Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
77 Cards in this Set
- Front
- Back
business processes
|
revenue
purchasing HR management inventory management financing/investing processes. |
|
assertion categories
|
assertions about classes of transactions and events for the period under audit
assertions about account balances at the period end assertions about presentation and disclosure |
|
assertions about classes of transactions and events for the period under audit
|
occurrence
completeness authorization accuracy cutoff classification |
|
assertions about account balances at the period end
|
existence
rights and obligations completeness valuation and allocation |
|
assertions about presentation and disclosure
|
occurrence and rights and obligations
completeness classification and understandability accuracy and valuation |
|
audit procedures are performed to conduct
|
risk assessment procedures - obtain understanding
tests of controls - evaluate operating effectiveness substantive procedures - detect material misstatement |
|
concepts of audit evidence
|
nature of audit evidence
sufficiency and appropriateness of audit evidence evaluation of audit evidence |
|
reliability of evidence depends on
|
knowledgeable independent source of evidence
effectiveness of internal control auditor's direct personal knowledge documentary evidence original documents |
|
audit procedures for obtaining audit evidence
|
footing, crossfooting recalculation
inquiry vouching examination/inspection confirmation analytical procedures reperformance reconciliation observation tracing scanning |
|
reliability of evidence obtained through confirms is directly affected by the following factors:
|
the form of the confirmation
prior experience with the entity the nature of the information being confirmed the intended respondent |
|
examples of recalculation
|
footing
crossfooting reconciling subsidiary ledgers to account balances testing postings from journals to ledgers |
|
reliability of analytical procedures is a function of
|
(1) the availability and reliability of the data used in calculations
(2) the plausibility and predictability of the relationship being tested (3) the precision of the expectation and the rigor of the investigation |
|
two functions of working papers
|
1. Provide principal support for the representation in the auditor’s report that the audit was conducted in accordance with GAAS
2. To aid in the planning, performance, and supervision of the audit |
|
types of audit documentation
|
audit plan and programs
working trial balance account analysis and listings audit memoranda adjusting and reclassification entries |
|
phases of an audit that relate to audit planning
|
client acceptance and continuance
establish an understanding with the client preliminary engagement activities plan the audit |
|
questions to predecessor auditor
|
Integrity of mgt
Disagreements with mgt over accounting and auditing issues Communications with audit committee regarding fraud, illegal acts, and IC weaknesses Predecessor’s understanding of reason for change in auditors AFTER acceptance, not required Permission to review working papers specific inquiries |
|
procedures for evaluating a prospective client
|
o Obtain and review available financial information
o Inquire of third parties concerning integrity of mgt o Communicate with predecessor auditor o Consider whether client has circumstances requiring special attention or that may represent unusual business or audit risks, such as litigation or going-concern. o Determine if firm is independent of the client o Determine if the firm has necessary skills and knowledge of industry o Determine if acceptance would violate any applicable regulatory requirements or CPC. |
|
management responsibilities
|
prepare FS
attest to internal control abide by laws availability of accounting records to auditors making adjustments based on suggestions provide mgt rep letter |
|
terms of engagement (engagement letter) should include
|
Objectives of the engagement
management’s responsibilities auditor’s responsibilities limitations of the engagement Arrangements involving use of specialists or internal auditors Any limitation of the liability of auditor or client Additional services |
|
3 topics discussed in establishing understanding with client
|
o Engagement letter
o Internal auditors o Audit committee |
|
auditor responsibilities
|
conduct audit in accordance with GAAS/PCAOB AS
limitations: reasonable assurance discuss fees charged discuss timing |
|
requirements of the audit committee
|
be a member of BOD and shall be independent.
directly responsible for appointment, compensation, and oversight of the work of registered public accounting firm employed by company. pre-approve all audit and non-audit services provided by its auditor must have on-going communications with the auditors must establish procedures for complaints received by company regarding accounting, internal control, and auditing. must have authority to engage independent counsel or other advisors, as it determines necessary to carry out its duties. |
|
2 preliminary engagement activities
|
1. determining audit engagement team requirements
2. Ensuring that the audit team and audit firm are in compliance with ethical requirements, including independence |
|
factors to consider in staffing the audit team
|
enagement size and complexity
level of risk any special expertise personnel availability and competence timing of work to be performed |
|
in determining the audit strategy, auditor should:
|
o Determine scope of engagement
o Ascertain the reporting objectives to plan timing of audit o Consider factors that will determine the focus of audit team’s efforts |
|
develop the audit plan
|
Assess business risk and establish materiality
Assess need for specialists Assess possibility of illegal acts ID related parties Conduct preliminary analytical procedures Consider additional value-added services Document audit strategy and plan and prepare audit programs |
|
audit procedures to ID transactions with related parties
|
review:
list from management filings with SEC BOD minutes conflict-of-interest statements extent and nature of business transacted with major customers, suppliers, borrowers, and lenders for indications of previously undisclosed relationships accounting records for large, unusual, or nonrecurring transactions confirmations of loans receivable and payable for indications of guarantees |
|
types of audit tests
|
risk assessment procedures
tests of controls substantive procedures |
|
risk assessment procedures
|
Inquiries of management
analytical procedures observation and inspection |
|
tests of controls
|
o Inquiries
o Inspection o Observation o Walkthroughs o Reperformance |
|
2 categories of substantive procedures
|
1. Tests of details of classes of transactions, account balances, and disclosures
2. Substantive analytical procedures |
|
3 phases of analytical procedures
|
o 1. Preliminary analytical procedures – used to assist auditor to better understand business and to plan NET of procedures
o 2. Substantive analytical procedures – used to obtain evidential matter about assertions related to account balances or classes of transactions o 3. Final analytical procedures - used as an overall review of the financial information in final review stage of the audit |
|
3 types of analytical procedures
|
trend analysis
ratio analysis reasonable analysis |
|
trend analysis
|
compare CY to PY
compare budget to actual compare CY to industry averages |
|
steps in substantive analytical procedures
|
1. develop an expectation
2. define tolerable difference 3. compare expectation to recorded amount 4. investigate differences greater than tolerable differences 5. documentation requirements |
|
information to use in developing an expectation
|
Financial and operating data
Budgets and forecasts Industry publications Competitor information Management’ analyses Analyst’s reports |
|
4 factors that affect precision of expectation
|
disaggregation
plausibility and predictability of relationship being studied data reliability type of analytical procedure used to form expectation |
|
SAS 109
|
understanding the entity and its environment and assessing the risks of material misstatement
|
|
SAS 110
|
performing audit procedures in response to assessed risks and evaluating the audit evidence obtained
|
|
SAS 112
|
communication of internal control related matters IDd in an audit
|
|
COSO
|
established a common definition of IC that addressed all interested users
addressed IC's for 3 main areas: o Reliability of financial reporting o Effectiveness and efficiency of operations o Compliance with applicable laws and regulations Provided framework against which companies could assess their IC |
|
Potential Benefits to an Entity’s Internal Control from IT
|
o Consistent application of business rules and performance of complex calculations in processing large volumes of transactions or data
o Better timeliness, availability, and accuracy of information o Facilitation of additional analysis of information o Better monitoring of the performance of the entity’s activities and its policies and procedures o Reduction in the risk that controls will be circumvented o Better segregation of duties through security controls |
|
Potential Risks to an Entity’s Internal Control from IT
|
o Reliance on systems or programs that inaccurately process data, process inaccurate data, or both
o Unauthorized access to data that may result in destruction of data or improper changes to data o Unauthorized changes to data in master files o Unauthorized changes to systems or programs o Failure to make necessary changes to systems or programs o Inappropriate manual intervention o Loss of data |
|
internal controls as defined by COSO consists of 5 components
|
1. the control environment
2. the entity's risk assessment process 3. the information system and communication 4. control activities 5. monitoring of controls |
|
factors that affect the control environment
|
communication and enforcement of integrity and ethical values
commitment to competence participation of those charged with governance management's philosophy and operating style organizational structure assignment of authority and responsibility HR policies and practices |
|
management's philosophy and operating style
|
o Approach to taking and monitoring business risks
o Attitudes and actions toward financial reporting o Attitudes toward information processing and accounting functions and personnel |
|
client business risks can arise or change due to the following circumstances:
|
• Changes in the operating environment
• New personnel • New or revamped information systems • Rapid growth • New technology • New business models, products, or activities • Corporate restructurings • Expanded international operations • New accounting pronouncements |
|
for the information system, establish methods and records that will
|
• Identify and record all valid transactions
• Describe on a timely basis the transaction in sufficient detail to permit proper classification of transactions for financial reporting • Measure the value of transactions in a manner that permits recording their proper monetary value in the FS • Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period • Properly present the transactions and related disclosures in the FS |
|
control activities
|
prenumbering of documents
authorization of transactions independent checks to maintain asset accountability documentation timely and appropriate performance reviews information processing controls physical controls for safeguarding assets segregation of duties |
|
limitations of internal controls
|
collusion of employees
management override human errors/laziness not modifying IC as needed |
|
effective monitoring involves
|
• Establishing a baseline for control effectiveness
• Designing controls based on the significance of business risks relative to the entity’s objectives • Assessing and reporting results, including following up on corrective actions |
|
May follow substantive strategy for some or all assertions because of the following factors:
|
The implemented controls do not pertain to the assertion the auditor is considering
The implemented controls ineffective Testing the operating effectiveness of the controls would be inefficient. |
|
Auditor uses knowledge about the 5 components of internal control to
|
o Identify the types of potential misstatement
o Pinpoint the factors that affect the RMM o Design tests of controls and substantive procedures |
|
In determining whether an IT specialist is needed, consider the following factors
|
o The complexity and usage of the entity’s IT control systems
o The significance of changes made to existing systems, or the implementation of new systems. o The extent to which data are shared among systems. o The extent of the entity’s participation in electronic commerce. o The entity’s use of emerging technologies. o The significance of audit evidence that is available only in electronic form. |
|
Auditor should obtain sufficient knowledge of the IS to understand the following:
|
o The classes of transactions in the entity’s operations that are significant to the FS
o The procedures by which transactions are initiated, authorized, recorded, processed and reported o The related accounting records supporting information and specific accounts in the FS that are involved in recording transactions o How the IS captures other events and conditions that are significant to the FS o The FS reporting process used to prepare the entity’s FS |
|
Services must be considered as part of entity’s IS if they affect any of the following:
|
How the client’s transactions are initiated
The accounting records, supporting information, and specific accounts in the FS involved in the processing and reporting of the client’s transactions The accounting processing involved from the initation of the transctions in their inclusion the FS The financial reporting process used to prepare the client’s financial statements, including significant accounting estimates and disclosures |
|
Management must comply with the following requirements in order for its registered public accounting firm (external auditor) to complete an audit of ICFR
|
o Accept responsibility for the effectiveness of the entity’s ICFR
o Evaluate the effectiveness of the entity’s ICFR using suitable control criteria o Support the evaluation with sufficient evidence, including documentation o Present a written assessment regarding the effectiveness of the entity’s ICFR as of the end of the entity’s most recent fiscal year. |
|
ICFR includes policies and procedures that
|
o Pertain to the maintenance of records that reflect the transactions and disposition of assets of the company.
o Provide reasonable assurance that preparation of FS is in accordance with GAAP o Receipts and expenditures of the company are being made only in accordance with authorization of management. o Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition that could have a material effect on the FS. |
|
3 steps of management's assessment process of ICFR
|
o Identify financial reporting risks and related controls
o Evaluate evidence about the operating effectiveness of ICFR o Consider which locations to include in the evaluation |
|
Examples of entity level controls
|
o Controls within the control environment
o Controls over management override o The entity’s risk assessment process o Centralized processing and controls, including shared service environments o Controls to monitor results of operations o Controls to monitor other controls, including activities of the internal audit function, the audit committee, and self-assessment programs o Controls over period-end FR process o Policies that address significant business control and risk management practices |
|
Steps in the ICFR audit
|
1. plan the audit of ICFR
2. ID controls to test using top-down risk based approach 3. Test the design and operating effectiveness of selected controls 4. Evaluate identified control deficiencies 5. form an opinion on the effectiveness of ICFR |
|
consider following activities in planning audit of ICFR
|
• Role of risk assessment and risk of fraud
• Scaling the audit • Using the work of others • Materiality |
|
the following controls might address risk of fraud and management override:
|
• Controls over significant, unusual transactions, particularly those that result in late or unusual journal entries
• Controls over journal entries and adjustments made in the period-end FR process • Controls over related-party transactions • Controls related to significant management estimates |
|
two categories of entity level controls require evaluation:
|
1. control environment
2. period end financial reporting process |
|
assess the following in the control environment
|
Management’s philosophy and operating style promote effective ICFR
Sound integrity and ethical values, particularly of top management, are developed and understood The BOD or audit committee understands and exercise oversight responsibility over FR and IC |
|
period end financial reporting process
|
o Include procedures used to enter transaction totals in the ledger
o Select and apply accounting policies o Initiate, authorize, record, and process period-end journal entries in the ledger o Record recurring and non recurring adjustments to the FS o Prepare annual and quarterly FS and related disclosures o Even though these controls operate after the “as of” year-end reporting date, they are used to support the auditor’s “as of” date opinion |
|
To ID significant accounts and disclosures and their relevant assertions, the auditor uses the following risk factors:
|
• Size and composition of the account
• Susceptibility to misstatement due to errors or fraud • Volume of activity, complexity and homogeneity of the individual transactions processed through the account or reflected in the disclosure • Nature of the account or disclosure • Accounting and reporting complexities associated with the account or disclosure • Exposure to losses in the account • Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure • Existence of related-party transactions in the account • Changes from the prior period in account or disclosure characteristics In order to understand the likely sources of potential misstatements, the auditor |
|
In order to understand the likely sources of potential misstatements, the auditor needs to do the following:
|
• Understand the flow of transactions related to the relevant assertions, including how these transactions are initiated, authorized, processed, and recorded
• ID the points within the entity’s processes at which a misstatement, including a misstatement due to fraud, could arise that would be material • ID the controls that mgt has implemented to address potential misstatements • ID the controls that mgt has implemented over the prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could result in a material misstatement of the FS. |
|
Factors that may affect the risk associated with a control in the current year include:
|
• The NET of procedures performed in previous audits
• The results of the previous year’s testing of the control • Whether there have been changes in the control or process since the previous audit |
|
Risk factors that affect whether there is a reasonable possibility that a control deficiency will result in a material misstatement
|
• Nature of FS accounts, disclosures, and assertions involved
• Susceptibility of the related asset or liability to loss or fraud • Subjectivity, complexity, or extent of judgment required to determine the amount involved • Interaction or relationship of the control with other controls, including whether they are independent or redundant • Interaction of the deficiencies • Possible future consequences of the deficiency |
|
indicators of material weakness
|
• ID of fraud, whether or not material, committed by senior management
• Restatement of previously issued FS to reflect correction of MM • ID by auditor of MM of FS in current period in circumstances that indicate that the misstatement would not have been detected by ICFR • Ineffective oversight of company’s external FR and ICFR by audit committee |
|
Written representations made by management to auditor
|
• Mgt is responsible for establishing and maintaining effective ICFR
• Mgt has performed an evaluation and made an assessment of the effectiveness of the company’s ICFR • Mgt did not rely on work performed by auditor in forming assessment of ICFR • Mgt’s conclusion about effectiveness of ICFR is based on control criteria as of specified date • Mgt has disclosed to auditor all deficiencies in ICFR and which ones are significant • Descriptions of any fraud that involves senior mgt or other significant employees • Control deficiencies ID’d during previous engagements have been resolved • Descriptions of changes in ICFR |
|
control deficiency
|
design or operation of a control does not allow mgt or employees to prevent or detect misstatements on a timely basis
|
|
material weakness
|
a deficiency in ICFR such that there is a reasonable possibility that a material misstatement of the FS will not be prevented or detected on a timely basis
|
|
design deficiency
|
control necessary to meet relevant control objective is missing or an existing control is not properly designed so that even if the control operates as designed the control objective would not be met.
|
|
operating deficiency
|
properly designed control does not operate as designed or when a person performing the control does not possess the authority or qualifications to perform the control effectively.
|
|
significant deficiency
|
deficiency that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.
|