow formula
net cash provided by operating activities - capital expenditures - cash dividends
current cash debt coverage formula
net cash provided by operating activities/average current liabilities
cash debt coverage ratio
net cash provided by operations/average total liabilities
accounts receivable turnover formula
net credit sales/average net accounts receivable
Overall plans
objectives
serves three purposes: (1) to refresh the auditors' memories on items applicable over a period of many years; (2) to provide new staff members with a quick summary of the policies and organization of the client; and (3) to preserve working papers on items that show relatively few or no changes, thus eliminating the necessity for their preparation year after year.
permanent file
Items of continuing audit interest
permanent files
Establish an understanding with the client This is ordinarily accomplished through use of an engagement letter Related, determine that The firm meets professional independence requirements There are no issues relating to management integrity The client understands the terms of the engagement
plan the audit
A primary measure of the effectiveness of an analytical procedure is it
precision
is similar to regression analysis in that an explicit expectation is computed for the financial statement amount using financial or nonfinancial data.
reasonableness test
testing the mathematical accuracy of documents or records
recaluation
This response involves taking action to reduce risk likelihood or impact, or both. For example, risk reduction might involve managing the risk or adding additional controls to processes.
reduction risk
involves the use of statistical models to quantify the auditors' expectation about a financial statement amount or ratio
regression analysis
To be appropriate audit evidence must be:
relevant and reliable
an independent execution of procedures or controls that were originally performed by the client (often as part of the client's internal control)
reperformance
A single letter or separate letters prepared by the officers of the client company at the auditors' request setting forth certain representations about the company's financial position or operations
representation letter
AICPA AU-C 230 (PCAOB AS 1215) requires that audit documentation provide
requires that audit documentation provide (1) evidence of the auditors' basis for concluding on the achievement of the audit's overall objectives and (2) evidence that the audit was planned and performed in accordance with GAAS.
Overall response Alterations in audit procedures Response to the possibility of management override
responding to fraud risks
Assigning more experience staff or those with specialized skills Providing more supervision and emphasizing the need to maintain professional skepticism Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed Increasing the overall scope of audit procedures, including the nature, timing or extent
responses to high risks
Clearly specify objectives to allow the identification and assessment of risks related to those objectives. Identify and analyze risks to the achievement of its objectives to determine how they may be managed. Consider potential fraud relating to the achievement of objectives. Identify and assess changes that could impact internal control.
risk assessment
as a dynamic and iterative process for identifying and assessing risks to the achievement of objectives.
risk assessment
is the acceptable level of variation in performance relative to the achievement of objectives
risk tolerance
Example of this threat is when a CPA or CPA firm might be influenced by a business relationship that exists with the client that creates a mutuality of interests.
self interest
4. Identify three threats to Integrity and objectivity and provide an example of each.
self interest familiarly undue influence
are monitoring activities that are performed on a nonroutine basis, such as periodic audits by the internal auditors.
separate evaluations
provides examination of service organization controls.
service auditor
Service Organizations terms
service auditor user auditor
that decide to outsource a portion of their processing. For example, a CPA's client (the user entity) may outsource its payroll function to a service organization.
service organizations
This response involves reducing risk likelihood or impact by transferring or sharing a portion of the risk. Techniques for sharing include insurance, hedging, and outsourcing.
sharing risk
credit report not done before shipping materials out is an example of what?
significant deficiency
While assessing risks, the auditors should determine which of the identified risks require special audit consideration. Such risks are referred to a
significant risks
test for completeness order
source documents to journal to ledgers
a person or firm possessing special skill or knowledge in a field other than accounting or auditing, such as an actuary
specialist
testing interest expense is an example of what?
substantive procedure
To detect material misstatements at relevant assertion level.
substantive procedures
auditor design what using detection risk
substantive procedures
Procedures performed by the auditor to detect material misstatements in account balances, classes of transactions, and disclosures
substantive procedures (tests)
a measure of the quantity of the audit evidence required
sufficient
When appropriate, to test the operating effectiveness of controls in preventing material misstatements
test of controls
Further Audit Procedures
test of controls substantive procedures
Disclosure of related party transactions should include
the nature of the relationship; a description of the transactions, including dollar amounts; and amounts due to and from related parties, together with the terms and manner of settlement.
One or more significant risks arise on most audits. In determining whether a risk is a significant risk, the auditors ignore the effects of the client's controls and consider
the nature of the risk. the likely magnitude of the potential misstatement(s) that may occur. the likelihood of the misstatement occurring.
wait until year-end to obtain evidence from entire set of transactions as contrasted to performing interim testing, say two months prior to year-end and simply updating those procedures.
timing
prepare and issue reliable financial information
top level objective
debt to asset ratio formula
total liabilities/total assets
General on Analytical Procedures Types of Expectations
trend/ratio analysis
6. Form an opinion and issue the audit report. The final step in the process is issuance of the audit report based on the conclusions reached in the preceding steps.
true
A Type 2 report may provide the user auditor with a basis for assessing control risk below the maximum.
true
In addition to the typical system of journals, ledgers, and other record-keeping devices, an accounting information system should include a chart of accounts and a manual of accounting policies and procedures as aids for communicating policies
true
It is important that the auditors concentrate on the substance of controls, rather than their form.
true
It is important to realize that preventive controls often operate at the individual transaction level, while detective controls may operate at the transaction level or at a higher level.
true
The auditors' understanding of the nature of the client will include the client's competitive position, organizational structure, governance processes, accounting policies and procedures, ownership, capital structure, and product lines
true
When the design seems strong, auditors should determine that it has been implemented and that it exists more than simply "on paper." Determining whether it has been implemented ordinarily involves observing the procedure. The auditors may also decide to perform further audit procedures to determine whether the controls operate effectively—these procedures are tests of controls.
true
Uses that report.
user auditor
a form of analysis that presents financial statement amounts for a period as a percentage of some financial statement base. This analysis involves the preparation of common size financial statements.
vertical analysis
Trace one or two transaction through cycle
walk-through
Overall approach of an audit
1. Plan the audit 2. Obtain an understanding of the client and its environment, including internal control 3. Assess the risks of material misstatement and design further audit procedures 4. Perform further audit procedures 5. Complete the audit 6. Form an opinion and issue the audit report Steps 2-4 relate most directly to the role of internal control in financial statement audits
When the overall audit strategy has been established, the auditors are able to start developing the audit plan. Although audit plans differ in form and content among public accounting firms, a plan should include a high-level description of the nature, timing, and extent of
1. Planned risk assessment procedures sufficient to assess the risks of material misstatement. 2. Planned further audit procedures for each material class of transactions, account balance, and disclosure. This includes tests of controls and substantive procedures. 3. Other audit procedures in order to comply with generally accepted auditing standards.
These provisions require all corporations under the jurisdiction of the SEC (regardless of whether the corporation has international operations) to maintain a system of internal control that will provide reasonable assurance that
1. Transactions are executed with the knowledge and authorization of management. 2. Transactions are recorded as necessary to permit the preparation of reliable financial statements and maintain accountability for assets. 3. Access to assets is limited to authorized individuals. 4. Accounting records of assets are compared to existing assets at reasonable intervals and appropriate action is taken with respect to any differences.
Identify controls likely to prevent or detect material misstatements Perform tests of controls to determine whether they are operating effectively
4. Perform Further Audit Procedures - Test of Controls
More reliable evidence Shifting timing to year end Increasing sample sizes
Alterations in audit procedures
Risks such as these potentially affect many relevant assertions in that they cannot effectively be isolated. In addition to the various accounts they may affect, these risks are difficult for the auditors because assessing the associated risks often requires considerable judgment. For example, poorly controlled access to the IT system may allow unauthorized personnel to access and inappropriately change data of many types. Questions about the integrity of management also may raise a variety of questions relating to the financial statements. Because of these characteristics of financial statement level risks, an overall response by the auditor is often required. This response might includ
Assigning more experienced staff or those with specialized skills. Providing more supervision and emphasizing the need to maintain professional skepticism. Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed. Increasing the overall scope of audit procedures, including their nature, timing, or extent.
what do you do on first year audits?
Communicate with predecessor auditors Establish opening balances on the financial statements
The Control Environment Risk Assessment Control Activities Information System Relevant to Financial Reporting and Communication Monitoring Activities
Components of Internal Control
The additional procedures that are performed based on the results of the auditors' risk assessment procedures.
Further audit procedures
The audit procedures used to test the effectiveness of internal control include
Inquiries of appropriate client personnel. Inspection of documents and reports. Observation of the application of controls. Reperformance of the controls.
Obtaining the Understanding: Procedures include =
Inquiring of entity personnel Observing the application of specific controls Inspecting documents and reports Tracing transactions through the information system relevant to financial reporting
including processes, procedures, and policies for authorizing, executing, and recording transactions involving investments in fixed assets and securities.
Investing cycle
A fact is material if there is a substantial likelihood that the... fact would have been viewed by the reasonable investor as having significantly altered the "total mix" of information made available
PCAOB interpretation of federal securities laws
Specific practices for small businesses regarding Internal controls
Record all cash receipts immediately Deposit all cash receipts intact daily Make all payments by serially numbered checks, with exception of petty cash disbursements Reconcile bank accounts monthly and retain copies Use serially numbered invoices, Pos, and receiving reports Issue checks to vendors only in payment of approved invoices that have been matched with purchase orders and receiving reports Balance subsidiary ledger with control accounts Prepare comparative financial statements monthly to disclose significant variations in any category of revenue or expense
The Public Company Accounting Oversight Board makes explicit in its standards that an audit should include sufficient appropriate audit evidence to obtain reasonable assurance that related parties, relationships, and transactions have been properly identified, accounted for, and disclosed in the financial statements. Also, auditors should emphasize the following in their audits:
Relationships and transactions with related parties. Significant unusual transactions (with or without related party involvement). Financial relationships and transactions with executive officers.
A financial statement assertion that has a reasonable possibility of containing a misstatement or misstatements that would cause the financial statements to be materially misstated. The determination of whether an assertion is a relevant assertion is based on inherent risk, without regard to the effect of controls
Relevant assertion
Further audit procedures should include
Substantive procedures for all relevant assertions Tests of controls when the auditors' risk assessment includes an expectation that controls are operating effectively, or when substantive procedures alone are not sufficient
Functions of Audit Documentation Primary functions:
Support the auditors' compliance with auditing standards Support the auditors' opinion
An agreement between the CPA firm and the client as to the terms of the audit engagement. The terms of the engagement should include (1) the objectives and scope of the audit, (2) auditor and management responsibilities, (3) inherent limitations of the audit, (4) the applicable financial reporting framework, and (5) the expected form and content of reports to be issued by the auditors
engagement letter
A process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding, achievement of (the entity's) objectives relating to: Operations Reporting, and Compliance
internal control
inputs that are unobservable for the assets or liability Ex. A private company uses judgment to determine a proper rate to discount the future cash flows of its not publicly traded securities
level 3
earnings per share formula
net income - preferred dividends / weighted average common shares outstanding
gross margin formula
net income/ net sales
return on assets formula
net income/average total assets
asset turnover formula
net sales/average total assets
watching a process or procedure being performed by the entity's personnel or the performance of control activites
observation
include regularly performed supervisory and management activities, such as continuous monitoring of customer complaints, or reviewing the reasonableness of management reports.
ongoing monitoring evaluations
When available, the most reliable single piece of documentary evidence created within the client's organization ordinarily is ____
paid check
Business characteristics of the client and its environment affect the inherent risk of the audit as a whole. Therefore, these characteristics affect the assertions about a number of financial statement accounts
true
Generally routine transactions have the strongest controls
true
Governance and Culture: Governance and culture together form a basis for all other components of enterprise risk management. Governance sets the entity's tone, reinforcing the importance of enterprise risk management, and establishing oversight responsibilities for it. Culture is reflected in decision-making.
true
How detailed should documentation be? This depends on several factors, such as the nature of the auditing procedure being performed, the risk of misstatement involved in the area being tested, the significance of the evidence to the overall audit, the extent of judgment involved in performing the work, and the nature of the findings or results. The auditors should document all audit findings that they believe to be significant.
true
In addition, the auditors develop reclassification journal entries (RJEs) for items that, although correctly recorded in the accounting records, must be reclassified for fair presentation in the client's financial statements. For example, accounts receivable with large credit balances should be reclassified as a liability in the balance sheet. Reclassification entries affect only the financial statement presentation; therefore, they are not recorded in the client's accounting records. Reclassification entries appear only on accounting worksheets.
true
In auditing their clients' fair values, auditors should keep in mind that the goal is to achieve a fair value as defined earlier in this paragraph and to determine that valuation techniques are consistently applied, or, if revisions are needed, they are accounted for as a change in accounting estimate.
true
Indeed, as is discussed further in Chapter 8, cloud-based accounting systems result in major portions or even virtually entire accounting systems being hosted on remote servers by service providers. AICPA AU-C 402 and PCAOB AS 2601 require the auditors of the user entity to obtain an understanding of how the entity uses the services of the service organization, including the nature and significance of the services and the effect on internal control.
true
Making accounting estimates is management's responsibility, and such estimates are generally more susceptible to material misstatement than other financial statement amounts that are more certain in amount. The professional standards (AICPA AU-C 540; PCAOB AS 2501) require the auditors to determine that (a) all necessary estimates have been developed, (b) accounting estimates are reasonable, and (c) accounting estimates are properly accounted for and disclosed.
true
Performance: An organization identifies and assesses risks that may affect an entity's ability to achieve its strategy and business objectives. As part of that pursuit, the organization identifies and assesses risks that may affect the achievement of that strategy and business objectives. It prioritizes risks according to their severity and considering the entity's risk appetite. The organization then selects risk responses and monitors performance for change. In this way, it develops a portfolio view of the amount of risk the entity has assumed in the pursuit of its strategy and entity-level business objectives.
true
Recall from Chapter 1 that essential to performing an attest engagement is the existence of suitable criteria that serve as the standards or benchmarks to measure and present the subject matter. The Committee of Sponsoring Organizations (COSO) internal control framework provides "suitable control criteria" for management's internal control report and the auditors' audit of internal control. Therefore, for an integrated audit, there are two sets of suitable criteria involved: COSO for the internal control audit and the applicable financial reporting framework for the financial statement audit.
true
Review and Revision: By reviewing enterprise risk management capabilities and practices, and the entity's performance relative to its targets, an organization can consider how well the enterprise risk management capabilities and practices have increased value over time and will continue to drive value in light of substantial changes.
true
The general approach to increasing the evidence from a test of control is to increase the extent of the test (e.g., increase the number of items tested). However, automated controls provide an exception to this approach. Because of the inherent consistency of operation of automated controls, the auditors often use an audit approach of determining that the control is working at a point in time and that no inappropriate changes were made to the program during the period. In such cases, determining that a control has been implemented may be sufficient to serve as audit evidence on operating effectiveness.
true
The impact of cutoff errors upon the financial statements varies with the nature of the error. For example, a cutoff error in recording acquisitions of plant assets affects the balance sheet but probably does not affect the income statement because depreciation usually is not recorded on assets acquired within a few days of year-end. On the other hand, a cutoff error in recording shipments of merchandise to customers affects both inventory and the cost of sales. In order to improve their financial picture, some clients may "hold their records open" to include in the current year cash receipts and revenue from the first part of the next period. To verify the client's cutoff of transactions, the auditors should review transactions recorded shortly before and after the balance sheet date to ascertain that these transactions are assigned to the proper period. Because such documents as checks, receiving reports, and shipping documents are usually serially numbered, noting the last serial number issued during the period will assist the auditors in determining that a proper cutoff has been made in recording transactions.
true
The quantity needed is affected by the risk of misstatements (the greater the risk, the more audit evidence required) and also the reliability of the evidence. In the great majority of cases, the auditors find it necessary to rely on evidence that is persuasive rather than conclusive. Auditors are seldom convinced beyond all doubt that all aspects of the statements are properly stated.
true
These control objectives are similar to the management assertions that were discussed in the preceding two chapters (see, for example, Figure 5.1). This is obviously the case because the overall objective of internal control over external financial reporting is to prepare financial statements in accordance with generally accepted accounting principles. However, there is one major difference between control objectives and assertions: the control objectives are broader in that they relate not only to financial reporting, but also to operations and compliance.
true
Timing of the performance of tests of controls depends upon the auditors' objectives. If the auditors test the operation of controls at a particular time, their audit evidence generally relates only to that time (e.g., tests of counting procedures performed during the annual physical inventory counting at period end). However, tests of certain controls provide evidence about operating effectiveness throughout the period (e.g., tests of general controls pertaining to modifying and using a computer program). For many controls, the auditors will want evidence on operating effectiveness by sampling the application of controls from throughout the period.
true
To facilitate a timely release of the audit report, auditors normally begin the audit well before the balance sheet date. The period before the balance sheet date is termed the interim period. Audit work that can always be started during the interim period includes the consideration of internal control, and substantive tests of transactions that have occurred to the interim date.
true
To illustrate a specific transaction cycle, consider a company's processes for sales and collections of receivables. The activities performed to process sales transactions might include receiving a customer's purchase order, approving credit, shipping merchandise, preparing the sales invoice, recording the sale, recording the accounts receivable, billing the customer, and handling and recording the cash remitted by the customer
true
Which of the following is not a function of audit working papers? A. Assist management in illustrating that the financial statements are in accordance with generally accepted accounting principles. B. Assist audit team members responsible for supervision in reviewing the work. C. Assist auditors in planning future engagements. D. Assist peer reviewers and inspectors in performing their roles.
A
Functions of Audit Documentation: Secondary functions: (5)
Assist continuing and new audit team members in planning and performing the audit Serves as a record of matters of continuing audit interest Assists in supervision and review of the audit Demonstrates the accountability of team members Assists internal reviewers, external peer reviewers, PCAOB inspectors, and successor auditors in performing their roles
Types of Working Papers
Audit administrative working papers Working trial balance Lead schedules Adjusting journal entries and reclassification entries Supporting schedules Analysis of a ledger account Reconciliations Computational working papers Corroborating documents
is all the information used by the auditors in arriving at the conclusions on which the audit opinion is based. It includes the information contained in the accounting records underlying the financial statements and other information.
Audit evidence
Factors such as the following might be indicative of increased financial reporting risk for a client:
Changes in the organization's regulatory or operating environment. Changes in personnel. New or revamped information systems. Rapid growth of the organization. Changes in technology affecting production processes or information systems. New business models, products, or activities. Corporate restructurings. Expansion or acquisition of foreign operations. Adoption of new accounting principles or changing accounting principles.
Topics Integrity of management Disagreements over accounting principles Communications to those charged with governance regarding fraud and noncompliance with laws Communication to management and those charged with governance concerning internal control significant deficiencies and material weaknesses. Predecessor's understanding of reason for change of auditors Other Overall procedure is important for evaluation of management integrity
Communicate with the predecessor auditor
Auditor responsibilities
Conducting an audit in accordance with GAAS Obtaining an understanding of internal control to plan audit and to determine the nature, timing and extent of procedures Making communications required by GAAS
Related Party Transactions
Disclosure requirements must be met Primary challenge is identifying undisclosed related party transactions Determine related parties Inquiries of management Review SEC filings, stockholder's listings and conflict-of-interest statements Be alert for transactions with related parties and any transactions with unusual terms
Procedures to assess fraud risks
Discussion among engagement team Inquiries of management and other personnel Risk assessment analytical procedures (to aid in planning the audit) Considering fraud risk factors
In planning and performing audit procedures related to fair value measurements, the auditors should obtain an understanding of the company's process for determining fair value measurements and disclosures, including relevant controls. In addition, the auditors should
Evaluate whether management's assumptions related to inputs are reasonable and reflect, or are not inconsistent with, market information. If management relies on historical financial information in the development of an input, consider the extent to which such reliance is justified. Evaluate whether the company's method for determining fair value measurements is applied consistently and, if so, whether the consistent application is appropriate given the current situation.
Substantive procedures for all relevant assertions and tests of controls when the auditors' risk assessment includes an expression that controls are operating effectively, or when substantive procedures alone do not provide sufficient appropriate audit evidence. The auditors perform risk assessment procedures to obtain an understanding of the client and its environment, including internal control. They then conduct a risk assessment and determine the appropriate further audit procedures
Further audit procedure
occurs when management establishes criteria for acceptance of a certain type of transaction. For example, top management may establish general price lists and credit policies for new customers. Transactions with customers that meet these criteria can then be approved by the credit department
General authorization
Which controls are most relevant to the audit of financial statements?
Generally, the controls that are relevant to an audit are those that pertain to the reliability of financial reporting—that is, those that affect the preparation of financial information for external reporting purposes. However, other controls may be relevant if they affect the reliability of data that the auditors use to perform auditing procedures
Overall responses when assessed risks of material misstatement are high
Heightened professional skepticism Assigning more experienced staff Assigning staff with specialized skills Providing more supervision
Tests of controls address the following:
How controls were applied. The consistency with which controls were applied. By whom or by what means (e.g., electronically) the controls were applied.
An international network of independently owned computers that operates as a giant computing network. Data on the Internet are stored on "Web Servers," which are computers scattered throughout the world
Internet
including processes, procedures, and policies for hiring, terminating, and determining pay rates; timekeeping; computing gross payroll, payroll taxes, and amounts withheld from gross pay; maintaining payroll records; and preparing and distributing paychecks.
Payroll cycle
The amount set by the auditors at less than materiality for accounts (or individual financial statements) to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole
Performance materiality
This section applies to public companies with a market capitalization of $75 million or more. For those companies, the auditors audit internal control as a part of an integrated audit as follows:
Plan the engagement Use a top-down approach to identify the controls to test Test and evaluate design effectiveness of internal control Test and evaluate operating effectiveness of internal control Form an opinion on effectiveness of internal control over financial reporting
A CPA firm that formerly served as auditor but has resigned from the engagement or has been notified that its services have been terminated
Predecessor auditors
a working paper entry drafted by the auditors to assure fair presentation of the client's financial statements, such as an entry to transfer accounts receivable credit balances to the current liabilities section of the client's balance sheet.
Reclassification journal entry
A financial statement assertion that has a reasonable possibility of containing a misstatement or misstatements that would cause the financial statements to be materially misstated. The determination of whether an assertion is a relevant assertion is made without regard to the effects of controls.
Relevant assertion
The 3 times you do analytical procedures
Risk assessment (sometimes referred to as planning analytical procedures) Substantive procedures Final review
The audit procedures performed to obtain an understanding of the entity and its environment, including the entity's internal control. They are designed to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels. Risk assessment procedures include (a) inquiries of management and others within the entity, (b) analytical procedures, and (c) observation and other procedures, including inquiries of others outside the entity
Risk assessment procedure
Risks at the financial statement level are those that relate to the overall financial statements and potentially affect many individual assertions. The following examples help to illustrate financial statement level risks:
Risks related to an ineffective control environment and weaknesses in general information technology controls (discussed in Chapters 7 and 8). A lack of sufficient capital to continue operations. A declining industry. Risks related to the selection and application of significant accounting policies.
What is the purpose of Rule 102 of the AICPA Code of professional Conduct?
Rule 102 purpose is to prohibit a member of the AICPA from knowingly misrepresenting facts or subordinating judgment when performing professional services for a client and employer.
1. Plan the audit. Audit planning begins with determining the requirements for the engagement, including the financial statements to be audited, any other requirements (e.g., regulatory filings), and the timing of the engagement. During this stage, auditors establish an understanding with their client as to the nature of services to be provided and the responsibilities of each party. In addition, they develop an overall audit strategy and an audit plan. Planning includes determining the analytical and other procedures to be applied as risk assessment procedures, the level of materiality, and the likely need for specialists. While we describe the audit planning process as the first step in an audit, it should be recognized that significant portions of the planning process cannot be completed until the auditors have a sufficient understanding of the client and its environment, including internal control. Therefore, in the first audit of a new client, much of the planning process will be performed after the auditors have obtained this understanding, as described in stage two. In the audit of a continuing client, the auditors will have gained the required understanding and, therefore, may do most of the planning at the beginning of the audit.
true
2. Obtain an understanding of the client and its environment. Auditors should gather sufficient background information to assess the risks of material misstatement of the financial statements and to design the nature, timing, and extent of further audit procedures. Risk assessment procedures are used to gather this information and include researching the characteristics of the client's industry, inquiries of management, analytical procedures, observation and inspection, and other procedures. At this stage of the audit, the auditors are attempting to obtain an overall understanding of the client and its environment, including its industry, objectives and strategies and related business risks; the manner in which management measures and reviews financial performance; and the client's internal control. This understanding helps the auditors identify account balances, transactions, and disclosures with a high risk of material misstatement. Obtaining an understanding of the nature of internal control is an essential part of this process because it allows auditors to identify accounts and classes of transactions that may be misstated and to tailor audit procedures to the existing internal control system. Information on internal control comes from interviewing client personnel, observing the application of specific controls, inspecting documents and reports, and tracing transactions through the information system, as well as reviewing prior years' audit working papers.
true
4. Perform further audit procedures. Further audit procedures include a combination of additional tests of controls and substantive procedures relating to account balances, transactions, and disclosures. Tests of controls are performed to determine whether key controls are properly designed and operating effectively. To illustrate a test of a control, consider the control activity in which the accounting department accounts for the serial sequence of all shipping documents before preparing the related journal entries. The purpose of this control is to ensure that all shipments of merchandise are recorded in the accounting records (i.e., to ensure the completeness of recorded sales and accounts receivable). To test the operating effectiveness of the control, the auditors might inspect evidence of the client's accounting for the sequence of shipping documents and select a sample of shipping documents prepared at various times throughout the year to inspect the related journal entries.
true
5. Complete the audit. The auditors perform a number of procedures near the time of completion of the audit. These procedures, discussed in detail in Chapter 16, include completing the search for unrecorded liabilities, completing the review of minutes of meetings, performing final analytical procedures, completing the search to identify loss contingencies and subsequent events, and obtaining a representation letter from management. Finally, overall audit findings are evaluated to arrive at a conclusion as to whether the financial statements follow generally accepted accounting principles.
true
A basic premise underlying the application of analytical procedures is that plausible relationships among data may reasonably be expected to exist and continue in the absence of known conditions to the contrary. Therefore, the auditors can use these relationships to obtain evidence about the reasonableness of financial statement amounts
true
A number of assets are valued at cost. Therefore, a common audit procedure is to vouch the acquisition cost of assets to paid checks and other documentary evidence. If the acquisition cost is subject to depreciation or amortization, the auditors should evaluate the reasonableness of the cost allocation program and verify the computation of the remaining unallocated cost. Increasingly, generally accepted accounting principles require determination of the fair value of assets and liabilities. Certain assets and liabilities must be valued at fair value, others are valued at the lower of cost or net realizable value, and for some fair value must be determined to evaluate whether an asset is Page 232impaired.
true
A transaction cycle, or class of transactions, is the sequence of procedures applied by the client in processing a particular type of recurring transaction. The term cycle conveys the idea that the same sequence of procedures is applied to each included transaction. Because of their importance to financial reporting, the auditors' consideration of internal control often is organized around the client's major transaction cycles. While they differ from company to company, typical cycles include (1) the revenue (sales and collections) cycle, (2) the acquisition (purchases and disbursements) cycle, (3) the conversion (production) cycle, (4) the payroll cycle, (5) the investing cycle, and (6) the financing cycle
true
AICPA AU-C 315 and PCAOB AS 2110 require that auditor have a discussion with the audit team members about the susceptibility of the client's financial statements to material misstatements, while AICPA AU-C 240 and PCAOB AS 2401 require a discussion ("brainstorming session") on susceptibility to fraud. For efficiency, the two discussions are often held concurrently.
true
Accordingly, some tests of controls provide substantive evidence about an account or class of transactions. These procedures are referred to as dual-purpose procedures (tests) because they serve as both a test of controls and a substantive test of the details of the transactions that occurred during the year. It should be emphasized, however, that the systems portion of the audit plan primarily addresses tests of internal control and assessing control risk.
true
After assessing the risks of material misstatement, the auditors consider what can go wrong and design further audit procedures. Further audit procedures ordinarily consist of substantive procedures and, when the assessed level of risk presumes that controls operate effectively, tests of controls. At this point, the risk assessments are preliminary because the auditors may be assuming that controls that have not been tested are operating effectively. The preliminary assessments of control risk are often referred to as the planned assessed level of control risk
true
After the auditors have completed the tests of controls, they should determine if it is necessary to revise their assessed levels of control risk (or risks of material misstatement) based on the results of those tests. If the results indicate that controls operated as effectively as had been assumed, no revision is necessary. The original audit plan is still appropriate. However, if the results reveal that controls are less effective than had been originally thought (i.e., control risk is higher than originally assessed), the auditors will revise their planned assessments and carefully consider the possible misstatements that may exist in the financial statements. Then, they will design additional substantive audit procedures to address the additional risk of misstatement. Although unlikely, a final possibility is that controls are found to operate more effectively than expected. In this case, modifications may include a decrease in the extent of substantive audit procedures.
true
All reviewers look to see that the working papers properly document the audit. However, there are differences in the nature of the reviews. The senior's review is the most technical, and it generally is performed promptly after the completion of the individual working paper. Seniors look primarily to see that the staff assistant has performed the audit procedures properly and that the assistant's findings and conclusions are logical and clearly expressed.
true
Alterations of the nature, timing, or extent of audit procedures to address a fraud risk may involve applying procedures that provide more reliable evidence, shifting tests from the interim period to near year-end, or increasing the sample size for a particular substantive procedure. As an example, the auditors might decide to interview personnel involved in activities in areas where a fraud risk has been identified to obtain their insights about the risk and how controls address that risk. Linking audit procedures to risks is described in more detail later in this chapter.
true
An audit committee must be composed of at least three independent directors—that is, outside directors (neither officers nor employees) who have no other relationship that might impair their independence. Although audit committee members are paid for serving on the board of directors, the Sarbanes-Oxley Act of 2002 provides that audit committee members should not receive any consulting, advisory, or other compensatory fee from the company, or be in any way affiliated with the company. Also, the members of the audit committee must be financially literate, and at least one member (usually the chairman) must be a financial expert. Finally, the audit committee must be responsible for appointment, compensation, and oversight of the auditors. During the course of the audit, the auditors will discuss with the audit committee matters such as weaknesses in internal control, proposed audit adjustments, disagreements with management as to accounting principles, the quality of accounting principles used by the company, and indications of management fraud or other illegal acts by corporate officers.
true
An example of the use of an analytical procedure for risk assessment purposes is the comparison of the client's inventory turnover for the current year with comparable statistics from prior years. A significant decrease in inventory turnover might lead the auditors to consider the possibility that the client has excessive amounts of inventory. As a result, the auditors would plan more extensive procedures to search for inventory items that may be obsolete.
true
Analytical procedures may be used as substantive procedures to provide evidence about one or more financial statement assertions. While the auditors are not required to use substantive analytical procedures, they are usually the most efficient test of certain assertions. For example, performing analytical procedures often is the most efficient way to evaluate the completeness of various revenue and expense accounts
true
Analytical procedures performed as risk assessment procedures are used to assist the auditors in determining the nature, timing, and extent of further audit procedures that will be used to obtain evidence about specific accounts. At the risk assessment stage, the objective of analytical procedures is to help the auditors identify unusual transactions, events, or amounts that indicate a heightened risk of material misstatement of the financial statements. Risk assessment analytical procedures also are used to increase the auditors' understanding of the client's business. During the risk assessment stage, auditors are required to perform analytical procedures relating to revenue to identify any unusual or unexpected relationships involving revenue accounts that may be indicative of fraud.
true
Another control over transaction processing is a system of well-designed forms and documents A control of wide applicability is the use of serial numbers on documents. Serial numbers provide control over the number of documents issued. Checks, tickets, sales invoices, purchase orders, stock certificates, and many other business papers can be controlled in this manner.
true
Another type of audit evidence consists of recalculations made independently by the auditors to prove the arithmetical accuracy of the client's analyses and records. At a high level, this should include making certain that accounting records (e.g., accounts in the general ledger) agree with or can be reconciled to the financial statements. At a more detailed level, the auditor's computations might consist of footing (i.e., totaling) a column of figures in a sales journal or in a ledger account to prove that column total. Independent computations may be used to prove the accuracy of such client calculations as earnings per share, depreciation expense, allowance for uncollectible accounts, revenue recognized on a percentage-of-completion basis, and provisions for federal and state income taxes. Specialists may become involved in certain calculations. For example, because the computation of a client's liability for postretirement benefits involves actuarial assumptions and computations beyond the auditors' area of expertise, auditors usually rely on the services of an actuary to compute this liability.
true
As a result of their consideration of internal control, the auditors will make appropriate modifications in the substantive procedures portion of the audit plan. For example, because of weaknesses in internal control over the proper recording of sales, the auditors may assess control risk (or combined inherent and control risk) for the assertion of existence of accounts receivable as high and decide to send additional accounts receivable confirmations. Alternatively, strong controls may lead the auditors to decide to perform less extensive substantive procedures than would be the case if controls did not function effectively.
true
As described previously, in an audit of financial statements, the auditors should obtain an understanding of the design of controls in each of the major internal control components—control environment, risk assessment, control activities, information and communication, and monitoring. In an integrated audit, the auditors have this information available through performance of the financial statement audit. The approach used in the internal control audit is "top-down" in the sense that it starts at the top—the financial statements and entity-level controls—and links the financial statement elements and entity-level controls to significant accounts, relevant assertions, and the major classes of Page 296transactions
true
As discussed earlier in this chapter, the audit plan includes the audit's risk assessment procedures and planned further audit procedures. Two major portions of these procedures are procedures to obtain an understanding and assess the effectiveness of the client's internal control (the "systems portion") and procedures aimed directly at financial statement account balances (the "substantive portion").
true
As discussed in Chapter 5, interim tests of certain financial statement balances, such as accounts receivable, also may be performed, but risk is presented by the transactions that occur in the remaining period. Thus, significant misstatements due to error or fraud could arise in these accounts during the period between the time that the interim test was performed and the balance sheet date
true
As discussed in Chapter 6, the auditors perform risk assessment procedures to obtain an understanding of the client and its environment, including internal control. This understanding provides auditors with information to assess the risks of material misstatement and with information on the types of further audit procedures that should be performed. For example, to perform substantive procedures to verify the existence of accounts receivable, the auditors need to know and understand the nature of the underlying source documents.
true
As implied in the preceding illustration, increases in the amount of materiality result in decreases in the scope of audit procedures. For example, all things being equal, auditors will gather less audit evidence if materiality is $500,000 as compared to $100,000. The relationship is that as materiality increases, the auditors will need less evidence because their audit is based on a less precise measure. Thus, if income is approximately $5,000,000, it will take less audit effort to be able to conclude that misstatements do not exceed $500,000 than to conclude that they do not exceed $100,000.
true
As indicated in the discussion of the components of internal control, the internal audit function is an important part of the client's internal control, risk management, and governance system. In performing their monitoring and control function, internal auditors perform procedures that are similar to those performed by the external auditors. For example, internal auditors usually perform tests of controls, tests of compliance with laws and regulations, and substantive tests that are relevant to the audit of the client's financial statements. In determining whether the internal auditors' work will be used, the external auditors begin by obtaining an understanding of the work to determine if it is relevant to their audit. They make inquiries about such matters as the internal auditors' activities and plans. If the external auditors decide the work is relevant and it would be efficient to use it, they should assess the competence and objectivity of the internal audit function, and determine whether the internal auditors apply a systematic and disciplined approach to performing the work, including the application of appropriate quality control.
true
As indicated previously, the auditors may have gathered some evidence about the effectiveness of certain controls while they performed procedures to obtain an understanding of internal control and determined that the controls were implemented. For example, in evaluating the design of the control environment, the auditors may have made inquiries about management's use of budgets, observed management's comparison of monthly budgeted and actual expenses, and inspected reports pertaining to the investigation of variances. For efficiency purposes, the auditors may have decided to perform virtually all of the tests of controls during the process of obtaining an understanding of internal control. However, for many audits, the auditors will design additional tests of controls at this point to support their planned assessed level of control risk. The auditors will use their understanding of the client's internal control to design these additional tests of controls.
true
As we've discussed, qualitative factors are particularly significant to materiality when one is evaluating results of audit procedures. Thus, for example, related parties transactions of relatively small amounts might be considered material to the company's financial statements. Examples of other factors that may make an item qualitatively material include the following: A misstatement of the financial statements that would affect a company's compliance with a contractual agreement might be material regardless of its amount. As an illustration, assume that a company's long-term debt agreement requires the company to maintain working capital of at least $500,000; otherwise, the total debt becomes payable upon demand. If the company's working capital on the balance sheet is only slightly more than $500,000, a small misstatement might disguise a violation of the debt agreement. Because the violation would mean that the company's long-term debt should be reclassified as a current liability, the small misstatement becomes material to the financial statements.
true
At the overall financial statement level, audit risk is a function of the risks of material misstatement and detection risk. Auditors are aware that few audits involve material misstatements of financial statements, but when such misstatements do exist, they can result in millions of dollars of potential liability to the auditors.
true
Audit evidence in paper or electronic form that is obtained through inspection of records and documents is referred to as documentary evidence and includes examination of a variety of records supporting the company's business and accounting information system such as checks, invoices, contracts, and minutes of meetings. The reliability of documentary evidence depends in part on whether it was created within the company (e.g., a sales invoice) or outside the company (e.g., a vendor's invoice). Some documents created within the company (e.g., checks) are sent outside the organization for endorsement and processing; because of this critical review by outsiders, these documents are regarded as more reliable than other documents created by client personnel.
true
Auditors accumulate their evidence from the previous steps to form an opinion on whether the company maintained, in all material respects, effective internal control over financial reporting. Also, because the audits of internal control and the financial statements are integrated, auditors consider any relevant findings from the audit of the financial statements. An unqualified audit opinion may be issued when no material weaknesses in internal control have been identified as existing at year-end and when there have been no restrictions on the scope of the auditors' work. If one or more material weaknesses in internal control are found, an adverse opinion should be issued. Scope limitations may result in either a qualified opinion or a disclaimer of opinion, depending on the significance of the limitation.
true
Auditors are given 60 days after the audit report release date (the date the client is granted permission to use the report) to complete the audit file by assembling a complete and final set of audit documentation.9 During this period, they are able to perform routine file-assembling procedures such as deleting or discarding superseded documentation and sorting, collating, and cross-referencing final working papers. In addition, they may sign off on various checklists and add information received subsequent to the date of the auditors' report (e.g., an original confirmation that was previously faxed). The updated or revised audit documentation should contain all of the information, evidence, and conclusions that were in any superseded documentation. However, if certain information is no longer relevant or valid, it may be discarded during this 60-day period.
true
Auditors communicate deficiencies that are less than significant to management (either orally or in writing) when they believe that they deserve management's attention. These matters are typically communicated to management in a management letter
true
Auditors may either consider the risk of material misstatement directly, or separately consider its components of inherent risk and control risk. For purposes of considering the relationships among the risks, we provide a separate assessment approach. Auditing standards allow either a quantified or nonquantitative approach
true
Auditors must obtain sufficient appropriate audit evidence to reduce audit risk to a low level in every audit.
true
Auditors next evaluate the design of controls—if the design is not effective, then it makes no sense to test whether the controls operate effectively. To test design effectiveness, the auditors identify the company's control objectives and risks in each financial reporting area and then identify relevant controls that satisfy each control objective. Once they have identified the relevant controls, the auditors evaluate the likelihood of control failure, the magnitude of any related misstatement due to such failure, and the degree to which other compensating controls achieve the same control objectives. Then they assess whether the controls, if operating properly, can effectively prevent or detect misstatements that could be material. Procedures performed by the auditors to evaluate design effectiveness include inquiry, observation, additional walk-throughs, inspection of relevant documentation, and specific evaluation of whether the controls are likely to prevent or detect misstatements.
true
Both inherent risk and control risk exist independently of the audit of financial statements. That is, the risk of material misstatement exists regardless of whether an audit is performed. The auditor may make separate assessments of the two risks or an overall assessment of the risk of material misstatement for the relevant assertions.
true
By reducing the variance in auditors' judgments, an aim in using decision aids is to promote the performance of audits that meet firm and professional requirements.
true
COSO was designed to address what should a system of internal control risk should address and what the design should look like
true
COSO's definition of internal control emphasizes that internal control is a process, or a means to an end, and not an end in and of itself. In the three categories of objectives of internal control—reporting, operations, and compliance—COSO states that a series of control objectives and subobjectives exists
true
Controls that do not leave documentary evidence of performance should be tested entirely through observation by the auditors and inquiry of client personnel. Segregation of duties, for example, is tested by observing the client's employees as they perform their duties, and inquiring as to who performed those duties throughout the period under audit. The auditors also should determine whether employees performed incompatible duties when other employees were absent from work on sick leave or vacation.
true
Data analytics also can improve the effectiveness and efficiency of the auditors' substantive procedures.
true
Data analytics may be applied as a supplement or alternative to certain sampling tests. While a number of approaches are possible, consider the following two: (1) test a number of controls simultaneously electronically through a sample of transactions and follow up with the audit of the entire population of transactions for any controls whose operating effectiveness is in question or (2) simultaneously test a number of controls over all Page 287transactions in a particular population.
true
Designing further audit procedures is a critical process that involves complex judgment to link specific audit procedures with the assessed risks at the relevant assertion level. When designing further audit procedures, auditors consider the nature, timing, and extent of appropriate procedures. As discussed in Chapter 5, the higher the risk, the more reliable and relevant is the nature of the audit evidence sought by the auditor. For example, to improve reliability, it may be possible to increase the use of externally generated evidence in a risky area
true
Detection risk exists because the auditors' substantive procedures are not 100 percent effective, due to both sampling and other factors.
true
Detection risk is a function of the effectiveness of the audit procedures and their application by the auditors. Accordingly, unlike inherent risk and control risk, it does not exist when no audit is performed. Rather than "assessing" detection risk, auditors seek to restrict it through performance of substantive procedures.
true
Effective internal control provides assurance that acquisitions are recorded and helps the auditors to establish the completeness of recorded assets. When such controls are found to be ineffective, the scope of substantive procedures should be increased, but this is often a difficult task. When the auditors are testing the completeness of assets, they are looking for assets that have been acquired but not recorded in the accounting records.
true
Engagement risk is increased when the client company is in a weak financial position or is greatly in need of additional capital. When an audit client goes bankrupt, the auditors often are named as defendants in lengthy and costly lawsuits, with possible damage to their professional reputation. For that reason, some CPAs choose to avoid engagements entailing a relatively high engagement risk; others may accept such engagements, recognizing the need to expand audit procedures (and increase audit fees) to compensate for the unusually high levels of risk.
true
Even after all dollar amounts have been substantiated, the auditors should perform procedures to ensure that the financial statement presentation conforms to the requirements of authoritative accounting pronouncements and the general principle of adequate disclosure. Procedures falling into this category include the review of subsequent events; search for related party transactions; investigation of loss contingencies; review of disclosure of such items as accounting policies, leases, compensating balances, and pledged assets; and consideration of the classification and description of items in the financial statements.
true
For a corporation, the major instruments of corporate governance include management compensation systems, the boards of directors (including Page 273major committees), external (independent) auditors, internal auditors, attorneys, regulators, creditors, securities analysts, and internal control systems.
true
From a planning standpoint, analytical procedures help the auditors obtain an understanding of the client's business, identify financial statement amounts that appear to be affected by errors or fraud, or identify other potential problems
true
How do auditors obtain an understanding of a client's internal control? Procedures to obtain audit evidence about the design and implementation of relevant controls may include inquiring of entity personnel, observing the application of specific controls, inspecting documents and reports, and tracing transactions through the information system relevant to financial reporting. Auditors ordinarily use one or a combination of these approaches to obtain the needed understanding of internal control. One restriction exists, however, in that inquiry alone is not sufficient to evaluate the design of a control and to determine whether it has been implemented.
true
If they are not able to reach agreement, the opinion of the partner-in-charge of the engagement will prevail with respect to the content of the auditors' report.However, all other members of the audit team have the right to document in the working papers their disagreement with the ultimate decision. In the event that a staff person elects to document his or her disagreement, the partner-in-charge obviously should be extremely thorough in documenting the rationale underlying the firm's ultimate decision in a carefully written memorandum. The SEC interprets the Sarbanes-Oxley Act of 2002 as requiring that working papers be retained regardless of whether they support or are inconsistent with the auditors' final conclusion relating to significant matters. However, the act does not require retention of preliminary views when those preliminary views are based on incomplete information or data.
true
In an integrated audit, the planning of the internal control audit is coordinated with the planning of the financial statement audit. For both audits, the auditors consider matters related to the client's industry, business, and regulatory environment and its internal control, as discussed in Chapter 6. The auditors' procedures to obtain the required knowledge of the client's internal control at the planning stage of the engagement will differ significantly depending upon the nature of the client and the auditors' previous experience with that client. For example, when the auditors have previously performed audits for the client, the auditors begin the integrated audit with more information than in a circumstance in which the client is new.
true
In evaluating the appropriateness of audit evidence, auditors consider both its relevance and its reliability in providing support for, or detecting misstatements in, financial statement assertions. Relevance relates to the assertion being addressed.
true
In performing risk assessment, it is important for the auditors to recognize that risks of material misstatement occur at both the financial statement level and the relevant assertion level for account balances, transaction classes, and disclosures. These two levels of risks may affect the audit in different ways.
true
Information gathering procedures provide the auditors with evidence on inherent and control risks for significant assertions. Remember that inherent risk is the risk of material misstatement of an assertion without considering internal control. Many inherent risks arise because of business risks faced by management, including the possibility of material misstatement due to fraud. The auditors' consideration of control risk involves analyzing the design and implementation of internal control to decide whether the internal control system appears adequate to prevent or detect and correct material misstatements. For example, if the auditors believe that inherent risk is higher for an important area and internal control is weak (i.e., control risk is high), they will assess the risk of material misstatement as high. On the other hand, if inherent risk is assessed as low and controls seem capable of preventing or detecting and correcting misstatements, the auditors may decide to perform tests of controls to support an assessment that control risk is low. If those tests provide evidence that the controls are operating effectively, the auditors may conclude that the risk of material misstatement is low.
true
Information, Communication, and Reporting: Communication is the continual, iterative process of obtaining information and sharing it throughout the entity. Management uses relevant information from both internal and external sources to support enterprise risk management. The organization leverages information systems to capture, process, and manage data and information. By using information that applies to all components, the organization reports on risk, culture, and performance.
true
Internal control is designed to provide reasonable assurance of achieving objectives related to reliable financial reporting, efficiency and effectiveness of operations, and compliance with applicable laws and regulations. The nature and extent of the audit work to be performed on a particular engagement depend largely upon the effectiveness of the client's internal control in preventing or detecting material misstatements in the financial statements. Before auditors can evaluate the effectiveness of internal control, they need a knowledge and understanding of how it works: what controls exist and who performs them, how various types of transactions are processed and recorded, and what accounting records and supporting documentation exist. The auditors should have a sufficient understanding of the design and implementation of internal control to plan the audit. Chapter 7 focuses on the auditors' consideration of internal control.
true
It is very important for the auditors to document audit findings or issues that are significant and the actions taken to address them. Such matters include the selection of appropriate accounting principles, accounting for complex and unusual transactions, and issues related to accounting estimates. Auditors also should document test results that indicate that the financial statements may be materially misstated, any significant difficulties encountered in applying auditing procedures, proposed audit adjustments, and findings that could result in a modification of the audit report. Finally, audit documentation should identify those who performed and reviewed the work and the related dates of performance.
true
Management also should establish supervisory controls that assess whether other transaction control activities are operating properly. Usually supervisory controls are focused on high-risk transactions.
true
Many CPA firms consider systems flowcharts to be more effective than questionnaires or narrative descriptions in documenting their understanding of a client's accounting information system and the related control activities. A systems flowchart is a diagram—a symbolic representation of a system or a series of procedures with each procedure shown in sequence. To the experienced reader, a flowchart conveys a clear image of the system, showing the nature and sequence of procedures, division of responsibilities, sources and Page 280distribution of documents, and types and location of accounting records and files.
true
Materiality judgments depend both upon the financial reporting framework being used and on the auditors' professional judgment.
true
May also obtain evidence on operating effectiveness of various controls
true
Most audit firms organize much of the substantive portion of their audit plans around the balance sheet accounts. Then, they complete any additional procedures needed to substantiate income statement accounts and information in financial statement notes. An advantage of this balance sheet approach is that highly reliable evidence generally is available to substantiate assets and liabilities. For example, the ending balance of accounts receivable as presented in Figure 6.6 is usually subject to direct verification by such procedures as inspection of externally created documentary evidence, confirmation, and review of subsequent cash collections. Other assets such as inventory may be physically examined. Liabilities can be verified by examination of externally created documents, confirmation, and inspection of canceled checks after the liability has been paid.
true
Most internal control questionnaires are designed so that a "no" answer to a question indicates a weakness in internal control and requires the auditors to identify types of potential misstatements arising therefrom. In addition, questionnaires may provide for a distinction between major and minor control weaknesses, an indication of the sources of information used in answering questions, and explanatory comments regarding control deficiencies. A disadvantage of standardized internal control questionnaires is their lack of flexibility. They often contain many questions that are "not applicable" to specific systems, particularly systems for small companies. Also, the situation in which an internal control strength compensates for a weakness may not be obvious from examining a completed questionnaire.
true
Much information about the nature of the client may be obtained through inquiries of management and other personnel. For example, the auditors may use inquiry to determine the major types of sales transactions and the nature of the client's customers. The auditors may combine inquiry and inspection to determine the content of sales contracts and the accounting policies used for recognizing revenues under the contracts. They also make inquiries of other personnel within the organization. As an example, production personnel can provide the auditors with a more detailed understanding of production processes. In addition, informal discussions between the auditors and key officers of the client can provide information about the history, size, operations, accounting records, and internal control of the enterprise. Finally, the auditors may make numerous inquiries to identify and assess fraud risks as described later in this chapter
true
Much of the information contained in the permanent file is gathered during the course of the first audit of a client's records. A considerable portion of the time spent on a first audit is devoted to gathering and appraising background information, such as copies of articles of incorporation and bylaws, leases, patent agreements, pension plans, labor contracts, long-term construction contracts, known related parties, charts of accounts, and prior years' tax returns.
true
Not all of the audit evidence pertaining to income statement accounts is indirect. The verification of a major balance sheet item often involves several closely related income statement accounts that can be verified through computation or other direct evidence. For example, in substantiating the marketable securities owned by the client, it is a simple matter to compute the related interest revenue, dividends revenue, and gains or losses on sales of securities. In substantiating the balance sheet items of plant assets and accumulated depreciation, the auditors make computations that also substantiate depreciation expense. Uncollectible accounts expense is substantiated in conjunction with the balance sheet item Allowance for Doubtful Accounts. In addition to these computations, the auditors' analytical procedures provide direct evidence as to the reasonableness of various revenues and expenses. Certain income statement accounts, such as revenues, are of such significance that the auditors virtually always obtain direct evidence about the fairness of the amounts, typically by performing tests of details of a sample of transactions or substantive analytical procedures.
true
Note that while the auditors' overall objective is to determine whether the ending financial statement balance is correct, two approaches are possible: (1) testing controls over transactions that occurred during the year or (2) testing the ending account balance directly. That is, if the controls over the transactions that are recorded into the account are effective, assurance is obtained regarding the ending balance. Alternatively, auditors may directly test the ending balance of the account. As a practical matter, auditors use a combination of these two approaches. Indeed, even if controls are considered extremely strong, some substantive procedures should be performed for all significant financial statement accounts.
true
Performing audit work during the interim period has numerous advantages, in addition to facilitating the timely release of the audited financial statements. The independent auditors may be able to assess internal control more effectively by observing and testing controls at various times throughout the year. Also, they can give early consideration to accounting problems. Another advantage is that interim auditing creates a more uniform workload for CPA firms. With a large client, such as General Motors, the auditors may have office space within the client's buildings and perform audit procedures throughout the entire year.
true
Personnel within an organization need to have a clear understanding of their responsibilities and the rules and regulations that govern their actions. Therefore, to enhance the control environment, management develops employee job descriptions and clearly defines authority and responsibility within the organization. Policies also may be established describing appropriate business practices, knowledge and experience of key personnel, and the use of resources.
true
Precision depends on a number of factors, including the predictability of the relationships, the technique used to develop the expectation, and the reliability of the underlying data used. If much "noise" exists in relationships between variables (e.g., sales and cost of goods sold), material differences might exist and not be identified by analytical procedures. Generally, precision can be improved by performing a more detailed analysis. For example, as indicated earlier, precision may be improved by performing analytical procedures with monthly rather than annual data.
true
Public accounting firms usually charge clients on a time basis, and detailed time budgets can assist the auditor in estimating the audit fee. A time budget for an audit is constructed by estimating the time required for each step in the audit plan for each of the various levels of auditors and totaling those estimated amounts. Time budgets serve other functions in addition to providing a basis for estimating fees. The time budget communicates to the audit staff those areas the manager or partner believes are of high risk and require more time. It also is an important tool of the audit senior, who uses it to measure the efficiency of the staff and to determine at each stage of the engagement whether the work is progressing at a satisfactory rate.
true
Relatively recently, Statements on Auditing Standards and International Auditing Standards introduced the concept of performance materiality. This concept was introduced, in part, to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected immaterial misstatements in the financial statements would exceed overall financial statement materiality Finally, the auditors may determine tolerable misstatement which may be viewed as the application of performance materiality to a particular audit procedure. Tolerable misstatement may be the same amount or lower than performance materiality depending upon the audit sampling technique being used and the number of audit procedures affecting the relevant assertions.3 Chapter 9 illustrates how tolerable misstatement is used in the calculation of sample sizes for substantive procedures that involve audit sampling.
true
Section 404(b) of the act requires the company's auditors to attest to, and report on, internal control over financial reporting. As implemented, Section 404(b) applies to public companies with a market capitalization of $75,000,000 or more. Public Company Accounting Oversight Board (PCAOB) standards provide guidance to the auditors for meeting Section 404(b)'s requirements. PCAOB standards (1) describe an integrated audit that addresses both the financial statements and internal control and (2) provide specific requirements for the audit of internal control.
true
Strategy and Objective-Setting: Enterprise risk management is integrated into the entity's strategic plan through the process of setting strategy and business objectives. With an understanding of business context, the organization can gain insight into internal and external factors and their effect on risk. An organization sets its risk appetite in conjunction with strategy-setting. The business objectives allow strategy to be put into practice and shape the entity's day-to-day operations and priorities.
true
Substantive procedures are performed to restrict detection risk, the risk that auditors will not detect a material misstatement. These procedures, described in detail in Chapter 5, include direct tests of account balances, transactions, and disclosures, as well as substantive analytical procedures. Chapters 10 through 16 provide detailed examples and discussions of these further audit tests for the various financial statement accounts.
true
Tests of controls can focus on either financial statement or assertion level controls. Ordinarily, controls that operate at the financial statement level, such as the control environment or IT general controls, are only indirectly related to particular assertions. The emphasis for tests of controls should ordinarily be upon the operating effectiveness of controls that are directly related to relevant assertions. In addition, the auditors will consider the need to obtain audit evidence on the effective operation of financial statement level controls on which the effectiveness of direct controls depends.
true
Tests of the operating effectiveness of controls are used to determine whether the controls function as designed and whether the individuals performing the controls possess the necessary authority and qualifications. An integrated audit requires the auditors to test controls for all relevant assertions about major accounts. These tests should be designed to provide a high level of assurance that these controls are operating effectively. Generally, the more frequently a control operates, the more often it should be tested, and controls that are more critical should be tested more extensively.
true
The auditors may use the statement of cash flows to analyze cash flows while obtaining an understanding of the client, particularly as a part of risk assessment analytical procedures. For a profitable, growing company, one ordinarily expects positive operating cash flows, perhaps slightly higher than net income due to the adding back to net income of noncash expenses such as depreciation and amortization items. Cash flows from investing are often negative for such a company as it makes capital expenditures and investments. The direction of cash flows from financing is expected to vary among years depending upon issuance and redemption of stock and debt
true
The auditors should obtain an understanding of the client's process for identifying and responding to business risks. This understanding includes how management identifies these risks, estimates their significance, and decides upon actions to manage them. If the client has implemented an enterprise risk management system, the auditors will obtain an understanding of the processes and controls that are implemented in the system. An understanding of the risk assessment process assists the auditors in identifying risks of material misstatement because many such risks arise as a result of business risks faced by the client.
true
The auditors use risk assessment procedures to obtain an understanding of internal control. The understanding obtained, combined with the auditors' other evidence, allows them to assess the risk of material misstatement.
true
The auditors' consideration of materiality at the planning stage of the audit helps them to determine the appropriate scope of their audit procedures. They first consider materiality at the level of the financial statements as a whole. Then, for accounts, classes of transactions and disclosures for which misstatements of a lesser amount could influence the decisions of users, they determine lower materiality levels.
true
The auditors' fraud risk assessment involves identifying risks of material misstatement of the financial statements due to fraud and determining the appropriate audit response. To identify fraud risks, the auditors perform a number of procedures, including having discussions with engagement personnel, making inquiries of management and others within the organization, performing analytical procedures, and considering fraud risk factors.
true
The auditors' report for a particular year is supported by the working papers contained in the current files. Many CPA firms have found it useful to organize the current files around the arrangement of the accounts in the client's financial statements. The administrative working papers usually begin the current files, including a draft of the financial statements and the auditors' report. These working papers are followed by the working trial balance and the adjusting and reclassification entries. The remaining portion of the current files consists of working papers supporting the balances and other representations in the client's financial statements. It begins with working papers for each asset account and continues with papers for liabilities, owners' equity accounts, and revenue and expense accounts. Each working paper in a file is assigned an index number, and information is tied together through a system of cross-referencing. In this way, a reviewer may trace back amounts on the working trial balance to the supporting working papers.
true
The concept of corporate governance is somewhat broader than internal control in that it is not only concerned with the effectiveness of financial reporting, but it also encompasses ethical treatment of all major stakeholders, compliance with laws, regulations, customary business practices, and effective risk management. Because management plays the major role in determining how various stakeholders are treated, corporate governance is primarily concerned with controlling management and providing incentives for appropriate management behavior. From an internal standpoint, the control environment is particularly significant to corporate governance. It is important that the board exercises an independent oversight of management, including taking a major role in risk management of the corporation. In particular, the audit committee of the board should provide effective oversight of management. The compensation committee should assure that management is compensated in a manner that does not provide management with incentives to engage in inappropriate behavior. An independent internal audit function is also a significant internal mechanism for corporate governance.
true
The division of responsibilities between these departments illustrates the separation of the accounting function from operations and also from the custody of assets. Under the direction of the treasurer, the finance department is responsible for financial operations and custody of liquid assets. Activities of this department include planning future cash requirements, establishing customer credit policies, and arranging to meet the short- and long-term financing needs of the business. In addition, the finance department has custody of bank accounts and other liquid assets, invests idle cash, handles cash receipts, and makes cash disbursements. In short, it is the finance department that conducts financial activities. The accounting department, under the authority of the controller, is responsible for all accounting functions and, often, the design and implementation of internal control. With respect to financial activity, the accounting department records financial transactions but does not handle financial assets. Accounting records establish accountability over assets and provide the information necessary for financial reports, tax returns, and Page 264daily operating decisions
true
The nature of verification work performed by the auditors should be clearly indicated on each working paper. A review of paid purchase invoices, for example, might be supplemented by inspection of the related purchase orders and receiving documents to substantiate the authenticity of the invoices examined; a description of this verification procedure should be included on the working paper. As audit working papers are prepared, the auditors will use several different symbols to identify specific steps in the work performed. These symbols, or tick marks, either manually written or electronically inserted, provide a very concise means of indicating the audit procedures applied to particular amounts. Whenever tick marks are employed, they should be accompanied by a legend explaining their meaning.
true
The preceding discussion of internal control and its consideration by the independent auditors has been presented in terms of large corporations. In the large concern, excellent internal control may be achieved by extensive segregation of duties so that no one person handles a transaction completely from beginning to end. In the very small concern, with only one or two office employees, there is little or no opportunity for division of duties and responsibilities. Consequently, internal control tends to be weak, if not completely absent, unless the owner/manager recognizes its importance and participates in key activities.
true
The quantity of audit evidence needed is affected both by the risk of misstatement (the higher the assessed risk, the more audit evidence is likely required) and also by the quality of the audit evidence (the higher the quality, the less may be required).
true
The results of the tests of controls are used to determine the nature, timing and extent of substantive procedures
true
The term transaction cycle refers to the policies and the sequence of procedures for processing a particular type of transaction.
true
The traditional method of describing internal control is to fill in a standardized internal control questionnaire. Many public accounting firms have developed their own questionnaires for this purpose. The questionnaire usually contains a separate section for each major transaction cycle, enabling the work of completing the questionnaire to be divided conveniently among several audit staff members.
true
The working papers also should demonstrate that the accounting records agree or reconcile to the financial statements being audited.
true
Tolerable misstatement is a monetary amount set by the auditors for a particular test to obtain an appropriate level of assurance from all the tests that the account is not materially misstated. Whereas the auditor may establish a level of performance materiality for an account (e.g., accounts receivable), the same or different tolerable misstatement levels may be established for each audit test performed for that account.
true
Transaction-level controls may be broken into two categories: general control activities that apply to all or multiple types of transactions and application controls that apply to the processing of a single type of transaction. To illustrate, controls that restrict access to technology to only authorized users provide general control over technology, helping to ensure the reliability of all types of transactions. Controls over the authorization and processing of payroll transactions are application controls that only affect the reliability of payroll transactions.
true
What do the auditors do if they obtain evidence of fraud? They should evaluate the implications for the audit and communicate their suspicions to an appropriate level of management, at least one level above the level involved. If the fraud involves senior management or material misstatement of the financial statements, the matter should be reported to the audit committee of the board of directors. In very serious situations, the auditors may decide to withdraw from the engagement.
true
When auditors assess risks at the relevant assertion level, they consider both the design of the control and its implementation. When the design itself is deficient, the issue of whether the control has been implemented loses importance because it is unlikely that the control will be effective. Ordinarily, the auditors will then consider whether the situation results in a risk of material misstatement and the need for substantive procedures to determine whether such a material misstatement exists.
true
When the auditors have obtained a sufficient understanding of the client, they establish an overall audit strategy that considers those characteristics of the audit that determine its scope, such as industry reporting requirements, client locations, and the basis of reporting followed by the client. Issues such as timing of the audit, deadlines for reporting, and key dates that information will be received from management will be determined. Also, the auditors will make preliminary judgments on areas of high risk of material misstatement, material locations, and accounts; determine the expected approach to considering internal control; and consider recent significant client and industry factors.
true
When the client has been audited in prior years, the auditors may have obtained evidence about the operating effectiveness of controls from tests performed in those audits. If the auditors plan to use this evidence, they should obtain evidence about whether changes in specific controls have occurred subsequent to the prior year's audit. If there have been changes, the new controls should be tested in the current audit to provide a basis for reducing control risk. However, if the auditors determine that the controls have not changed, they may rely on evidence of operating effectiveness obtained from prior years' audits. But to what extent may they rely upon them? Both AICPA and International Auditing Standards require that tests of control be performed at least every third audit. PCAOB standards do not allow testing controls every third audit—PCAOB standards provide that annually some evidence regarding operating effectiveness should be obtained when controls are relied upon.
true
When used for risk assessment purposes, analytical procedures assist the auditors in planning the nature, timing, and extent of audit procedures that will be used for the specific accounts. The approach used is one of obtaining an understanding of the client's business and transactions and identifying areas that may represent higher risks. The auditors will then plan a more thorough investigation of these potential problem areas. Auditors perform analytical procedures as a part of the risk assessment process for every audit
true
When using the audit approach of reviewing management's process, the auditors consider whether the assumptions used by management are reasonable, whether the valuation model seems appropriate, and whether management has used all relevant information that is reasonably available. The second approach, which involves developing the auditors' own estimate, offers the advantage of allowing the auditors to compare that estimate with the estimate developed by management. Often auditors will use a combination of these two approaches and also may decide to employ the assistance of a valuation specialist. The third audit approach involves the use of information obtained subsequent to year-end to help evaluate the reasonableness of management's estimate.
true
While obtaining an understanding of the other internal control components (the control environment, risk assessment, the accounting information system, and monitoring), auditors generally obtain some knowledge about the client's control activities.
true
While there are many different types of control activities performed in an organization, the following types are generally relevant to an audit of the organization's financial statements: performance reviews, transaction control activities, physical controls, and segregation of duties.
true
With respect to the auditors' consideration of fraud, the requirements are similar in that auditors should document (1) the discussion among engagement team personnel about fraud risks; (2) the procedures performed to identify fraud risks; (3) the fraud risks identified and the response to those risks; (4) any other conditions that caused the Page auditors to perform additional fraud-related procedures; and (5) the nature of any communications made to management, the audit committee, or others about fraud
true
an important aspect of transaction processing controls is the proper authorization of all types of transactions. Authorization of transactions may be either general or specific.
true
analytical procedures are performed during all phases of the audit
true
analytical procedures should be used near the end of the audit, to assist the auditor in forming an overall conclusion on financial statements and in assessing the adequacy of the evidence that has been collected and the validity of the conclusions reached. At this stage, analytical procedures generally include reviewing the financial statements and notes and recomputing ratios (if necessary) to identify any unusual or unexpected balances or relationships that have not been previously identified and explained
true
management may be viewed as implicitly or explicitly making assertions regarding the propriety of the information.
true
you have to increase substantive procedures when test of controls are not what you think they were
true
Types of Service Auditor Reports
two types
Attributes of 1, plus assurance on the operating effectiveness of controls
type 2
Example of this threat is when a CPA is coerced by the client or senior management of the CPA firm to accept the client's position on an accounting, auditing, or regulatory matter.
undue infleunce