Audit Exam
Differentiate risk response at the financial statement level with risk response at the assertion level.
Risk response at the financial statement level is affected by (1) the auditor's understanding of the entity's control environment and (2) the assessed risk of material misstatement due to fraud. Design audit procedures that address the risks of material misstatement for each relevant assertion of each significant account, balance, or disclosure.
Perform Audit Data Analytics
Do either the Substantive Test or Risk Assessment Procedures.
If there is a completeness problem with cash receipts, are accounts receivable overstated or understated? Explain.
If they are not recorded properly it would be understated
Explain several important initial procedures in the revenue process. Why should these be performed prior to other substantive procedures?
"Initial procedures"- what you do first that prepares the data/info make sence and agree with statements. Check the accuracy and basic info.
Why is an auditor interested in PPE that is not currently being used or could become idle in the near future
-the astute auditor will look for indications of additions or retirements not listed on the schedules that relate to the completeness and existence assertions, and to evidence regarding the general condition of other plant assets, and whether they are currently being used, that relates to the valuation and allocation assertion. It can be used to allocate expenses that should not be.
What are analytical procedures? Describe how they can be used as substantive procedures in an audit.
Analytical procedures: evaluations of financial information through analysis of plausible relationships among both financial and nonfinancial data; analytical procedures also encompass such investigation, as is necessary, of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount When conducting a substantive analytical procedure, auditors develop an expectation, or estimate, using data in the client's records or data from reliable outside sources, and then compare the expectation with the client's recorded amount. If there is a difference, auditors determine if it is significant and if further audit procedures need to be performed. Depending on the risk factors for a particular assertion, auditors may determine that substantive analytical procedures can be used as follows: • As the only substantive test for a class of transactions or account balance. • In combination with tests of details
How can an auditor use results from procedures performed during the control risk assessment phase to affect the nature of substantive testing when testing cash balances?
Ask the obvious info examples: are other people able to access the account. Check for segregation of duties. Decide to test controls or not. Less work if not and depend on analytics, and complete substantive testing(detail testing) if no controls look at everything. It depends on the degree.
Explain the audit procedures used to test the adequacy of the allowance for doubtful accounts.
Auditing the allowance for doubtful accounts may be a good place to use ADA to evaluate the adequacy of the allowance for doubtful accounts. The allowance for uncollectible accounts is an accounting estimate made by management that involves both objective and subjective considerations. In essence, it is a prospective estimate of receivables that will not be collected in the future. The auditor's responsibility is to judge the reasonableness of the allowance and the related provision for uncollectible accounts expense. From the aging data, information about collectibility, and analysis of the client's prior experience with uncollectible accounts, the auditor can assess the reasonableness of management's method used to determine an appropriate allowance.
Explain why completeness is a more critical assertion for long-term debt than for cash, inventory, or PPE. What procedures are primarily designed to address the completeness assertion for long-term debt?
Because the long term debt is a liability, and Cash, Inventory, or PPE is assets. Liabilities are worried about understatement, assets worried about overstatement. Confirmation with the creditor, examination of loan documents, minutes of the corp meetings, all these is designed to show they left out debt. Unlikely to occur. Test Cut-off, and look for large deposits and see if they are in the right time periods.
Describe three key issues to consider when planning ADA.
Cleaning the data, accuracy, complete data
Report internal control weaknesses to those charged with governance
Disclose the information that was found to the related party.
Evaluate the results and conclude whether the purpose and specific objections of performance the ADA have been achieved
Dissect the information
Understand entity-level controls
Entity-level controls involve all five components of internal controls: the client's control environment, risk assessment process, control activities, information and communication system, and monitoring of controls. Strong entity-level controls make it more likely that transaction-level controls will operate effectively. Strong entity-level controls are a necessary element of a strong system of internal control. Even if entity-level controls are strong, the auditor must still identify key controls at the transaction level. However, if entity-level controls are weak, and if the tone at the top is poor, it is unlikely that the auditor will find effective internal controls at the transaction level.
Explain how an auditor will usually test interest expense when auditing notes payable.
Evidence of interest expense and accrued interest payable is easily obtained by the auditor as part of a bank or loan confirmation. If interest expense is not confirmed, and internal controls are strong, the auditor may perform analytical procedures to estimate interest expense using the average loan balance outstanding times the interest rate. If internal controls are weak, the auditor may reperform the client's interest calculations and trace interest payments to supporting vouchers, canceled checks, and confirmation responses. Accrued interest, in turn, is verified by identifying the last interest payment date and recalculating the amount booked by the client.
Explain the difference between the audit of the processes impacting cash and the substantive testing of the cash balance. How is audit testing for each affected by the outcome of controls testing?
I am auditing cash receipts and cash payment focused on a single number of the year-end balance Try to use a control approach, and then test them. The Substantive testing of the year of the end with direct confirmation from the bank or the bank statement from the client. Audit the details using substantive tests.
Explain the three types of ITGCs. Why are they "general" controls? Explain why they are important controls
IT General Controls (ITGCs),IT Application Controls, IT-Dependent Manual Controls
IT Application Controls
IT application controls are the fully automated controls that apply to the processing of individual transactions. They are the controls that are driven by the particular software application being used for different business processes, hence the name "application" controls. They include controls such as edit checks, validations, calculations, and authorizations. Application controls may also be important in enforcing the segregation of incompatible duties, particularly in large organizations.
Determine preliminary audit strategy
If the auditor identifies internal control strengths relative to an assertion, the auditor will consider the efficiency of testing the controls, and possibly following a reliance on controls strategy. If the audit firm is performing an integrated audit for a public company, there is an expectation that the auditor will test controls in order to support an opinion on ICFR. If the audit firm is auditing a private company, a not-for-profit organization, or a government, the auditor will decide whether audit efficiencies are obtained by testing internal controls that appear to be strong.
IT-Dependent Manual Controls
In many situations, the auditor identifies a preventive or detective control that has both manual and automated aspects to it. These are referred to as IT-dependent manual controls. For these controls, consideration is given to both the manual and the automated aspects. For example, management reviews a monthly variance report and follows up on significant variances. Because management relies on the IT-generated report to identify the variances, the auditor also needs to check that there are controls in place to ensure that the variance report is complete and accurate
What are the five procedures used for tests of controls? Explain them and comment on the reliability of the evidence obtained from each.
Inquiry, Observation, Inspection of Physical Evidence, Reperformance, Software-Based Audit Techniques
Why is it important to consider the quality of the data used in analytical procedures? How important to this question are client controls over financial data?
It will affect the efficiency and effectiveness of the data.
What information is obtained by sending a bank confirmation? Explain the importance of a bank confirmation to the audit of cash balances, including the assertions that are addressed by obtaining a bank confirmation.
Just getting the information supports the Existence and Completion of the audit evidence. This is also concrete evidence to use for assessing misstatements or fraud.
What considerations apply in determining the appropriate level of detection risk for stockholders' equity?
No matter what we are auditing detective risk is related to control. Stockholders equity is going to be misstated depends on a tactic. Due to the lack of volume, you will have a likely low risk.
Does an auditor have to test every control? Explain your answer.
No, You test the Key controls. The Key controls depend on what areas have a higher risk of fraud or misstatement. The key control is the one that if it fails, most certainly the other controls failed.
Are the quality of internal controls relevant when evaluating the reliability of data to be used in ADA? Explain why or why not, and provide an example:
No, since the internal controls will have been evaluated during the planning period. The nature of the data will be investigated and be shown. Yes, of course, they are relevant. I do not know how accurate this data is and the strength of the controls Varys when you test controls
Perform tests of controls
Once the auditor has decided to follow a reliance on controls strategy for an assertion and identified the key controls to test, the auditor performs tests of controls. The auditor will design different tests for automated controls versus manual controls.
Access and prepare data for Audit Data Analytics
Once you get the data and have an idea of what you are doing, ask yourself is the data complete and does it need to be cleaned.
Explain an effective substantive test related to the cutoff of sales at year-end.
Perform Cutoff Tests for Sales and Sales Returns: The sales cutoff test is designed to obtain reasonable assurance that (1) sales and accounts receivable are recorded in the accounting period in which the transactions occurred and (2) the corresponding entries for inventories and cost of goods sold are made in the same period. The sales cutoff test is made as of the balance sheet date.
Identify and briefly describe the five steps of performing ADA and place them in the proper order:
Plan the Audit Data Analytics, Access and prepare data for Audit Data Analytics, Consider the relevance and reliability of data used, Perform Audit Data Analytics,and Evaluate the results and conclude whether the purpose and specific objections of performance the ADA have been achieved
Explain two common inherent risks in the revenue process and explain how each risk is likely to affect the financial statements (e.g., identify the accounts that are likely to be overstated or understated and explain why).
Pressures to overstate revenues to achieve revenue or profitability targets that were not achieved in reality owing to such factors as global, national, or regional economic conditions; the impact of technological developments on the entity's competitiveness; or poor management. Pressures to overstate cash and gross receivables or understate the allowance for doubtful accounts in order to report a higher level of working capital in order to meet debt covenants
Explain the purpose of (a) preventive controls and (b) detective controls. Why would it be important for an entity to have both types of controls?
Preventive controls are those applied to each transaction during normal processing that is intended to stop fraud or errors from occurring. Preventing errors during processing is an important objective of every accounting system Detective controls applied after transactions have been processed to identify whether fraud or errors have occurred, and to rectify the fraud or errors on a timely basis. It is important that detective controls: 1. Completely and accurately capture all relevant data. 2. Identify all potentially significant misstatements (e.g., address all relevant assertions). 3. Are performed on a consistent and regular basis. 4. Include follow-up and correction on a timely basis for any misstatements or issues detected. The reason that you need both is that the preventive controls try to keep fraud out while detective controls record the information to be audited to see if fraud occurred.
Explain the difference between automated and manual controls.
Purely manual controls are those that do not rely on the client's IT environment for their operation, but some do have part of IT is provided by a third party Automated controls generally rely on the client's IT applications (or software) in some way.
List three common revenue recognition problems. Illustrate each with an example.
Recording revenue premature, recording revenue in wrong amount or account, Strict would be GAAP
Explain the importance of obtaining confirmations regarding notes payable.
So that the information that you are given is truthful Because of the confirmation assertion, you need to get confirmation that the debt is there or not.
Plan the Audit Data Analytics
Start with brainstorming over the client and customize your findings in the Audit Data Analytics. Questions you should be asking are: What financial statements items, accounts, or disclosures are being audited?; What is the overall purpose of Audit Data Analytics application and how will it contribute to the balance of the audit? Example Substantive or Risk Assessment procedure; What is the audit population being analyzed or tested by Audit Data Analytics? Consider the Relevance of the data to the audit assertions being tested and the availability and reliability of the data.
Explain how the nature of a substantive test could affect the decisions about when and how much substantive testing is performed. How do these decisions relate to the overall risk assessment for the item being tested?
Substantive procedures: audit procedures designed to detect material misstatements at the assertion level and to gather evidence to support management assertions To vouch or trace a supporting data, confirmation of data. Thin in terms of a pacific example.Each type varies from case to case, read over this in the book.
IT General Controls (ITGCs)
TGCs support the ongoing functioning of the automated (programmed) aspects of preventive and detective controls and also provide the auditor with a basis for relying on electronic audit evidence. ITGCs are important because they impact the effectiveness both of IT application controls and IT-dependent manual controls, as well as potentially affect the reliability of electronic audit evidence the auditor may wish to rely upon during the audit.
Explain the relationship between the results of tests of controls and substantive testing.
Testing controls either affirms or contrasts the substantive testing. If the controls are not working correctly, you will have to readjust your substantive testing.
In the context of auditing inventory, explain why an audit team cannot use the same combination of audit procedures for every audit.
The auditor needs to be attuned to changes in an audit client and tailor the audit to the circumstances that the auditor finds. You would audit a jeweler differently than a grocery store.
Evaluate the evidence, assess control risk, and reevaluate audit strategy (if necessary)
The auditor should test these compensating controls to determine if they are operating effectively to mitigate the internal control weakness. If tests of controls indicate that a key control is not functioning as designed, and if other compensating controls do not exist, the auditor should: • Increase the assessed level of control risk. • Decrease the level of calculated detection risk. • Make appropriate changes to the nature, timing, and extent of substantive tests related to the assertion. The auditor must also carefully document the evidence obtained when performing tests of controls and the conclusions reached based on that evidence.
Explain the relationship between the repairs and maintenance expense account and the PPE asset account. Why is the auditor interested in examining debits to both accounts when auditing PPE? Explain your answer with reference to the assertions at risk.
The purpose of the auditor's test of repair and maintenance expense is to determine the propriety and consistency of these charges. They correlate changes in the PPE asset and can be used to detect inflation of assets.
What factors do auditors consider when deciding how much control testing to do?
The tolerable deviation rate is the maximum rate of deviation from a prescribed control that an auditor is willing to accept and still use the planned control risk. The smaller the rate of deviation from the prescribed control procedure that the auditor can tolerate, the larger the sample size. The larger the rate of deviation from the prescribed control procedure that the auditor can tolerate, the smaller the sample size. Rates are Low: 2%-7%, Moderate 6%-12%, and High 11%-20%. The Desired level of assurance: the confidence that the evidence obtained is representative of the underlying population from which the sample was taken. Higher levels of assurance dictate a larger sample size. Lower levels of assurance dictate a smaller sample size. The expected rate of deviation in the population: the rate at which the auditor expects controls not to function as planned. The closer the tolerable deviation rate and expected deviation rate are to each other, the larger the sample size. The greater the amount of difference between the tolerable deviation rate and expected deviation rate, the smaller the sample size. The number of sampling units in the population if less than 5,000: if it below that amount you are restricted in the number of sampling.
Explain why reconciliations, such as bank reconciliations, are classified as detective controls
They are completed on a timely basis and are recorded after the information has been sent. Example Billy Bob puts some false sales in, yet there is no revenue going to the bank.
Observation
This procedure involves the auditor observing the actual control being performed. This gives a hand on view, but employees will most likely perform better. This is used to see the segregation of duties.
Reperformance
This procedure involves the auditor reperforming the control to test its effectiveness. This is a sturdy form of evidence, as long as the controls are working a timely basis.
Inquiry
This procedure involves the auditor using questioning skills to determine how the control is completed and whether it appears to have been carried out properly and on a timely basis. This helps the auditor to know the processes(correct or wrong) and gather evidence so they can begin the audit process.
Inspection of Physical Evidence
This procedure relies on the auditor testing the physical evidence to verify that a control has been performed properly. This is the physical receipts and bank slips of the transaction and can be used as evidence for or against the audit.
Steps to perform in assessing control risk
Understand entity-level controls, Understand the flow of transactions, Identify what can go wrong (WCGW) for financial statement assertions, Identify relevant controls to test, Determine preliminary audit strategy, Perform tests of controls, Evaluate the evidence, assess control risk, and reevaluate audit strategy (if necessary), Report internal control weaknesses to those charged with governance.
Develop an example of the type of substantive test an auditor might use to investigate notable items when ADA is performed as a risk assessment procedure.
What is a substantive test, notable item (an outlier that needs to be investigated), what would have to lead me to do that in the first place? Need a type of substantive test.
What are substantive procedures designed to obtain evidence about? What are the main types of substantive procedures?
When analytical procedures are used to obtain audit evidence during the risk response phase, they are referred to as substantive analytical procedures. Auditing standards provide guidance regarding the performance of substantive procedures. AU-C 330 and AS 2301 state that auditors are required to perform substantive procedures for all relevant assertions that have been identified during the risk assessment phase. Relevant assertions: assertions that have a reasonable possibility of containing a material misstatement that would cause the financial statements to be materially misstated and, therefore, have a meaningful impact on whether the account is fairly stated Dual-purpose test: a substantive test of a transaction and a test of control relevant to that transaction that is performed concurrently.
Software-Based Audit Techniques
When the auditor uses test data to test an IT application control, the auditor needs the following package of evidence to gain assurance that the control functions properly throughout the period: 1. Test data shows that the program properly identifies exceptions. 2. Evidence that IT general controls are strong, to conclude that the program has not been subject to unauthorized changes. 3. Evidence that manual follow-up procedures are effective and correct items flagged by the IT application control on a timely basis. As long as the evidence is true, it should be a strong control to find outliers and other possible issues.
Explain the difference between year-end counting of inventory and cycle counts. What conditions should exist at a client that conducts cycle counts and uses the perpetual inventory to value inventory at quarter-end?
Year-End Counting of Inventory: is required whenever inventories are material to a company's financial statements. In performing this auditing procedure, the client has responsibility for the counting of inventory. AU-C 501 Audit Evidence—Specific Considerations for Selected Items states that, from testing the accuracy of the client's inventory count, the auditor obtains direct knowledge of the effectiveness of the client's inventory count and gains a measure of reliance that may be placed on management's assertions as to the quantities and physical condition of the inventories. Cycle counts: the client will frequently identify a small portion of items in the perpetual inventory, count actual inventory, and investigate discrepancies; the client will usually vouch for items in the perpetual records to the actual inventory on hand (testing existence), and also count inventory on hand for other items and then trace results to the perpetual records (testing completeness) When evaluating internal controls, auditors are particularly alert to the frequency and quality of cycle counts and the number of discrepancies that result in corrections to the perpetual inventory. Auditors are also alert to the controls over the valuation of inventory. It is particularly important for auditors to use their knowledge of the entity and its business environment when evaluating customer demand for inventory, the amount of inventory on hand, and the potential need to adjust inventory for lower-of-cost-or NRV issues
Understand the flow of transactions
You need to find the stream from Authorization, Executing the transaction, Recording the transaction, and Consideration.
Consider the relevance and reliability of data used:
You needed to critically think about the data, and see its relevance and issues. Consider that a given set of procedures may provide audit evidence that is relevant to certain assertions but not to others and Designing substantive procedures including identifying conditions relevant to the purpose of the test that constitutes a misstatement in the relevant assertions. Make sure the data is relevant to the control being tested
Identify what can go wrong (WCGW) for financial statement assertions
describes where material misstatements due to error or fraud could occur in a flow of transactions or source and preparation of information that affects a relevant financial statement assertion
Identify relevant controls to test
the auditor will look for relevant internal controls that will either prevent misstatements from happening or detect and correct misstatements on a timely basis.
