A3 M1 AUD CPA

Risk Assessment Procedures

Enables the auditor to identify and assess risks of material misstatement and make informed judgements about audit matters

• Procedures includes:

  1. Obtain understanding of entity and its environment

  2. Obtain understanding of internal control over financial reporting (Helps auditor’s identify where potential misstatements may occur)

  3. Inquire of audit committee and management about the risk of material misstatements

  4. Perform analytical procedures to assist with planning by identifying inconsistencies, unusual transactions, and trends that may have audit implications

  5. Conduct a discussion amount engagement team regarding risk of material misstatements

  6. Perform other procedures

Include Observation and inspection as such procedures may support, corroborate, or contradict inquiries of managament/ others

Analytical Procedures

Evaluations of financial information made by a study of meaningful relationships among financial and non financial data that helps the auditor understand the entity and its environment and identify unusual transactions/ events; procedures involve comparison of recorded amounts to independent expectations developed by the auditor.

• Required to be made in Planning Phase and Final Review Phase

Planning Phase

• Help auditor obtain an understanding of the client and its environment and identify unusual relationships

• Must include procedures related to revenue to help identify unusual relationships that may indicate fraud

  • Use data aggregated at a high level

Often involve:

1. Comparing CY to PY

2. Comparing CY to budget

3. Ratios to PY or industry

Final Review Phase

Assist the auditor in the final review of overall reasonableness of account balances

• Helps auditor determine if adequate evidence has been gathers in response to unusual/unexpected balances identified in audit

• Pay careful attention to unusual relationships relating to year-end revenue and income

Inquiries

Risk assessment procedure involving questions to management, those charged with governance, internal auditors, and other internal groups (IT, Marketing, Risk Management, In-House Counsel)

• Include Observation and inspection as such procedures may support, corroborate, or contradict inquiries of managament/ others

Objective

The overall plans for an entity

• Strategy: The overall ments to achieve objectives

Business Risk

Risks that result from events or circumstances that could adversely affect the entity’s ability to achieve its objectives and execute its strategies and impact the financial statements

1. Industry Developments

2. New Products and Services

3. Expansion of the Business

4. New Accounting Requirmeents Regulatory Requirements

5. Current and Prospective Financial Requirements

6. The Effects of Implementing a Strategy Leading to New Accounting Requirements

7. Entity’s Use of IT

8. Climate-Related Events

Inherent Risk

Characteristics of events or conditions that affect the susceptibility of an assertion about a class of transactions, account balance, or disclosure to misstatement, whether due to error or fraud, before the consideration of controls

• Factors: Complexity, Subjectivity, Change, Uncertainty, Management Bias or Fraud Risk, Significance, Volume or Lack of Uniformity

• The auditor’s understanding of industry, regulatory, nature, objective strategies, business risks and financial performance help auditor in assessing the entity’s risk

Information Technology (IT)

Encompasses automated means of originating, processing, storing, and communicating information

• Affects both the design and implementation of internal controls and the audit procedures used to gather evidence

IT Infrastructure

Entity’s IT environment that consists of multiple layers of technology

• Hardware

• Software

• Network

• Operating System

• Data Storage

Auditor obtains an understanding of the IT environment by performing risk assessment procedures, such as:

1. Touring the entity’s facilities

2. Conducting inquiries of entity personnel

Supply

Price and quantity supplied are positively related where the higher the price received for a good, the more sellers will produce (higher quantity)

Change in Quantity Supplied

A change in the amount producers are willing and able to produce resulting solely from a change in price

• Movement along the line

Change in Supply

A change in the amount of a good supplied resulting fro a change in something other than price (shift of supply curve)

• Factors = “ECOST”

  1. Changes in price Expectations of the supplying firm

  2. Changes in production Cost

  3. Changes in the price or demand for Other goods

  4. Changes in Subsidies or taxes

  5. Changes in production Technology

Demand

Price and quantity demand are inversely related (negative correlation) where the higher the price charged for goods are, the less the buyers will demand (lower quantity)

Change in Quantity Demanded

A change in the amount consumers are willing and able to purchase resulting solely from a a change in price

• Movement along the line

Change in Demand

A change in the amount of a good demand resulting from a change in something other than the price (shift)

Factors = “SPINE”

1. Changes in price related to goods (Substitutes/ complements)

2. Changes in consumer tastes and Preferences for a product

3. Changes in Income and wealth

4. Changes in Number of buyers served by the market

5. Changes in consumer Expectations (related to price)

Market Equilibrium

The point at which the supply and demand curves for a product intersect

• Intersection of supply and demand determine the equilibrium price and quantity

Elasticity

A measure of how sensitive the demand for, or the supply of, a product is to a change in price

Price Elasticity of Demand

The percentage change in quantity demanded driven by the percentage change in price; how much the demand changes when there’s an increase/ decrease in price

• A good is…

  1. Price Elastic: Quantity demanded is highly sensitive to price changes (More substitutes available)

  2. Price Inelastic: Quantity demanded is NOT very sensitive to price a changes (Less substitutes available; need product)

Price Elasticity of Supply

The percentage change in quantity supplied driven by the percentage change in price

• A good is:

  1. Price Elastic: Supply demanded is highly sensitive to price chnages (Products store easily)

  2. Price Inelastic: Supply demanded is NOT very sensitive to price changes (Products are perishable)

Cross Elasticity

The percentage change in the quantity demanded or supplied of one good cause by the price change of another good

• Tells us if we are looking at substitute or complementary goods

  1. Substitute Good: As price of alternative good increases, qty. demanded/ supplied increases for good

  2. Complementary Good: As price of good in relation to an item decreases, quantity demanded/ supplied increases

Income Elasticity

Measures the percentage change in qty demanded for a product for a given percentage change in income

1. Normal Goods: As income increases, demand increases

2. : As income increases, demand decreases

Profit Maximization

Occurs when the level of production is such that marginal revenue equals marginal cost

• The point at which total revenue exceeds total costs by the largest amount

Marginal Revenue

The amount of revenue a company earns for each additional unit sold

Marginal Cost

The additional amount of cost incurred from producing each additional unit

Business Cycle

The risk and fall of economic activity relative to long-term growth trends

• Phases:

  1. Expansionary Phase

  2. Peak

  3. Contractionary Phase

  4. Trough

  5. Recvery Phase

Expansionary Phase

A phase of the business cycle where there’s risking economic activity, rising profits, storng growth, increased demand/ GDP, rising prices, lower unemployment

Peak

A phase of the business cycle where it’s the highest point of economic activity, where profits are at their highest level, firms face capacity constraints, and input shortages leads to higher costs and higher price levels

Contractionary Phase

A phase of the business cycle that reflects falling economic activity, slowing and decreasing growth, reduced demand, falling profits, and high unemployment

Trough

A phase of the business cycle that is the lowest point of economic activity where profits are at the lowest levels, firms have excess capacity, and firms must reduce costs and workforce

Recovery Phase

A phase of the business cycle which reflects recovering economic activity, rising demand, profit stabilization, and increase in employment

Recession

Two consecutive quarters of falling national output (GDP)

• Economic experiences negative economic growth

• Firms’ profits fall and firms experience excess capacity

Depression

A very severe recession characterized by a long period of stagnation in business activity as well as high unemployment rates

Economic Indicators

Used by economists and analysts to predict the timing, severity, and duration of business cycles

• Types:

  1. Leading Indicators

  2. Coincident Indicators

  3. Lagging Indicators

Leading Indicator

Indicators that tend to predict economic activity

• They change before the economy starts to follow a trend

Types:

1. Average weekly unemployment insurance initial claims ←- Increase in claims = BAD

2. Bond yield curve ←- Increase = Healthy

3. Interest rate spreads (10-year treasury bonds vs. federal funds rate) ←- Increase in interest = Economy will contract

4. Producer Price Index (PPI) ←- Cost increases for supplier = Slight Increase = Healthy

Coincident Indicator

Indicators that change at approximately the same time as the whole economy and provide information about the current state of the economy

• Types:

  1. Industrial production

  2. Manufacturing an trade sales

  3. GDP

Lagging Indicator

Indicators that tend to follow economic activity; they change after a given economic trend has already started

• Used to confirm or dispute previous forecasts

Types:

1. Average duration of unemployment ←- How long were people unemployed for? Long = Unhealthy economy

2. Consumer Price Index (CPI) for services ←- Change in prices overtime; increase = Healthy economy

System of Internal Controls

The policies, procedures, and activities put in place by management to mitigate risk

• Auditor is required to test the design and implementation of controls that address RMM, NOT operating effectiveness of controls (Focuses on Financial reporting controls, NOT all controls)

  1. Controls address a significant risk (Related parties, Revenue recognition)

  2. Controls over Journal Entry/ Other adjustments

  3. Controls that will be used by the auditor to test the operating effectiveness in order to amend the Nature, Extent, and Timing of substantive procedures

Preventive Controls

Controls designed to provide reasonable assurance that only valid transactions are recognized, approved, and submitted for processing

• Applied before the processing activity occurs

• System prevents February 31 from being entered

  • Hiring competent individuals, personnel training, segregation of duties, and tech-related such as firewalls, anti-virus software, and security management

Detective Controls

Controls designed to provide reasonable assurance that errors or irregularities are discovered and corrected on a timely basis

• Performed after processing has been completed = “Detect them once error occurs”

• Performance of account reconciliations (Bank reconcilation)

Manual Controls

Controls performed by people and are most suitable when judgement and discretion are required especially in dealing with large, unusual, or nonrecurring transactions and potential misstatements that are difficult to define or predict

• Poses additional risks because they can be easily ignored/ overridden and are less consistent than automated controls

Automatic Controls

Internal controls performed using IT and are more suitable for high volume or recurring transactions and control activities that can be adequately designed and automated; predictable situations

• Support system integrity by enhancing accuracy, timeliness, efficiency and security

General IT Controls

Policies and procedures that relate to many applications and support the effective functioning and proper operating of the information system and the integrity of information in the entity’s information system

• Address and mitigates risks arising from:

  1. Applications

  2. Database

  3. Operating System

  4. Network

Controls:

1. Controls related to managing access to applications and technology areas

   1. Authentication

   2. Authorization

   3. Provisioning and De-provisioning

   4. Privileged Access

   5. User-Access Reviews

   6. Physical Access

2. Controls related to changes to the IT environment

   1. Change-Management Process

   2. Segregation of Duties Over Changing Migration

   3. System Development, Acquisition, or Implementation and Data Conversion

3. Controls relating to managing IT operations

   1. Job Scheduling and Monitoring

   2. Back-up and Recovery

   3. Intrusion Detection

Information-Processing Controls

Controls that can be automated or manual and apply to the processing of information and transactions that can help to ensure transactions occurred, are authorized, and are completely/ accurately processed and reported; ensures the integrity of the data in an entity’s information system

Controls:

1. Controls over interfaces, integrations, and e-commerce

2. Checking mathematical accuracy of records and reports

3. Maintaining/ reviewing accounts and trial balances

4. Automated edit checks of input data

5. Manual follow-ups of exception reports

Walk-through

A procedure performed by the auditor to obtain an understanding of the system of internal controls and eventually test the design and implementation of identified controls

• Traces the flow of a specific transactions and data relevant to financial reporting through the accounting system from inception through recording in the general ledger and presentation of the financial statements

Procedures Performed:

1. Inquiry ←- NOT sufficient alone

2. Additional Procedures

   1. Observe individuals performing their info. processing/ control procedures

   2. Re-perform info. processing/ control procedures

   3. Inspect relevant documents and accounting records

   4. Corroborate inquiry with others knowledgable about procedures

Evaluate the Design and Implementation of Controls

Once audit has obtained an understanding of system of internal controls, the auditor must evaluate the design and implementation of controls, assess risk of material misstatement, and design the Nature, Extent, Timing of further audit procedures (Tests of Controls/ Substantive Procedures)

• Design: Evaluating involves determining if control is capable, individually or in combination with other controls, of preventing, detecting, and correcting material misstatements

• Implementation: Evaluating involves obtain evidence about whether the individuals responsible for performing controls have a na awareness of the existence of the procedure and their responsibility for its performance and a working knowledge of how procedures should be performed

  • Implemented = It exists and is being used

Procedures:

1. Inquiry of entity personnel

2. Observation of application of controls

3. Inspection of documents

4. Re-performing specific controls

Flowchart

A symbolic diagram representing the sequential flow of authority , processes, and documents

• Included in documentation for understanding the design and implementation of an entity’s identified controls

  • “FIND”

• More appropriate for documenting complex control structures

Narrative

A written version of a flowchart that depicts the auditor’s understanding of the system of internal control

• More appropriate for documenting less complex structures