Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
84 Cards in this Set
- Front
- Back
|
Chapter 9
|
Materiality and Risk
|
|
|
Explain a little about planned detection risk and name the relationships PDR has with the other 3 audit risk components and its relationship with substantive evidence.
|
PDR is the risk that audit evidence for a segment will fail to detect misstatements exceeding tolerable misstatement.
High PDR = Low chance of material misstatement Low PDR = High chance of material misstatement Relationships: IR = Inverse CR = Inverse AAR = Direct Evidence = Inverse If AAR, IR, and CR are all low, then PDR should be high. |
|
|
Explain a little about inherent risk and name the relationships IR has with the other 3 audit risk components and its relationship with substantive evidence.
|
IR is the measurement of the auditor's assessment of the likelihood that there are material misstatements due to error or fraud in a segment before considering the effectiveness of internal controls.
High IR = High chance of material misstatement (i.e. inventory account) Low IR = Low chance of material misstatement Relationships: PDR = Inverse CR = No relationship (but closely related) AAR = No relationship Evidence = Direct |
|
|
Explain a little about control risk and name the relationships CR has with the other 3 audit risk components and its relationship with substantive evidence.
|
CR is the risk of a material misstatement in the financial statements arising due to absence or failure in the operation of relevant internal controls.
High CR = Internal controls aren't very good. Low CR = Internal controls are effective. Relationships: PDR = Inverse IR = No relationship (but closely related) AAR = No relationship Evidence = Direct |
|
|
Explain a little about acceptable audit risk and name the relationships AAR has with the other 3 audit risk components and its relationship with substantive evidence.
|
AAR is the willingness of the auditor to accept that the financial statements contain a material misstatement after a clean (unqualified) audit opinion has been issued.
Acceptable audit risk is ordinarily set by the auditor during planning and is held constant for each major cycle and account. High AAR = Safer client Low AAR = indicates a risky client requiring more extensive evidence, assignment of more experienced personnel, and/or a more extensive review of audit files. Relationships: PDR = Direct IR = No relationship CR = No relationship Evidence = Inverse |
|
|
Explain tolerable misstatement.
|
When auditors allocate the preliminary judgment about materiality to account balances, the materiality allocated to any given account balance is referred to as tolerable misstatement.
Give low risk areas a higher tolerable misstatement since there is a lower risk of misstatement. Tolerable misstatement does not affect audit risk, inherent risk, control risk, or planned detection risk yet the combination of the tolerable misstatement and the four risks will determine the amount of planned audit evidence. Tolerable Misstatement has an inverse relationship with the amount of evidenced needed. To maximize audit efficiency, the auditor should allocate less tolerable misstatement to accounts that can be verified by using low-cost audit procedures, such as analytical procedures, than to accounts that are more costly to audit. |
|
|
What is the formula for the audit risk model?
|
PDR = AAR / (IR x CR)
|
|
|
IR x CR is the formula for what?
|
Risk of material misstatements.
It is the denominator of the audit risk model. |
|
|
What is the formula for the direct projection estimate of misstatement?
|
Net misstatement of the sample / Total sampled x Total recorded population value = Direct projection estimate of misstatement
Example: $3,500 ÷ $50,000 × $450,000 = $31,500 |
|
|
What is the formula for estimate total misstatement?
|
Direct projection estimate of misstatement + estimated sampling error
|
|
|
What are the 8 factors of inherent risk (IR)?
|
1. Nature of client’s business
2. Results from previous audits 3. Initial vs. Repeat engagement 4. Related parties 5. Nonroutine transactions 6. Judgment required (to correctly record account balances or transactions 7. Makeup of population of sample 8. Management incentives (factors related to fraudulent financial reporting and factors related to misappropriation of assets) |
|
|
Where are IR and CR assessed?
Where is AAR assessed? |
IR and CR are assessed at the transaction cycle, account balance, or audit objective level.
AAR is assessed at the Financial Statement Level. |
|
|
What are the 3 factors of acceptable audit risk? What are the components of each?
|
1. The degree to which external users rely on the statements.
a. Client's size b. Distribution of ownership c. Nature and amount of liabilities 2. The likelihood that a client will have financial difficulties after the audit report is issued. a. Liquidity position b. Profits (losses) in previous years c. Method of financing growth d. Nature of the client's operations e. Competence of management 3. The auditor's evaluation of management's integrity. |
|
|
What are the 3 factors affecting materiality?
|
1. Materiality is a relative rather than an absolute concept
2. Benchmarks are needed for evaluating materiality (i.e. net income before taxes = for profit companies) 3. Qualitative factors also affect materiality a. Fraud is more important than an error of an equal amount. b. Otherwise minor misstatements than have possible consequences arising from contractual obligations. c. Misstatements that are otherwise immaterial may be material if they affect a trend in earnings. |
|
|
What are the 3 major difficulties auditor's face in allocating materiality to balance sheet accounts?
|
1. Auditors expect certain accounts to have more misstatements than others.
2. Both overstatements and understatements must be considered. 3. Relative audit costs affect the allocation. |
|
|
The first two steps in applying materiality involve ______, and the last 3 steps involve ______.
|
planning; performing audit tests
|
|
|
The formula: 1 - AAR = ?
|
Audit Assurance
|
|
|
Chapter 11
|
Fraud Auditing
|
|
|
What are the two main categories of fraud?
|
1. Fraudulent financial reporting
2. Misappropriation of assets Misappropriation of assets is the most common fraud scheme, although the size of the fraud is much greater for fraudulent financial reporting. |
|
|
Explain fraudulent financial reporting.
|
Fraudulent financial reporting is an intentional misstatement or omission of amounts or disclosures with the intent to deceive users.
Most cases involve the intentional misstatement of amounts, rather than disclosures. Types of fraudulent financial accounting include earnings management and income smoothing. |
|
|
Explain misappropriation of assets.
|
Misappropriation of assets is fraud that involves theft of an entity's assets.
In many cases, but not all, the amounts involved are not material to the financial statements. The term misappropriation of assets is normally used to refer to theft involving employees and others internal to the organization. Misappropriation of assets is normally perpetrated at lower levels of the organization hierarchy. |
|
|
What is earnings management? What is income smoothing?
|
Companies may intentionally understate income when earnings are high to create a reserve of earnings or "cookie jar reserves" that may be used to increase earnings in future periods.
Earnings management involves deliberate actions taken by management to meet earnings objectives. Income smoothing is a form of earnings management in which revenues and expenses are shifted between periods to reduce fluctuations in earnings. |
|
|
Explain the fraud triangle.
|
The three conditions of fraud arising from fraudulent financial reporting and misappropriation of assets are referred to as the fraud triangle.
The 3 conditions are: 1. Incentives/Pressures. 2. Opportunities. 3. Attitudes/Rationalization. In the fraud triangle, fraudulent financial reporting and misappropriation of assets share the same three conditions, but the risk factors differ. |
|
|
What are the risk factors for each condition under the fraud triangle for fraudulent financial reporting?
|
1. Incentives/Pressures:
*Financial stability or profitability is threatened by economic, industry, or entity operating conditions. *Excessive pressure for management to meet debt repayment or other debt covenant requirements. *Management or the board of directors' personal net worth is materially threatened by the entity's financial performance. 2. Opportunities: *Significant accounting estimates involve subjective judgments or uncertainties that are difficult to verify. *Ineffective board of director or audit committee oversight over financial reporting. *High turnover or ineffective accounting, internal audit, or information technology staff. *Weak internal controls. *Significant related-party transactions. 3. Attitudes/Rationalization: *Inappropriate or ineffective communication and support of the entity's values. *Known history of violations of securities laws or other laws and regulations. *Management's practice of making overly aggressive forecasts |
|
|
What are the risk factors for each condition under the fraud triangle for misappropriation of assets?
|
1. Incentives/Pressures:
*Personal financial obligations create pressure for those with access to cash or other assets susceptible to theft. *Adverse relationships between management and employees with access to assets susceptible to theft motivate employees to misappropriate those assets. 2. Opportunities: *Presence of large amounts of cash on hand or inventory items that are small, of high value, or are in high demand. *Inadequate internal control over assets due to lack of the following: -Appropriate segregation of duties or independent checks -An approved vendor list to detect unauthorized or fictitious vendors -Job applicant screening for employees with access to assets -Mandatory vacations for employees with access to assets 3. Attitudes/Rationalization: *Disregard for the need to monitor or reduce risk of misappropriating assets *Disregard for internal controls by overriding existing controls or failing to correct known internal control deficiencies |
|
|
What does SAS 99 cover?
|
Assessing fraud risk.
Professional skepticism: -neither assumes that management is dishonest nor assumes unquestioned honest Information and idea exchange sessions by the audit team are required by SAS No. 99. SAS No. 99 does not specifically indicate which members of an audit engagement team must attend a brainstorming session. Because fraud perpetrators are often knowledgeable about audit procedures, SAS No. 99 requires auditors to incorporate unpredictability into the audit plan. |
|
|
What are the 2 components of professional skepticism?
|
1. Questioning mind
2. Critical evaluation of audit evidence |
|
|
What are the 5 sources of information gathered to assess fraud risks?
|
1. Communications among audit team
2. Inquiries of management 3. Risk factors 4. Analytical procedures 5. Other information |
|
|
What is horizontal analysis? What is vertical analysis?
|
Both are types of analytical procedures.
Horizontal: *In horizontal analysis, the account balance is compared to the previous period, and the percentage change in the account balances for the period is calculated. Vertical: *In vertical analysis, the financial statement numbers are converted into percentages using a base; also called common size financial statements. *Income statement base = each income statement amount is calculated as a percentage of sales. *Balance sheet base = balances are calculated as a percentage of total assets. |
|
|
What are the 3 elements identified by the AICPA to prevent, deter, and detect fraud?
|
1. Culture of honesty and high ethics.
2. Management's responsibility to evaluate risks of fraud. 3. Audit committee oversight. |
|
|
What are the 3 components of management's responsibility to evaluate risks of fraud?
|
1. Identifying and measuring fraud risks.
2. Taking steps to mitigate identified risks. 3. Monitoring internal controls that prevent and detect fraud. |
|
|
What are the 3 types of auditor responses to fraud?
|
1. Change the overall conduct of the audit
2. Design and perform audit procedures to address fraud risks 3. Design and perform procedures to address management override of controls |
|
|
Explain revenue and accounts receivable fraud risks.
What are the 3 main types of revenue manipulations? |
Revenue and related accounts receivable and cash accounts are especially susceptible to manipulation and theft.
More than half of financial statement frauds involve revenues and accounts receivable. The 3 main types of revenue manipulations are: 1. Fictitious revenues *The most egregious forms of revenue fraud involve creating fictitious revenues. 2. Premature revenue recognition *Companies often accelerate the timing of revenue recognition to meet earnings or sales forecasts. 3. Manipulations of adjustments to revenues *The most common adjustment to revenue involves sales returns and allowances. *Companies may also understate bad debt expense, in part because significant judgment is required to determine the correct amount. |
|
|
What are the 2 most useful ways to detect warning signs of revenue fraud? Explain each.
|
1. Analytical procedures
*Analytical procedures often signal revenue fraud, especially gross margin percentage and accounts receivable turnover. *Fictitious revenue overstates the gross margin percentage and understates accounts receivable turnover. *Premature recognition also overstates the gross margin percentage if the related cost of sales is not recognized. 2. Documentary discrepancies *Fictitious transactions rarely have the same level of documentary evidence as legitimate transactions. |
|
|
What is lapping?
|
Applying the payment from one customers account to the another customers account.
This takes place in the theft of cash receipts after a sale is recorded. |
|
|
Explain inventory fraud risks.
What is the main type of inventory fraud? |
Inventory is often the largest account on many companies' balance sheet, and auditors often find it difficult to verify the existence and valuation of inventories. As a result, inventory is susceptible to manipulation by managers who want to achieve certain financial reporting objectives. Because it is also usually readily saleable, inventory is also susceptible to misappropriation.
The main type of inventory fraud is fictitious inventory. *Many large companies have varied and extensive inventory in multiple locations, making it relatively easy for the company to add fictitious inventory to accounting records. |
|
|
What is the main way to detect warning signs of inventory fraud? Explain it.
|
The main way to detect warning signs of inventory fraud is through analytical procedures.
*Analytical procedures, especially gross margin percentage and inventory turnover, often help uncover inventory fraud. *Fictitious inventory understates cost of goods sold and overstates gross margin percentage, as well as lowering inventory turnover. |
|
|
How is the use of inquiry used?
What are the 3 types of inquiries? |
Inquiry can be an effective audit evidence gathering technique.
The 3 types of inquiries are: 1. Informational inquiry *Used to obtain info about facts and details that the auditor does not have, usually about past or current events or processes. *Often used when gathering follow-up evidence about programs and controls or other evidence involving a misstatement or suspected fraud uncovered during the audit. *Uses open ended questions about details, events, processes, or circumstances. 2. Assessment inquiry *Used to corroborate (compare) or contradict prior information. *Often starts inquiry with broad, open ended questions. *Common to compare management responses to earlier inquiries by asking questions of other employees. 3. Interrogative inquiry *Used to determine if the individual is being deceptive or purposefully omitting disclosure of key knowledge of facts, events, or circumstances. *Often confrontational *Questions that seek a yes or no response |
|
|
What do auditing standards require of the auditor when he/she suspects fraud?
What are 2 types things auditors use in this situation? |
When the auditor suspects that fraud may be present, auditing standards require the auditor to obtain additional evidence to determine whether material fraud has occurred.
2 ways auditors do this is: 1. Audit software analysis 2. Expanded substantive testing. |
|
|
What is one of the strongest internal corporate governance mechanisms over senior management?
|
The audit committee of the board of directors.
|
|
|
Chapter 13
|
Overall Audit Strategy and Audit Program
|
|
|
In developing an overall audit strategy, auditors use _____ to determine whether the financial statements are fairly stated.
|
5 types of tests.
|
|
|
What are the 5 types of tests used?
|
1. Risk assessment procedures (not a test)
2. Tests of Controls 3. Substantive tests of transactions 4. Analytical Procedures 5. Substantive tests of details of balances. Risk assessment procedures are performed to assess the risk of material misstatement in the financial statements. The auditor performs the other 4 tests in response to the auditor's assessment of risk of material misstatements. The combination of these 4 types of further audit procedures provides the basis for the auditors opinion. |
|
|
Explain Risk Assessment Procedures.
|
Collectively, procedures performed to obtain an understanding of the entity and its environment, including internal controls, represent the auditor's risk assessment procedures.
A major part of the auditor's risk assessment procedures are done to obtain an understanding of internal control. Theses procedures focus on the design and implementation of internal control and are used to assess control risk for each transaction-related audit objective. Required in all audits to assess the risk of material misstatement. |
|
|
Explain Tests of Controls
|
When control policies and procedures are believed to be effectively designed, the auditor assess control risk at a level that reflects the relative effectiveness of those controls. To obtain sufficient appropriate evidence to support that assessment, the auditor performs tests of controls.
|
|
|
Explain Substantive Tests of Transactions
|
Substantive Tests of Transactions are used to determine whether all 6 transaction-related audit objectives have been satisfied for each class of transactions.
Auditors can perform tests of controls separately from all other tests, but it's often more efficient to do them at the same time as substantive tests of transactions. |
|
|
Explain Analytical Procedures
|
Analytical procedures involve comparisons of recorded amounts to expectations developed by the auditor.
Accounting standards require analytical procedures to be used during the planning and completion phases of the audit. Analytical procedures may also be performed to audit an account balance. The 2 most important purposes of analytical procedures in the audit of an account balance are to: 1. Indicate possible misstatements in the financial statements. 2. Provide substantive evidence. Analytical procedures done during planning typically differ from those done in the testing phase. Auditing standards state that analytical procedures are a type of substantive test (substantive analytical procedures), when they are performed to provide evidence about an account balance. |
|
|
Explain Tests of Details of Balances
|
Tests of details of balances focus on the ending general ledger balances for both balance sheet and income statement accounts, with the primary emphasis being on balance sheet accounts.
performed in response to the auditor's assessment of the risk of monetary misstatements in the financial statements Examples include: *Confirmation of customer balances for accounts receivable *Physical examination of inventory *Examination of vendors' statements for accounts payable. Tests of ending balances are essential because the evidence is usually obtained from a source independent of the client, which is considered highly reliable. Auditors perform detailed tests of the ending balances for sales and accounts receivable. The most costly test to perform. |
|
|
What are substantive tests?
|
They are procedures designed to test for dollar misstatements (monetary misstatements) that directly affect the correctness of financial statement balances.
Auditors rely on 3 types of substantive tests: 1. Substantive tests of transactions 2. Substantive analytical procedures 3. Tests of details of balances Auditing standards state that analytical procedures are a type of substantive test (substantive analytical procedures), when they are performed to provide evidence about an account balance. |
|
|
What are the relationships between the further audit procedures and the audit risk model?
|
Test of controls = Control risk
Substantive tests of transactions = Control risk and Planned detection risk Analytical procedures = Planned detection risk Tests of details of balances = Planned detection risk |
|
|
What tests apply to transactions? What test apply to ending balances?
|
Transactions are audited by test of controls, substantive tests of transactions, and analytical procedures.
Ending balances are audited by analytical procedures and tests of details of balances. |
|
|
What is the evidence mix?
|
To obtain sufficient appropriate evidence in response to risks identified through risk assessment procedures, auditors employ a combination of the four remaining types of tests. This combination is often called the evidence mix.
|
|
|
Auditors follow a 4 step approach to reduce the assessed control risk. What are the 4 steps?
|
1. Apply transaction-related audit objectives to a class of transactions.
2. Identify key controls and make a preliminary assessment of control risk. 3. Design tests of controls (audit procedures, sample size, items to select, timing) 4. Design substantive tests of transactions (audit procedures, sample size, items to select, timing) |
|
|
List the relationships between further audit procedures and evidence.
|
Tests of controls = Inspection, observation, inquiries of the client, reperformance
Substantive tests of transactions = Inspection, inquiries of the client, reperformance, recalculation Analytical procedures = Inquiries of the client, analytical procedures Tests of details of balances = physical examination, confirmation, Inspection, inquiries of the client, reperformance, recalculation *Key notes: *Only analytical procedures deal with analytical procedure evidence. *All 4 tests deal with inquiries of the client. *Only tests of controls deals with observation. *Only tests of details of balances deal with physical examination and confirmation. |
|
|
What are the 4 phases of the audit process? Which audit objective goes with each? What tests go with each?
|
Phase 1: Plan and design and audit approach
*No audit objectives *Risk assessment procedures Phase 2: Perform tests of controls and substantive tests of transactions *Transaction-related audit objectives *Procedures to obtain an understanding and tests of controls; Substantive tests of transactions Phase 3: Perform analytical procedures and tests of details of balances *Balance-related audit objectives *Analytical procedures *Tests of details of balances Phase 4: Complete the audit and issue the audit report *Presentation and disclosure-related audit objectives *Analytical procedures *Tests of details of balances |
|
|
Chapter 10
|
Internal Control, Control Risk, and Section 404 Audits
|
|
|
Management typically designs systems of internal controls to accomplish what 3 broad objectives?
|
1. Reliability of financial reporting
2. Efficiency and effectiveness of operations 3. Compliance with laws and regulations |
|
|
What are the 2 key concepts that underlie management's design and implementation (policy and use) of internal control?
|
1. Reasonable Assurance
2. Inherent Limitations *collusion *management overriding (i.e. to improve earnings) |
|
|
What is collusion?
|
An act of two or more employees who conspire to steal assets or misstate records
|
|
|
What does Section 404 of the Sarbanes-Oxley Act (SOX) pertain to?
|
The audit of internal controls over financial reporting
|
|
|
Section 404 of SOX requires management of all public companies to issue an internal control report that includes what 2 things?
|
1. A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting.
2. An assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the end of the company's fiscal year. Management must also identify the framework used to evaluate the effectiveness of internal control (usually COSO). |
|
|
Management's assessment of internal control over financial reporting consists of what 2 key aspects?
Explain management's section 404 reporting responsibilities. |
1. Evaluating the design of internal control over financial reporting.
*Are controls designed and put in place to prevent or detect material misstatements in the financial statements? 2. Testing the operating effectiveness of the controls. *Are the controls operating as designed? *Does the person performing the control posses the necessary authority and qualifications to perform the control effectively? *Management must document test results. *Management must disclose any material weakness. *Even if only one material weakness is present, management must conclude that the company's internal control over financial reporting is not effective. |
|
|
Auditors are primarily about what 2 controls dealing with internal controls?
|
1. Controls over the reliability of financial reporting
*The financial statements may not correctly reflect accounting frameworks such as AAP or IFRS if the controls affecting the reliability of financial reporting are inadequate. 2. Controls over the classes of transactions *Auditors emphasize internal control over classes of transactions rather than account balances because the accuracy of accounting system outputs (account balances) depends heavily on the accuracy of inputs and processing (transactions). Section 404 of SOX requires that the auditor report on the effectiveness of internal control over financial reporting. |
|
|
What is COSO?
|
The internal control framework used by most U.S. companies is the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control - Integrated Framework.
|
|
|
What are COSO's 5 components of internal control that management designs and implements to provide reasonable assurance that its control objectives will be met?
|
1. Control environment
2. Risk assessment 3. Control activities 4. Information and communication 5. Monitoring |
|
|
Explain Control Environment.
|
The control environment consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity.
The control environment serves as the umbrella for the other 4 components. Without an effective control environment, the other 4 are unlikely to result in effective internal control, regardless of their quality. The 7 most important control sub components of control environment are: 1. Integrity and Ethical Values 2. Commitment to Competence 3. BOD and Audit Committee Involvement 4. Management Philosophy and Operating Style 5. Organizational Structure 6. Assignment of Authority and Responsibility 7. Human Resource Policies and Procedures. |
|
|
Explain Risk Assessment.
|
Risk assessment for financial reporting is management's identification and analysis of risks relevant to the preparation of the financial statements in conformity with appropriate accounting standards.
Important to company (different than auditor’s risk assessment, but somewhat closely related) Provides direction for needed internal controls |
|
|
Explain Control Activities.
|
Control activities are the policies and procedures, in addition to those included in the other 4 components, that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives.
The control activities generally fall into the following 5 types: 1. Adequate Separation of Duties 2. Proper Authorization of Transactions and Activities 3. Adequate Documents and Records 4. Physical Control over Assets and Records (use physical precautions) 5. Independent Checks on Performance |
|
|
What are the 4 general guidelines for adequate separation of duties?
|
Separation of:
1. The custody of assets from accounting 2. The authorization of transactions from the custody of related assets 3. Operational responsibility from record-keeping responsibility 4. IT duties from user departments |
|
|
Concerning proper authorization of transactions and activities, what are the 2 types of authorizations?
|
1. General Authorization
*Management establishes policies and subordinates are instructed to implement these general authorizations by approving all transactions within the limits set by the policy. 2. Specific Authorization *Applies to individual transactions. For certain transactions, management prefers to authorize each transaction. Example: the authorization of a sales transaction by the sales manager for a used-car company. |
|
|
To have adequate documents and records, documents and records should be...
|
1. Prenumbered consecutively
2. Prepared at the time the transaction takes place 3. Designed for multiple use when possible 4. Constructed in a manner that encourages correct preparation |
|
|
What are independent checks on performance (key term = independent checks).
|
The last category of control activities is the careful and continuous review of the other 4 categories, often called independent checks or internal verification.
|
|
|
Explain Information and Communication.
|
The purpose of an entity's information and communication system is to initiate, record, process, and report the entity's transactions and to maintain accountability for the related assets.
|
|
|
Explain Monitoring.
|
Monitoring activities deal with ongoing or periodic assessment of the quality of internal control by management to determine that controls are operating as intended and that they are modified as appropriate for changes in conditions.
|
|
|
What are the 4 phases in the "process for understanding internal control and assessing control risk"?
|
1. Obtain and document understanding of internal control design and operation.
2. Assess control risk. 3. Design, perform, and evaluate tests of controls. 4. Decide planned detection risk and substantive tests. |
|
|
Auditors commonly use what 3 types of documents to obtain and document their understanding of the design of internal control? Explain each of the 3.
|
1. Narratives
*A written description of a client's internal controls. 2. Flowcharts *A diagram of the client's documents and their sequential flow in the organization 3. Internal Control Questionnaires *Asks a series of questions about the controls in each audit area as a means of identifying internal control deficiencies. |
|
|
What is a walkthrough?
|
In a walkthrough, the auditor selects one or a few documents of a transaction type and traces them from initiation through the entire accounting process.
|
|
|
What is an assessment of control risk? What is a control risk matrix?
|
After obtaining an understanding of internal control, the auditor makes a preliminary assessment of control risk as part of the auditor's overall assessment of the risk of material misstatement.
Many auditors use a control risk matrix to assist in the control risk assessment process at the transaction level. The purpose is to provide a convenient way to organize assessing control risk for each audit objective. |
|
|
What are key controls?
|
When identifying existing controls, the auditor should identify and include only those controls that are expected to have the greatest effect on meeting the transaction-related audit objectives. These are called key controls.
|
|
|
What are the 3 levels of evaluating the absence of internal controls that auditing standards define?
|
1. Control deficiency
*exists if the design or operation of controls does not permit company personnel to prevent or detect misstatement on a timely basis in the normal course of performing their assigned functions. 2. Significant deficiency *Exists if one or more control deficiencies exist that is less severe than a material weakness, but important enough to merit attention by those responsible for oversight of the company's financial reporting. 3. Material weakness *Exists if a significant deficiency, by itself or in combination with other significant deficiencies, results in a reasonable possibility that internal control will not prevent or detect material financial statement misstatements on a timely basis. |
|
|
What are compensating controls?
|
A compensating control is one elsewhere in the system that offsets the absence of a key control.
|
|
|
What are management letters?
|
The form of communication, often in a separate letter, where auditors identify less significant internal control-related issues, as well as opportunities for the client to make operational improvements.
Not mandatory, but auditors generally prepare them as a value-added service of the audit. |
|
|
What are the 3 types of Auditor's Reports on internal controls?
|
1. Unqualified –no material weakness and no scope limitation
2. Adverse –material weaknesses exist 3. Qualified or disclaimer -has a scope limitation |
|
|
Differences in evaluating, reporting, and testing internal control for nonpublic companies compared to public ones.
|
1. No requirement for an audit of internal control over financial reporting in a nonpublic company.
2. The most important difference in a nonpublic company i assessing control risk is the assessment of control risk at maximum for any or all control-related objectives when internal controls for the objective or objectives are nonexistent or ineffective. 3. The auditor will not perform tests of controls when the auditor assesses control risk at maximum because of inadequate controls. |
