Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
73 Cards in this Set
- Front
- Back
Sampling Risk
|
The risk that the sample is not representative and that the auditor's conclusion will be different from the conclusion had the auditor examined 100% of the population
|
|
Sampling Methods Acceptable under GAAS
|
1. Statistical sampling
2. Non-statistical sampling - evaluated judgmentally |
|
Areas where professional judgment is exercised:
|
1. Define population and sampling unit
2. Select appropriate sampling method 3. Evaluate appropriateness of evidence 4. Evaluate the nature of deviations/errors 5. Consider sampling risk 6. Evaluate results obtained from sample and project those to the population |
|
4 Audit Sampling Rules
|
1. Population can be described by a normal or bell shaped curve
2. Samples have to be unrestricted and randomly selected 3. If sample is large enough and randomly selected, sample will have same statistical characteristics as population 4. Standard deviation is a measure of variability (uncertainty) |
|
Sampling Risks in Substantive Testing (Variable Testing)
|
1. Risk of incorrect acceptance (beta risk) - condlude the account balance is not MM when in fact it is MM
2. Risk of incorrect rejection (alpha risk) - conclude the account balance is MM when it is not MM |
|
Sampling Risks in Tests of Controls (Attribute)
|
1. Risk of assessing control risk too low - beta risk - risk of over-reliance
2. Risk of assessing control risk too high - alpha risk (falsely identify a problem when none exists) |
|
Sampling Risk - Efficiency
|
- Lost with alpha risk
- The auditor does more work than necessary |
|
Sampling Risk - Effectiveness
|
- Lost with beta risk
|
|
Attribute Sampling
|
Test of Controls
- Testing for specific characteristics, often yes-no questions - Used to estimate the rate of occurrence of a specific characteristic - Used to determine the NET of substantive testing |
|
Non-Sampling Risk
|
- Audit risk not due to sampling
- Cannot be measured - Can reduce to a low level through adequate planning and supervision and quality control of all firm practices 1. Using wrong audit procedures 2. Improperly evaluating evidence/results |
|
Attribute Sampling - Steps for testing of controls
|
1. Definte the objective of the test
2. Define the population 3. Define the sampling unit 4. Define the attributes of interest (deviations are situations where the control was not properly applied such as missing credit approval) 5. Determine the sampling size (beta risk, tolerable deviation rate, expected deviation rate) 6. Select the sample 7. Evaluate the sample results 8. Form conclusions about the IC tested 9. Document the sampling procedures |
|
Relationship of beta risk, tolerable deviation rate, and expected deviation rate to Sample Size
|
Beta risk (risk of assessing control risk too low) - inverse relationship to sample size
Tolerable Deviation Rate - maximum amount of error willing to accept without changing control risk assessment or planned reliance on IC - inverse relationship Expected deviation rate - best estimate of rate of deviation from control procedure - direct relationship |
|
Techniques for Selecting a Sample
|
1. Random selection - ok
2. Systematic selection (every nth item) if you get a random start 3. Block sampling - not acceptable |
|
Upper Deviation Rate
|
Sample deviation rate + Allowance for sampling risk
|
|
Discovery Sampling
|
Special type of attribute sampling appropriate when the auditor believes the population deviation rate is 0 or near 0, used for detecting fraud (critical items)
|
|
Stop or Go Sampling
|
Designed to avoid oversampling for attributes by allowing the auditor to stop an audit test before completing all steps - used when few errors are expected in the population
|
|
Variable Sampling ("estimation sampling")
|
- Sampling in substantive tests
- Used to estimate $ value of a population |
|
Tolerable Deviation/Misstatement
|
Misstatement - variable
Deviation - attribute |
|
Stratification
|
- Separate items into relative homogeneous groups and treat as separate populations
- Commonly used when population has highly variable amounts - Reduces sample size |
|
Variable Sampling Plans
|
1. Mean-Per-Unit Estimation: Uses audited average value x # in population to get Point Estimate, Uses standard error of mean x # in population to get 1st standard deviation
2. Ratio estimation: Audited true value/Audited book value x BV of the population = Point Estimate 3. Difference estimation: (Audited true value - Audited BV)/ Sample size x # items in population to get the required adjustment |
|
Steps for Variable Sampling (Substantive Testing)
|
1. Define the objective of the test
2. Define the population 3. Define the sampling unit 4. Define the sample size (tolerable mis, expected mis, acceptable level of risk, characteristics of population, assess risk of MM and for other subt. procedures) 5. Select the sample 6. Evaluate the sample results (to get point estimate and then add allowance for sampling risk also called precision interval) 7. Form conclusions about the balances tested 8. Document the sampling procedure |
|
Variable Sampling - Direct Relationship
|
1. Expected misstatement
2. Standard deviation (variability) 3. Assessed level of risk |
|
Variable Sampling - Indirect Relationship
|
1. Tolerable misstatement
2. Acceptable level of risk |
|
Probability-Proportional to Size PPS Sampling
|
- Sampling unit = $1
- Automatically emphasizes larger items by stratifying the sample (account balances greater than the interval are automatically selected) - If no errors are expected, requires a smaller sample - Zero, negative, or understated balances require special design considerations - Use a random start |
|
PPS Sample Size Determination
|
1. Sampling Interval = Tolerable Misstatement / Reliability factor
2. Sample size = Recorded amount of population / Sampling interval |
|
Evaluation of Sample Results - Variable Sampling
|
- Errors need to be projected to the interval: Take the amount of the error (recorded - audited amt) / recorded amt to find the tainting % - apply this to the interval to get the projected error
*If the account balance is greater than the interval - use the dollar amount of the error |
|
Dual Purpose Samples
|
Only used when the auditor believes that there is an acceptably low risk that the deviation rate in the population exceeds the tolerable rate
|
|
Difference between Manual and Computerized IT Environments
|
1. Segregation of Duties (COPAL)
2. Disappearing audit trail (perform audit tests on a continuous basis, use electronic audit trails, use analytics to identify unusual transactions) 3. Uniform Transaction Processing (reduced math errors but now potential for system errors) 4. Computer-Initiated Transactions (unauthorized interventions may not be evident) 5. Potential for increased errors and irregularities (more remote access, concentration of information, decreased human involvement, computer disruptions) 6. Potential for increased supervision and review 7. Dependence of other controls on controls over computer processing |
|
Manual Audit Procedures
|
- Auditing around the computer
- Batch system with good audit trail - Examine source docs - Test the input and output stages - Risk of insufficient paper based evidence and insufficient audit procedures |
|
Computer Assisted Audit Techniques
|
- Auditing through the computer
- Online/real-time - Emphasis on input and processing stages |
|
Types of CAAT
|
1. Transaction tagging
2. Embedded audit modules 3. Test data 4. Integrated test facility 5. Parallel simulation |
|
Transaction tagging
|
Electronically mark specific transactions and follow them through the client's system
|
|
Embedded Audit Modules
|
Sections that collect transaction data for auditor, Built into the application program when the program is developed to ensure controls are operating effectively
|
|
Test data
|
Process your data through the clients system when it is off-line
|
|
Integrated Test Facility
|
Process your data through the client system except it is commingled with live data
|
|
Parallel Simulation (Reperformance test)
|
Process client live data thorugh the auditor system
|
|
Generalized Audit Software Packages (GASPs)
|
- Allow the auditor to perform tests of controls and substantive tests directly on client's system - generates the programs necessary
- Auditor does not have to know much about client's system - Test higher % of transactions |
|
Advantage of Auditing with a Computer
|
1. Math
2. Cross-referencing 3. Preparation of F/S and other forms 4. Reduction in supervisory time 5. Automatic performance of analytical procedures 6. Enhanced client service (disadvantage - not contain readily observable details of calculations) |
|
Control Deficiency
|
Design or operation of a control does not allow management or employees in the normal course of performing their functions to prevent or detect misstatements
- Deficiency in design is when a control is missing or it does not achieve the desired objectives - Deficiency in operation occurs when a control does not operate as designed or is performed by an inappopriate person |
|
Significant Deficiency
|
Control deficiency or combination of control deficiencies that adversely affect the entity's ability to initiate, authorize, record, process, or report financial data reliably in accordance with GAAP such that there is a more than remote likelihood that a mistatement in the F/S that is more than inconsequential will not be prevented or detected
|
|
Material Weakness
|
A significant deficiency or combination that results in a more than remote likelihood that a Material Misstatement of the entity's financial statement will not be prevented or detected
|
|
Indicators of Significant Deficiency
|
1. Selection and application of accounting principles
2. Antifraud programs 3. Nonroutine transactions 4. Period-end financial reporting |
|
Indicators of Material Weakness
|
1. Ineffective oversight by those charged with governance
2. Restatement of F/S to correct a MM 3. Identification of a MM that was not initially identified by IC 4. Ineffective IA or risk assessment 5. Ineffective regulatory compliance 6. Any level of fraud 7. Failure to appropriately address previously communicated SD 8. Ineffective control environment |
|
IC report contents
|
1. Purpose of the audit was to express an opinion on F/S and not on effectiveness of I/C
2. The auditor is not expressing an opinion on effectiveness of IC 3. Definition of SD (and MW) 4. Identification of SD (and MW if noted) 5. Communication is solely for the information and use of mgmt, those charged with governance, and others in the org. |
|
Example of control deficiencies - design
|
- lack of design of Preparation of F/S
- Insufficient control consciousness - Segregation of duties or safeguarding assets - lack design of IT controls - lack of qualifications or training of personnel - Inadquate design of monitoring - Inadquate documentation of components |
|
Example of control deficiencies - operation
|
- Failure to obtain authorization, perform reconciliations, safeguard assets
- Undue bias or lack of objectivity - Management override - Misrepresentation by client personnel to auditor - Failure of an application control bc of deficiency in general control |
|
Conditions for Attestation Engagement to report on entity's IC (mgmt assertion of effectivness)
|
1. Management accepts responsibility for effectiveness of IC (makes assertion and how they can prove it)
2. Management evaluates the effectiveness of entity's IC using suitable criteria 3. Sufficient audit evidence exists 4. Management must provide a written assertion on effectiveness |
|
Performing Attestation Engagement to report on entity's IC (mgmt assertion of effectivness)
|
1. Obtain management written assertion on effectiveness of IC (separate report or rep letter, include in intro paragraph of report)
2. If they refuse - withdraw or issue disclaimer/adverse opinion if required to complete enagement (adverse - restrict use) 3. Obtain understanding of IC with inquiry, inspection, observation 4. Evaluate design of IC 5. Test and evaluate op. effectivness 6. Form an opinion |
|
Attestation Engagement to report on entity's IC (mgmt assertion of effectivness) - Report
|
Inherent limitations paragraph - misstatements may not be detected, projections subject to risk IC may become inadquate or degree or compliance may deteriorate
|
|
Attestation Engagement to report on entity's IC - Presence of a Material weakness
|
- Qualified or adverse opinion
- Express opinion on effectivness of IC and not management's assertion - If client not responsible party, no responsibility to communicate SD or MW - Should disclaim any cost-benefit statement made by mgmt. |
|
Attestation Engagement to report on entity's IC - Scope Limitation
|
- Generally withdraw
- If new controls are identified but we cannot test them -> Qualified - If scope significantly limited - disclaimer |
|
IC Examination - Part of an audit
|
- Used to determine NET of tests to be performed
- Generally restricted while a separate examination (attestation) is usually not |
|
SOX IC requirements
|
- Issue report on effectiveness and mgmt. assertions
- Control deficiencies only communicated to mgmt. in writing Effectiveness: - Unqualified in no MW - Adverse if one or more MW - Qualified/disclaimer for scope limitation Management Assertion: - Unqualified if you agree with management assessment |
|
Report on whether previously reported IC continues to exist
|
- Voluntary
- Only if auditor has sufficient overall knowledge, mgmt accepts responsibility and presents written report, auditor's testing is limited to specifically identified controls, MW has been eliminated and no scope limitations |
|
Government Audits - Additional Management Responsibilities
|
1. Identification of applicable laws and regs
2. Establishment of IC to provide reasonable assurance entity complies with laws and regs 3. Prepare supplementary financial reports 4. Obtain an audit that satisfied legal, regulatory, and contractual agreements |
|
Government Audits - Additional Auditor Responsibilities
|
1. Obtain reasonable assurance FS are free of MM from violations of laws and regs that have a direct and material effect on the determination of FS amounts
2. Assess whether management has identified laws and regs that have a direct and material affect of FS |
|
Types of Government Audits
|
1. Financial audits - FS present fairly the financial position, results of ops, and cash flows in accordance with GAAP
2. Attestation - examinations, review, and agreed upon procedures (compliance with laws, regs, etc) 3. Performance audits - EEE (effectiveness, economy, efficiency), internal control, compliance |
|
GAGAS - Yellowbook
|
- Extra fieldwork and reporting standards
- Designing an audit for reasonable assurance of detecting MM resulting from noncompliance |
|
Audit Requirements for Federal Financial Assistance
|
- Conduct in Accordance with GAAS and GAGAS
- Expanded IC documentation and testing requirements - Expanded reporting to include formal written reports (IC and risk assessment) - Expanded reporting - federal financial assistance has been administered properly - Application of single audit standards |
|
Government Audit - Additional Management Reps
|
1. No violations or possible violations of laws or regs
2. Management is responsible for compliance 3. Management has identified and disclosed all laws and regs with a direct and material effect |
|
Reporting Under GAGAS
|
1. Affirmative statement of compliance with GAGAS
2. Describe scope of testing of regulatory compliance and internal control 3. Describe omitted information 4. Describe the distribution of the report (external funding sources) 5. Report conclusion that fraud or illegal act has occurred or is likely to occur (report illegal acts to top officials, oversight bodies, or officials of audit org.) |
|
Internal Control Reporting Under GAGAS
|
Objectives are safeguarding of assets and compliance
- GAGAS requires a written report on the understanding of IC and the assessment of control risk in all audits (differs from GAAS - only when significant def are noted) |
|
Government Audit Written Report on IC
|
Document:
1. The assertion that evaluating compliance with laws, rules, and regs with a direct and material effect on the FS is part of developing an opinion on FS 2. The assertion that specific controls relating to financial reporting are considered 3. An indication that either no weaknesses were found or that significant deficiencies were found and an indication of whether they were material |
|
Single Audit Act
|
- Required for entities that expend federal assistance of $500,000+ in a fiscal year
- Materiality is evaluated separately for each major program - Certain recipients are permitted to have a program specific audit instead of single audit (FS as a whole) Objectives: 1. Audit of FS and reporting on a separate schedule of expenditures of federal awards 2. Compliance audit of federal awards expended as basis for reports on compliance and IC over compliance |
|
IC under Single Audit Act
|
Obtain understanding of IC of compliance sufficient to plan an audit and support a low assessed level of control risk for MAJOR programs
- Test effective controls and report ineffective ones |
|
Evaluating Degree of Compliance under Single Audit Act
|
- Examine frequency of noncompliance
- Modify report to either qualified or adverse for reportable instances - Responsible to report significant deficiencies to specific regulatory bodies or grantor agencies |
|
GAAS vs. GAGAS vs. Single Audits
|
GAAS - Opinion on FS
GAGAS - Opinion on FS and Report on compliance and on IC Single Audits - Opinion on FS and Report on compliance and on IC and for each major program and schedule of findings and questioned costs |
|
Functions of Audit Committee
|
- Select and appoint independent auditor, set fee
- Determines that any recommendations given by the auditor are given proper attention - Evaluates the IC of the company with the help of the auditor |
|
Auditor Communications with Governance - Scope and Timing of Audit
|
- The auditor may communicate how significant risks of MM will be addressed, the planned approach toward IC, factors affecting materiality, and any potential use of IA
- The communication may also include discussion of the attitudes, awareness, and actions of those charged with governance with respect to IC, fraud, relevant charges, and matters previously communicated by auditor |
|
Auditor Communications with Governance - Significant Audit Findings
|
- Auditor's view about selection of accounting practices, significant management judgments, the adequacy of FS disclosures
- Significant difficulties in performing the audit - Uncorrected nontrivial misstatements - Circumstances that may appear to impair independence - Material, corrected misstatements brought to management's attention (if those charged with governance are not managing the entity) |
|
Auditor Communications with Governance - Misc
|
- Can be oral (must be documented) or written (restricted use)
- Must be before audit report is filed with SEC (issuers only! otherwise on timely basis) |
|
Management Rep Letter - Requirements
|
- Final piece of evidential matter at the end of fieldwork
- Same date as auditor report - Signed by CEO and CFO - Materiality considerations do not apply to items outside of FS such as board minutes |
|
Management Rep Letter - Information Contained
|
- Completeness of information (financial records, minutes, etc.)
- No communications from reg. agencies - No unrecorded transactions - Uncorrected misstatements are immaterial - Fraud - Plans or intentions - Related-party transactions - Guarantees - Significant estimates - Violations of laws - Unasserted claims or assessments from lawyer - Other liab and loss contingencies - Satisfactory title - Compliance with contracts - Subsequent events |