Auditing Exam #2
Provide an example of (1) a factual misstatement and (2) a judgmental misstatement that could affect the balance of property, plant, and equipment.
(1) The amount that the property, plant, and equipment was purchased for (2) The useful life of the property, plant, and equipment was not properly estimated, so the rate of depreciation was also not being expensed properly.
Explain the purpose of (a) preventive controls and (b) detective controls. Why would it be important for an entity to have both types of controls?
(a)Preventive controls are those applied to each transaction during normal processing that are intended to stop fraud or errors from occurring. Preventing errors during processing is an important objective of every accounting system. (b)Detective controls are those applied after transactions have been processed to identify whether fraud or errors have occurred, and to rectify the fraud or errors on a timely basis. Companies put detective controls in place to assist management in ensuring WCGWs do not occur in financial reporting and that the business is functioning as planned through the design and implementation of its business processes.
List three common revenue recognition problems. Illustrate each with an example.
1. Premature revenue recognition 2. Discounts given for early payment are not recognized 3. Adjustment to sales returns and allowance
What information is obtained by sending a bank confirmation? Explain the importance of a bank confirmation to the audit of cash balances, including the assertions that are addressed by obtaining a bank confirmation.
1. The client's permission for the bank to respond to the auditor. 2. Requests for all bank balances including details of any accounts closed during the year. 3. Requests of details of interest charges. 4. Requests for details of any loans or lending facilities or bank overdrafts, together with the limits and, if applicable, dates of repayments and any collateral pledged as security for the loan. 5. Requests for details of any assets held by the bank on the customer's behalf. 6. Requests for details of any contingent liability of which the bank may be aware.
Identify the eight steps performed in assessing control risk and place them in the proper order
1. Understand entity-level controls 2. Understand the flow of transactions 3. Identify what can go wrong (WCGW) for financial statement assertions 4. Identify relevant controls to test 5. Determine preliminary audit strategy 6. Perform tests of controls 7. Evaluate the evidence, assess control risk, and reevaluate audit strategy (if necessary) 8. Report internal control weaknesses to those charged with governance
What is confirmation bias? How can auditors minimize it?
Confirmation bias is the tendency to seek or interpret evidence in ways that support pre-existing beliefs or expectations. Auditors need to exercise professional skepticism and consider all information, whether it supports or contradicts the original explanation provided by management.
Explain two common inherent risks in the revenue process and explain how each risk is likely to affect the financial statements (e.g., identify the accounts that are likely to be overstated or understated and explain why).
Consignment sales. Sale arrangements that have the characteristics of a consignment sale include giving the buyer a lengthy right of return, having substantial payment made upon the resale of the product, requiring sellers to repurchase inventory at a specified price, or allowing the buyer not to assume risks of ownership due to future pricing concessions. (Accounts Receivable/Sales Returns and Allowance/Sales/Cash) Refund rights. When rights of return exist or are likely to be accepted, a reasonable estimate of refunds should be made when revenue is recognized.(Accounts Receivable/Sales Returns and Allowance/Sales/Cash)
Explain the difference between year-end counting of inventory and cycle counts. What conditions should exist at a client that conducts cycle counts and uses the perpetual inventory to value inventory at quarter-end?
Cycle counting involves counting a small amount of inventory each day, with the intent of cycling through the entire inventory on an ongoing basis. Year-end counting does a count of the entire inventory.
Explain the audit procedures used to test the adequacy of the allowance for doubtful accounts.
• Using generalized audit software to foot and crossfoot the aged trial balance of accounts receivable and agreeing the total to the general ledger balance. • Test the accuracy of the client's aging by vouching to underlying sales invoices and shipping documents. • Considering evidence concerning the collectibility of past-due amounts by, for example, inspecting correspondence from customers. • Identifying customers with past-due balances and calculate credit histories for customers with past-due balances. • Evaluate prior estimates of uncollectible accounts with subsequent experience and the benefit of hindsight. • Use the evidence obtained above to assess the reasonableness of the percentages used to compute the allowance component required for each aging category and the adequacy of the overall allowance.
Describe three key issues to consider when planning ADA.
• What financial statement items, accounts, or disclosures and related assertions are being audited? • What is the overall purpose of the ADA application and how will it contribute to the balance of the audit? For example, is ADA being used as a risk assessment procedure or as a substantive test? • What is the audit population being analyzed or tested using ADA? The auditor should also consider the relevance of the data to the audit assertion(s) being tested, and the availability and reliability of the data. • What ADA tool is best suited for the audit purpose? Here the auditor selects the techniques, tools, graphics, tables or other analytical techniques to be used.
What factors do auditors consider when deciding how much control testing to do?
-The competence (and integrity) of the person who performs the control. -The quality of the control environment, such as the potential for management to override the control or for the control to be bypassed. -Changes in the accounting system that may have occurred. -Unexplained changes in related account balances. -The auditor's prior-period experiences with the engagement.
Explain the three types of ITGCs. Why are they "general" controls? Explain why they are important controls.
1. Data center and network operations controls. 2. System software acquisition, change, and maintenance controls. 3. Program change controls. 4. Access controls. 5. Application system acquisition, development, and maintenance controls.
What are the five procedures used for tests of controls? Explain them and comment on the reliability of the evidence obtained from each.
1. Inquiry - This procedure involves the auditor using questioning skills to determine how the control is completed and whether it appears to have been carried out properly and on a timely basis. Important information obtained through inquiry should be corroborated with other evidence. 2. Observation -This procedure involves the auditor observing the actual control being performed. The limitation with this technique is that employees often perform procedures more diligently when they know they are being observed. 3. Inspection of Physical Evidence - This procedure relies on the auditor testing the physical evidence to verify that a control has been performed properly. ITGCs often result in documented evidence of authorization of program changes or testing, and other reports of system access that provide important evidence associated with these controls. 4. Reperformance - This procedure involves the auditor reperforming the control to test its effectiveness. If the auditor wants to test this control, the auditor must find evidence that the control was performed on a timely basis and then reperform the control to make sure it was performed correctly. 5. Software Based Audit Techniques - A common technique involves submitting test data to the client's software application while the application is under the auditor's control.
What considerations apply in determining the appropriate level of detection risk for stockholders' equity?
1. Obtain an understanding of the business and industry and determine: a. The significance of various sources of financing (debt and equity) to the entity. b. Key economic drivers that influence the entity's need for financing and its ability to obtain equity capital and pay dividends. c. Industry standards for the extent to which the industry uses equity financing. 2. Perform initial procedures on stockholders' equity balances and records that will be subject to further testing. a. Trace beginning balance for stockholders' equity accounts to prior year's working papers. b. Review activity in stockholders' equity accounts and investigate entries that appear unusual in amount or source. c. Obtain client-prepared schedules of changes in stockholders' equity balances and determine that they accurately represent the underlying accounting records by: i. Footing and cross-footing the schedules and reconciling the totals with increases or decreases in related subsidiary and general ledger balances. ii. Testing agreement of items on schedules with entries in related subsidiary and general ledger accounts.
Explain an effective substantive test related to the cutoff of sales at year-end
6. Perform cutoff test for sales and sales returns. a. Select a sample of recorded sales transactions from several days before and after year-end and examine supporting sales invoices and shipping documents to determine sales were recorded in the proper period. b. Select a sample of credit memos issued after year-end, examine supporting documentation such as dated receiving reports, and determine that returns were recorded in the proper period. Also consider whether volume of sales returns after year-end suggest possibility of unauthorized shipments before year-end. 7. Perform cash receipts cutoff test. a. Observe that all cash received through the close of business on the last day of the fiscal year is included in cash on hand or deposits in transit and that no receipts of the subsequent period are included, or b. Scan documentation such as daily cash summaries, duplicate deposit slips, and bank statements covering several days before and after year-end for proper cutoff.
Explain the relationship between the repairs and maintenance expense account and the PPE asset account. Why is the auditor interested in examining debits to both accounts when auditing PPE? Explain your answer with reference to the assertions at risk.
A maintenance expense should not be capitalized to a PPE account. If it is then the value of the PPE would be misstated.
If there is a completeness problem with cash receipts, are accounts receivable overstated or understated? Explain.
Accounts receivable would be overstated because if cash is received for an account receivable but the account is not reduced, accounts receivable would be overstated.
Explain how the nature of a substantive test could affect the decisions about when and how much substantive testing is performed. How do these decisions relate to the overall risk assessment for the item being tested?
After auditors have completed testing controls and drawn a conclusion about control risk, they make decisions about the nature, timing, and extent of substantive testing. There is a relationship between the risk of material misstatement (RMM) and decisions about the nature, timing, and extent of substantive procedures. There is an inverse relationship between low RMM and a high detection risk, substantive testing would less effective.
Explain the advantages of statistical sampling over nonstatistical sampling.
An advantage of statistical sampling is that it allows an auditor to measure sampling risk. Using statistical sampling also involves some modest cost and time to set up, select, and evaluate the sample. However, this is often relatively easy to do with generalized audit software if the client's data is in electronic form.
Explain several important initial procedures in the revenue process. Why should these be performed prior to other substantive procedures?
An important initial procedure for verifying accounts receivable and the related allowance account is tracing the current period's beginning balances to the ending audited balances in the prior year's working papers (when applicable).
Explain why completeness is a more critical assertion for long-term debt than for cash, inventory, or PPE. What procedures are primarily designed to address the completeness assertion for long term debt?
An important part of auditing long-term debt is determining that the financial information subjected to audit is consistent with the auditor's expectations. The earlier discussions regarding knowledge of the entity and its environment and analytical procedures addressed procedures the auditor might perform to assess the reasonableness of financial statement information regarding long-term debt and interest expense (Illustration 13.17). As part of the auditor's responsibilities with respect to evaluating whether an entity is a going concern (discussed further in Chapter 14), the auditor will evaluate the entity's ability to generate sufficient cash flow to meet commitments regarding interest expenses, debt maturities, and debt covenants. When performing substantive analytical procedures, the auditor should maintain an appropriate level of professional skepticism and investigate abnormal results
What are analytical procedures? Describe how they can be used as substantive procedures in an audit.
Analytical procedures are evaluations of financial information through analysis of plausible relationships among financial and nonfinancial data. Analytical procedures can be used as a substantive procedure for gathering evidence. When conducting a substantive analytical procedure, auditors develop an expectation, or estimate, using data in the client's records or data from reliable outside sources, and then compare the expectation with the client's recorded amount. Factors that impact the effectiveness and efficiency of using a substantive analytical procedure to respond to risk include (1) the nature of the assertion, (2) the plausibility and predictability of the relationship, (3) the availability and reliability of the data used to develop the expectation, and (4) the precision of the expectation.
In the context of auditing inventory, explain why an audit team cannot use the same combination of audit procedures for every audit.
Because industries evolve and some inventory may become obsolete. Controls may have loosened creating a greater risk for asset misappropriation.
Assume an auditor finds total errors of $25,300 in a sample of sales invoices. Why is it not appropriate to conclude that sales are misstated by $25,300?
Because just based on the sampling the account is misstated for $25,300 but it might not represent the all of the misstatements in that account. For that reason the auditor cannot conclude that the misstatement is only for that amount.
Why is it important to consider the quality of the data used in analytical procedures? How important to this question are client controls over financial data?
Before auditors can use substantive analytical procedures, they must consider the availability and reliability of data to be used to develop their expectation. Data may not be readily available to develop expectations for some assertions. If the data are internally generated, are there adequate internal controls over the data? The auditors should test the effectiveness of the controls over the data to determine that the underlying data are complete and accurate. If controls over the data are effective, the data are considered more reliable.
Why is an auditor interested in PPE that is not currently being used or could become idle in the near future?
Examine impairment of property, plant, and equipment. Events may occur between acquiring and retiring an asset that affect the valuation and allocation assertion and require immediate write-down of the asset, as addressed in ASC 360. An impairment exists when the cost of a plant asset, or group of assets, exceeds its fair value and is not recoverable.
Explain how an auditor will usually test interest expense when auditing notes payable
For notes payable, the auditor will normally vouch transactions to the cash receipts or cash disbursements journal. Payments on principal of long-term debt can be verified by an examination of vouchers and canceled checks. Payments in full can be validated by an inspection of the canceled notes. When installment payments are involved, their propriety can be traced to repayment schedules and supporting documentation from banks. For bonds, the auditor should confirm transactions and the ending balance with the bond trustee. When bond interest is paid by an independent agent, the auditor should examine the agent's reports on payments. Issuances of debt instruments should be traced to the cash receipts journal. Bonds may also be converted into stock. Evidence of such transactions is available from the bond trustee or the transfer agent
How would an auditor test the existence of inventory on hand in a public warehouse?
If inventories are in the hands of public warehouses or other outside custodians, the auditor ordinarily would obtain direct confirmation in writing from the custodian. Or 1. Test the owner's procedures for investigating the warehouseman and evaluating the warehouseman's performance. 2. Obtain an independent accountant's report on the warehouseman's control procedures relevant to custody of goods and, if applicable, pledging of receipts, or apply alternative procedures at the warehouse to gain reasonable assurance that information received from the warehouseman is reliable. 3. Observe physical counts of the goods, if practicable and reasonable. 4. If warehouse receipts have been pledged as collateral, confirm with lenders pertinent details of the pledged receipts (on a test basis, if appropriate).
Explain the relationship between the results of tests of controls and substantive testing.
If the compensating control proves effective, the evidence now supports the auditor's preliminary evaluation of controls, and control risk and planned substantive audit procedures need no modification. If another (compensating) control is not available to be substituted for the control being tested, or it is not considered efficient to continue testing controls, the auditor should modify (and potentially increase) the nature, timing, and extent of the planned substantive procedures. That is, the audit strategy is altered, and detection risk is reduced.
Are the quality of internal controls relevant when evaluating the reliability of data to be used in ADA? Explain why or why not, and provide an example.
It is particularly important for the auditor to understand internal controls over the data set. If internal controls are weak, the data set may contain misstatements and inaccuracies, or the data may be incomplete. The auditor may need to consider whether the data set should be subjected to audit procedures to verify the data before using it to draw an audit conclusion. On the other hand, the auditor is likely to feel more comfortable using data that comes from a strong system of internal controls, and the controls provide some validation of the reliability of the data set
Does using audit data analytics remove the need to test the client's internal controls?
No because some of the data used to perform the audit data analytics may have been produced from the client. Understanding and testing the internal controls will give the auditor insight on how data could be recorded incorrectly.
Why does nonsampling risk exist for all types of tests in all audits? Explain.
Nonsampling risk is the risk that an auditor arrives at an inappropriate conclusion for a reason unrelated to sampling issues. One nonsampling risk is the risk that an auditor relies too heavily on less persuasive or unreliable evidence. Another nonsampling risk is when an auditor spends most of his or her time testing assertions where the risk of material misstatement is modest, and ignores or spends insufficient time testing assertions most at risk of material misstatement. A third nonsampling risk occurs when the auditor uses an inappropriate audit procedure or performs the procedure incorrectly.
What are the advantages of nonstatistical sampling over statistical sampling?
Nonstatistical sampling involves any sample selection and evaluation method for which the auditor does not use a formal statistical technique to select the sample or to evaluate the sample results. In nonstatistical sampling, the auditor determines sample size and selection methods and evaluates the sample results entirely on the basis of professional judgment and the auditor's own experience. Nonstatistical sampling is considered easier to use than statistical sampling, requires less staff training, and allows an auditor to select a sample he or she believes is appropriate.
Explain the difference between automated and manual controls.
Purely manual controls are those that do not rely on the client's IT environment for their operation. An example is a locked inventory cage for high dollar-value items to which only a few authorized staff have a key to access. In most situations, purely manual controls are preventive controls. Automated controls generally rely on the client's IT applications (or software) in some way. It is important to identify the extent of reliance a control places on IT to determine the effect of IT on the evaluation of controls.The key consideration for relying on automated aspects of controls is to determine whether or not the client has effective ITGCs. IT General Controls (ITGCs) ITGCs support the ongoing functioning of the automated (programmed) aspects of preventive and detective controls and also provide the auditor with a basis for relying on electronic audit evidence.
Explain why reconciliations, such as bank reconciliations, are classified as detective controls.
Reconciliations are prepared, unusual items are then investigated, and issues are resolved or corrections made, if necessary. The performance of reconciliations without following up on reconciling or unusual items is not a control. The control is the follow-up. Bank reconciliation reconciles the bank statement to the cash account recorded in the general ledger, and accounting personnel make adjustments for transactions identified in the bank statement that have not been recorded
Differentiate risk response at the financial statement level with risk response at the assertion level.
Risk response at the financial statement level is affected by (1) the auditor's understanding of the entity's control environment and (2) the assessed risk of material misstatement due to fraud. Auditors must plan to respond to risk at the assertion level for accounts, classes of transactions, and disclosures. This involves designing and implementing the nature, timing, and extent of specific audit procedures to be performed at the assertion level.
When to use Audit Sampling vs ADA
Situations When the Auditor Is Likely to Use Audit Sampling: • Evidence to support the audit test is not available in electronic form (e.g., observing the existence of inventory) • The audit population is small and can efficiently be tested using traditional audit procedures. • Relevant data is not reliable and internal controls over the reliability of data are weak. • Relevant data may be in different formats and is not easy to use. Situations When the Auditor Is Likely to Use ADA: • Evidence to support the audit test is available in electronic form. • The audit population is large, and the auditor's tests are supported by reliable and relevant data in electronic form, making ADA efficient. • Relevant data is reliable and internal controls over the reliability of data are strong. •Relevant data is clean or can be cleaned up easily
Identify and briefly describe the five steps of performing ADA and place them in the proper order.
Step 1: Plan the ADA Step 2: Access and prepare the data for the ADA Step 3: Consider the relevance and reliability of data used Step 4: Perform the ADA Step 5: Evaluate the results and conclude whether the purpose and specific objectives of performing the ADA have been achieved
What are substantive procedures designed to obtain evidence about? What are the main types of substantive procedures?
Substantive analytical procedures obtain audit evidence during the risk response phase. Auditors are required to perform substantive procedures for all relevant assertions that have been identified during the risk assessment phase. Further substantive testing for all other assertions will be based on the auditor's overall assessment of risk. 1.Testing classes of transactions, account balances, and disclosures 2.Agreeing the financial statements and accompanying notes to the underlying accounting records 3.Examining material journal entries and other adjustments made during the preparation of the financial statements
Explain the risk associated with using systematic sample selection.
Systematic selection involves the selection of a sample for testing by dividing the number of items in a population by the sample size, resulting in the sampling interval (n). The risk in using systematic selection is that items will be listed in such a way that by selecting every nth item, the auditor is selecting items that are somehow related. For example, assume a company pays 100 employees each week, and you select payroll for testing from the entire year with a sampling interval of 50. If employees are ordered by employee number, it is possible that the auditor will select the same two employees every time. This risk can be reduced by reviewing the items in a population for any systematic bias before selecting a sample.
How can an auditor use results from procedures performed during the control risk assessment phase to affect the nature of substantive testing when testing cash balances?
Tests of cash balances focus on the account balance assertions of existence, completeness, right and obligations, and valuation and allocation. If control risk is high or maximum (as it should be when segregation of duties is inadequate and there are no compensating controls), the auditor should assume that fraud risk is high and design appropriate substantive tests, particularly substantive tests of transactions. In some cases, particularly businesses with significant cash sales, it may be very difficult to determine if cash is being skimmed before being recorded and deposited. To detect this, audit procedures might focus on average size of cash sales and lower gross margins compared to prior periods or industry statistics to determine if unrecorded cash is a problem. If the company appears to be receiving more cash than the underlying business supports, and gross margins are unusually high, it may be evidence of money laundering. With respect to cash disbursements, it may be easier for auditors to focus on payments to fictitious vendors as there is often a lack of evidence related to receiving goods.
Explain the difference between the audit of the processes impacting cash and the substantive testing of the cash balance. How is audit testing for each affected by the outcome of controls testing?
The audit of the processes impacting cash involve the controls involved concerning the receipt of cash. The substantive testing of the cash balance verifies the end result of the process. Both are impacted by internal controls and the environment.
Does an auditor have to test every control? Explain your answer
The auditor begins by understanding the entity and the business, and determines the risk of material fraud or error at the financial statement level. The auditor then focuses on entity-level controls (the control environment, the strength of risk assessment and monitoring controls, and ITGCs). Auditors do not need to test each and every client control. Rather, auditors identify key controls that might be relevant to financial statement assertions and WCGW.
Explain the difference between the two types of sampling risk for substantive tests: the risk of incorrect acceptance and the risk of incorrect rejection. What are the errors' different implications for the audit? Which is the more serious risk? Explain.
The risk of incorrect acceptance represents a situation where the auditor has conducted substantive procedures on a sample and concluded that there is no material misstatement, when in fact there is a material misstatement. The risk of incorrect rejection represents a situation where the auditor has conducted substantive procedures on a sample and concluded that there is a material misstatement in an assertion, when in fact there is no material misstatement. Once again, the more significant risk for the auditor is the risk of incorrect acceptance, as this risk results in an ineffective audit.
When is it appropriate to use roll-forward procedures?
When substantive procedures are performed during an interim period, auditors perform roll-forward procedures to update their audit findings from the time of the interim procedures through to year-end. The nature and extent of these roll-forward procedures are matters of judgment and are responsive to the risk assessment. When the entity's control environment has been assessed as effective, controls have been tested, and no significant changes in the control environment and controls have occurred, limited roll-forward procedures, such as substantive analytical procedures or limited tests of details of transactions occurring between the interim period and year-end, may be all that are necessary