Midterm Review Notes PDF

Preview

Summary

Notes for all chapters included on midterm (ch. 4-10)...

Description

Audit Midterm Review Notes: Chapter 4 – Audit Responsibilities and Objectives The Audit Process: 1. Client Acceptance a. Resource allocation (Competent/experienced personnel) b. Cost analysis of the audit 2. Audit Planning a. Resource allocation (sufficient staffing) b. Division and supervision of audit work c. Timing of the audit 3. Assessment of risk (RMM) a. Assessing risk of material misstatement b. Performing analysis of client and industry  understanding industry specific risks c. Assertion level risks and OFSL risks 4. Develop risk response a. Audit procedures b. Types of evidence 5. Perform risk responses a. Execute audit through performing and reviewing work 6. Conclude a. Adequate review before signing of b. Professional judgement 7. Reporting a. Report reasonable assurance over financial statements b. If you cannot report reasonable assurance, must quantify the risk/misstatement Professional Judgement Framework: 1. 2. 3. 4.

Identify and define issues Gather the facts and information Perform analysis and evaluate alternatives Reach conclusion and complete documentation and rationale a. this is two steps but one segment of the framework

Judgment Traps: 1. Availability bias a. Overvalue evidence that is readily/easily available 2. Anchoring bias a. Anchoring bias to one piece of evidence over others 3. Overconfidence bias a. Placing too much confidence in one opinion 4. Confirmation bias a. Seeking evidence that proves an opinion while disregarding evidence that disproves

Professional Skepticism: - An auditor’s mindset 1. Questioning mind 2. Critical assessment of audit evidence  suspension of judgement Types of Misstatements: 1. Error a. b. 2. Fraud a. b.

-

Unintentional Failure of internal controls to detect and correct misstatement

Intentional Broken down further into two types: i. Misappropriation of assets  employee fraud 1. Generally small transactions that slip through the cracks and have little to no impact on the accuracy of the FS. Perpetrated by employees (i.e. theft) ii. Fraudulent financial reporting  management fraud 1. Generally larger transactions/misstatements that cause a material misstatement on the FS (i.e. overstatement of revenue). Fraud is harder to detect because it is intentionally concealed by employees/management

Flow of transactions: Transactions  Journals  General Ledger (GL)  (Account Subledger)  Trial Balance (TB)  FS Management Assertions: Assertions regarding account balances: 1. Existence a. Assets, liabilities, and equity interests exist 2. Completeness a. All assets, liabilities, and equity interests that should have been recorded and all related disclosures that should have been included in the financial statements have been included 3. Rights & Obligations a. The entity holds or controls the rights to assets, and liabilities are the obligations of the entity 4. Classification a. Assets, liabilities, and equity interests have been recorded in the proper accounts 5. Accuracy a. Assets, liabilities, and equity interests have been included in the financial statements at appropriate amounts 6. Valuation a. All asset, liability, and equity balances have been recorded at their proper valuations 7. Allocation

a. Any resulting valuation or allocation adjustments have been appropriately recorded and related disclosures have been appropriately measured and described 8. Presentation a. Assets, liabilities, and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework Assertions regarding classes of transactions: 1. Occurrence a. Transactions and events that have been recorded have occurred and pertain to the entity 2. Completeness a. Transactions and events that should have been recorded have been recorded 3. Cutof a. Transactions and events have been recorded in the correct accounting period 4. Classification a. Transactions and events have been recorded in the proper accounts 5. Accuracy a. Financial and other information is disclosed appropriately and at appropriate amounts 6. Presentation a. Transactions and events are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework Audit Objectives: -

-

Management makes assertions about balances/transactions. These assertions apply to several balances/transactions/events that are reflected in the accounting records For each assertion about a certain class of transaction, the auditor develops corresponding related audit objects For transaction assertions, 5 of the following audit objectives must be met before an auditor can conclude that a class of transactions is fairly stated: 1. Occurrence 2. Completeness 3. Accuracy 4. Cutof 5. Classification 6. Presentation For balance related assertions, 5 of the following audit objectives must be met before an auditor can conclude that any account balance is fairly stated: 1. Existence 2. Rights & Obligations (Ownership) 3. Completeness 4. Accuracy 5. Valuation

6. Allocation 7. Classification 8. Presentation Chapter 5 – Audit Evidence Audit evidence decisions: 1. Which audit procedures to use? a. The “nature” 2. Which items to select for testing? a. The “extent” 3. When to perform the procedures? a. The “timing” - Nature + extent + timing is based on the level of risk of material misstatement Audit Procedures: 1. Risk assessment procedures 2. Tests of controls 3. Substantive procedures Audit Program: -

Set of detailed instructions for the collection of evidence for an audit area Basically a PPC

Persuasiveness of evidence: -

Sufficient appropriate evidence is persuasive rather than conclusive 3 factors to consider: 1. Appropriateness  nature of the audit procedures a. Relevance of evidence to procedure and assertion/control being tested b. Reliability of evidence 2. Sufficiency  the extent of testing performed a. Whether the evidence obtained is enough to persuade 3. Timeliness  timing of evidence obtained and procedures performed a. Whether the evidence covers the appropriate period

Reliability of evidence (6 factors): 1. 2. 3. 4. 5. 6.

Whether the evidence obtained directly by the auditor The independence of the source The qualifications of the source Consistency of evidence from multiple sources (corroboration) The efectiveness of the client’s internal controls The degree of objectivity of the evidence

Specific types of audit procedures (7 types):

1. Inspection a. Most reliable as the auditor is literally inspecting the evidence themselves b. 2 categories of Inspection: i. Vouching  the use of documentation to support recorded amounts in the FS 1. This supports OCCURRENCE and EXISTENCE ii. Tracing  the use of documentation to determine if transactions/amounts are included in the accounting records 1. This supports COMPLETENESS 2. Observation a. Least reliable as the auditor is simply observing processes – never sufficient evidence on its own b. Can be helpful to observe internal processes 3. External confirmation a. Obtained from a third party to corroborate client’s assertions b. Can support COMPLETENESS, OCCURRENCE, and EXISTENCE 4. Recalculation a. Rechecking mathematical work performed by the client b. Substantive procedure performed to test balances/classes of transactions c. Can support ACCURACY, VALUATION, and ALLOCATION 5. Reperformance a. Re-doing non-mathematical procedures b. Test of controls 6. Analytical Procedures a. Performing analysis to confirm whether balances/transactions/disclosures are reasonable b. 4 types of analytical procedures: i. Industry data ii. Similar prior-period data comparison iii. Client-determined expected results iv. Auditor expected results 7. Inquiry a. Inquiring about balances/transactions/disclosures with the client to gain better understanding Chapter 6 – Client Acceptance, Planning, and Materiality Purpose of audit planning: -

Provide for efective conduct of an audit Keep costs reasonable Avoid misunderstandings with the client Enable the auditor to obtain sufficient appropriate audit evidence

Acceptable audit risk (AAR) -

Measures how willing the auditor is to accept that the FS may be materially misstated after the audit is completed

Risk of material misstatement (RMM): -

Risk that the FS is misstated PRIOR to the audit

Client investigation: -

Occurs prior to accepting the engagement The successor auditor is required to communicate with the previous auditor to evaluate if there are any reasons to decline the engagement Permission must be obtained from the client to do this

Engagement letter: - sets a clear understanding of the terms of the engagement Understanding the nature of the client’s business environment: -

-

Includes industry, regulatory, and external environment  PEST The client’s business operations and processes The client’s management and governance o Ethical codes o Character of management o Competence of management Client objectives and strategies Measurement and performance o Understand financial ratios

Developing the overall audit strategy: -

Scope, timing, and direction of audit Selecting staf for the engagement: o Sufficient expertise o Continuity o Evaluate the need for outside specialist o Evaluate whether internal audit work can be used o Evaluate reliance of other auditors for clients with multiple locations

Materiality: -

-

Misstatements are material if they, individually or in the aggregate, could be reasonably expected to influence the economic decisions of users taken based on the financial statements o Therefore, overall materiality depends on the users needs Judgements about materiality are based on a consideration of the common financial information needs of all users as a group Throughout the audit, materiality afects: o Planning o Evaluating results o Completing the audit (concluding)

4 levels of materiality:

-

Overall Materiality (M) o Based on the sensitivity of the users Performance Materiality (PM) o Based on the level of audit risk Specific Materiality (SM) Specific Planning Materiality (SPM)

Determining Overall Materiality (M): 1. 2. 3. 4. 5.

Identify users Discuss users needs, conclude Select the appropriate benchmark Identify appropriate financial data for the selected benchmark Determine the percentage to be applied to the benchmark a. This is based on the sensitivity of the users. Higher the sensitivity, lower the percentage b. Must explicitly state the range of the percentages considered 6. Calculate materiality Materiality benchmark percentages: Most common: net income before taxes (NIBT)  3%-7% Others: -

Shareholder’s equity (SE)  3%-5% Total assets  1%-3% Revenue  1%-3%

For non-profit entities: expenses or revenue  1%-3% Performance Materiality (PM): -

Less than materiality that is used to reduce the likelihood that uncorrected errors exceed materiality (a bufer) Generally between 50% (high risk) and 75% (low risk) of Overall Materiality (M) Based on the level of audit risk Performance materiality (PM) determines sample sizes and conclusions on material misstatements of accounts

Chapter 7 – Assessing the Risk of Material Misstatement (RMM) Audit risk: -

Auditors accept some level of risk in performing the audit

Risk assessment procedures: -

Inquiries of management and others within the entity Analytical procedures Observation and inspection

-

Discussion among engagement team members Other risk assessment procedures

Conditions for fraud: 1. Incentives/pressures a. Employee level – large debt, gambling addiction etc. b. Management level – competitive industry, bonuses, appearing profitable 2. Opportunity a. Weak internal controls b. Companies with greater cashflow/inventory c. Smaller companies with less segregation of duties (SOD) 3. Attitudes/rationalization a. Employee level – poor salary, overworked, company won’t notice b. Management level – attitude toward financial reporting Audit Risk Model: -

-

Audit risk is the risk that the auditor will express an inappropriate opinion when the financial statements are materially misstated DR = AAR / CR x IR  AAR = IR x CR x DR Detection Risk (DR) o The risk that the audit evidence for an audit will fail to detect misstatements exceeding PM Inherent Risk (IR) o The auditor’s assessment of susceptibility to material misstatements of an assertion Control Risk (CR) o The risk that a misstatement is not detected/corrected by the client’s internal controls

Assessing Acceptable Audit Risk (AAR): 1. Degree to which external users rely on the FS a. Client’s size  the larger the client, the more users b. Distribution of ownership (public vs. private)  public companies have more users (shareholders) c. Nature and amount of liabilities 2. Likelihood that the client will have financial difficulties after the report has been issued a. Liquidity position b. Profits (losses) in previous years c. Method of financing growth d. Nature of client’s operations e. Competence of management 3. The auditor’s evaluation of management’s integrity a. Lower management integrity means higher inherent risk (IR) Assessing AAR Framework: WHAT?  what is the risk factor?

HOW?  how does the risk factor afect the RMM? -

Increase/decrease IR/CR

WHY?  what are the implications of the risk factor afecting RMM? -

… because … This is called a balanced analysis

Ex. The fact that management has a performance bonus based on the P/E ratio (WHAT?) increases Inherent Risk (HOW?) because management could be incentivized to overstate their profitability (WHY?). Chapter 8 – Internal Control and COSO Framework Internal Control Objectives: -

Internal control  the policies and procedures implemented and maintained by management in order to provide reasonable assurance that management’s objectives are met 4 broad objectives: o Strategic, high-level goals that support the mission of the entity o Reliability of financial reporting o Compliance with laws and regulations

Entity-level controls: -

Controls that are pervasive in nature and do not address particular transaction cycles, but may prevent or detect and correct misstatements in several cycles

Transaction controls: -

Implemented for specific transaction risks Designed specifically to prevent or detect and correct misstatements in classes of transactions, account balances, or disclosures and their related assertions

5 components of internal control  CRIME 1. 2. 3. 4. 5.

Control Activities Risk Assessment Information and Communication Monitoring Control (E)nvironment

Control Environment: -

The foundation of efective internal control Addresses governance and management functions as well as attitudes, awareness, and actions of those charged with governance and management concerning internal control Principles for strong internal control: 1. Demonstrate commitment to integrity and ethical values 2. Board of directors exercises oversight responsibility 3. Management establishes structure, authority, and responsibility

4. Commitment to competence 5. Organization establishes and enforces accountability Risk Assessment: 6. 7. 8. 9.

Organization specifies relevant objectives Identifies and assesses risks Considers the potential for fraud in assessing risk Identifies and assesses significant changes

Control Activities:

-

10. Selects and develops control activities a. Combination of preventative and detective controls 11. Selects and develops general controls over technology 12. Deploys policies and procedures Controls over the Business Process (application system): o Proper authorization of transactions and activities o Adequate documents and records o Physical and logical control over assets and records o Adequate segregation of duties  ARC  Authorization, recording/reconciliation, custody of assets o Independent checks of performance, recorded data, and actual results

Information and Communication: 13. Obtains or generates relevant, quality information 14. Communicates internally 15. Communicates externally Monitoring: 16. Selects, develops, and performs ongoing and separate evaluations 17. Evaluates and communicates deficiencies Chapter 9 – Assessing Control Risk and Designing Tests of Controls -

All 5 components of internal control (CRIME) must be addressed when developing an understanding of internal control related to financial reporting

Methods for documenting and understanding control activities: -

A written description of the client’s internal controls and relevant control activities A diagrammatic representation of the client’s documents and records and the sequence in which they are processed A series of questions about the controls in each audit area used as a means of gaining an understanding of internal control

Evaluating Internal Control Design:

-

Update and evaluate auditor’s previous experience with the entity Make inquiries of client personnel Observe the entities activities and operations Perform walkthroughs of the accounting system Assess control risk

Note: the starting point for most auditors is the assessment of entity-level controls Pervasive controls: -

Entity-level controls General IT controls

Specific controls: -

Transaction controls IT application controls

Controls deficiencies: -

These exist if the design or operation of controls does not detect and correct misstatements in a timely manner 5 step approach for identifying significant and/or material internal control weaknesses: 1. Identify existing controls 2. Identify absence of key controls 3. Consider the possibility of compensating controls 4. Decide whether there is a significant deficiency or material weakness 5. Determine the potential material misstatements that could result

Test of controls: -

Test efectiveness of controls 5 types of audit procedures are used to support the operation of key internal controls: 1. Make inquiries of appropriate entity personnel 2. Inspect documents, records, and reports 3. Observe control-related activities 4. Test data 5. Reperform client procedures

Note: whenever the auditor has made the decision to rely on internal controls, they must be tested. Chapter 10 – Develop Risk Responses: Audit Strategy and Audit Program Types of audit tests: -

Risk assessment procedures Test of controls Substantive test of transactions Substantive analytical procedures Substantive test of balances (test of details of balances)

Selecting which types of tests to perform: -

If controls are efective, the auditor will conduct more tests of controls and fewer substantive tests If controls are not functioning, or are too expensive to test, then the auditor will conduct more tests of details

Note: an exception in a test of controls, or an exception in an analytical procedure, only indicates the likelihood of misstatements afecting the dollar value of the financial statements. An exception in a substantive test of transactions, or a test of details of balances is a financial statement misstatement. Substantive vs. combined approach: -

If CR is high, use a substantive approach If CR is low, you can use a combined approach, relying on controls

Roll forward: -

Is when an auditor performs substantive work on journal entries a...