Repaso de Auditoria

Pre-Engagement Activities

Activities that auditors undertake before beginning an audit engagement.

Client Acceptance or Continuance

Communication between predecessor and prospective auditors.

Compliance with Independence and Ethical Requirements

Auditors must comply with appropriate ethical requirements and maintain independence.

Engagement Letters

Acts as a contract between auditor and client, reducing misunderstandings and legal liability.

Audit Plan

A comprehensive list of specific audit procedures needed to gather sufficient appropriate evidence.

Staffing the Audit Engagement

Teams usually consist of the audit engagement partner, audit manager, IT auditor, tax specialist, quality assurance partner, and audit staff.

Use of IT Auditors

Specialized skills needed to evaluate computerized processing effects on the audit.

Independence in Mental Attitude

Auditors must maintain independence in their mental attitude.

Independence in Fact

Actual independence from influences that could affect the audit.

Independence in Appearance

Relates to perceptions of auditors' independence.

Engagement Objectives

Should include the objectives of the engagement in the engagement letter.

Management's Responsibilities

Responsibilities of management should be outlined in the engagement letter.

Auditors' Responsibilities

Responsibilities of auditors should be specified in the engagement letter.

Limitations of the Engagement

Any limitations of the engagement should be included in the engagement letter.

Risk of Material Misstatement

The auditor must assess the risk of material misstatement at the financial statement and assertion level.

Nature, Timing, and Extent of Tests

The auditor must plan the nature, timing, and extent of control tests and substantive tests.

Communication Requirements

An attempt to communicate is required by the prospective auditor after securing approval from the audit client.

Basic Information

Includes issues that reflect directly on the integrity of management.

Disagreements

Disagreements about accounting principles or audit procedures must be communicated.

Fraud and Illegal Acts

Communications about fraud, illegal acts, and internal control recommendations must be shared.

Change of Auditors

Understanding about the reasons for the change of auditors should be communicated.

Experienced Staff Assignment

More experienced staff members are typically assigned for new clients and complex transactions.

IT auditors

Members of the audit team who are specially trained to evaluate computerized controls and processes.

Engagement team

The team that includes IT auditors for most audits of large companies.

Internal audit department

The department whose work external auditors must understand before relying on it.

Audit efficiency

Can be realized when internal auditors and external auditors work together.

Objectivity and competence of internal auditors

Factors external auditors should consider before relying on internal auditors' work.

Responsibility for audit decisions

External auditors cannot delegate this responsibility to internal auditors.

Professional judgment

Tasks that internal auditors should not be delegated if they require extensive professional judgment.

Audit specialists

Persons skilled in fields other than accounting and auditing who are not members of the audit team.

Auditor-engaged specialists

Specialists who should be unrelated to the company being audited.

Evaluation of specialist's work

Auditors should evaluate the work of the specialist.

Audit report

Specialists are not referred to in the audit report unless their findings cause the auditors' report to be modified.

Company specialist

Must consider the objectivity and competence of the company's specialist, including knowledge, skill, and ability.

Evaluation of company specialist's work

Includes evaluating data, methods, or assumptions made.

Extent of evaluation

Contingent on the risk of material misstatement, significance of work to auditor's conclusion, and objectivity and competence of the company specialist.

Time Budget

Used to maintain control of the audit by identifying problem areas early in the engagement.

Interim audit work

Refers to procedures performed several weeks or months before the balance sheet date.

Year-end audit work

Refers to procedures performed shortly before and after the balance sheet date.

Time Reports

Required reports from everyone working on the audit engagement regarding time taken to perform procedures.

Efficiency evaluation

One purpose of time reports is to evaluate the efficiency of the audit team members.

Billing record

Time reports compile a record for billing the client.

Planning record

Time reports compile a record for planning the next audit.

Materiality

Refers to an amount or transaction that would influence the decisions of users.

Quantitative factors in materiality

Include absolute size, relative size, and cumulative effects.

Qualitative factors in materiality

Include nature of the item or issue, circumstances, and uncertainty.

Professional judgment in materiality

Ultimately, materiality is a matter of professional judgment.

Using Materiality on the Audit

Guides planning substantive procedures and directs attention to important, uncertain, or susceptible items.

Performance materiality

Used to ensure that the aggregate of uncorrected and undetected immaterial misstatements does not exceed materiality for the financial statements as a whole.

Audit report decisions

Materiality guides decisions about the audit report.

Audit Procedures

Actions taken by auditors for three purposes: to understand the client and associated risks, to test the effectiveness of internal controls, and to produce evidence about management's assertions in financial statements.

Risk Assessment Procedures

Audit procedures used to gain an understanding of the client and the risks associated with the client.

Test of Controls

Audit procedures used to test the operating effectiveness of client internal control activities.

Substantive Procedures

Audit procedures that produce evidence about management's assertions related to amounts and disclosures in a client's financial statements.

Substantive Audit Plan

A list of audit procedures for gathering evidence related to relevant assertions identified for significant financial statement accounts and disclosures.

Substantive Analytical Procedures

One of the two ways to conduct substantive tests, involving analysis of relevant financial and nonfinancial data.

Tests of Details

One of the two ways to conduct substantive tests, focusing on specific details of transactions and balances.

Types of Audit Procedures

Includes inspection of records and documents, inspection of tangible assets, observation, inquiry, confirmation, recalculation, reperformance, and analytical procedures.

Vouching

An inspection procedure that involves verifying the authenticity of transactions by examining supporting documents.

Tracing

An inspection procedure that involves following a transaction from its source document to its final recording in the financial statements.

Scanning

An inspection procedure that involves reviewing documents to identify significant or unusual items.

Analytical Procedures

Procedures that involve evaluating financial statement accounts by developing expectations based on relevant data and comparing them to recorded balances.

Audit Documentation

The written record of the basis for the auditor's conclusions that supports the auditor's representations.

Objectives of Audit Documentation

To improve audit quality and enhance public confidence.

Purposes of Audit Documentation

Integral part of audit quality, documents the nature, timing, and extent of work performed, provides evidence of due care, basis for conclusion, facilitates planning, performance, supervision, and provides basis for review.

Audit Documentation Requirements

Should enable an experienced auditor to understand the nature, timing, extent, and results of procedures, evidence obtained, and conclusions reached.

Permanent Files

Audit documentation that contains information of continuing audit significance, such as key contracts and agreements.

Current Files

Audit documentation that includes the entire engagement administration file for the year under audit.

Significant Accounts

Accounts that could contain a material misstatement and must be listed in the planning documentation.

Relevant Assertions

Assertions related to significant accounts and disclosures in the client's financial statements.

Financial statement assertion

A claim related to the significant accounts and disclosures that may contain a misstatement causing material misstatement.

Workpaper

A document containing information such as name, date, purpose, page number, procedures performed, and conclusions reached by the auditor.

GAAS

Generally Accepted Auditing Standards that auditors must follow.

Audit Tick Mark Legend

A guide that includes preparer's and reviewers' initials used in audit documentation.

Documentation retention period

Documentation must be retained for seven years from the report release date or from the last day of fieldwork if no report is issued.

Finalization of documentation

All documentation must be finalized within 45 days of the audit report's release date.

Cyberattack

An event where unauthorized access to a computer system occurs, potentially leading to data theft or system damage.

Internal control

Processes designed to provide reasonable assurance regarding the achievement of objectives related to operations, reporting, and compliance.

COSO framework

A model that outlines five components of internal control: control environment, risk assessment, control activities, information and communication, and monitoring activities.

General controls

Controls that apply to all systems and help ensure the overall integrity of the information technology environment.

Application controls

Controls that apply to specific applications and help ensure the accuracy and completeness of data processing.

Information technology systems

Systems that manage and process data, impacting internal controls and financial reporting.

Sony cyberattack

A significant breach in November 2014 where Sony's computer systems were hacked, leading to data theft and operational disruption.

Impact of cyberattack on financial reporting

Sony Corp. was unable to meet stock-market deadlines for reporting third-quarter earnings due to the cyberattack.

FBI involvement

The Federal Bureau of Investigation was involved in investigating the Sony cyberattack.

North Korean government involvement

U.S. authorities concluded that the North Korean government was involved in the Sony cyberattack.

Wake-up call

The Sony cyberattack served as a warning to companies globally about the reality of cybersecurity threats.

Manual systems

Systems that are operated without the use of computers, used by Sony during the cyberattack.

Document theft

The unauthorized acquisition of sensitive documents during the Sony cyberattack.

Server destruction

The loss of 75 percent of Sony's servers during the cyberattack.

Email and voice mail disruption

The inability to communicate via email or voice mail due to the cyberattack.

Unreleased films leak

The hackers released films that had not yet been made public during the Sony cyberattack.

Reliability of Reporting

This objective relates to internal and external financial reporting, focusing on the reliability of external financial reporting.

Efficiency and Effectiveness of Operations

Controls within a company encourage efficient and effective use of its resources to optimize the company's goals.

Compliance with Laws and Regulations

Section 404 requires management of all public companies to issue a report about the operating effectiveness of internal control over financial reporting.

Section 404 of the Sarbanes-Oxley Act

Requires management of U.S. public companies to assess and report on the effectiveness of their internal control over financial reporting.

J-SOX

Japan's legislation that mandates management and auditor reporting on internal controls for Japanese companies.

Audit Risk Model

Auditors must obtain an understanding of internal control and gather evidence to support the assessment of the control risk component.

Financial Reporting Responsibilities

Management has both a legal and professional responsibility to ensure that information is fairly presented in accordance with reporting requirements.

U.S. GAAP

Generally Accepted Accounting Principles used in the United States for financial reporting.