Key Concepts in Auditing and Internal Controls

Four phases of an audit

1. Planning and Risk Assessment 2. Tests of Controls and Substantive Tests 3. Substantive Analytics and Tests of Details 4. Completion and Final Evidence Gathering

Planning phase of an audit

Understand business, assess risks, determine materiality, develop audit strategy.

Purpose of tests of controls

Evaluate operating effectiveness of internal controls to determine audit scope.

Substantive tests of transactions

Test for monetary misstatements in individual transactions.

Substantive analytical procedures

Used during substantive testing and completion phase to identify misstatements.

Completion phase

Final analytics, subsequent events review, management rep letter, report issuance.

When analytical procedures are required

Planning and final review stages.

Reasonableness test

An expectation of an account balance derived from known data.

Purpose of analytical procedures during planning

Identify unusual trends and areas of possible misstatement.

Three objectives of internal control

1. Reliability of financial reporting 2. Compliance with laws 3. Effectiveness and efficiency of operations.

Five components of the COSO framework

Control Environment, Risk Assessment, Control Activities, Information & Communication, Monitoring.

Responsibility for establishing internal control

Management.

Management's SOX 404 report

Responsibility and assessment of internal control effectiveness.

Material weakness

A deficiency that results in a reasonable possibility of a material misstatement.

Audit sampling

Testing less than 100% of a population to evaluate characteristics.

Two types of sampling risk

1. Risk of incorrect acceptance 2. Risk of incorrect rejection.

Difference between statistical and nonstatistical sampling

Statistical quantifies sampling risk; nonstatistical uses judgment.

Probabilistic sampling methods

Simple random and systematic.

Attributes sampling

Used for tests of controls.

Variables sampling

Used for substantive testing of account balances.

Key assertions for auditing A/R

Existence, accuracy, valuation, rights

Key assertions for auditing A/R

Existence, accuracy, valuation, rights.

Positive confirmation

Requests a response regardless of agreement.

Negative confirmation

Requests response only if information is incorrect.

Evaluate collectibility of A/R

Review subsequent cash receipts and aging analysis.

Indication of overstated A/R

Large balances with no subsequent collection.

Common types of cash accounts

General, Imprest, Restricted, Petty Cash.

Cash existence testing

Bank confirmations and reconciliations.

Lapping

A fraud where receipts are stolen and covered by later receipts.

Kiting

Transferring funds between accounts to overstate cash.

Audit bank reconciliations

To verify reconciling items and true cash balance.

Level 1 input

Quoted price in active markets.

Level 2 input

Observable input other than direct quotes.

Level 3 input

Unobservable input like internal models.

Assertion most relevant to fair value

Valuation.

Level 3 inputs high risk

They rely on assumptions and estimates.

Type I subsequent event

Those that have a direct effect on the financial statements and require adjustment of the current year’s financial statement amounts

Type II subsequent event

Those that have no direct effect on the financial statement amounts but for which disclosure is required

Contingent liability

A possible obligation from a past event.

Evaluate legal contingencies

Legal letters, inquiries, and board minutes.

Commitment in auditing

Future obligation not on B/S but must be disclosed.

Purpose of management representation letter

Confirms management's responsibility and representations.

PAJE

Passed Audit Journal Entry — not material alone but tracked.

Purpose of final analytical procedures

Ensure overall financial statement reasonableness.

Inherent risk

The susceptibility of an assertion to misstatement without controls.

Control risk

The risk that a misstatement will not be prevented or detected by internal controls.

Detection risk

Risk that auditor procedures fail to detect a misstatement.

Audit risk calculation

AR = IR × CR × DR

Significant risks

Risks that require special audit consideration.