Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
198 Cards in this Set
- Front
- Back
|
Assurance standards can be applied to |
- written - attest engagement - unwritten - direct reporting engagements |
|
|
Practice Standards |
- Generally accepted auditing standards - Assurance standards (more general than GAAP) - may not be internal control eval - General control standards of quality - Quality control standards |
|
|
3 Principles to CAS |
1) General standards - who are auditors 2) Examination standards - what do they do 3) Reporting standards - what is in the audit report |
|
|
Professional Ethical Requirements (DOCCI) |
- competence - objectivity - confidentiality - due professional care - integrity |
|
|
Principles based framework |
- Plan and supervise the audit - Understand the business and control - Sufficient and appropriate evidential matter |
|
|
Audit Risk |
Not enough or sufficient enough evidence is collected |
|
|
Accounting Risk |
Misstatements from not following standards occur |
|
|
Control Risk |
The controls will not pick up on material misstatements (increases audit risk) |
|
|
Quality control |
- Leadership responsibilities within the firm - Relevant ethical requirements - Acceptance and continuance of client relationships - Human resources - Engagement performance - Monitoring |
|
|
Auditor is associated when |
- you consent the use of your name in connection with the financial statements - You have prepared or performed some other service with respect to the statements |
|
|
Assurance levels: Audit |
-90-95% assurance - positive assurance - "in our opinion" |
|
|
Assurance levels: Review |
- negative assurance - "nothing has come to our attention" |
|
|
Assurance levels: Compilation (NTR) |
no assurance |
|
|
2 reasons for qualified reports |
1) Departure from GAAP 2) Scope limitations |
|
|
Departure from GAAP |
Have to write a reservation paragraph |
|
|
Pervasive departure from GAAP |
Have to give an adverse opinion with "except for" |
|
|
Scope limitations |
Scope is modified and a reservation paragraph is added |
|
|
Pervasive Scope limitation |
Have to provide a disclaimer of opinion using "except for" - Scope possibly omitted in a disclaimer of opinion |
|
|
Unqualified report format |
- Title - Address - Introductory paragraph - Manager responsibility - Auditor responsibility - Scope paragraph - Opinion paragraph - Signature and date |
|
|
Emphasis of matter (EOM) |
used on unqualified reports - not material, but it is still important |
|
|
Other matter (OM) |
not relating to F/S, but could still be of importance to the shareholders |
|
|
Integrated Audit |
looks at the F/S and internal controls |
|
|
Internal controls of financial reporting (ICOFR) |
material weakness - adverse opinion Scope limit - disclaimer of opinion |
|
|
3 responsibilities of auditors |
1) moral 2) professional 3) legal |
|
|
Skepticism and professional judgement |
- learn views of others - identify claims/controversies of issue - explain reasons for competing claims - evaluate argument supporting claim - reach a conclusion about claim |
|
|
5 Threats to independence |
1) Self-review 2) Self-interest 3) Advocacy 4) Familiarity 5) Intimidation |
|
|
Privy |
a contract is formed and a duty of care is owed |
|
|
If privy exists |
You have to prove negligence |
|
|
How to prove negligence |
- show a duty of care was owed - there was a breach in that duty - damages were suffered - the damages suffered were due to the breach of duty (connected) |
|
|
How to prove negligence if there was reasonably foreseeable duty of care |
- False representation - Knowledge it was false - Intended to induce 3rd party - 3rd party relied on false representation - damages were suffered |
|
|
Ordinary Negligence |
Absence of reasonable due care |
|
|
Gross Negligence |
Extreme or wreckless departure from prof standard of due care |
|
|
Fraud |
Actions taken with knowledge and intent |
|
|
Common law |
Use previous cases to determine a verdict |
|
|
Statutory law |
Laws enacted by legislation |
|
|
Proportionate liability |
only liable for your portion |
|
|
Joint and Several |
One person liable for many |
|
|
Phases of an audit |
- Acceptance -Continuance - understand the entity - preliminary analytical procedures - Risk assessment - Materiality - Audit strategy (timing) - Cycles - Control sampling |
|
|
Steps to acceptance |
- obtain/review F/S - evaluate independence - evaluate competency - understand business risks - recognize any unusual risks - assess integrity - communicate with prior auditor |
|
|
5 Assertions |
1) completeness 2) Existence 3) Ownership 4) Presentation 5) Valuation |
|
|
Audit Procedures |
- Risk assessment - Test of controls |
|
|
Risk assessment |
Obtain an understanding of the entity and it's environment (internal control) |
|
|
Test of controls |
- evaluate whether control is properly designed - look at operating effectiveness - how is it applied - consistency - by whom |
|
|
Substantive tests |
- Test of detail (account balances, transactions etc.) - Substantive analytical procedures |
|
|
Substantive analytical procedure (4 step process) |
1) Develop expectations of recorded amount 2) Define acceptable difference between expected and recorded 3) Expectation is compared to recorded amount 4) Investigate differences greater than acceptable differences |
|
|
Dual purpose tests |
Test of controls and substantive testing of transactions |
|
|
Risk-driven top down approach |
- obtain understanding of client's business objectives and strategies - identify business and audit risks - documents on understanding of internal controls - gather sufficient, appropriate audit evidence - test of controls - substantive tests - analytical procedures - test of details |
|
|
Auditors need to assess (AR = IR x CR x DR) |
- Inherent risk - Control risk - Detection risk |
|
|
Inherent Risk |
risk that material misstatements have occurred in transactions (increases in IR = decrease in DR) |
|
|
Control Risk |
risk that internal controls have missed a material misstatement (increase in CR = decrease in DR) |
|
|
Detection Risk |
risk that misstatements missed by prior two will also be missed by the auditor (decrease in DR = increase in work) |
|
|
COCO |
Criteria of control committee |
|
|
COSO |
Committee of sponsoring organizations of the treadway commission |
|
|
Materiality |
magnitude of misstatement |
|
|
Audit risk |
Level of assurance that a material misstatement does not exist (low materiality = low AR) |
|
|
Business Risk |
any event or action that could affect an organization's ability to achieve its business objective |
|
|
How to manage risk |
1) Avoided 2) Reduced 3) Tolerated 4) Transferred |
|
|
Avoided |
not performing activities that cause risk |
|
|
Reduced |
through management controls |
|
|
Tolerated |
Cost/benefit basis |
|
|
Transferred |
to another party (ex. insurance) |
|
|
Residual Risk |
risks that remain med-high after reclassifying them and implementing controls (these need to be tested) |
|
|
Internal control |
the process designed, implemented, and maintained by management to provide reasonable assurance about the reliability, effectiveness and efficiency, and compliance of F/S and operations |
|
|
Components to internal controls |
- control environment - entity risk assessment process - information systems and business processes relevant to F/R and communication - control activities (accounting controls, related to accounting information) - monitoring controls |
|
|
Control environment example |
- internal audit - organizational structure - assignment of authority |
|
|
Control activities |
- general controls - application controls |
|
|
General controls |
relevant to audit (ex. performance reviews) |
|
|
Application controls |
checks on accuracy, completeness, and authorization of transaction processing |
|
|
6 types of audit evidence (ROCEIA) |
1) Recalculation 2) Observation 3) Confirmation 4) Enquiry 5) Inspection 6) Analysis |
|
|
Recalculation |
Auditors calculations (re-performance) |
|
|
Observation |
Physical observation |
|
|
Confirmation |
Statements by independent parties |
|
|
Enquiry |
statements by client personnel - requires corroboration
|
|
|
Inspection |
documents prepared by independent personnel or client, physical inspection |
|
|
Analysis |
Data interrelationships |
|
|
Positive confirmation |
request reply in all cases (more reliable) |
|
|
Negative confirmation |
request a reply only if information is incorrect |
|
|
Types of enquiry |
- open/closed - clear/ambiguous - leading/non-leading - direct/indirect - simple/multiple - pay attention to non-verbal cues |
|
|
Types of inspection |
- Vouching - Tracing |
|
|
Vouching |
information selected from an account and traced to the source document (existence) |
|
|
Tracing |
Source document is traced tot he account record of the transaction (completeness) |
|
|
Scanning |
an eyes open approach to detect anything unusual |
|
|
Evidence must be |
- sufficient - relevant - reliable |
|
|
Sufficient |
can persuade someone you have collected enough evidence |
|
|
Relevant |
relates to management's assertions |
|
|
Reliable |
depends on nature and source |
|
|
Reliability Hierarchy |
- Best - Good - Weak |
|
|
Best reliability |
- physical inspection - confirmations - inspection of external documents - recalculations |
|
|
Good reliability |
- Inspection of internal documents (strong IC)
- Analytical (strong IC) - Observation - Client enquiry |
|
|
Weak reliability |
- inspection of internal documents (poor IC) - analytical (poor IC) - client enquiry (informal) |
|
|
Audit programs set out the |
- nature - timing - extent |
|
|
Nature |
types of evidence to be used |
|
|
Timing |
When procedures will be performed |
|
|
Extent |
size of sample to be used |
|
|
2 types of programs |
- internal control programs - balance-audit programs |
|
|
Internal control programs |
procedures to understand business and control systems (IR and CR) |
|
|
Balance-audit programs |
substantive procedures for gathering direct evidence on assertions about dollar amounts and accounts |
|
|
Working paper |
- permanent files - current files |
|
|
Permanent files |
information of continuing interest (minutes, leases, contracts) |
|
|
Current files |
audit admin papers and audit evidence papers |
|
|
Control evaluation determines the |
Nature, timing and extent of the balance-audit program |
|
|
2 strategies |
- substantive - combined or reliance |
|
|
Substantive |
no reliance on internal controls (ineffective, and inefficient) |
|
|
Combined or reliance |
reliance on internal controls |
|
|
4 broad criteria (principles) of control |
1) purpose
2) commitment 3) capability 4) monitoring/learning |
|
|
Control environment |
- commitment to integrity/ethics - governance oversight (BOD) - authorities/responsibilities - commitment to competence - accountability |
|
|
Control activities |
- General controls - General IT controls |
|
|
General controls (PPSSCCI) |
- capable personnel - segregation of duties - supervision - periodic comparison - IT controls - performance reviews - controlled access |
|
|
Segregation of duties (ACRO) |
- authorization - recording - custody - operations cannot have control of more than one |
|
|
General IT controls |
- operating system and application software acquisition, development, and maintenance - access security - controls over data centre and network operations - system applications development and maintenance - routine data and system back up procedures - disaster recovery plans - physical security of IT assets |
|
|
Control objectives (PACAVAC) |
- validation - completeness - accuracy - authorization - proper period - classification - accounting |
|
|
Information and communication |
- identify and record all valid transactions - describe transaction in order to classify - measure value of transactions - determine the reporting time period - present transactions properly in F/S Communicate with external and internal parties |
|
|
Monitoring |
are they operating as intended, and are they designed well |
|
|
limitations |
- management override - human error - collusion - size - large = formal controls - small = more management involvement |
|
|
Phases of control evaluation |
1) Understanding the internal controls 2) Assess control risk 3) Testing controls |
|
|
Understanding the internal controls |
done early in audit - control environment - flow of transactions (flow chart) - Effectiveness of key control procedures |
|
|
Assess control risk (ORCKE) |
- objectives - risks - controls - key controls - effectiveness (look at design) |
|
|
Control risk is low |
effective and efficient to test controls - use combined approach not effective and efficient to test controls - use substantive approach |
|
|
Control risk is high |
substantive procedures - do not test controls |
|
|
Testing controls |
- Determine required degree of compliance for adequate control - Determine how well the control actually functioned during the period |
|
|
Control deficiency in design |
1) A control necessary to meet the control objectives is missing 2) An existing control is not properly designed so even if the control operates as designed the control objective will not be met |
|
|
Control deficiency in operation |
Exists when a properly designed control does not operate as designed, or person performing control does not have authority or competence to perform control effectively |
|
|
significant deficiency |
not necessarily material, but important enough that it should merit attention by those responsible for oversight |
|
|
Material weakness |
a deficiency, or combination that leads to material misstatement (has potential to lead to) |
|
|
Need to report deficiencies to |
- audit committee - appropriate level of management |
|
|
Errors |
unintentional misstatements or omissions of amounts/disclosures |
|
|
Fraud |
knowingly making misstatements with the intent of inducing someone to believe and act on the false representation |
|
|
Implications of fraud to the individual |
- banned from serving as an officer or director - fines or disgorgement (giving it back) - 80% turnover of CEO and CFO - 68% board chair departure |
|
|
Implication of fraud to the company |
- stock price plummets - bankruptcy/sell assets - removal from stock exchange |
|
|
Fraud triangle |
1) motivation 2) Opportunity 3) Rationalization |
|
|
Motivation |
- profitability is threatened - pressure to meet financial targets - pressure to meet 3rd party requirements - personal finance situations |
|
|
Opportunity |
- nature of operations (high use of estimates) - internal control deficiencies - ineffective monitory of management - complex organizational structure |
|
|
Rationalization |
1) pleading ignorance 2) shifting blame 3) advantageous comparison 4) moral justification 5) euphemistic labelling 6) victim takes fall |
|
|
Fraud prevention |
- legitimate concern for employees - codes of conduct - effective monitoring - HR policies (hiring/firing) |
|
|
Board of Directors (BOD) |
representatives of the owners (shareholders) |
|
|
Purpose of BOD |
- provide strategic direction (noses in, fingers out) - oversight of management |
|
|
Audit committee composition |
- must have min. of 3 directors - all members must be financially literate - all members should be independent from management |
|
|
Audit committee roles |
- protect auditor independence (hire and dismiss review services) - review and fascilitate internal audit functions - ethics, whistle-blowing, internal control - review F/S, F/R process, accounting policies - likely serve on fewer other committees because of the work load - help when there are disputes between auditor and management - able to ask direct questions - higher frequency of meeting with internal auditors |
|
|
Fraud detection rates |
- 40% detected by tips - 18% by internal controls - 21% by accident - 11% by external auditors |
|
|
Personality red flags |
- defensive - argumentative - blame shifting behaviours - tiredness - agitation - inability to make eye contact - irritability - excessive sweating |
|
|
Lifestyle red flags |
- living beyond means - not leaving work (not taking holidays) |
|
|
Records red flags |
- transaction details and documents - shortages and adjustments - transactions that are at odd times of day/month/season -too many or too few of them - in the wrong branch location |
|
|
Justifying fraud risk |
- perform analytical procedures - team brainstorming on fraud risk factors - identify biases in management accounting estimates |
|
|
Conditions of fraud |
- high debt - unfavourable industry conditions - excess capacity - profit squeeze - strong foreign competition - lack of working capital - rapid expansion - product obsolescence - slow customer collections - related party transactions |
|
|
possible indications of fraud |
- unauthorized transactions - government investigations - regulatory reports of investigation - payments for unspecified services - excessive sales commission and agent fees - unusually large cash payments - unexplained payments to government officials - failure to file tax or pay duties and fees |
|
|
Audit sampling |
Audit procedures on less than 100% of items in a balance population |
|
|
Sampling would NOT include |
- 100% of audit balance - analytical procedures - analyzing a specific item due to suspected fraud - a walk through of a transaction - enquiries, scanning or observation |
|
|
Statistical sampling uses |
1) random samples 2) statistical calculations to measure and express conclusions (cost more, but more accurate) |
|
|
Non-statistical sampling |
do not utilize statistical calculations |
|
|
sampling risk |
1) auditor will conclude the population is worse than it really is (type 1) 2) auditor will conclude the population is better than it really is (type 2) |
|
|
Auditors design audit samples to deal with |
1) auditing controls 2) auditing account balances |
|
|
Auditing controls |
asses control risk |
|
|
Auditing account balances |
get direct evidence about F/S assertions |
|
|
Steps for sampling for test of controls |
1) specify audit objectives 2) define deviation conditions 3) Define the population 4) determine the sample size 5) select the sample 6) perform the test of controls procedures 7) evaluate the evidence |
|
|
Attribute testing |
looking for presence or absence of a control condition |
|
|
Sample size equation |
n = R/P |
|
|
R = |
confidence level factor |
|
|
P = |
rate of materiality or tolerable deviation |
|
|
K = |
acceptable level of errors |
|
|
Selecting the sample |
Auditors try to attain representative samples by selecting random samples |
|
|
Random samples |
- Unrestricted - random selection - Systematic random selection (ex. every 2nd item) |
|
|
Testing |
Often more than one test will be done to one sample |
|
|
Upper error limit (UEL) equation |
P = R/n If UEL > tolerable rate, controls should not be relied on |
|
|
If CR appears high |
must either do additional substantive procedures, or extend control procedures |
|
|
Substantive procedures for auditing account balances include |
- analytical procedures - test of details of transactions and balances |
|
|
Steps for account balance audit |
1) specify audit objectives 2) define the population 3) choose an audit sampling method 4) determine the sample size 5) select the sample 6) perform the substantive purpose procedures 7) evaluate the evidence |
|
|
Detection risk has 2 parts |
1) APR - analytical procedure risk 2) RIA - risk of incorrect acceptance (type 2 error) |
|
|
RIA equation |
RIA = AR / IR x CR x APR - inverse with CR |
|
|
P equation |
P = materiality / population base |
|
|
Evaluation of sample and population |
- determine amount of known misstatement (in sample) - determine the likely misstatement (in population) |
|
|
2 methods of determining the likely misstatement |
1) Average difference method 2) Dollar unit ratio method |
|
|
Average difference method |
ADM = (sample misstated amount/# items in sample) x # items in population |
|
|
Dollar unit ratio method |
DURM = (sample misstated amount/sample $ recorded amount) x population $ recorded amount |
|
|
Identified misstatements (IM) |
misstatements identified throughout audit work |
|
|
Likely misstatement (LM) |
projection to the population |
|
|
Likely aggregate misstatement (LAM) |
sum of IM + LM - if LAM < materiality - good - if LAM > materiality - bad - request management adjustment or issue a qualified or adverse report |
|
|
Revenue recognition |
1) risks and rewards of ownership have been transferred 2) reasonable assurance on measurement of consideration 3) reasonable assurance of collection |
|
|
Risks to consider with revenue |
1) existence 2) ownership 3) Completeness 4) valuation 5) presentation |
|
|
Existence - revenue |
cut-off - recognized revenue earlier than should have |
|
|
Ownership - revenue |
channel surfing - increase sales by shipping out product they know will be returned |
|
|
Completeness - revenue |
cut-off - recognizing revenue later than should be |
|
|
Valuation - revenue |
Incorrect pricing or quanitites |
|
|
Presentation - revenue |
revenue recognition policies |
|
|
Inherent risk of revenue |
- complexity and contentiousness of revenue recognition issues (aggressive rev rec policy) - difficulty of auditing transactions and account balances (AFDA estimates) - misstatements detected in prior audits - industry related factors (health of industry, competition) |
|
|
Testing cash |
obtain: - bank rec - bank confirmation - cut-off bank statement confirmation is considered to be a required GAAP |
|
|
Tests of the bank reconciliation |
1) test the mathematical accuracy of bank rec 2) agree balance to general ledger 3) agree balance to bank confirmation 4) trace deposits in transit on bank rec to cut-off statement 5) compare o/s cheques on bank rec to cancelled on cut-off statement 6) agree charges on bank statement to bank rec 7) agree adj book balance to cash acc lead schedule |
|
|
Testing A/R and other assets |
audit emphasis is put on existence and ownership |
|
|
Lapping |
when receipts of one customer are applied to another customer in order to pocket the first customer's deposit/payment (write off the last payment) |
|
|
audit procedures to detect lapping |
- A/R confirmations - compare deposit slips to cash receipts journal |
|
|
Internal controls to detect fraud |
- required vacation - rotation of duties |
|
|
Cheque kiting |
when funds are being floated around different accounts |
|
|
Primary assertions of an inventory count |
- existence - valuation - completion to a lesser extent |
|
|
Inventory - Audit task #1 |
review client's inventory-taking policies and procedures - test of controls |
|
|
Inventory - Audit task #2 |
perform test counts and inspect - will be a dual direction test - designed to audit existence, completeness, and valuation |
|
|
Vouch |
Sheet to floor - taking information from the master file and going out into the storage yard to make sure those goods actually exist - existence |
|
|
Trace |
Floor to sheet - pick items from the yard, and trace it to the master file - completeness |
|
|
Observation procedure |
- ensure that no production is scheduled - ensure that there is no movement of goods during the inventory count - make sure that the client's count teams are following the inventory count instructions - perform test counts and record a sample of counts in the working papers - obtain cut-off information - observe the condition of the inventory (obsolete, slow moving, or excess quantities) - are there inventories off the client's premises - are there consignment relationships, goods sold but not yet delivered, goods in transit |
|
|
Inventories located off the client's premises |
- determine the amount and location - if material and controls are not strong, auditor may wish to visit locations to do on-site test counts - if not material and control risk is low, direct confirmation with the custodian may be sufficient competent evidence |
