• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

77 Cards in this Set

  • Front
  • Back
business processes
HR management
inventory management
financing/investing processes.
assertion categories
assertions about classes of transactions and events for the period under audit
assertions about account balances at the period end
assertions about presentation and disclosure
assertions about classes of transactions and events for the period under audit
assertions about account balances at the period end
rights and obligations
valuation and allocation
assertions about presentation and disclosure
occurrence and rights and obligations
classification and understandability
accuracy and valuation
audit procedures are performed to conduct
risk assessment procedures - obtain understanding
tests of controls - evaluate operating effectiveness
substantive procedures - detect material misstatement
concepts of audit evidence
nature of audit evidence
sufficiency and appropriateness of audit evidence
evaluation of audit evidence
reliability of evidence depends on
knowledgeable independent source of evidence
effectiveness of internal control
auditor's direct personal knowledge
documentary evidence
original documents
audit procedures for obtaining audit evidence
footing, crossfooting recalculation
analytical procedures
reliability of evidence obtained through confirms is directly affected by the following factors:
the form of the confirmation
prior experience with the entity
the nature of the information being confirmed
the intended respondent
examples of recalculation
reconciling subsidiary ledgers to account balances
testing postings from journals to ledgers
reliability of analytical procedures is a function of
(1) the availability and reliability of the data used in calculations
(2) the plausibility and predictability of the relationship being tested
(3) the precision of the expectation and the rigor of the investigation
two functions of working papers
1. Provide principal support for the representation in the auditor’s report that the audit was conducted in accordance with GAAS
2. To aid in the planning, performance, and supervision of the audit
types of audit documentation
audit plan and programs
working trial balance
account analysis and listings
audit memoranda
adjusting and reclassification entries
phases of an audit that relate to audit planning
client acceptance and continuance
establish an understanding with the client
preliminary engagement activities
plan the audit
questions to predecessor auditor
Integrity of mgt
Disagreements with mgt over accounting and auditing issues
Communications with audit committee regarding fraud, illegal acts, and IC weaknesses
Predecessor’s understanding of reason for change in auditors
AFTER acceptance, not required
Permission to review working papers
specific inquiries
procedures for evaluating a prospective client
o Obtain and review available financial information
o Inquire of third parties concerning integrity of mgt
o Communicate with predecessor auditor
o Consider whether client has circumstances requiring special attention or that may represent unusual business or audit risks, such as litigation or going-concern.
o Determine if firm is independent of the client
o Determine if the firm has necessary skills and knowledge of industry
o Determine if acceptance would violate any applicable regulatory requirements or CPC.
management responsibilities
prepare FS
attest to internal control
abide by laws
availability of accounting records to auditors
making adjustments based on suggestions
provide mgt rep letter
terms of engagement (engagement letter) should include
Objectives of the engagement
management’s responsibilities
auditor’s responsibilities
limitations of the engagement
Arrangements involving use of specialists or internal auditors
Any limitation of the liability of auditor or client
Additional services
3 topics discussed in establishing understanding with client
o Engagement letter
o Internal auditors
o Audit committee
auditor responsibilities
conduct audit in accordance with GAAS/PCAOB AS
limitations: reasonable assurance
discuss fees charged
discuss timing
requirements of the audit committee
be a member of BOD and shall be independent.
directly responsible for appointment, compensation, and oversight of the work of registered public accounting firm employed by company.
pre-approve all audit and non-audit services provided by its auditor
must have on-going communications with the auditors
must establish procedures for complaints received by company regarding accounting, internal control, and auditing.
must have authority to engage independent counsel or other advisors, as it determines necessary to carry out its duties.
2 preliminary engagement activities
1. determining audit engagement team requirements
2. Ensuring that the audit team and audit firm are in compliance with ethical requirements, including independence
factors to consider in staffing the audit team
enagement size and complexity
level of risk
any special expertise
personnel availability and competence
timing of work to be performed
in determining the audit strategy, auditor should:
o Determine scope of engagement
o Ascertain the reporting objectives to plan timing of audit
o Consider factors that will determine the focus of audit team’s efforts
develop the audit plan
Assess business risk and establish materiality
Assess need for specialists
Assess possibility of illegal acts
ID related parties
Conduct preliminary analytical procedures
Consider additional value-added services
Document audit strategy and plan and prepare audit programs
audit procedures to ID transactions with related parties

list from management
filings with SEC
BOD minutes
conflict-of-interest statements
extent and nature of business transacted with major customers, suppliers, borrowers, and lenders for indications of previously undisclosed relationships
accounting records for large, unusual, or nonrecurring transactions
confirmations of loans receivable and payable for indications of guarantees
types of audit tests
risk assessment procedures
tests of controls
substantive procedures
risk assessment procedures
Inquiries of management
analytical procedures
observation and inspection
tests of controls
o Inquiries
o Inspection
o Observation
o Walkthroughs
o Reperformance
2 categories of substantive procedures
1. Tests of details of classes of transactions, account balances, and disclosures
2. Substantive analytical procedures
3 phases of analytical procedures
o 1. Preliminary analytical procedures – used to assist auditor to better understand business and to plan NET of procedures
o 2. Substantive analytical procedures – used to obtain evidential matter about assertions related to account balances or classes of transactions
o 3. Final analytical procedures - used as an overall review of the financial information in final review stage of the audit
3 types of analytical procedures
trend analysis
ratio analysis
reasonable analysis
trend analysis
compare CY to PY
compare budget to actual
compare CY to industry averages
steps in substantive analytical procedures
1. develop an expectation
2. define tolerable difference
3. compare expectation to recorded amount
4. investigate differences greater than tolerable differences
5. documentation requirements
information to use in developing an expectation
Financial and operating data
Budgets and forecasts
Industry publications
Competitor information
Management’ analyses
Analyst’s reports
4 factors that affect precision of expectation
plausibility and predictability of relationship being studied
data reliability
type of analytical procedure used to form expectation
SAS 109
understanding the entity and its environment and assessing the risks of material misstatement
SAS 110
performing audit procedures in response to assessed risks and evaluating the audit evidence obtained
SAS 112
communication of internal control related matters IDd in an audit
established a common definition of IC that addressed all interested users
addressed IC's for 3 main areas:
o Reliability of financial reporting
o Effectiveness and efficiency of operations
o Compliance with applicable laws and regulations
Provided framework against which companies could assess their IC
Potential Benefits to an Entity’s Internal Control from IT
o Consistent application of business rules and performance of complex calculations in processing large volumes of transactions or data
o Better timeliness, availability, and accuracy of information
o Facilitation of additional analysis of information
o Better monitoring of the performance of the entity’s activities and its policies and procedures
o Reduction in the risk that controls will be circumvented
o Better segregation of duties through security controls
Potential Risks to an Entity’s Internal Control from IT
o Reliance on systems or programs that inaccurately process data, process inaccurate data, or both
o Unauthorized access to data that may result in destruction of data or improper changes to data
o Unauthorized changes to data in master files
o Unauthorized changes to systems or programs
o Failure to make necessary changes to systems or programs
o Inappropriate manual intervention
o Loss of data
internal controls as defined by COSO consists of 5 components
1. the control environment
2. the entity's risk assessment process
3. the information system and communication
4. control activities
5. monitoring of controls
factors that affect the control environment
communication and enforcement of integrity and ethical values
commitment to competence
participation of those charged with governance
management's philosophy and operating style
organizational structure
assignment of authority and responsibility
HR policies and practices
management's philosophy and operating style
o Approach to taking and monitoring business risks
o Attitudes and actions toward financial reporting
o Attitudes toward information processing and accounting functions and personnel
client business risks can arise or change due to the following circumstances:
• Changes in the operating environment
• New personnel
• New or revamped information systems
• Rapid growth
• New technology
• New business models, products, or activities
• Corporate restructurings
• Expanded international operations
• New accounting pronouncements
for the information system, establish methods and records that will
• Identify and record all valid transactions
• Describe on a timely basis the transaction in sufficient detail to permit proper classification of transactions for financial reporting
• Measure the value of transactions in a manner that permits recording their proper monetary value in the FS
• Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period
• Properly present the transactions and related disclosures in the FS
control activities
prenumbering of documents
authorization of transactions
independent checks to maintain asset accountability
timely and appropriate performance reviews
information processing controls
physical controls for safeguarding assets
segregation of duties
limitations of internal controls
collusion of employees
management override
human errors/laziness
not modifying IC as needed
effective monitoring involves
• Establishing a baseline for control effectiveness
• Designing controls based on the significance of business risks relative to the entity’s objectives
• Assessing and reporting results, including following up on corrective actions
May follow substantive strategy for some or all assertions because of the following factors:
The implemented controls do not pertain to the assertion the auditor is considering
The implemented controls ineffective
Testing the operating effectiveness of the controls would be inefficient.
Auditor uses knowledge about the 5 components of internal control to
o Identify the types of potential misstatement
o Pinpoint the factors that affect the RMM
o Design tests of controls and substantive procedures
In determining whether an IT specialist is needed, consider the following factors
o The complexity and usage of the entity’s IT control systems
o The significance of changes made to existing systems, or the implementation of new systems.
o The extent to which data are shared among systems.
o The extent of the entity’s participation in electronic commerce.
o The entity’s use of emerging technologies.
o The significance of audit evidence that is available only in electronic form.
Auditor should obtain sufficient knowledge of the IS to understand the following:
o The classes of transactions in the entity’s operations that are significant to the FS
o The procedures by which transactions are initiated, authorized, recorded, processed and reported
o The related accounting records supporting information and specific accounts in the FS that are involved in recording transactions
o How the IS captures other events and conditions that are significant to the FS
o The FS reporting process used to prepare the entity’s FS
Services must be considered as part of entity’s IS if they affect any of the following:
 How the client’s transactions are initiated
 The accounting records, supporting information, and specific accounts in the FS involved in the processing and reporting of the client’s transactions
 The accounting processing involved from the initation of the transctions in their inclusion the FS
 The financial reporting process used to prepare the client’s financial statements, including significant accounting estimates and disclosures
Management must comply with the following requirements in order for its registered public accounting firm (external auditor) to complete an audit of ICFR
o Accept responsibility for the effectiveness of the entity’s ICFR
o Evaluate the effectiveness of the entity’s ICFR using suitable control criteria
o Support the evaluation with sufficient evidence, including documentation
o Present a written assessment regarding the effectiveness of the entity’s ICFR as of the end of the entity’s most recent fiscal year.
ICFR includes policies and procedures that
o Pertain to the maintenance of records that reflect the transactions and disposition of assets of the company.
o Provide reasonable assurance that preparation of FS is in accordance with GAAP
o Receipts and expenditures of the company are being made only in accordance with authorization of management.
o Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition that could have a material effect on the FS.
3 steps of management's assessment process of ICFR
o Identify financial reporting risks and related controls
o Evaluate evidence about the operating effectiveness of ICFR
o Consider which locations to include in the evaluation
Examples of entity level controls
o Controls within the control environment
o Controls over management override
o The entity’s risk assessment process
o Centralized processing and controls, including shared service environments
o Controls to monitor results of operations
o Controls to monitor other controls, including activities of the internal audit function, the audit committee, and self-assessment programs
o Controls over period-end FR process
o Policies that address significant business control and risk management practices
Steps in the ICFR audit
1. plan the audit of ICFR
2. ID controls to test using top-down risk based approach
3. Test the design and operating effectiveness of selected controls
4. Evaluate identified control deficiencies
5. form an opinion on the effectiveness of ICFR
consider following activities in planning audit of ICFR
• Role of risk assessment and risk of fraud
• Scaling the audit
• Using the work of others
• Materiality
the following controls might address risk of fraud and management override:
• Controls over significant, unusual transactions, particularly those that result in late or unusual journal entries
• Controls over journal entries and adjustments made in the period-end FR process
• Controls over related-party transactions
• Controls related to significant management estimates
two categories of entity level controls require evaluation:
1. control environment
2. period end financial reporting process
assess the following in the control environment
 Management’s philosophy and operating style promote effective ICFR
 Sound integrity and ethical values, particularly of top management, are developed and understood
 The BOD or audit committee understands and exercise oversight responsibility over FR and IC
period end financial reporting process
o Include procedures used to enter transaction totals in the ledger
o Select and apply accounting policies
o Initiate, authorize, record, and process period-end journal entries in the ledger
o Record recurring and non recurring adjustments to the FS
o Prepare annual and quarterly FS and related disclosures
o Even though these controls operate after the “as of” year-end reporting date, they are used to support the auditor’s “as of” date opinion
To ID significant accounts and disclosures and their relevant assertions, the auditor uses the following risk factors:
• Size and composition of the account
• Susceptibility to misstatement due to errors or fraud
• Volume of activity, complexity and homogeneity of the individual transactions processed through the account or reflected in the disclosure
• Nature of the account or disclosure
• Accounting and reporting complexities associated with the account or disclosure
• Exposure to losses in the account
• Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure
• Existence of related-party transactions in the account
• Changes from the prior period in account or disclosure characteristics
 In order to understand the likely sources of potential misstatements, the auditor
 In order to understand the likely sources of potential misstatements, the auditor needs to do the following:
• Understand the flow of transactions related to the relevant assertions, including how these transactions are initiated, authorized, processed, and recorded
• ID the points within the entity’s processes at which a misstatement, including a misstatement due to fraud, could arise that would be material
• ID the controls that mgt has implemented to address potential misstatements
• ID the controls that mgt has implemented over the prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could result in a material misstatement of the FS.
Factors that may affect the risk associated with a control in the current year include:
• The NET of procedures performed in previous audits
• The results of the previous year’s testing of the control
• Whether there have been changes in the control or process since the previous audit
Risk factors that affect whether there is a reasonable possibility that a control deficiency will result in a material misstatement
• Nature of FS accounts, disclosures, and assertions involved
• Susceptibility of the related asset or liability to loss or fraud
• Subjectivity, complexity, or extent of judgment required to determine the amount involved
• Interaction or relationship of the control with other controls, including whether they are independent or redundant
• Interaction of the deficiencies
• Possible future consequences of the deficiency
indicators of material weakness
• ID of fraud, whether or not material, committed by senior management
• Restatement of previously issued FS to reflect correction of MM
• ID by auditor of MM of FS in current period in circumstances that indicate that the misstatement would not have been detected by ICFR
• Ineffective oversight of company’s external FR and ICFR by audit committee
Written representations made by management to auditor
• Mgt is responsible for establishing and maintaining effective ICFR
• Mgt has performed an evaluation and made an assessment of the effectiveness of the company’s ICFR
• Mgt did not rely on work performed by auditor in forming assessment of ICFR
• Mgt’s conclusion about effectiveness of ICFR is based on control criteria as of specified date
• Mgt has disclosed to auditor all deficiencies in ICFR and which ones are significant
• Descriptions of any fraud that involves senior mgt or other significant employees
• Control deficiencies ID’d during previous engagements have been resolved
• Descriptions of changes in ICFR
control deficiency
design or operation of a control does not allow mgt or employees to prevent or detect misstatements on a timely basis
material weakness
a deficiency in ICFR such that there is a reasonable possibility that a material misstatement of the FS will not be prevented or detected on a timely basis
design deficiency
control necessary to meet relevant control objective is missing or an existing control is not properly designed so that even if the control operates as designed the control objective would not be met.
operating deficiency
properly designed control does not operate as designed or when a person performing the control does not possess the authority or qualifications to perform the control effectively.
significant deficiency
deficiency that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.