Audit Midterm 2

What are risk assesment analytical procedures 

preliminary/planning procedures 

used to analyze both financial and nonfinancial information 

Auditors decition process for substantive analytical procedures

1. Develop an expeactation

2. Define a tolerable difference

3. Compare the expectation to recorded amount

4. Is the difference greater than tolerable difference

   1. yes → investigate difference. consider patterns, trends, relationships, and possible causes. make inquiries of management and obtain corrborative evidence

      1. is explanation of evidence adequate?

         1. yes → to step 5

         2. no → conduct other audit procedures or propose an audit adjustment → step 6

5. Accept amount

6. document results

Auditors need to have an expectation whenever substantive analytical procedures are used

TRUE

Precision

measure of the potential effectiveness of analytical procedure and how closely the expectation approximates the correct unkown amount

Relationship between detection risk and percision

INDIRECT (low detection risk, more precise)

4 factors that affect precision of analytical procedures 

1. disaggregation 

2. plausibility and predictability

3. data reliability 

4. type of analytical procedure used to form an expectation 

Relationship between precision and disaggregation

DIRECT more disaggregated (detailed) the more precision

plausibility

does the relationship used to test the assertion make sense

relationship between plausibility/predictability and precision

DIRECT (the more plausible and predictable, the more precise)

reliability of data for developing expectations depends on what

independence of the source and data is subjected to audit in the current or priopr periods and multiple sources of data

Three types of analytical procedures

1. trend

2. ratio

3. reasonableness 

the size of the tolerable difference depends on

1. significance of the account

2. the desired degree of reliabcon on substantive analytical prcedure

3. level of disaggregation in the amount being tested

4. precision of expectation

tolerable difference is WHAT compared to tolerable misstatement 

less than 

if monetary difference < tolerable difference…

the account is fairly stated

if monetary difference is > tolerable difference

the auditor must investigate more using other procedures

four possible causes of significant differences

1. accounting changes

2. economic conditions

3. error

4. fraud

if significant difference is due to error/fraud 

entituy’s personnel may provide a plausible, yet ultimately untrue, business explanation 

explanations for significant differences observed for substantive analytical procedures must be followed up by

1. quantification

2. corroboration

3. evaluation

Quantification

determining whether the reason given for the difference can explain the difference between auditor’s expectation and managments recorded balance through recalculation of expectation after considering additional information

Corroboration

obtaining sufficient appropriate audit evidence and linking the explanation to the difference and substantiating that the information supporting explanation is reliable 

Evaluation

objectively evaluate the results of the substantive analytical procedures to conclude whether the desired level of assurance has been achieved

key mindset behind effectively performing substantive analytical procedures

one of skpeticism

objective of analytical procedures at the end 

to assist the auditor in assessing the conclusions reached and evaluating overall financial statement presentation 

trend analysis

analysis of changes in an account over time by comparing last year’s balance to this year’s balance

ration analysis

comparison accross time or to a benchmark of relationships between financial statement accounts

reasonablenness analysis 

forming an expectation using a model

weaknesses of ratio analysis

1. industry ratios may not capture operating or geographical factors that may be specific to the entity

2. use of different accounting principles accross industry

3. industry data may not be available in sufficient detail

weaknesses of trend analysis

1. requires that the auditor have knowledge of business and industry

2. auditor would have to perform additional procedures to corroborate the increase in accounts

3. provides little to no audit evidence due to imprecision

components of the COSO Framework 

1. Control Environment

2. Entity’s Risk Assesment Process

3. Control Activities

4. Information and Communication

5. Monitoring Activities 

Audit Risk Model

AR = IR x CR X DR

Substantive Strategy 

CR 100% and ONLY doing substantive procedures, no reliance on internal controls 

Reliance Strategy

Test controls and use controls for procedures

the auditor may decide to follow a substantive strategy for some or all assetions because of one or all of what factors

1. the implemented controls do not pertain to the assertion the auditor is considering

2. the implemented controls are assesed as ineffective

3. testing the operating effectiveness would be ineffecient

Control activities for occurence 

• segregation of duties 

• prenumbered documents that are accounted for 

• daily or monthly reconciliation of subsidiary records with independent review 

controls for completeness

• prenumbered documents

• segregation of duties

• daily or monthly reconciliation

controls for authorization

• general and specific authorization of transactions at control points

control activities for accuracy

• internal verification of amounts and calculations

• monthly reconciliation of subsidiary records

cutoff control activities 

• procedures for prompt recording of transactions 

• internal review and verification

classification controls

chart of accounts

presentation controls

internal review and verification

types of documentations for understanding internal controls

• manuals and organizational charts

• internal control questionnaires

• flowcharts

• narrative descriptions

relationship between the size of an entity and internal controls implemented

likely direct (lower size, lower internal controls) 

limitations of internal controls

1. management override of internal controls

2. Human errors or mistakes

3. collusion

is a report over ICFR required

yes, it is to be reported ny management and the auditor needs to proved an opinion for larger companies (75 million equity +)

management requirements for ICFR

1. accept responsibility for the effectiveness of ICFR

2. evaluate the effectiveness of ICFR using criteria

3. support evaluation with sufficient evidence

4. present a written assessment

auditors objective in audit of ICFR 

express opinion on the effectiveness of the company’s internal control over financial reporting

auditors objective in financial statement audit

to express opinion on whether financial statements are fairly stated in according to GAAP

who is responsible for the reliability of ICFR and preperation of financial statements

CEO and CFO

who’s responsibility is it to manage and implement an effective internal control

the board of directors and management

control deficiency 

the design or operation of a control does not allow management or employees in the normal course of work to prevent and detect misstatements 

design deficiency

• a control necessary to meet the relevant control objective is missing

• an existing control is not properly designed so that even if the control operates as designed the control objective would not be met

operating deficiency

properly designed control doesn’t operate as designed

material weakness

a control deficiency/combination of deficiencies (in ICFR) that has a reasonable possibility that there is a material misstatement

significant deficiency 

control/combo deficiencies the are less than a material weakness, but important enough to merit attention 

the difference between significant, control, and material deficiency

likelihood and magnitude

steps of ICFR evaluation

1. identify financial reporting risks and related controls

2. consider which locations to include in the evaluation

3. evaluate evidence about the operating effectiveness of ICFR

steps in performing an audit of ICFR 

1. plan the audit 

2. identify controls to test

3. evaluate the design and test operating effectiveness of selected controls 

4. evaluate deficiencies 

5. form an opinion of effectiveness of ICFR 

projection

drawing a conclusion about a population based on results from a sample

population

consists of a collection of individual units whose characteristics will be studied

sample

a portion of population sapled to learn about population

representative sample 

a sample of individual units in the population with characteristics that are the same as entire population 

sampling risk

risk that sample is not representative of the population

nonsampling risk

risk that inaccuracies and errors will result due to auditor error

sample mean

average of sample

projected population mean 

simple the sample mean projected onto the population 

point estimate

estimate of population’s parameter based on sample results

confidence level

limits of how confident we want to be and relates to level assurance desired

three major advantages to using statistical sampling in audit

1. help auditor design an efficient sample

2. help the auditor measure the sufficiency of evidence (effectiveness)

3. helps the auditor evaluate the results

Attribute sampling 

used to estimate the proportion of a population based off a charateristic 

montetary-unit sampling

used to estimate dollar amount of misstatement for a class of transactions on an balance

classical variable sampling

can be used to estimate a dollar amount for a class of transactions or an account balance, used for substantive tests to see material misstatment

incorrect rejection (inefficient)

say an account is misstated when it isn’t

incorrect acceptance (ineffective)

say an account is correct when it isn’t 

types of analytical procedures used to form an expectation in order of precision

trend, ratio, reasonableness

relationship between precision and assurance

DIRECT (once increases, the other increases)

Relationship between tolerable difference and risk and precision

Indirect (if risk is higher, tolerable difference goes down, which makes it need to be more precise)

integrated audit 

those who do ICFR audit also do the financial statement audit 

if you have a high quantity of control deficiencies and significant deficiencies

them added together can pass materiality and THEN it is a material weakness

what have integrated audtis done to accuracy

decrease, but they are efficient so we still do them

when should sampling risk be considered

ALWAYS

relationship between detection risk and sample size

INDIRECT (as detection risk goes down, we need a larger sample) 

relationship between population and samplesize

DIRECT (if population is big, need big sample)

relationship between tolderable difference/misstatement and sample size

INDIRECT (low tolerable difference means you need to increase the sample size)

Expected deviation rate realtionship with sample size

DIRECT (EDR goes down, we don’t need as big of a samle)

perks to nonstatistical method 

1. easier

2. more judgement 

3. might be more work 

when do we use statistical vs nonstatistical sampling

stat → when you want to quantify sampling risk (NEED A RANDOM # GENERATOR)

nonstat → SR still considered (not as precise), haphazard sampling, less training so easier to apply accross teams

comparing sampling risk to tolerable mistatement

2x projected misstatment and compare

if 2 x projected misstatement is < tolerable misstatment

low risk that total mistatement in the account exceeds total mistatement (works until sample is 70-80% of population)

if 2x projected misstatment is > tolerable mistatement 

• request client to correct it and reaudit (efficient) (go fix controls) 

• increase sample size and reevaluate (only works of sample wasn’t representative of the population)

• requre client to adjust the account balance (if there is a KNOWN misstatement) 

• give no unqualified opinion (LAST RESORT) 

projected misstatment

mistatement found / sample $ x balance

can you use a random # generator in nonstatistical examples

yes, but it isn’t required

why do we multiply projected mistatement by 2

to allow for sampling risk

factors that effect revenue 

• industry related problems 

• complexity of revenue recognition issues 

• difficulty of auditing transactions and balances 

• misstatements in prior audits 

3 steps to a control risk assesment

1. understand and document revenue process

2. plan and perform tests of controls

3. asses and document control risk for revenue process based on test of controls

if test of controls support planned level of control risk

do planeed level of substantive procedures

if test of controls do not support planned level

set control risk high and modify nature, timing, and extent of substantive procedures

two categories of substantive procedures

substantive analytical procedures

substantive tests of details of classes of transactions, account balances, and disclosures

role of substantive analytical prcedures

used to examine plausible relationships among related accounts

focus of tests of transactions

sales and cash receipts of transactions

focus on tests of details of account balances 

detailed amounts or estimates that make up the ending balance for revenue-related accounts