module 3
Al Greensburg is auditing the cash account for XYZ Enterprises. Al is determining his sample size. Which characteristic of audit evidence is Al concerned with?
sufficiency
lead schedule
summarizes the detail included in a specific account on the financial statement
Control attitude
the attitudes, awareness, and actions of management and those charged with governance concerning the entity's internal control and its importance in the entity
Explain the three objectives of internal control.
-Operations objectives. This objective pertains to the effectiveness and efficiency of the entity's operations, including operational and financial performance goals and safeguarding assets against loss. -Reporting objectives. This objective pertains to internal and external financial and non-financial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, recognized standard setters, or the entity's policies. -Compliance objectives. This objective pertains to adherence of laws and regulations to which the entity is subject
documenting internal controls
-Questionnaires -Written Narratives -Flowcharts
ranking of who is who based on experience
10 + years- partner 6-10 years- manager 3-5 years- senior/ in charge 0-3 years- staff/ associates
Completeness (10) Accuracy, valuation and allocation Assets, liabilities, and equity interests have been included in the financial statements at appropriate amounts, and any resulting valuation or allocation adjustments have been appropriately recorded, and related disclosures have been appropriately measured and described. (11) Classification Assets, liabilities, and equity interests have been recorded in the proper accounts. (12) Presentation Assets, liabilities, and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework.
All assets, liabilities, and equity interests that should have been recorded have been recorded, and all related disclosures that should have been included in the financial statements have been included.
Group audit
An audit of group financial statements.
Component auditor
An auditor that performs work on the financial information of a component that will be used as audit evidence for the group audit. A component auditor may be part of the group engagement partner's firm, a network firm of the group engagement partner's firm, or another firm.
Component
An entity or business activity that is required by the applicable financial reporting framework to prepare financial information that will be included in group financial statements.
Presentation
Assets, liabilities, and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework.
Existence
Assets, liabilities, and equity interests exist.
Accuracy, valuation and allocation (11) Classification Assets, liabilities, and equity interests have been recorded in the proper accounts. (12) Presentation Assets, liabilities, and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework.
Assets, liabilities, and equity interests have been included in the financial statements at appropriate amounts, and any resulting valuation or allocation adjustments have been appropriately recorded, and related disclosures have been appropriately measured and described.
Classification Presentation Assets, liabilities, and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework.
Assets, liabilities, and equity interests have been recorded in the proper accounts.
Which of the following is true of the relationship between external auditors and internal auditors?
Audit evidence obtained from the internal auditors is included in the external auditors' documentation as evidence of work completed.
Brianwood Co. outsourced its payroll processes to Axis Co. Which of the following statement shows Brianwood Co. has significant controls over the completeness and accuracy of transactions processed by Axis Co.?
Brianwood recomputes a sample of the payroll to make sure it's free from clerical errors.
service auditor
CPA firm that reports on controls at an outside service organization
The auditor is preparing documentation of internal control of his client. The page is divided into two sections with the process flow on the left-hand side and a description of each step in the flow on the right-hand side. Which form of documentation is most likely the auditor is using?
Combination of narratives and flowcharts.
Group financial statements
Financial statements that include the financial information of more than one entity, or component, such as consolidated financial statements prepared by a parent company.
Which of the following is NOT a reason why audit documentation will vary from client to client?
Fiscal year-end date
controls that involve manual review of the completeness and accuracy of computer-generated information
IT-dependent manual controls
What is the difference between the assertions of PCAOB standards compared with ASB standards?
The ASB standard has 2 categories of assertions while the PCAOB just lists 5 assertions.
substantive procedures
Methods designed to detect material misstatements at the assertion level. Two categories of substantive procedures are tests of details (of account balances, transactions, and disclosures) and substantive analytical procedures.
test of controls
Methods used to determine the operating effectiveness of the client's controls in preventing, or detecting and correcting, material misstatements at the assertion level.
Risk assessment procedures
Methods used to gain an understanding of a client and its industry for the purpose of identifying risk of material misstatement.
The local bank branch manager approves withdrawal of funds, from a valued client a close friend, despite the check deposit for the funds has not yet cleared. What inherent limitation is exemplified here?
Overriding or disabling a control within a software program.
Group engagement team
Partners and staff who establish the overall group audit strategy, communicate with component auditors, perform work on the consolidation process, and evaluate audit evidence to form an opinion on the group financial statements.
A payroll employee of a café finds that a vendor may have inadvertently been billed twice. As per invoice 1343, the vendor was billed $1,315.67 for supplies, and as per invoice 1344, an additional $1,315.67 for different supplies. This exemplifies which of the following IT application controls?
Processing control, sequence test
Which of the following is an example of a common inherent limitation in internal control?
The company CEO and COO conspire to hide unauthorized expenses from the CFO.
Rights and obligations (9) Completeness All assets, liabilities, and equity interests that should have been recorded have been recorded, and all related disclosures that should have been included in the financial statements have been included. (10) Accuracy, valuation and allocation Assets, liabilities, and equity interests have been included in the financial statements at appropriate amounts, and any resulting valuation or allocation adjustments have been appropriately recorded, and related disclosures have been appropriately measured and described. (11) Classification Assets, liabilities, and equity interests have been recorded in the proper accounts. (12) Presentation Assets, liabilities, and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework.
The entity holds or controls the rights to assets, and liabilities are the obligations of the entity.
Group engagement partner
The partner who is responsible for the group audit engagement and its performance, and for the auditor's report on the group financial statements that is issued on behalf of the firm.
what is in the permanent file?
The permanent file contains client information that is relevant for more than one audit. The information in this file is checked and updated at the start of each annual audit. -client contact and personal info -board of directors info -details of key accounting policies an internal control -copies of longterm contracts/agreements - reports sent to client in previous years
Describe the relationship between the risk of material misstatement and sufficient appropriate audit evidence.
The risk of material misstatement affects the quantity and quality of evidence gathered by an auditor during risk response.
working paper
Working papers consist of two main files. Auditors document each stage of the audit and the procedures completed. Determining what and how much to document is based on professional judgment.
Which of the following statements is correct regarding the information generally included on a working paper?
Working papers should be initialed to identify the preparer of the working paper together with the date the working paper was prepared along with the reviewer and the date the working paper was reviewed.
deficiency in internal control (control deficiency)
a deficiency in the design or operations of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis
material weakness
a deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected, on a timely basis
significant deficiency
a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance
audit program
a listing of details of the audit procedures to be used when testing controls, conducting detailed substantive audit procedures, and completing the audit
external confirmation
a procedure in which the auditor corresponds directly with a third party, either in paper or electronic form, and the third party responds directly to the auditor on the matter(s) included in the confirmation
monitoring
a process that assesses the quality of internal control performance over time; it involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions
Stuart Smally is a member of the Toyco audit team. Stuart has 4 years of experience and performs detail testing. Stuart is most likely
a senior associate
automation bias
a tendency to favor output generated from automated systems, even when human reasoning or contradictory information raises questions about whether such output is reliable or fit for purpose
tracing
a type of inspection in which auditors select source documents and work forward to follow the transaction through to recording in the journal and ledger; tracing provides evidence for the completeness assertion
vouching
a type of inspection in which auditors select transactions from a journal or ledger and work backward to examine the underlying source documents; vouching provides evidence for the occurrence or existence assertion
Data center and network operations controls
address the segregation of duties within the IT department and between IT and user departments. A critical component is segregating access to programs from access to data files. Weakness in these controls usually affects all IT applications.
As per the COSO Framework, one of the compliance objectives of internal control pertains to
adherence to laws and regulations
relevant assertion
an assertion that has a reasonable possibility of containing a material misstatement or misstatements that would cause the financial statements to be materially misstated and, therefore, has a meaningful bearing on whether the account is fairly stated
inquiry
an evidence-gathering procedure that involves asking questions to gain an understanding of various matters throughout the audit
inspection
an evidence-gathering procedure that involves examining documents and physical assets
observation
an evidence-gathering procedure that involves watching a process or procedure being carried out by client personnel or another party
positive confirmation
correspondence sent directly by an auditor to a third party, who is asked to respond to the auditor on the matter(s) included in the letter in all circumstances (that is, whether they agree or disagree with the information included in the auditor's letter)
negative confirmation
correspondence sent directly by an auditor to a third party, who is asked to respond to the auditor on the matter(s) included in the letter only if the party disagrees with the information provide
access controls
are designed to prevent unauthorized use of IT equipment, data files, and software programs. The specific controls include a combination of physical, software (password and authentication controls), and procedural safeguards. Quality access controls are particularly important to controlling cybersecurity risks. Application system acquisition, development, and maintenance controls focus on controlling specific software applications, such as a sales or inventory application. The controls focus on the acquisition of new application software, controlling changes to that software, and ensuring that the software is maintained without unauthorized changes.
Which is the information used by the auditor as the support for the auditor's opinion?
audit evidence
While auditing an Oil & Gas Manufacturing client, Morales Auditing firm required a petroleum engineer to help them obtain sufficient information for inventory estimates. The petroleum engineer is considered a/an
auditors specialists
5 common control activities
authorization controls, performance reviews, information-processing controls, physical controls, and segregation of duties.
information and communication system
captures information need to conduct, manage and control the entity's operations, and it provides timely information to management and employees so that they can carry out their responsibilities.
The limitations of internal controls are often mitigated by other controls, often referred to as ________ controls.
compensating
current file
contains client information that is relevant for the duration of one audit
A company institutes a rule that when a division cannot account for more than 5 percent of its budget, the division's accountant is to be placed on unpaid leave until an internal audit can be completed. This policy illustrates which component of internal control?
control activity
Which of the following exists when the design or operations of a control does not allow management or employees, in their normal duties, to prevent or detect and correct misstatements on a timely basis?
control deficiency
5 components of internal control
control environment, risk assessment, control activities, information and communication, and monitoring activities
processing controls
control totals, before and after report, sequence test
transaction-level controls
controls designed to prevent, or detect and correct, misstatements in transactions and related account balances Gaining an understanding of entity-level controls helps in:
IT application controls
controls designed to provide reasonable assurance that the recording, processing, and reporting of data by IT are properly performed for specific applications
IT general controls
controls of program development, program changes, computer operations, and access to programs and data; these entity-level controls are designed to provide reasonable assurance that individual software applications operate consistently and effectively
entity-level controls
controls that exist at the organizational level
bank confirmation
correspondence sent directly by the auditors to their client's bank requesting information such as cash held in the bank and details of any loans with the bank and interest rates charged
receivable confirmation
correspondence sent directly by the auditors to their client's customers requesting information about amounts owed to the client by the customer
All of the following are common inherent limitations in internal control, EXCEPT overriding or disabling of controls. human error that results in a breakdown in internal control. costs of internal controls. collusion by two or more individuals.
costs of internal controls
Systems Organization and Controls (SOC) 1 report
designed to help service organizations that provide services to other entities to build trust and confidence in the services performed, and controls related to the services, through a report by an independent CPA (the service auditor)
Program change controls
designed to provide assurance that changes to software applications are introduced in a controlled and coordinated manner. Unauthorized changes create a significant risk that software applications will not function consistently over time. Programs should be changed with forethought, and changes should be tested and reviewed by users before they are approved for use with live data.
persuasive
evidence that is both sufficient and appropriate for the auditor to draw reasonable conclusions
Type 2 report
expresses an opinion on the fairness of the presentation of management's description of the service organization's system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period
Type 1 report
expresses an opinion on the fairness of the presentation of management's description of the service organization's system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date
Which of the following are reasons why audit documentation will vary from client to client?
extent of exceptions noted
Which of the following would most likely be included in the permanent file of the Adrian Plastics Manufacturing audit?
flow charts of internal controls
Application system acquisition, development, and maintenance controls
focus on controlling specific software applications, such as a sales or inventory application. The controls focus on the acquisition of new application software, controlling changes to that software, and ensuring that the software is maintained without unauthorized changes.
walk through
following a transaction from the time it is initiated until the time it is recorded in the financial records
what can go wrong (WCGO)
identifies where material misstatement due to error or fraud could occur in preparing information that affects relevant financial statement assertions
audit evidence
information used by the auditor in arriving at the conclusions on which the auditor's opinion is based; it is information to which audit procedures have been applied and consists of information that corroborates or contradicts management assertions
employees of the client who perform assurance and consulting activities designed to evaluate and improve the effectiveness of the entity's governance, risk management, and internal control processes
internal auditors
auditors specialists
is an individual or an organization with expertise in a field other than accounting or auditing whose work in that field is used by the auditors to assist in obtaining sufficient appropriate audit evidence.
A new auditor prepared accounts receivable confirmation request to be sent to the customer. He mentioned in the letter to only reply if the information presented is not the same as your records. Is this a preferred type of confirmation to send?
no, because there is the risk he did not receive the confirmation
During the audit of Angelina's Dolls, the auditors found out that the inventory sitting in Angelina's warehouse is on consignment. Do they meet the rights and obligation assertion and why?
no, because they do not own them
service organization
organization or segment of an organization that provide services to user entities that are relevant to the user entities' internal control over financial reporting
control activities
policies and procedures that help ensure that management directives are carried out
During the audit of Shu Inc., Jeffrey Dobby has assessed the risk of material misstatement for accounts receivable as low. He has gathered sufficient appropriate audit evidence that internal controls are effective. The population of accounts receivable consists of a small number of large account balances. Jeffrey expects a low exception rate and is not aware of any circumstances that would cause the recipients to disregard the information? Which type of confirmation should Jeffrey use?
positive
output controls
reconciliation of totals, comparison to source docs, visual scanning, run to run totals
A company records that a customer paid its account in full on November 20th, but in fact it was a different customer in a different city that paid its account in full on this date. This exemplifies a risk for which transaction?
recording sales
relevance
refers to the logical connection with the assertion being tested
reliability
refers to the nature and source of the audit evidence and how it was obtained
appropriate
refers to the quality of audit evidence gathered
sufficient
refers to the quantity of audit evidence gathered
System software acquisition, change, and maintenance controls
relate to software programs that are designed to operate and control the hardware and to provide a platform for running application software. The controls focus on both acquiring new operating systems and ensuring the integrity of operating systems over time. If system software is subject to unauthorized changes or poor maintenance, there is an increased risk that IT application controls will not function as designed.
Which of the following provides evidence for the completeness assertion?
tracing
Which of the following steps in assessing control risk pertains to transaction level controls?
understand the flow of transactions
input controls
verification controls, missing data control, valid character check, limit check, valid code check