A3 - Risk, Evidence, and Sampling

During planning, what is the audit specifically required to perform?

Analytical procedures related to revenue in order to identify unusual or unexpected relationships that might indicate MM, including MM due to fraud

How should the auditor design and perform risk assessment procedures?

In a manner that is not biased towards obtaining corroborative, rather than contradictory, audit evidence

At what level do analytical procedures review data?

At a HIGH level

What do analytical procedures include?

• Comparing current year to prior year

• Comparing current year to budget/forecast

• Ratios to prior year or industry

What should the members of the audit engagement team do during the risk assessment process?

Have a risk assessment discussion to discuss the susceptibility of the financial statements to material misstatement and the need for maintaining professional skepticism

What needs to be done in respect to risk assessment procedures?

Need to observe and inspect in order to support, corroborate, or contradict inquiries

Are the audit objectives the same in both computerized and manual environments?

Yes

What aids the auditor in assessing the entity’s inherent risk?

The auditor’s understanding of industry, regulatory, and other factors, as well as the entity’s nature, objectives, strategies, biz risks, and financial performance

What are the phases and order of them in the business cycle?

• Expansionary Phase

• Peak

• Contractionary Phase

• Trough

• Recovery

What are the characteristics of the expansionary phase?

• Increased economic activity and growth

• Rising GDP

• Decreased unemployment rates

• Higher consumer confidence

• Increased production and sales of goods/services

• Potential inflationary pressures

What are the characteristics of the Peak phase?

• Highest level of economic activity

• Maximum output levels (full capacity)

• High GDP

• At the natural rate of unemployment

• Consumer confidence

• Indicators of inflation

What are the characteristics of the Contractionary phase?

• Slowing growth

• Decrease in GDP

• Rising unemployment

• Low consumer confidence

• Reduced production

• Price deflation

What are the characteristics of the Trough phase?

• Lowest point of economic activity

• Unused productive capacity

• Unwillingness to risk new investments

What are Normal Goods?

As income increases, demand increases

What are Inferior Goods?

As income increases, demand decreases

What are the factors that change supply (shift it to the right)? (mnemonic)

E - future Expected decrease in selling price

C - decrease in production Cost

O - decrease in demand of Other goods at firm

S - increase in Subsidies or decrease in taxes

T - improvements in Tech

What are the factors that change demand (shift it to the right)? (mnemonic)

S - increase in price of Substitute good/decrease in price of complementary good

P - increase in Popularity of goods/services

I - increase in Income

N - increase in Number of buyers

E - (consumers) Expect price to increase in future

What is profit maxmization?

When margin cost = marginal revenue

What is price elasticity?

% change in quantity demanded/supplied is driven by change in price

What are leading indicators?

Predict the future:

• Average weekly unemployment claims

• Bond yield curve

• Interest rate spreads (10 year treasury bonds vs. Federal funds rate)

• Producer price index

What are lagging indicators?

Confirm or dispute previous forecast:

• Average duration of unemployment

• Consumer Price Index

What are coincident economic indicators?

Happen at same time as economy:

• Industrial production

• Manufacturing and trade sales

• GDP

What is the auditor more concerned with?

Whether and how a specific control prevents, detects, and corrects MM

What is the system of internal control relevant to?

The entire entity, and any of the entity’s operating units or business functions

What are the different types of general IT controls?

Applications, database, operating system, network, acquisition

What do information processing controls do?

Helps ensure integrity of data in entity’s information system

What is the primary reason the auditor performs risk assessment procedures, such as obtaining an understanding of the system of internal control?

To helo the auditor identify where potential misstatements may occur

What is included in audit documentation of the design/implementation of controls? (mnemonic)

F - Flowchart

I - Internal control questionnaire or checklist

N - Narrative

D - Documentation from the client (manuals, org chart)

What are preventive controls?

Designed to provide reasonable assurance that only valid transactions are recognized, approved, and submitted for processing

What are Detective Controls?

Designed to provide reasonable assurance that errors or irregularities are discovered and corrected on a timely basis (performed after processing)

When are flowcharts more appropriate in comparison to narratives?

For documenting complex control structures

What is part of the determination of whether a risk is a significant risk?

• Should ignore the effects of controls related to the risk

• Should be based entirely on inherent risk

• Exists when inherent risk is higher on the spectrum of inherent risk

What does identification of the level of risk help the auditor determine?

The appropriate response

What are financial statement level risks?

Risks that could affect several different assertions:

• Process to prep F/S

• Overall systems of internal control

• Lack of qualified personnel in financial reporting

• Selection/application of accounting policies

What are assertion level risks?

• Specific risks

• Separately assess IR and CR

What are the factors that may be indicative of a significant risk?

• Risk of fraud

• Significant emerging economic/accounting development

• Related party transactions

• Improper revenue recognition

• Nonroutine/complex transactions

• Accounting estimates

• Accounting principles with different interpretations

How might financial statement level risks be addressed?

• Increased emphasis on maintaining professional skepticism

• Assigning more experiences or specialized staff

• Changing the nature, extent, and timing of audit procedures

• Incorporate unpredictability

What two audit approaches can the auditor choose between for identified risks at the relevant assertion level?

1. A Substantive Approach: Only substantive procedures will be performed when controls are nonexistent/ineffective, or it would be inefficient to test them (CR at maximum)

2. A Combined Approach: Tests of controls are performed if well-designed/implemented, or if there’s an extensive use of technology

What is the required audit response for all significant risks?

1. Evaluate design and implementation

2. If relying on operating effectiveness, tests of controls must be performed in current period

3. Perform substantive procedures linked/respond to risk

4. Obtain more persuasive evidence

5. Communicate to those charged with governance

6. Is it a KAM or CAM?

Is the auditor required in a F/S audit to test controls?

No

Can you use prior year tests of controls for the current year?

If controls haven’t changed, the operating effectiveness must be tested at least once every third year if evidence wants to keep being used in CY. Only if it’s a significant risk can you not use PY.

What are management and those charged with governance responsible for in terms of compliance with laws and regulations?

For making sure the entity’s operations are conducted in accordance with the applicable laws and regulations

What the auditor responsible for in terms of compliance with laws and regulations?

Obtaining reasonable assurance that the financial statements are free of material misstatement due to noncompliance with laws and regulations. They’re NOT responsible for preventing or detecting noncompliance.

What should the auditor do if noncompliance is intentional and material?

They should communicate to those charged with governance. However, you don’t need to do if it was clearly inconsequential.

What the auditor responsible for in terms of accounting estimates?

• Understanding the entity’s transactions or events that may give rise to a new or amended accounting estimate

• The relevant requirements of the applicable financial reporting framework

• The nature of the estimates and disclosures to be included in the F/S

• The nature of any identified controls related to accounting estimates

What are indicators of management bias with accounting estimates?

• Change in estimate or method + no valid reason

• Selecting significant assumptions to meet objectives

• Select a point estimate w/ overly optimistic/pessimistic

How do you calculate the misstatement of an unreasonable estimate?

1. Client’s recorded estimate - Best estimate supported by audit evidence = Misstatement

2. Client’s recorded estimate - Closest estimate in range to recorded amount = Misstatement

What the auditor responsible for in terms of assessing the RMM of an accounting estimate?

• Respond to the risk by obtaining evidence

• Testing how management developed the estimate

• Developing an auditor’s point estimate or range

What is management responsible for in terms of related party transactions?

Identifying and disclosing related party transactions

What is the auditor responsible for in terms of related party transactions?

Identifying any related party transactions encountered and verifying proper disclosure

What are the audit procedures for identifying a related party transaction?

1. Obtain an understanding

2. Obtain a conflict of interest statement from management and others within the company

3. Inquire of unapproved/exception transactions

4. Review entity filings with SEC

5. Look at legal confirmations and PY audit doc

6. Ask prior auditor

When audit procedures indicate that there are actual or potential litigation, claims, or assessments, what should the auditor do?

Have management prepare a letter of inquiry to the client’s attorneys regarding litigation, claims, and assessments. Then mail it directly. Use of this provides a means of corroborating management’s information.

When do we Update the Report Date in terms of a letter of inquiry?

If attorney response is after the report date

When do we Update Legal Response in terms of a letter of inquiry?

If attorney response is more than two weeks before the report date

Does the auditor need client approval to send a letter of inquiry?

Yes, but refusal will result in a disclaimer or withdrawal.

When is further investigation of an attorney’s legal letter required?

When the lawyer’s comments are vague/do not provide an evaluation of the likelihood of an unfavorable outcome

Who is responsible for identifying and accounting for all contingent liabilities (including pending litigation, claims, and assessments)?

Management

What factors may indicate substantial doubt? (mnemonic)

F - Financial difficulties

I - Internal matters

N - Negative trends

E - External matters

If going concern matters are not alleviated, how should the report be structured?

The auditor should either add a separate section to the auditor’s report with the “Going Concern…” heading (nonissuer) or an explanatory paragraph (issuer) to the unmodified (unqualified) opinion with the words “going concern” and “substantial doubt”.

What mitigation factors of going concern should the auditor look for?

• Borrowing money

• Reducing spending

• Selling assets

• Increasing ownership equity

• Restructuring of debt

What does “reasonable time” mean in terms of substantial doubt about an entity’s ability to continue as a going concern under FASB?

1 year after the date the F/S are issued (issuers) or available to be issued (nonissuers)

What does sufficiency refer to?

The quantity of audit evidence. Judgments about sufficiency are affected by the RMM and the quality of the evidence.

What does evidence need to be in order to be considered Appropriate?

Both reliable and relevant

What key attributes does appropriateness depend on?

Accuracy, completeness, authenticity, and susceptibility to management bias

What is the hierarchy of reliable evidence? (mnemonic)

A - Auditor’s direct personal knowledge and observation

E - External evidence (sent directly to the auditor is better)

I - Internal evidence (better if there’s strong IC)

O - Oral

What are the standard procedures used in audits? (mnemonic)

C - Confirmations

F - Footing, cross-footing, and recalculation

I - Inquiry

V - Vouching

E - Examination/inspection

C - Cutoff/review

A - Analytical procedures

R - Reperformance

R - Reconciliation

O - Observation

T - Tracing

W - Walkthroughs

A - Auditing related accounts simultaneously

R - Representation letter

S - Subsequent events review

What are the auditing procedures for completeness?

• Tracing

• Analytical review procedures (how certain items may be omitted)

• Observation of processes and procedures

What are the auditing procedures for Cutoff?

Cutoff procedures to analyze transactions before and after year-end for proper accounting period recognition

What are the auditing procedures for Valuation, Allocation, and Accuracy?

• Inspection of documentation supporting transactions

• Footing and cross-footing of schedules

• Independent recalculation

What are the auditing procedures for Existence and Occurrence?

• Confirmation of accounts with third parties

• Observation, inspection, and examination of assets, processes, and procedures

• Vouching

What are the auditing procedures for Rights and Obligations?

• Inspection of documentation supporting transactions, inspection of contracts, etc

• Confirmation

What are the auditing procedures for Understandability of Presentation and Classification?

• Inspection of documentation supporting transactions

• Review of all related disclosures for compliance with GAAP

• Inquiry of management regarding disclosures for the account and for related accounts

What do tests of details consist of?

Audit procedures applied to ending balances, the details of transactions, or a combination

What are Analytical Procedures?

Involve studying plausible relationships among data and usually the comparison of recorded amounts to auditor expectations.

When are analytical procedures required?

During planning and as an overall final review, but they are optional with respect to substantive procedures

What tests the assertion of completeness?

Tracing from the original source documents to the accounting records (identify understatement errors)

What tests the assertion of occurrence/existence?

Vouching from the accounting records to the original source documents (identify overstatement errors)

What are positive confirmations?

Need the other party to respond with if they agree/disagree with the balance

What are negative confirmations?

Need the other party to respond if they disagree with the balance only

What do you do with confirmation nonresponses?

1. Reach out twice or three times

2. Perform alternative procedures

3. Request that the client intervene

What are the assertions for account balances and related disclosures? (mnemonic)

C - Completeness

V - Valuation, allocation, accuracy

E - Existence/occurrence

R - Rights/obligations

U/P - Understandability of Presentation & classification

What are the assertions of transactions/events/related disclosures? (mnemonic)

C - Completeness

O - cutOff

V - Valuation, allocation, accuracy

E - Existence and occurrence

U/P - Understandability of Presentation & classification

What can sampling be?

Statistical or nonstatistical

What do both methods of sampling involve the use of?

Judgment

What are the advantages of statistical sampling?

• Provides a scientific method for planning for the sample size

• Objective basis for quantitatively evaluating sample results

• Measure sufficiency of audit evidence

What is Sampling Risk?

Risk that the sample is not representative of the population, and therefore the auditor’s conclusion will be different from what it would be if the auditor had examined 100% of the population

What is Non-Sampling Risk?

Includes using the wrong procedure or improperly evaluating evidence/results

What is the Risk of Incorrect Acceptance when performing substantive tests of details?

• Sample indicates that the balance is fairly stated when, in fact, it is not

• Effectiveness problem

What is the Risk of Incorrect Rejection when performing substantive tests of details?

• Sample indicates that the balance is not fairly stated when, in fact, it is fairly stated

• Efficiency problem

What is the Risk of assessing control risk too low when performing tests of controls?

• Sample indicates that the control is working when, in fact, it is not

• Effectiveness problem

What is the Risk of assessing control risk too high when performing tests of controls?

• Sample indicates controls is not working when, in fact, it is

• Efficiency problem

What does attribute sampling deal with?

• Yes or no questions

• Estimates rate of occurrence of a specific characteristic

What is the Deviation Rate?

Error rate in the sample

What is the Tolerable Deviation Rate?

Maximum rate of error the auditor can accept

What is the Expected Deviation Rate?

The auditor’s estimated error rate (before sampling)

What is the Upper Deviation Rate?

High end of range for auditor’s estimate of error rate (based on results from testing the sample)

What is the formula for the Upper Deviation Rate

Sample Deviation Rate + Allowance for Sampling Risk = Upper Deviation Rate

Which factors affect sample size in attribute sampling?

• Risk of assessing control risk too low (inverse)

• Tolerable deviation rate (inverse)

• Expected deviation rate (direct)

If the Upper Deviation Rate ≤ Tolerable Deviation rate, what conclusion should the auditor draw from attribute sampling?

Rely on control