ACC 550 Exam 2, ACC550 Exam 2

What is the most costly type of fraud?

Financial Reporting Fraud

What is the distinguishing factor between fraud and error?

"...whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional"

Are auditors responsible for the detection of fraud?

"An auditor conducting an audit in accordance with ISA's is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error."

Majority of significant financial statement fraud involves

Senior Management

Responses to address risk of management override

1) Review accounting estimates for biases

2) Evaluate business rationale for significant unusual transactions

3) Test appropriateness of journal entries and other adjustments...

Three classifications of journal entries

1) Standard, recurring entries

2) Non-standard entries

3) "Top-side" entries

What types of journal should you select for testing?

1) Unrelated, unusual or seldom-used accounts

2) Made by individuals who typically do not make entries

3) Recorded at end of period

4) Made at unusual times

5) Round numbers or consistent ending numbers

6) Unusual combinations of debits and credits

What is materiality?

The omission or misstatement of an item in a financial report is material if, in the light of surrounding circumstances, the magnitude of the item is such that it is probable that the judgment of a reasonable person relying upon the report would have been changed or influenced by the inclusion or correction of the item

When do materiality decisions begin and end?

Planning to sign off

Factors used to determine materiality

1) Use % of a benchmark to establish materiality for F/S taken as a whole (quantitative)

2) Adjust for qualitative considerations, including fraud

The firm's audit methodology will guide you through the process

Documentation requirements for materiality

1) Materiality F/S as a whole

2) Materiality for specific transactions, balances

3) Performance materiality

Qualitative factors for materiality

1) Arises from an item capable of precise measurement or whether it arises from an estimate and, if so, the degree of imprecision inherent in the estimate

2) Masks a change in earnings or other trends

3) Hides a failure to meet analysts' consensus expectations

4) Changes a loss into income or vice versa

5) Concerns a segment or other portion of the registrant's business that has been identified as playing a significant role in the registrant's operations or profitability

6) Affects the registrant's compliance with regulatory requirements

7) Affects the registrant's compliance with loan covenants or other contractual requirements

8) Effect of increasing management's compensation

9) Concealment of an unlawful transaction

Areas of an audit that use materiality

1) Planning

2) Audit Process - material misstatements and weaknesses

3) Evaluation - F/S taken as a whole

4) Communication - Management and those with governance

Two categories of laws and regualtions

1) Direct effect on F/S

2) Do not have direct effect on F/S

Examples of Direct Effect on F/S

1) Tax laws affecting accruals

2) Revenue recognition under gov't contracts

3) Pension laws affecting recognition

4) Industry specific reporting requirements

5) Statutorily-mandated requirements

6) Foreign Corrupt Practices Act

Examples Do Not Have Direct Effect on F/S

1) Operating license

2) Environmental regulations

3) Employment regulations

4) Occupational safety regulations

5) Regulatory solvency

What is the auditor's responsibility to detect noncompliance?

The auditor should obtain sufficient appropriate audit evidence regarding material amounts and disclosures in the financial statements that are determined by the provisions of those laws and regulations generally recognized to have a direct effect on the their determination

Dealing with noncompliance, what should the auditor do to gain an understanding?

(a) the legal and regulatory framework applicable to the entity and the industry or sector in which the entity operates; and

(b) how the entity is complying with that framework

Indications of noncompliance

1) Investigation by governmental agency

2) Violations cited by regulators

3) Unusually large payments made in cash

4) Unexplained payments of gov't officials

5) Improperly recorded transactions

6) Purchasing prices significantly above/below market

7) Adverse media comment

8) Payments to registered tax havens

What steps should an auditor take when noncompliance is identified or suspected?

1) Obtain understanding of the nature of the act and circumstances in which it has occurred

2) Obtain further information to evaluate the possible effect on the financial statements

3) Discuss matter with management (at level above those involved)

4) Communicate with those charged with governance

What documentation is needed for noncompliance?

1) Description of identified or suspected noncompliance

2) Results of discussion with management & those charged with governance

What does an integrated audit reports on?

1) Report on financial statements

2) Report on assessment of internal control over financial reporting

What is covered under SOX 404a?

1) Management establish and maintain adequate internal controls and procedures for financial reporting

2) Management issue annual report containing assessment of effectiveness of ICFR

What is covered under SOX 404b?

Auditor to attest to and report on assessment made by management

What is management's responsibility under SOX 404a?

1) Accept responsibility for the effectiveness of internal control over financial reporting

2) Evaluate the effectiveness of internal control over financial reporting using suitable control criteria

3) Support its evaluation of ICFR with sufficient evidence, including documentation

4) Present a written assessment of the effectiveness of internal control over financial reporting as of the end of the most recent fiscal year (Item 9A of 10K)

What are key provisions of the SEC Interpretative Guidance for management's responsibility?

1) Management should evaluate whether it has implemented controls that adequately address the risk that a material misstatement of the financial statements would not be prevented or detected in a timely manner"

2) The guidance describes a top-down, risk-based approach, including role of entity-level controls

3) Management's evaluation of evidence about the operation of its controls should be based on its assessment of risk"

4) The guidance provides an approach for making risk-based judgments about the evidence needed

What are the auditor's responsibilities for ICFR?

1) Auditor's objective in an audit of ICFR is to express an opinion on the effectiveness of the company's ICFR

2) Auditor must plan and perform the audit to obtain competent evidence to obtain reasonable assurance about whether a material weakness exist

True or False: A material weakness in ICFR does not exist if the financial statements are not materially misstated

False

What are entity level controls?

ELCs are necessary for an effective system of ICFR and may affect the other controls management deems necessary to adequately address the financial reporting risks for a financial reporting element

What are the types of ELCs?

1) Indirect

2) Monitoring

3) Direct

What are indirect ELCs?

Important, but has an indirect effect, on the likelihood that a misstatement will prevented or detected on a timely basis

What are monitoring ELCs?

ELCs that are designed to identify possible breakdowns in lower-level controls but do not by themselves adequately address financial-reporting risks

What are direct ELCs?

Designed to operate at level of precision that would adequately prevent or detect material misstatement on a timely basis

What examples of ELCs?

1) Control environment

2) Management override

3) Risk assessment process

4) Centralized processes and controls

5) Monitor results of operations

6) Monitor other controls

7) Period-end financial reporting process

8) Policies over significant business control & risk management practices

What is the Test of Controls formula?

Testing and Evaluating...

+Design and Implementation

+Operating Effectiveness

=Test of Controls

What are the appropriate procedures for Testing & Evaluating Design?

1) Inquiries (not sufficient by itself)

2) Observation

3) Walkthroughs - reperformance

4) Inspection of relevant documentation

What does Testing & Evaluating Design focus on?

IC over financial reporting is effectively designed when the controls complied with would be expected to prevent or detect errors or fraud

What does Testing & Evaluating Operating Effectiveness focus on?

Whether a control is operating as designed and whether the person performing the control possesses the necessary authority and qualifications

What are appropriate procedures for Testing & Evaluating Operating Effectiveness?

1) Inquiries (not sufficient by itself)

2) Inspection of relevant documentation

3) Observation

4) Reperformance

What is a control deficiency?

Exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis

What is a significant deficiency?

A control deficiency that is less severe that a material weakness, yet important enough to merit attention by those overseeing financial reporting

What is the relationship between deficiencies and material weaknesses?

A material weakness is a deficiency, or combination of deficiencies, that results in a reasonable possibility that a material misstatement of the financial statements (annual or interim) will not be prevented or detected on a timely basis

What determines the severity of a deficiency in ICFR?

Does not depend on whether a misstatement actually has occurred, but rather on whether there is a reasonable possibility that the company's ICFR will fail to prevent or detect a misstatement on a timely basis

What are indicators of material weakness?

1) Identification of a fraud by senior management

2) Restatement of previously issued financial statements to reflect correction of a material misstatement

3) Identification by the auditor of a material misstatement that would not have been detected by the company's ICFR

4) Ineffective oversight over external financial reporting and internal controls by the audit committee

What are the reporting provisions of AS5 for ICFR?

1) Evaluate severity of each deficiency

2) Form opinion on effectiveness of ICFR

3) Consider impact of MW on F/S audit

How does IT impact inherent risk?

1) Complexity

2) Possible malfunctions

3) Assumption that everything is correct

4) "Out of sight, out of mind"

5) Garbage in, garbage out

6) Whatever it does, it does it consistently

Why are IT specialists used during an audit?

The use of professionals possessing information technology (IT) skills to determine the effect of IT on the audit, to understand the IT controls, or to design and perform tests on IT controls or substantive procedures is a significant aspect of many audit engagements

What factors do you need to consider in determining the need for IT professional?

1) Complexity of systems and IT controls

2) Significant changes made to systems

3) Data shared among systems

4) Participation in electronic commerce

5) Use of emerging technologies

6) Audit evidence available only in electronic form

What are possible areas for IT assistance?

1) Understanding how data and transactions are initiated, authorized, recorded, processed, reported

2) How IT controls are designed

3) Inspecting systems documentation

4) Observing operation of IT controls

5) Performing tests of IT controls

6) Performing substantive audit tests

7) Evaluation of results

8) Communication

What is the effect of IT on internal controls?

1) May effect many or all of the 5 components of internal control

2) May be part of a discrete system or a complex integrated system

3) Affect fundamental manner transactions are initiated, authorized, recorded, processed, and reported.

4) Often a mix of manual and automated controls

What is the impact of IT on internal controls?

1) Unauthorized assess/changes to data

2) Unauthorized changes to systems and programs

3) Failure to make necessary changes

4) Reliance on systems that process data incorrectly

5) Inappropriate manual intervention

6) Potential loss of data

7) IT personnel access beyond assigned duties

What are the two types of controls relevant to IT-related risks?

1) Application Controls

2) IT General Controls

What are IT General Controls?

1) Access to programs and data

2) Program changes to operating systems and applications

3) Program development for new, acquired, or developed operating systems and applications

4) Computer operations

5) Obtain evidence throughout the period under audit

Why is the testing of ITGC's important?

1) Impact on IT controls

2) Impact on information provided from use of technology

3) Watch inadvertent reliance on information provided by technology

Where is IT used to prepare financial statements?

1) Enter transactions in G/L or subsidiary ledgers

2) Initiate, authorize, record, and process journal entries

3) Initiate and record recurring and nonrecurring journal entries

4) Combine and consolidate G/L data

5) Prepare financial statements

What are possible applications for CAAT's?

1) Tests of ITGC's

2) Tests of application controls

3) Tests of details of transactions and balances

4) Extracting data for audit testing

5) Reperforming calculations performed by entity's accounting system

What is a service organization?

An organization or segment of an organization that provides services to user entities that are relevant to those user entities' internal control over financial reporting

What is a service auditor?

Practitioner who reports on controls at a service organization

What is a user entity?

Entity that uses a service organization and whose financial statements are being audited

What is a user auditor?

Auditor who audits and reports on the financial statements of a user entity

What is the responsibility of auditor when a client uses a service organization?

If the user auditor is unable to obtain sufficient understanding from the user entity, the user auditor should obtain the understanding from 1 or more of the following:

1) Obtain Type 1 or 2 report

2) Contacting the service organization

3) Visiting the service organization & performing procedures

4) Use another auditor to perform procedures

What are analytical procedures?

1) Evaluations of financial information through analysis of plausible relationships among both financial and nonfinancial data."

2) Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data.

Analytical procedures also encompass the investigation of significant differences from expected amounts.

What type of information can you use for analytical procedures?

1) Information for comparable prior periods

2) Anticipated results

3) Relationships among elements of financial statements

4) Industry information

5) Relationship between financial and nonfinancial information

When do auditors use analytical procedures?

1) Risk assessment to identify RMM (required here)

2) Substantive test to obtain evidence about an assertion

3) Overall review of F/S in final review stage (required here)

What is a risk assessment analytical procedures?

Purpose: Assist in planning the audit procedures

Focus:

(a) Enhancing auditor's understanding,

(b) identify areas with possible specific risks

Data aggregation level: High

Type of data: Primarily financial

Timing and extent: Varies, usually @ planning

Example: Inventory turns by item prior to inventory price test

What is the final review analytical procedures?

Purpose: Assist in assessing conclusions reached and overall F/S presentation

Focus:

(a) adequacy of evidence gathered,

(b) corroborate audit evidence obtained

Data aggregation level: High

Type of data: Primarily financial

Timing and extent: At end of engagement; may indicate additional evidence needed

Example: Read F/S, footnotes, MD&A

What are substantive analytical procedures?

Purpose: Obtain evidence to support assertion

Focus: (a) Identification of misstatements or omissions, (b) consider level of assurance desired

Data aggregation level: Disaggregated

Type of data: All types

Timing and extent: Often done in concert with substantive tests of transactions or tests of details of balances

Example: Apply historical average of allowance for doubtful accounts to gross A/R and compare to current allowance balance, also compare to sales growth

What are the requirements for analytical procedures?

1) Determine suitability for assertions

2) Evaluate reliability of data

3) Develop expectation of recorded amounts - sufficiently precise to identify misstatement

4) Determine difference between expected amount and recorded amount

What the advantages of analytical procedures?

1) Cost effective

2) Focus audit effort

3) Forest for the trees

What are the disadvantages of analytical procedures?

1) Ability to establish auditor expectation

2) Lack of precision

3) Failure to detect unusual relationship

4) Failure to follow up on exceptions

What do effectiveness and efficiency depend on?

1) Nature of assertion

2) Misstatement not be apparent from examination of details

3) Plausibility & predictability

4) Known predictable relationships

5) Income statement accounts more predictable

6) Availability & reliability of data

7) I/C, independent source, subject to testing

8) Precision of the expectation

9) To obtain desired level of assurance (performance materiality)

10) Greater detail increases opportunity to detect errors

What should you do if analytical procedures identify inconsistent fluctuations?

1) Reconsider methods and factors, if warranted

2) Inquire of management and corroborate response

3) Perform additional substantive audit procedures

What did the PCAOB have to say about analytical procedures?

Identified deficiencies in performing analytical procedure includes failure to

1) Develop appropriate expectations

2) Establish threshold for differences w/o further investigation

3) Establish threshold for differences to achieve sufficient level of assurance

4) Test data used in analytical procedure

5) Investigate unexpected differences

6) Corroborate management's explanations

What are the steps in the systematic process to conducting analytical procedures?

1) Identify assertion subject to analysis

2) Identify key facts to analysis

3) Identify relevant performance measures

4) Obtain data and perform computations

5) Structure analysis

6) Perform analysis

7) Investigate & evaluate differences

8) Conclude or expand tests

What is audit sampling?

Selection and evaluation of < 100% of population to conclude about population

What is sampling risk?

Conclusion about sample different than entire population

What is nonsampling risk?

Reach erroneous conclusion not related to sampling risk

What is population?

Entire data set to draw conclusion

What is sampling unit?

Individual items comprising the population

What is stratification?

Dividing population into subpopulations

What is statistical sampling?

Approach to sampling that consists of random selection and use of appropriate statistical technique to evaluate results, including sampling risk

What is nonstatistical sample?

1) Not statistical sampling

2) Lacks two characteristics (random selection and use of appropriate statistical technique to evaluate results)

What is tolerable misstatement?

Application of performance materiality to sampling

What is tolerable rate of deviation?

Rate of deviation auditor willing to accept in population

What do you need to consider when designing a sample?

1) Consider purpose of audit procedure (Tests of controls and Substantive tests)

2) Sample size sufficient to reduce sampling risk to acceptable low level

3) Select items to be representative of the population

How do you determine a sample size?

1) Lower the risk the auditor willing to accept

2) Greater the sample size

3) Statistical or professional judgment

What factors influence sample size for Test of Controls?

1) Tolerable rate of deviation

2) Expected rate of deviation

3) Desired level of assurance

4) Number of sampling units, IF population very small

What factors influence sample size for Substantive Tests?

1) Assessment of RMM

2) Assurance from other substantive procedures

3) Tolerable misstatement

4) Expected misstatement in population

5) Stratification, when performed

What should you consider when selecting sample items?

1) Focus on areas where misstatement is likely

2) Examine items deemed high risk, sample remaining population

What are characteristics of Statistical Samples?

1) Random

2) Simple random

3) Systematic random

4) Probability weighted, including monetary unit

What are characteristics of Nonstatistical Samples?

Random or haphazard

What are Deviations? And what should you do?

1) Investigate the nature and cause of any deviations or misstatements and evaluate possible effect on audit procedures and other areas in the audit

2) Indications of intentional misstatement

How do you evaluate sample results?

1) Sample results, including sampling risk

2) Whether results provide reasonable basis for conclusions about the population

3) Consider need to adjust nature, timing and extent of procedures

What is a review (in relation to quality control)?

Appraising the quality of the work performed and conclusions reached by others

What are the elements of quality control supervision?

1) Tracking progress of engagement

2) Considering competence and capabilities of members of engagement team

3) Addressing significant findings/issues

4) Identify issues for consultation

5) The engagement partner should take responsibility for reviews being performed..."

6) The engagement partner may delegate part of the review responsibility to other members of the engagement team

What is the purpose of a review?

1) Determine audit work was adequately performed and documented

2) Evaluate the results, relative to the conclusions to be presented in the auditor's report

What are the review responsibilities and policies based on?

The basis that work of less experienced team members is reviewed by more experienced team members

What is documentation is required for reviews?

1) Who reviewed the audit work

2) Date of the review

3) Extent of the review

What should the reviewer consider?

1) Performed in accordance with professional standards & regulatory requirements

2) Significant findings/issues raised for further consideration

3) Appropriate consultations have taken place & conclusions documented and implemented

4) Nature, timing and extent of work appropriate & without need for revision

5) Work performed supports conclusions reached and is appropriately documented

6) Evidence obtained is sufficient and appropriate to support report

7) Objectives of audit procedures achieved

When are review processes performed?

1) "Usually" performed at the entity's premises

2) Continuously throughout the audit

3) Upon completion of the audit work

4) Policy on "review notes"