• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/73

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

73 Cards in this Set

  • Front
  • Back
Sampling Risk
The risk that the sample is not representative and that the auditor's conclusion will be different from the conclusion had the auditor examined 100% of the population
Sampling Methods Acceptable under GAAS
1. Statistical sampling
2. Non-statistical sampling - evaluated judgmentally
Areas where professional judgment is exercised:
1. Define population and sampling unit
2. Select appropriate sampling method
3. Evaluate appropriateness of evidence
4. Evaluate the nature of deviations/errors
5. Consider sampling risk
6. Evaluate results obtained from sample and project those to the population
4 Audit Sampling Rules
1. Population can be described by a normal or bell shaped curve
2. Samples have to be unrestricted and randomly selected
3. If sample is large enough and randomly selected, sample will have same statistical characteristics as population
4. Standard deviation is a measure of variability (uncertainty)
Sampling Risks in Substantive Testing (Variable Testing)
1. Risk of incorrect acceptance (beta risk) - condlude the account balance is not MM when in fact it is MM
2. Risk of incorrect rejection (alpha risk) - conclude the account balance is MM when it is not MM
Sampling Risks in Tests of Controls (Attribute)
1. Risk of assessing control risk too low - beta risk - risk of over-reliance
2. Risk of assessing control risk too high - alpha risk (falsely identify a problem when none exists)
Sampling Risk - Efficiency
- Lost with alpha risk
- The auditor does more work than necessary
Sampling Risk - Effectiveness
- Lost with beta risk
Attribute Sampling
Test of Controls
- Testing for specific characteristics, often yes-no questions
- Used to estimate the rate of occurrence of a specific characteristic
- Used to determine the NET of substantive testing
Non-Sampling Risk
- Audit risk not due to sampling
- Cannot be measured
- Can reduce to a low level through adequate planning and supervision and quality control of all firm practices
1. Using wrong audit procedures
2. Improperly evaluating evidence/results
Attribute Sampling - Steps for testing of controls
1. Definte the objective of the test
2. Define the population
3. Define the sampling unit
4. Define the attributes of interest (deviations are situations where the control was not properly applied such as missing credit approval)
5. Determine the sampling size (beta risk, tolerable deviation rate, expected deviation rate)
6. Select the sample
7. Evaluate the sample results
8. Form conclusions about the IC tested
9. Document the sampling procedures
Relationship of beta risk, tolerable deviation rate, and expected deviation rate to Sample Size
Beta risk (risk of assessing control risk too low) - inverse relationship to sample size
Tolerable Deviation Rate - maximum amount of error willing to accept without changing control risk assessment or planned reliance on IC - inverse relationship
Expected deviation rate - best estimate of rate of deviation from control procedure - direct relationship
Techniques for Selecting a Sample
1. Random selection - ok
2. Systematic selection (every nth item) if you get a random start
3. Block sampling - not acceptable
Upper Deviation Rate
Sample deviation rate + Allowance for sampling risk
Discovery Sampling
Special type of attribute sampling appropriate when the auditor believes the population deviation rate is 0 or near 0, used for detecting fraud (critical items)
Stop or Go Sampling
Designed to avoid oversampling for attributes by allowing the auditor to stop an audit test before completing all steps - used when few errors are expected in the population
Variable Sampling ("estimation sampling")
- Sampling in substantive tests
- Used to estimate $ value of a population
Tolerable Deviation/Misstatement
Misstatement - variable
Deviation - attribute
Stratification
- Separate items into relative homogeneous groups and treat as separate populations
- Commonly used when population has highly variable amounts
- Reduces sample size
Variable Sampling Plans
1. Mean-Per-Unit Estimation: Uses audited average value x # in population to get Point Estimate, Uses standard error of mean x # in population to get 1st standard deviation
2. Ratio estimation: Audited true value/Audited book value x BV of the population = Point Estimate
3. Difference estimation: (Audited true value - Audited BV)/ Sample size x # items in population to get the required adjustment
Steps for Variable Sampling (Substantive Testing)
1. Define the objective of the test
2. Define the population
3. Define the sampling unit
4. Define the sample size (tolerable mis, expected mis, acceptable level of risk, characteristics of population, assess risk of MM and for other subt. procedures)
5. Select the sample
6. Evaluate the sample results (to get point estimate and then add allowance for sampling risk also called precision interval)
7. Form conclusions about the balances tested
8. Document the sampling procedure
Variable Sampling - Direct Relationship
1. Expected misstatement
2. Standard deviation (variability)
3. Assessed level of risk
Variable Sampling - Indirect Relationship
1. Tolerable misstatement
2. Acceptable level of risk
Probability-Proportional to Size PPS Sampling
- Sampling unit = $1
- Automatically emphasizes larger items by stratifying the sample (account balances greater than the interval are automatically selected)
- If no errors are expected, requires a smaller sample
- Zero, negative, or understated balances require special design considerations
- Use a random start
PPS Sample Size Determination
1. Sampling Interval = Tolerable Misstatement / Reliability factor
2. Sample size = Recorded amount of population / Sampling interval
Evaluation of Sample Results - Variable Sampling
- Errors need to be projected to the interval: Take the amount of the error (recorded - audited amt) / recorded amt to find the tainting % - apply this to the interval to get the projected error
*If the account balance is greater than the interval - use the dollar amount of the error
Dual Purpose Samples
Only used when the auditor believes that there is an acceptably low risk that the deviation rate in the population exceeds the tolerable rate
Difference between Manual and Computerized IT Environments
1. Segregation of Duties (COPAL)
2. Disappearing audit trail (perform audit tests on a continuous basis, use electronic audit trails, use analytics to identify unusual transactions)
3. Uniform Transaction Processing (reduced math errors but now potential for system errors)
4. Computer-Initiated Transactions (unauthorized interventions may not be evident)
5. Potential for increased errors and irregularities (more remote access, concentration of information, decreased human involvement, computer disruptions)
6. Potential for increased supervision and review
7. Dependence of other controls on controls over computer processing
Manual Audit Procedures
- Auditing around the computer
- Batch system with good audit trail
- Examine source docs
- Test the input and output stages
- Risk of insufficient paper based evidence and insufficient audit procedures
Computer Assisted Audit Techniques
- Auditing through the computer
- Online/real-time
- Emphasis on input and processing stages
Types of CAAT
1. Transaction tagging
2. Embedded audit modules
3. Test data
4. Integrated test facility
5. Parallel simulation
Transaction tagging
Electronically mark specific transactions and follow them through the client's system
Embedded Audit Modules
Sections that collect transaction data for auditor, Built into the application program when the program is developed to ensure controls are operating effectively
Test data
Process your data through the clients system when it is off-line
Integrated Test Facility
Process your data through the client system except it is commingled with live data
Parallel Simulation (Reperformance test)
Process client live data thorugh the auditor system
Generalized Audit Software Packages (GASPs)
- Allow the auditor to perform tests of controls and substantive tests directly on client's system - generates the programs necessary
- Auditor does not have to know much about client's system
- Test higher % of transactions
Advantage of Auditing with a Computer
1. Math
2. Cross-referencing
3. Preparation of F/S and other forms
4. Reduction in supervisory time
5. Automatic performance of analytical procedures
6. Enhanced client service
(disadvantage - not contain readily observable details of calculations)
Control Deficiency
Design or operation of a control does not allow management or employees in the normal course of performing their functions to prevent or detect misstatements
- Deficiency in design is when a control is missing or it does not achieve the desired objectives
- Deficiency in operation occurs when a control does not operate as designed or is performed by an inappopriate person
Significant Deficiency
Control deficiency or combination of control deficiencies that adversely affect the entity's ability to initiate, authorize, record, process, or report financial data reliably in accordance with GAAP such that there is a more than remote likelihood that a mistatement in the F/S that is more than inconsequential will not be prevented or detected
Material Weakness
A significant deficiency or combination that results in a more than remote likelihood that a Material Misstatement of the entity's financial statement will not be prevented or detected
Indicators of Significant Deficiency
1. Selection and application of accounting principles
2. Antifraud programs
3. Nonroutine transactions
4. Period-end financial reporting
Indicators of Material Weakness
1. Ineffective oversight by those charged with governance
2. Restatement of F/S to correct a MM
3. Identification of a MM that was not initially identified by IC
4. Ineffective IA or risk assessment
5. Ineffective regulatory compliance
6. Any level of fraud
7. Failure to appropriately address previously communicated SD
8. Ineffective control environment
IC report contents
1. Purpose of the audit was to express an opinion on F/S and not on effectiveness of I/C
2. The auditor is not expressing an opinion on effectiveness of IC
3. Definition of SD (and MW)
4. Identification of SD (and MW if noted)
5. Communication is solely for the information and use of mgmt, those charged with governance, and others in the org.
Example of control deficiencies - design
- lack of design of Preparation of F/S
- Insufficient control consciousness
- Segregation of duties or safeguarding assets
- lack design of IT controls
- lack of qualifications or training of personnel
- Inadquate design of monitoring
- Inadquate documentation of components
Example of control deficiencies - operation
- Failure to obtain authorization, perform reconciliations, safeguard assets
- Undue bias or lack of objectivity
- Management override
- Misrepresentation by client personnel to auditor
- Failure of an application control bc of deficiency in general control
Conditions for Attestation Engagement to report on entity's IC (mgmt assertion of effectivness)
1. Management accepts responsibility for effectiveness of IC (makes assertion and how they can prove it)
2. Management evaluates the effectiveness of entity's IC using suitable criteria
3. Sufficient audit evidence exists
4. Management must provide a written assertion on effectiveness
Performing Attestation Engagement to report on entity's IC (mgmt assertion of effectivness)
1. Obtain management written assertion on effectiveness of IC (separate report or rep letter, include in intro paragraph of report)
2. If they refuse - withdraw or issue disclaimer/adverse opinion if required to complete enagement (adverse - restrict use)
3. Obtain understanding of IC with inquiry, inspection, observation
4. Evaluate design of IC
5. Test and evaluate op. effectivness
6. Form an opinion
Attestation Engagement to report on entity's IC (mgmt assertion of effectivness) - Report
Inherent limitations paragraph - misstatements may not be detected, projections subject to risk IC may become inadquate or degree or compliance may deteriorate
Attestation Engagement to report on entity's IC - Presence of a Material weakness
- Qualified or adverse opinion
- Express opinion on effectivness of IC and not management's assertion
- If client not responsible party, no responsibility to communicate SD or MW
- Should disclaim any cost-benefit statement made by mgmt.
Attestation Engagement to report on entity's IC - Scope Limitation
- Generally withdraw
- If new controls are identified but we cannot test them -> Qualified
- If scope significantly limited - disclaimer
IC Examination - Part of an audit
- Used to determine NET of tests to be performed
- Generally restricted while a separate examination (attestation) is usually not
SOX IC requirements
- Issue report on effectiveness and mgmt. assertions
- Control deficiencies only communicated to mgmt. in writing
Effectiveness:
- Unqualified in no MW
- Adverse if one or more MW
- Qualified/disclaimer for scope limitation
Management Assertion:
- Unqualified if you agree with management assessment
Report on whether previously reported IC continues to exist
- Voluntary
- Only if auditor has sufficient overall knowledge, mgmt accepts responsibility and presents written report, auditor's testing is limited to specifically identified controls, MW has been eliminated and no scope limitations
Government Audits - Additional Management Responsibilities
1. Identification of applicable laws and regs
2. Establishment of IC to provide reasonable assurance entity complies with laws and regs
3. Prepare supplementary financial reports
4. Obtain an audit that satisfied legal, regulatory, and contractual agreements
Government Audits - Additional Auditor Responsibilities
1. Obtain reasonable assurance FS are free of MM from violations of laws and regs that have a direct and material effect on the determination of FS amounts
2. Assess whether management has identified laws and regs that have a direct and material affect of FS
Types of Government Audits
1. Financial audits - FS present fairly the financial position, results of ops, and cash flows in accordance with GAAP
2. Attestation - examinations, review, and agreed upon procedures (compliance with laws, regs, etc)
3. Performance audits - EEE (effectiveness, economy, efficiency), internal control, compliance
GAGAS - Yellowbook
- Extra fieldwork and reporting standards
- Designing an audit for reasonable assurance of detecting MM resulting from noncompliance
Audit Requirements for Federal Financial Assistance
- Conduct in Accordance with GAAS and GAGAS
- Expanded IC documentation and testing requirements
- Expanded reporting to include formal written reports (IC and risk assessment)
- Expanded reporting - federal financial assistance has been administered properly
- Application of single audit standards
Government Audit - Additional Management Reps
1. No violations or possible violations of laws or regs
2. Management is responsible for compliance
3. Management has identified and disclosed all laws and regs with a direct and material effect
Reporting Under GAGAS
1. Affirmative statement of compliance with GAGAS
2. Describe scope of testing of regulatory compliance and internal control
3. Describe omitted information
4. Describe the distribution of the report (external funding sources)
5. Report conclusion that fraud or illegal act has occurred or is likely to occur (report illegal acts to top officials, oversight bodies, or officials of audit org.)
Internal Control Reporting Under GAGAS
Objectives are safeguarding of assets and compliance
- GAGAS requires a written report on the understanding of IC and the assessment of control risk in all audits (differs from GAAS - only when significant def are noted)
Government Audit Written Report on IC
Document:
1. The assertion that evaluating compliance with laws, rules, and regs with a direct and material effect on the FS is part of developing an opinion on FS
2. The assertion that specific controls relating to financial reporting are considered
3. An indication that either no weaknesses were found or that significant deficiencies were found and an indication of whether they were material
Single Audit Act
- Required for entities that expend federal assistance of $500,000+ in a fiscal year
- Materiality is evaluated separately for each major program
- Certain recipients are permitted to have a program specific audit instead of single audit (FS as a whole)
Objectives:
1. Audit of FS and reporting on a separate schedule of expenditures of federal awards
2. Compliance audit of federal awards expended as basis for reports on compliance and IC over compliance
IC under Single Audit Act
Obtain understanding of IC of compliance sufficient to plan an audit and support a low assessed level of control risk for MAJOR programs
- Test effective controls and report ineffective ones
Evaluating Degree of Compliance under Single Audit Act
- Examine frequency of noncompliance
- Modify report to either qualified or adverse for reportable instances
- Responsible to report significant deficiencies to specific regulatory bodies or grantor agencies
GAAS vs. GAGAS vs. Single Audits
GAAS - Opinion on FS
GAGAS - Opinion on FS and Report on compliance and on IC
Single Audits - Opinion on FS and Report on compliance and on IC and for each major program and schedule of findings and questioned costs
Functions of Audit Committee
- Select and appoint independent auditor, set fee
- Determines that any recommendations given by the auditor are given proper attention
- Evaluates the IC of the company with the help of the auditor
Auditor Communications with Governance - Scope and Timing of Audit
- The auditor may communicate how significant risks of MM will be addressed, the planned approach toward IC, factors affecting materiality, and any potential use of IA
- The communication may also include discussion of the attitudes, awareness, and actions of those charged with governance with respect to IC, fraud, relevant charges, and matters previously communicated by auditor
Auditor Communications with Governance - Significant Audit Findings
- Auditor's view about selection of accounting practices, significant management judgments, the adequacy of FS disclosures
- Significant difficulties in performing the audit
- Uncorrected nontrivial misstatements
- Circumstances that may appear to impair independence
- Material, corrected misstatements brought to management's attention (if those charged with governance are not managing the entity)
Auditor Communications with Governance - Misc
- Can be oral (must be documented) or written (restricted use)
- Must be before audit report is filed with SEC (issuers only! otherwise on timely basis)
Management Rep Letter - Requirements
- Final piece of evidential matter at the end of fieldwork
- Same date as auditor report
- Signed by CEO and CFO
- Materiality considerations do not apply to items outside of FS such as board minutes
Management Rep Letter - Information Contained
- Completeness of information (financial records, minutes, etc.)
- No communications from reg. agencies
- No unrecorded transactions
- Uncorrected misstatements are immaterial
- Fraud
- Plans or intentions
- Related-party transactions
- Guarantees
- Significant estimates
- Violations of laws
- Unasserted claims or assessments from lawyer
- Other liab and loss contingencies
- Satisfactory title
- Compliance with contracts
- Subsequent events