Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
261 Cards in this Set
- Front
- Back
- 3rd side (hint)
Assurance Services
|
Independent professional services that are intended to improve the quality of information for decision makers through the improvement of relevancy and reliability
|
|
|
Why are assurance services demanded?
|
- Reduce risk and uncertainty
- Help predict the outcome - Make reports credible to the buyer so as to reduce information asymmetry and increase the likelihood transaction will occur |
|
|
What factors affect information quality?
|
relevance & reliability
|
|
|
Relevance
|
the extent to which a piece of information could influence the decision of a reasonable decision maker
|
|
|
Reliability
|
Function of 1. Nature (is the information relevant to the question?) and 2. timing (more recent= more relevant)
|
|
|
Attributes needed to provide assurance
|
1. Independence
2. Subject Matter knowledge 3. Process expertise 4. Objective evaluating criteria |
|
|
Independence
|
no economic or other interest that could create the temptation to be biased towards the subject matter, independence = credibility
|
|
|
Types if independence
|
1. In fact 2. In appearance
|
|
|
Subject Matter Knowledge
|
- More you know about a company, the better auditor you are
- In order to be provide assurance you need to be familiar with the subject matter - Need to know GAAP, company’s industry, company’s operations, and the environment they operate in |
|
|
Process Expertise
|
- Need to know about how to acquire necessary information to provide assurance
- Sets of standards that provide guidance (GAAS) about how they should perform audits |
|
|
Objective evaluating criteria
|
Needs to be present in order to compare, F/S= GAAP
|
|
|
Difference between non-attest & attest engagement
|
non-attest= new info, attest= issue an opinion
|
|
|
Are all attest engagements assurance engagements?
|
Yes
|
|
|
Are all assurance engagements attest engagements?
|
No
|
|
|
Do attestation services focus on improving the reliability of information?
|
Yes
|
|
|
What type of assurance engagement is a f/s audit?
|
attest assurance
|
|
|
What aspects of information quality does attestation increase?
|
reliability
|
|
|
What is the objective of a f/s audit?
|
to provide users of the financial statements with reasonable assurance that the financial statement are free from material misstatements
|
|
|
Who are the f/s users
|
o Shareholders/investors- buy or sell, investment decisions
• Value the company with F/S (EPS) o Creditors- lending decisions • Should we give them the loan? • Interest rate? • How much? o Other Stakeholders • Government agencies/ SEC • Management (strategic decisions, performance assessment) • Employees • Unions (i.e. Pay employees more) • Suppliers (sell on credit or not) • Customers (affect your supply chain) • Board of Directors |
|
|
Internal controls
|
process that is affected by the board of directors, management and other personnel that is intended to provide reasonable assurance in the achievement of objectives
|
|
|
Four parts of Internal controls
|
1. Effectiveness and efficiency of operations
2. Compliance with laws and regulations 3. Accuracy of financial reporting (reliability) 4. Safeguarding assets - These four areas pretty much cover all aspects of the business - Auditors are focused on #3 and #4 |
|
|
When do auditors need to gain an understanding of their client's internal controls?
|
ALWAYS
|
|
|
Why is the safeguarding of assets important?
|
When there is a misappropriation of assets, it is not accounted for in the financial statements
|
|
|
Why do auditors have to gain an understanding of their internal controls?
|
1. Subject matter knowledge
2. Need to assess various risks 3. Auditing standards require it 4. Because they will have to test controls |
|
|
When auditing a public company, how many opinions do auditors issue?
|
two, one for f/s and one for internal controls
|
|
|
COSO Framework
|
1. Risk assessment and identification
2. Control environment 3. Control activities 4. Information and communication 5. Monitoring and learning |
|
|
Risk Identification & Assessment
|
- Companies processes that threated its ability to meet its objective and assessing the significance of those risks
- After identifying the risk you assess the significance by looking at what drives the risk |
|
|
What drives risk?
|
1. probability of occurrence
2. magnitude of consequence |
|
|
After identifying and assessing the significance of the risk, what do you do?
|
Accept the risk OR reduce the risk
|
|
|
Can you eliminate risk?
|
No
|
|
|
COSO: Control environment
|
- Overall control consciousness
- “tone at the top” ->BOD, audit committee, and top management |
|
|
Things auditors look at the assess the control environment
|
- Management’s integrity
- Management’s attitudes or philosophies towards internal controls - Organizational structure ->Centralized ->Decentralized* better because less easy for management to override - How management is compensated (salary vs. incentive) - HR policies & how they hire/evaluate (honest and competent) - Strength of their internal audit department ->How well staffed/funded? ->Who do they report to? ->Better to report to BOD |
|
|
What is the Audit Committee?
|
- Subcomponent of BOD
- Supposed to be independent - Make sure proper external audit is done |
|
|
COSO: Control Activities
|
The actions the company takes to try and reduce the risks
|
|
|
How can control activities reduce risk?
|
1. Reduce the probability of occurrence (preventative control)
2. Reduce the severity of the consequences (protective control) |
|
|
COSO: Information and Communication
|
Company’s process of capturing and exchanging information in a timely basis to help them achieve their objectives
|
|
|
COSO: Monitoring and Learning
|
Company’s processes for assessing the effectiveness of internal controls over time and making adjustments as necessary
|
|
|
Objectives of a Financial Reporting System
|
Accurately identify, record, classify, aggregate, and report transaction information in compliance with GAAP in a timely basis
|
|
|
What is the financial reporting system primarily concerned with?
|
transactions
|
|
|
Components of a Financial Reporting System
|
Source Docs -> Journals -> Ledgers-> Fin. Statements
|
|
|
Specific Control Activities
|
1. Segregation of Duties
2. Effective Authorization Policies 3. Maintaining adequate documentation of transactions 4. Physical Controls over assets 5. Reconciliations 6. HR Policies 7. Controls over management override 8. Whistle Blower Hotline 9. Existence of a Code of Conduct 10. Controls that Monitor the Effectiveness of Other Controls 11. IT Controls over the AIS |
|
|
Specific job functions that should be separated
|
i. Initiating transactions
ii. Authorizing transactions iii. Recording transactions iv. Maintaining custody of asset |
|
|
If you have good segregation of duties, how is fraud committed?
|
Collusion
|
|
|
Authority should be specific to what?
|
Job function
|
|
|
What affects the ability for assets to be stolen?
|
1. size
2. liquidity 3. value |
|
|
Red flags of management override
|
round numbers, entries made right before the end of the period, entries that allow targets to be met
|
|
|
Why are management's estimates an area of dispute between management and auditors?
|
because it is subjective and cannot be proven right or wrong
|
|
|
How do Auditors go about obtaining an understanding of Internal Controls?
|
Two types of high level understanding
1. Entity Level controls 2. Process level controls |
|
|
Entity Level controls
|
umbrella controls that affect all aspects of the business, ex. HR policies
|
|
|
Process Level Controls
|
specific processes designed to provide reasonable assurance to the validity of specific assertions, ex. cash on hand is locked
|
|
|
How do Auditors gain an understanding of Entity Level Controls?
|
- Client inquiry
- Observation - Examining documents - A lot of the understanding comes from experience |
|
|
Are process or entity level controls more specific to management's assertions?
|
process level controls
|
|
|
If entity level controls are effective, what does that mean for process level controls?
|
They will most likely be effective too
|
|
|
Process Level Controls Procedure
|
1. Identify the major processes
2. Break it down into sub-processes 3. Obtain a flowchart of the transactions w. in those sub- processes (i.e. where it is initiated, what source docs are created, etc.) 4. Gain a preliminary understanding of what is happening in operation and compare that to the flowchart 5. Then update the flowchart based on what is discovered |
|
|
How do you gain a preliminary understanding of what is happening in operation in regards to process level controls?
|
1. Client Inquiry *Least Reliable
2. Observation 3. Examining Documents & Records 4. Re-preforming Client Activities 5. Walk Through Transaction (beginning to end) *Most Reliable |
|
|
How do you determine the significance of a control deficiency?
|
1. How likely the control will fail
2. If the control fails, how likely is it that a misstatement will occur 3. If there is a misstatement, how likely is it that the misstatement is material |
|
|
What is a control deficiency?
|
When there is no control that meets one of the four control objectives
|
|
|
Control Objectives
|
1. Completeness
2. Accuracy 3. Validity 4. Restricted Access |
|
|
When do auditors assess control risk?
|
always, for every client
|
|
|
What clients do auditors have to test controls?
|
ALL public clients because they have to issue an opinion
|
|
|
PCAOB Standard #5
|
Tells auditors how to go about testing internal controls
|
|
|
When do auditors test internal controls for private companies?
|
When control risk is assessed at less than 100% because when control risk is 100% you achieve audit risk solely by detection risk, so there is no need to test control risk
|
|
|
Opinions on Internal Controls
|
- Adverse (one or more material weaknesses)
- Unqualified (no material weaknesses) - Disclaimer (scope limitation) |
|
|
Analytical Procedures
|
Auditors use their knowledge about the client, environment and their industry develop expectations about what we will be reported in the financial statements and they compare that to the number in the unaudited financial statements and try and understand any differences
|
|
|
What affects the effectiveness of APs?
|
auditors knowledge
|
|
|
Types of Analytical Procedures
|
- Planning stage APs
- Substantive APs - Final Review APs |
|
|
What do planning stage APs help with?
|
risk assessment
|
|
|
What do substantive APs help with?
|
evidence
|
|
|
What are final review APs?
|
final procedures conducted before issuing an opinion
|
|
|
What happens when the numbers do not match and management does not have a good enough explanation for the difference?
|
Set RMM higher
|
|
|
Analytical procedures help plan the audit with ....?
|
RMM, which in turn affects DR
|
|
|
Substantive analytical procedures are a direct test of ...?
|
managements assertions
|
|
|
When can audit evidence from analytical procedures be considered substantive evidence?
|
Precise and accurate
|
|
|
Client Inquiry Advice
|
1. Be Prepared
2. Don't lead the client 3. Talk to people outside the acc dept 4. Be respectful of the client's time 5. Be humble when asking questions 6. Know who you are talking to 7. Don't be on your cell when talking to a client 8. GOLDEN RULE: Never leave the client's office until you fully understand their answers |
|
|
Flux Analysis
|
Analyzing balance changes from year to year and trying to understand why the change occurred
|
|
|
Flux Analysis Procedure
|
1. Identify significant fluctuations
-> Needs to meet two criteria a. Greater than the constant amount (computed) b. AND Greater than 10% change 2. For each account that meets the two criteria, try to determine why, so, ask the client! 3. Document what they say |
|
|
When you set RMM higher for an account what does it affect?
|
1. Nature 2. Timing 3. Extent of testing for that acocunt
|
|
|
How do auditors come up with the constant amount?
|
- It is derived from planning materiality
->Take some percent of some amount (ex. Net Income) and multiply it by a selected percentage ->The selected percentage is typically 5-10% of Net Income or the selected base ->The percentage selected should be related to engagement risk (negative relationship) - Once you determine planning materiality (quantitative material threshold) you can assess tolerable misstatement by multiplying the number (ex. Net Income x 8%) by 50% - Then multiply that by 50%, which will then equal the constant amount - The constant amount will vary between companies |
|
|
When do you test controls for private companies?
|
when they are assessed at below MAXIMUM because you rely on them
|
|
|
Examples of when auditors do NOT need to send confirmations
|
1. immaterial amounts
2. When confirmations are going to be inneffective (low response rate, type of customers the client has, or the client's customers have inaccurate records) 3. When RMM is very LOW |
|
|
What are we more concerned with?
|
Overstating assets and understating liabilities*** more important because liabilities can be understated infinity
|
|
|
If you don't send confirmations, what do you do?
|
- Examine source docs & records
- Check to see that it 1. actually occurred, 2. recorded before year end and 3. the collections were AFTER year end |
|
|
Types of Confirmations
|
Positive & Negative
|
|
|
Positive Confirmations
|
Respond under ALL circumstances
|
|
|
What is more reliable, positive or negative confirmations?
|
positive b.c. a non-response does not always mean the amount is correct
|
|
|
Negative Confirmation
|
respond ONLY if amount is incorrect
|
|
|
Are blank confirmations more reliable, if so, why?
|
Yes, because the client's customer actually has to look the number up!
|
|
|
What factors affect sample size?
|
- account size (positive)
- audit risk (negative, because they need more confidence, lower the audit risk, the higher number of confirmations needed) - amount of evidence from other procedures (negative) - RMM (positive) - sampling method -> Most firms have software to help determine the sample size |
|
|
Sampling Methods
|
- Haphazard (bigger sample)
- Standard Random (number generator) - Monetary Unit Sampling (lower sample size b.c. it has greater dollar coverage) |
|
|
Situations in which disagreements in confirmations DO NOT mean there is a misstatement
|
1. error in their system/ inaccurate records
2. disputed charges 3. timing differences (paid check or confirmations date misinterpretation) |
|
|
Misstatements are either X or Y?
|
Known or Estimated
|
|
|
What assertion do confirmations provide evidence for?
|
Existence
|
|
|
Cut-Off testing
|
Looking at transactions that occurred at year end and making sure that they were recorded in the correct time period
|
|
|
What accounts can you preform cut-off testing with?
|
Any!
|
|
|
When does a sale occur?
|
When the risk of loss transfers from buyer to seller
|
|
|
When does risk of loss transfer with FOB shipping point?
|
risk of loss transfers when shipped
|
|
|
When does risk of loss transfer with FOB destination?
|
risk of loss transfers when delivered
|
|
|
What assertion does the allowance for doubtful accounts test?
|
valuation
|
|
|
What do auditors need to determine when testing the AFDA?
|
if the amount is reasonable because it is an ESTIMATE
|
|
|
What do auditors audit when looking at AFDA?
|
the calculation of the estimated percentage of collectability for each bucket on the aged account receivable report
|
|
|
After you check the mathematical accuracy of the aged A/R report, there are two main parts next....?
|
1. Objective, check to make sure they are in the right buckets
2. Subjective, check to see is percentages are reasonable |
|
|
Most reliable way to test the collectability of an account?
|
check to see if it was paid after year end!
|
|
|
How do you assess the collectability?
|
Look at customers fin. health, payment history, or if it is in dispute (less likely to be collected if it is)
|
|
|
What are factored receivables?
|
outsourcing of receivables
|
|
|
How do you test R&O for receivables?
|
see if they are factored or not! You do this by...
- Client inquiry - Look at large cash inflows - Look at board of director’s meeting minutes |
|
|
Audit Sampling
|
Applying audit procedures to less than 100% of the population to estimate some characteristic of the population, typically misstatements
|
|
|
Types of Errors that Auditors can make when sample testing
|
- Incorrect Acceptance, misstatement rate in sample is lower than in the population
- Incorrect Rejection, misstatement rate in sample is higher than in the population |
|
|
Incorrect acceptance affects....?
|
audit effectiveness
|
|
|
Incorrect rejection affects....?
|
audit efficiency
|
|
|
Two Types of Auditor Independence
|
- Independence in fact- whether or not the auditors are truly unbiased
- Independence in appearance- whether or not they appear unbiased to outside observers |
|
|
Threats to Auditor Independence
|
- Financial or economic interest
- Immediate family member or close relatives - Former professional relationship - Time pressure |
|
|
Financial or Economic Interest examples
|
- Audit firm’s perspective Ex. If the client is otherwise involved with non-audit services
-> Ex. one client = 40% of the revenue - Audit firm’s perspective Ex. Client owed significant audit fees for greater than a year - Auditor’s perspective Ex. Auditor holds stock |
|
|
Former Professional Relationship Examples
|
- Former employee of audit firm works at client
- Related to the client somehow or a friend |
|
|
Two Types of Time Pressure
|
1. Audit Deadline
2. Company Incentive |
|
|
Company Incentive deadlines
|
expected hours per account
|
|
|
How do time pressures affect audits?
|
Force you to be bias because you only want to discover evidence to prove that it is accurate
|
|
|
What do people do when they exceed the time budget?
|
most likely underreport their hours to fit into the allocated budget= "Eating time"
|
|
|
How does eating time affect audits?
|
hinders audit planning for the next year AND it impairs audit quality because there would be even MORE time pressure that year
|
|
|
Rules to alleviate threats to independence: Economic & Financial interests
|
1. Auditors can’t own stock in their clients
2. Auditors cant have loans at banks that they are auditing 3. Firm Level: Can audit and consult (at least most consulting work) at the same time, mostly due to Enron, BUT clients pay audit fees so there is still SOME financial interest 4. Firm Level: If client owes fees that are greater than a year old, cant audit them till they are paid off |
|
|
Rules to alleviate threats to independence: Client/Firm relationship
|
1. Can’t audit companies that immediate family members work at: up to a certain level in the hierarchy that actually makes this rule apply
2. Auditors may not have been an employee at that client within the past year 3. Partner rotation every five years, prevents creation of too strong of relationships with clients |
|
|
Rules to alleviate threats to independence: Time Pressure
|
Not aware of any rules that pertain to time pressure
|
|
|
Cons of Firm Rotation
|
hurts efficiency, impairs competition, main issue = hurts effectiveness because an audit firms ability to preform an audit largely depends on auditors company knowledge, how do you determine who to include in the rotation?
|
|
|
Pros of Firm Rotation
|
helps to improve independence
|
|
|
Proposed rule to be added to prevent threats to auditor independence
|
firm rotation
|
|
|
Rule to get rid of from list that prevents threats to auditor independence
|
Consulting & auditing at the same time
|
|
|
Why get rid of rule that prevents consulting & auditing at the same time?
|
- Consulting work ahs benefits to an audit because you have a better knowledge of the client i.e. you become a better auditor because of this
- Smaller firms who audit small companies -> Benefits the small companies because they need help/ cant afford to hire two companies to 1. Create the financial statements and 2. To audit them |
|
|
Management representation letter
|
- Letter from management to the auditor
- Certifies all representations made to the auditors are accurate and truthful - Used because it provides a degree of protection if the audit fails |
|
|
Management letter
|
- Sent from auditors to management
- Provides advice about what things could be changed/ improved upon |
|
|
Going concern opinion
|
- Prior to wrapping up the audit, auditors need to determine the financial heath outlook over the next year for the company
- Affects debt classification, all debt should be current if closing in a year - Affects asset classification - Will this company liquidate or file for bankruptcy within the next year? If yes, they issue an going concern opinion which is an explanatory paragraph in the audit report - Sometimes it is a self-fulfilling prophecy - Also, affects a companies ability to raise capital |
|
|
Subsequent Events
|
- Type 1- Recognition and Disclosure: Reveals a condition that existed as of year end
Ex. Grocery store, all the food was contaminated: Subsequent event- contamination discovered by it was determined that it occurred prior to year end - Type 2- Disclosure: Reveals a condition that did not exist as of year end Ex. Same as above, but occurred on Jan. 3rd |
|
|
Contingent Liabilities Options (3)
|
1. Recognize and Disclose
2. Disclose 3. Do Nothing |
|
|
What factors affect which option you choose for contingent liabilities?
|
1. the likelihood that it will occur
2. how reasonably it can be estimated |
|
|
What option do you choose when the contingent liability is probable & can be reasonably estimated?
|
recognition & disclosure
|
|
|
What option do you choose when the contingent liability is reasonably possible, but NOT reasonably estimated?
|
disclosure
|
|
|
What option do you choose when the contingent liability is remote?
|
do nothing
|
|
|
1933 Securities Act
|
- Requires companies to register with the SEC when they are going to issue a new security to the public
- Included in the registration there are financial statements that have to be audited - When the auditors are sued under the 1933 Securities Act the auditors have to prove they were not negligent - The 1927 stock market crash triggered this act |
|
|
1944 Securities Exchange Act
|
- Requires public companies to file annual and quarterly financial reports with the SEC
- One difference with the 1934 act vs. the 1933 act, when an auditor is sued the burden of proof is on the plaintiff and they need to prove gross negligence OR fraud |
|
|
S1 Form
|
- Registration statement that companies have to file with the SEC when they are issuing new securities
- Includes an audit of the financial statements |
|
|
8K
|
- Submit this to the SEC notifying them of any significant events or changes
- Ex. change of auditors, change of executives, change of product line |
|
|
10K
|
Annual report that public companies file with the SEC and it includes the audited financial statements
|
|
|
10Q
|
Quarterly report companies file with the SEC and it includes financial statements that are REVIEWED
|
|
|
Difference between reviewed and audited
|
- Audit- reasonable assurance is expressed in an opinion, opinions are expressed positively. “free from material misstatement”
- Review- limited assurance, less than reasonable, opinions are expresses negatively, “we are not aware of any material misstatements” |
|
|
Compilations
|
- When the accounting firm takes the companies accounting records and creates the financial statements
- Auditors provide zero assurance on compilations - Public companies cannot have compilations it is typically for small businesses |
|
|
PCAOB description
|
- Public Company Accounting Oversight Board
- Established by SOX - Sub-committee of the SEC |
|
|
PCAOB objectives (2)
|
1. Responsible for creating auditing standards for the audits of public companies
- Before the PCAOB, the AICPA was responsible for this - They were a sub-committee of a PRIVATE organization, ASB 2. To preform Quality control inspections of audit firms that conduct public company audits - PCAOB inspectors have known to be very critical on auditors (i.e. if the inspectors do not find any deficiencies then people might assume they are not doing their job very well) |
|
|
How many standards has the PCAOB created?
|
15
|
|
|
For the parts of the audit that the PCAOB has not created standards for, what rules apply?
|
SAS standards
|
|
|
SAS 5 is the most notable, why?
|
It allows for a risk-based approach to internal controls vs. SAS 2, which requires a test of all internal controls
|
|
|
AICPA description
|
- American Institute of Certified Public Accountants
- Private organization |
|
|
Functions of the AICPA (5)
|
- Establish professional requirements (code of conduct)
- Establish standards for different types of engagements: Audit Standards Board, sub-committee that writes standards for audit engagements - Conduct research and publishes various materials on accounting - Writes and grades CPA exams - Acts as an advocate for the accounting profession |
|
|
AICPA writes standards for which type of engagements?
|
Audit engagements
|
|
|
What are the names of the standards that the AICPA's ASB creates?
|
Statements on Auditing Standards (SAS)
|
|
|
What type of companies do SAS's apply to?
|
private companies, but before SOX they applied to all audits
|
|
|
How was the audit profession regulated before SOX?
|
essentially self-regulated
|
|
|
How many standards are there for GAAS?
|
10, which are then broken up into three groups. They are very broad in nature
|
|
|
How do SAS's use GAAS?
|
SAS's take the standards of GAAS and directly apply them to specific parts of the audit
|
|
|
Pieces of Advice for Public Accountants?
|
1. First couple of years being an auditor a lot of people don’t have a good sense of what you are doing and don’t really know what is going on
a. You may feel incompetent or discouraged, but there are a lot of people who feel this way b. For the first few years you are evaluated on your work ethic, attitude, ability to be friendly and have a good relationship with the client c. Your technical skills are not as important in the early years as they will develop over time 2. Don’t underestimate the importance of being generally likeable and pleasant a. People tend to think their bosses are very robotic in how they evaluate their performance b. There are unenjoyably parts of being an auditor and you need to just keep a good attitude |
|
|
Reasonable Assurance
|
- It is what auditors provide
- It is a high, but not absolute assurance that there are no material misstatements - 95-99% |
|
|
Why can't assurance be 100%
|
Too costly, take too long, may not be possibly considering account balances are really only estimates
|
|
|
When does a misstatement occur?
|
When info doesn't conform to the agreed upon standards aka. GAAP
|
|
|
At the highest, most general level, what are the two types of financial misstatements?
|
intentional and unintentional
|
|
|
Intentional Misstatement
|
Fraud- larger and causes more damage, but it is more difficult to detect because they are actively trying to conceal the misstatements
|
|
|
Unintentional Misstatement
|
Errors, mistakes made by humans or systems
|
|
|
Intentional misstatements are a function of ...
|
- Managements Integrity (prior history)
- The pressure of management to misstate (incentive compensation, fin. health) - The nature of the board of directors (fire quickly) |
|
|
Unintentional misstatements are a function of...
|
- Complexity of the business
- Managements competence - Quality of the AIS system/internal controls |
|
|
Types of Fraud
|
- Fraudulent Financial Reporting
- Misappropriation of Assets |
|
|
What is materiality?
|
Refers to the significance of the misstatement, it is material if the misstatement would affect the decision of a reasonable decision maker
|
|
|
Types of Materiality
|
Quantitate & Qualitative
|
|
|
Quantitative Materiality
|
Refers to the size of a misstatements in the absence of any extenuating circumstances
|
|
|
Qualitative Materiality
|
The nature of the misstatement, if it would affect the decision of a reasonable decision maker
|
|
|
What type of fraud is considered material?
|
Any kind!
|
|
|
When auditor's test the f/s they are more specifically testing management's....
|
assertions
|
|
|
Generally, what assertions is management making?
|
That the financial statements conform to GAAP
|
|
|
Management's Specific Assertions
|
Account Balance, Transactions, Disclosure Assertions
|
|
|
Account Balance Assertions
|
Existence, Completeness, Valuation & Allocation, Rights & Obligations
|
|
|
Account Balance Assertions: Existence
|
all assets and liabilities recorded exist
|
|
|
Account Balance Assertions: Completeness
|
all assets and liabilities have been recorded
|
|
|
Account Balance Assertions: Rights & Obligation
|
the company owns the rights to the assets and the liabilities are obligations
|
|
|
Account Balance Assertions: Valuation & Allocation
|
Everything is recorded at the proper value with GAAP
|
|
|
Transaction Assertions
|
Occurrence, Completeness, Accuracy, Classification, Cut-off
|
|
|
Transaction Assertions: Occurrence
|
the transactions recorded have occurred
|
|
|
Transaction Assertions: Completeness
|
All occurred transactions have been recorded
|
|
|
Transaction Assertions: Cut-Off
|
All transactions occurred during the allocated time period
|
|
|
Transaction Assertions: Classification
|
all transactions are recorded in the proper accounts
|
|
|
Transaction Assertions: Accuracy
|
all transactions are recorded at the proper amounts
|
|
|
What assertion are you more worried about for assets? Why?
|
Existence, because you don't want to overstate assets
|
|
|
What assertion are you more worried about for liabilities? Why?
|
Completeness because you don't want to understate
|
|
|
Disclosure Assertions
|
Understandability, Occurrence, Completeness, Rights & Obligations, Accuracy
|
|
|
Disclosure Assertions:Occurrence
|
All disclosed events actually occurred
|
|
|
Disclosure Assertions: Understandability
|
All disclosed events are understandable by a reasonable financial user
|
|
|
Disclosure Assertions: Completeness
|
All disclosed events that should be disclosed actually are
|
|
|
Disclosure Assertions: Rights & Obligations
|
All events pertain to the entity
|
|
|
Disclosure Assertions: Accuracy
|
All events are disclosed accurately
|
|
|
How do auditors test the validity of management's assertions?
|
Obtain evidence!
|
|
|
What does audit evidence need to be?
|
Sufficient & Competent
|
|
|
Competency is a function of what two things?
|
1. Relevance
2. Reliability |
|
|
Competency
|
The quality of the information, the more competent information you have the higher quality the info
|
|
|
Sufficient
|
Is there enough to form an opinion?
|
|
|
The amount considered sufficient depends on ...?
|
competency
|
|
|
Five Factors of Reliability
|
1. Degree of Independence
2. Objectivity of the Evidence 3. Degree of Direct Observation 4. Qualifications of the Provider 5. Quality of Controls for the IS |
|
|
Audit Procedures
|
1. Observation
2. Physical Examination 3. Client Inquiry 4. Confirmation 5. Recalculation 6. Examining Source Docs & Records 7. Analytical Procedures |
|
|
What do auditors send out to obtain evidence from third parties such as customers and banks?
|
Confirmations
|
|
|
Tracing
|
Start with source docs and trace through the accounting records
|
|
|
Vouching
|
Starting with the records and working back to the source documents
|
|
|
Audit Evidence that comes from physical examination of assets is generally considered to be reliable? T or F
|
True
|
|
|
Is audit evidence that is objective considered more competent than audit evidence that is subjective?
|
Yes
|
|
|
Is audit evidence that comes from the client considered more competent than audit evidence that comes from a third party?
|
No
|
|
|
Types of Opinions
|
1. Unqualified
2. Qualified 3. Modified Unqualified/ Unqualified with an explanatory opinion 4. Adverse 5. Disclaimer |
|
|
Why would you issue a disclaimer?
|
scope limitation or lack of independence
|
|
|
What type of opinion do auditors issue when the results of their testing indicate that their f/s are materially accurate in compliance with GAAP?
|
Unqualified
|
|
|
What factors affect if we can do the audit? (4)
|
1. Independence
2. Sufficient expertise 3. Resources/personnel 4. Possibility of obtaining sufficient and competent evidence to make an opinion |
|
|
When do we want to do the audit?
|
When the benefit outweighs the cost
|
|
|
Types of benefits from audits
|
Revenues, Experience and Reputation!
|
|
|
Types of Costs for doing an audit
|
Labor costs, forfeiting other opportunities, engagement risks
|
|
|
Engagement Risk
|
the consequences if the audit fails (litigation costs, reputational risk, potential of regulatory penalties)
|
|
|
How do litigation costs vary between companies?
|
Size, financial health, public vs. private, IPOs, risk of fraud
|
|
|
Factors that affect reputational risk
|
Size of the company& "profile" of the company (i.e. high)
|
|
|
As the probability of fraud increases...
|
the probability of detection decreases and the probability of litigation increases
|
|
|
Why do your costs decrease year-after-year of auditing the same company?
|
experience!
|
|
|
High risk means what in terms of fees?
|
More hours at higher rates!
|
|
|
Audit Risk Model
|
AR= DR x RMM
|
|
|
RMM
|
IR x CR
|
|
|
Audit Risk
|
The risk that the auditor will issue an unqualified opinion when there is a material misstatement (1-5% is ideal)
|
|
|
How is AR determined?
|
SET by the auditors
|
|
|
What affects where they set AR?
|
Engagement Risk
|
|
|
How are AR & Engagement Risk related?
|
negatively
|
|
|
Inherent Risk
|
the risk there will be a misstatement during the creation of the financial statements
|
|
|
How do you determine IR?
|
assessed by the auditors
|
|
|
How can you assess IR?
|
Intentional & Unintentional misstatements
|
|
|
Control Risk
|
If there is a misstatement the company's internal controls will fail to detect in a timely basis
|
|
|
Strong internal controls affect CR how?
|
Stronger controls = lower CR
|
|
|
Detection Risk
|
The risk that a material misstatement will be undetected
|
|
|
Two Components of Detection Risk
|
1. Sampling Risk
2. Non-Sampling Risk |
|
|
How do auditors achieve a set DR?
|
How they plan the audit: staffing, nature, timing, and extent of testing
|
|
|
How is DR determined?
|
Set by the auditors (essentially a plug)
|
|
|
Sampling Risk
|
The risk that inferences/conclusions that auditors make about a sample are incorrect because the sample was not representative of the population
|
|
|
Non-Sampling Risk
|
Catch all, everything else that could affect detection risk besides sampling risk (i.e. inaccurate risk assessment, misanalysed evidence, inherent limitation of the audit process)
|
|
|
How do you decrease sampling risk?
|
Increase the probability that the sample is representative of the population (i.e. increase sample size, change sampling method)
|
|
|
How are AR & DR related?
|
Positively
|
|
|
Risk of Material Misstatement
|
risk that the unaudited financial statements contain a material misstatement
|
|
|
Is RMM directly controlled by the auditors?
|
No, it is assessed
|
|
|
How is RMM determined?
|
Assessed
|
|
|
What happens if RMM is too low?
|
AR will then be set too HIGH, so the planning of the audit is thrown off and you could miss misstatements because you didn't obtain sufficient and competent evidence
|
|
|
Audit Sampling
|
Testing a random sample to learn about the rest of the population, based on the attribute of the sample you make inferences about the population
|
|
|
Audit Sampling Factors
|
- Audit risk, the lower the AR= greater sample size
- Account size, the larger the AS= greater the samples size - Tolerable Misstatement - RMM, greater RMM= greater SS - Extent of evidence from other proceeders, more evidence= smaller SS - Sampling method |
|
|
What type of DR is attributed to most AR?
|
non-sampling risk because the factors are much more subjective and it is difficult to account for
|
|
|
Why does testing at year end have a lower DR?
|
because that is the FINAL balance you are going to give an opinion on and for interim testing you rely on IC to not make a mistake
|
|
|
What type of companies face more pressure to misstate?
|
those in poor financial heath
|
|
|
How do the different risks vary?
|
entity, account, assertion
|
|
|
Audit evidence needs to be _________ and _________ to provide a reasonable basis to form an opinion.
|
sufficient and competent
|
|
|
What type of company has a higher engagement risk and why?
|
Public because there are more regulations
|
|
|
What term is used to describe the significance of financial information to decision makers?
|
materiality
|
|
|
The risk that the auditors will issue an unqualified opinion for materiality misstated f/s is.......?
|
Audit Risk
|
|
|
Do auditors provide absolute assurance regarding the material accuracy of the f/s?
|
No, reasonable assurance
|
|
|
Am organization's integrity, attitudes towards ethical dealings and general competence refers to its?
|
Control environment
|
|
|
The actual procedures that are preformed to reduce the likelihood or potential impact of a risk are referred to as what?
|
Control activities
|
|
|
T or F. Establishing effective internal controls over financial reporting is a basic responsibility of an auditor.
|
False
|
|
|
T or F. Financial Statements generally have more detailed information than the general ledger.
|
False
|
|
|
Steps to Test Cash
|
1. Check mathematical accuracy
2. Check internal consistency 3. Checkt the validity of the assertions, what are they? |
Existence, Completeness, Rights & Obligations, Valuation
|
|
What assertion are you testing when you are looking at sales recorded after year end?
|
Cut-Off
|
|
|
What does PCAOB Std #5 do?
|
Helps guide auditors in the effective audit of internal controls for public companies
|
|