1
Q
type of audit required for an issuer
A
integrated audit (F/S & I/C)
2
Q
Client Acceptance Policies
A
- Firm’s Ability to Meet Reporting Deadlines
- Firm’s Ability to Staff the Engagement
- Independence
- Integrity of Client Management
- Group Audits
3
Q
Management Responsibilities for Audit
A
financials and internal controls
4
Q
Preconditions of an Audit
A
- applicable financial reporting framework
2. management responsibilities
5
Q
What to do if there is a management imposed scope limitation
A
- audit required by law or regulation (permitted but not required)
- qualified opinion or circumstances beyond their control can result in acceptance
6
Q
3 Types of Fraud in Audit
A
- financial statement
- asset misappropriation
- corruption
7
Q
Engagement Letter Contents
A
- objective and scope of an audit
- responsibilities of auditor
- responsibilities of management
- statement that because of the inherent limitations of an audit
- identification of the applicable financial reporting framework
- reference to the expected form and content of any reports
8
Q
Considerations for Initial Audit
A
- MANDATORY: communication with the predecessor auditor
* *examine workpapers
* *disagreements
* *management integrity
* *reason for change in auditors
* *client PERMISSION is needed - Auditor’s Responsibility
* *opening balances could contain misstatements
* *accounting policies have been consistently applied in the current period
9
Q
Responsibilities of Engagement Partner
A
- planning the audit
- supervising the work of engagement team members
- compliance with relevant auditing standards
10
Q
Knowledge of the Client’s Business and Industry
A
- can accept engagement but then must obtain this knowledge
- tour client facilities
- review the financial history
- obtain an understanding of client accounting
- inquire of client personnel
11
Q
Developing the Audit Strategy
A
- WRITTEN audit strategy
- Scope of the Audit (Extent)
- Reporting Objectives, Audit Timing, and Required Communications (Timing)
- Factors that Determine the Focus of the Audit (nature)
12
Q
Factors that determine the focus of the audit
A
- materiality
- audit risk
- internal controls
13
Q
PCAOB Standards for Audit Strategy
A
- knowledge of internal control
- matters affecting industry
- extent of recent changes
- preliminary judgments about materiality and risk
- control deficiencies previously communicated
- legal or regulatory matters
- complexity of the company’s operations
14
Q
Materiality for an Audit on the Financial Statements as a Whole
A
*should use the smallest level of misstatement that could be material to any one of the financial statements
15
Q
Communication with Those Charged with Governance in initial planning stages of audit
A
*planned scope and timing
16
Q
Developing the Audit Plan
A
- MUST BE WRITTEN
1. audit procedures - risk assessment procedures
- further audit procedures
- tests of controls
- substantive procedures
2. financial statement assertions
3. drafting the audit plan
17
Q
Financial Statement Assertions
A
C ompleteness O cutOff V aluation, allocation, and accuracy E xistence and occurence R ights and obligations U nderstandability and classification
18
Q
PCAOB Financial Statement Assertions
A
C ompleteness E xistence O ccurence A llocation P resentation R ights O bligations V aluation E D isclosure
19
Q
Role of Client’s Internal Auditors
A
- cannot help in matter involving judgment and/or assessment
- the higher up they report, the more objective they are
- NOT independent
20
Q
Auditor’s Responsibility with Internal Auditors
A
*obtain understanding and assess competence and objectivity
21
Q
Use of Specialists when Auditing
A
- treat the specialist like one of your staff
* competence, capabilities, and objectivity
22
Q
Types of Misstatements
A
- factual misstatements
- judgmental misstatements
- projected misstatements
23
Q
Audit Risk Model
A
AR = IR x CR x DR
24
Q
Can substantive procedures ever not be performed during an audit?
A
No
25
3 Categories to which assertions apply
1. transactions
2. account balances
3. disclosures
26
Fraud Triangle
1. pressure
2. opportunity
3. rationalization
27
Auditor's Responsibility when it comes to Fraud
* design audit to obtain reasonable assurance about whether the financial statements are free of material misstatement
* difficult to detect fraud due to the concealment aspects
* should discuss risks with engagement personnel
28
PCAOB Standards for Fraud
*ask management and audit committee if they have received and responded to tips or complaints regarding the company's financial reporting
29
When are analytical procedures required during an audit?
1. planning
| 2. final review
30
Does the absence of fraud risk factors mean that there is no fraud risk?
No
31
Presumption of Risk in All Engagements
1. improper revenue recognition
| 2. management override of controls
32
Items most susceptible to manipulation
1. high degree of management judgment and subjectivity
| 2. highly complex accounting principles
33
Levels to Respond to Assessed Fraud Risk
1. general response
2. response encompassing specific audit procedures
3. response addressing risks related to management override
significant risks? withdraw
34
Communications of Fraud to Management/Those Charged with Governance
*report to management at least one level above those involved
35
Instances where third party disclosure is necessary regarding fraud
1. comply with certain legal and regulatory requirements
2. to a successor auditor when the successor makes inquiries with permission of client
3. response to a subpoena
4. funding agency or other specified agency for clients that receive governmental financial assistance
5. authorities in some circumstances
36
Auditor's Consideration of Noncompliance
obtain understanding of
1. legal and regulatory framework
2. how the entity is complying with that framework
37
Reporting Noncompliance in the Auditor's Report
1. material effect = GAAP = except for or adverse
2. insufficient evidence = GAAS = except for or disclaimer
3. client response/refuse = GAAS = withdraw
38
Assessing the Risks of Material Misstatement
```
I nternal control understanding
M aterial misstatement risks
A assessed level of risk response
C ontrol testing
P erform substantive testing
A udit evidence - evaluate appropriateness and sufficiency
```
39
Two Procedures Necessary in Every Audit
1. analytical procedures
2. risk assessment procedures
*test of operating effectiveness of controls is NOT required
40
Risk Assessment Procedures
* perform analytical procedures
* conduct a discussion among engagement team members
* inquire of the audit committee and management about the RMM
* inquiries
* observation and inspection
41
Required Documentation for Assessing RMM
* discussion among audit team
* key elements of the understanding of the entity and its environment
* the assessment of the risks of material misstatement
* identified risks and related controls evaluated by the auditor
* more complex = more extensive = more documentation
PCAOB = include assessment on particular locations (CPI)
42
Five Components of Internal Control
*COSO framework
```
C ontrol environment
R isk assessment
I nformation and communication systems
M onitoring
E xisting control activities
```
*think of pyramid
43
Key phrase for the five components of internal control
*auditor should obtain an understanding and knowledge of each component
44
Circumstances that are red flags about management's philosophy and operating style
1. consumed with meeting budget
2. dominated by one person
3. compensation contingent upon the entity's financial performance
45
Control environment has a ________ effect on the auditor's risk assessment and preliminary judgments
pervasive
46
Strong vs. Weak control environment and timing of procedures
Strong: interim and roll forward
Weak: as of the balance sheet date
47
Risk Assessment is whose responsibility when it relates to the five components of internal controls
management's responsibility
48
Information and Communication Systems - 5 Components of I/C
* initiate
* authorize
* process
* record
* report
49
Control Activities in a Strong Control Environment
P renumbering of documents
A uthorization of transactions
I ndependent checks to maintain asset accountability
D ocumentation
T imely and appropriate performance reviews
I nformation processing controls
P hysical controls for safeguarding assets
S egregation of duties
50
Segregation of Duties (not IT)
C ustody
A uthorization
R ecording
51
Two key elements of internal controls
* preventative
| * detective and corrective
52
When assessing the RMM, the auditor should be
identifying types of potential misstatements
53
Auditor should look at what when considering the internal controls
* design
* implementation
* procedures
* WALKTHROUGHS AND INQUIRIES
* document all understandings
54
Documentation Types
F lowchart
I nternal control questionnaire or checklists
N arrative
D ocumentation from the client, including copies
55
Issue when IT systems are used and records are continually modified
*difficult for timing of testing since records continually update
56
The "IT Exception"
* cannot solve detection risk through substantive testing alone
* must do SUBSTANTIVE AND CONTROL TESTING
57
Segregation of Duties (IT)
```
C ontrol group
O perators
P rogrammers
A nalyst
L ibrarian
```
*weakness comes from doing or supervising another area
58
IT Weaknesses
G I G O
59
Service Organizations and Internal Controls
Service Auditor Reports
1. reports only on design and implementation
* *should not reduce the assessment of control risk
2. reports on design, implementation, and effectiveness
* *can be used to reduce the assessment of control risk
60
Two Types of Audit Approaches
1. substantive approach
2. combined approach (reliance method)
*IT requires internal control assessment and substantive procedures
61
If the auditor wants to rely on the operating effectiveness of internal controls, when must the test of controls be performed?
in the current period
62
Nature of Tests of Internal Controls
* using audit evidence hierarchy
| * inquiry alone is not sufficient
63
Audit Evidence Hierarchy
```
A uditor evidence
E xternal evidence
I nternal evidence
O ral evidence
U KNOW IT
```
*inquiry alone is not sufficient
64
Can you use evidence obtained in prior audits about operating effectiveness of controls be used in the current audit?
Yes
65
Timing of Substantive Procedures
RMM low = interim (roll forward)
| RMM high = at balance sheet date
66
Evaluating the Sufficiency and Appropriateness of Audit Evidence
* revising the assessed RMM
* modify planned audit procedures
* document it
* *overall response
* *NET
* linkage of those audit procedures
* results of audit procedures
* conclusions reached
67
primary purpose of evaluating internal control
*material misstatements could exist in the financials
68
Can you evaluate the risk for internal control while obtaining an understanding of it?
Yes
