Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
U Audit Exam II
Exam II
| Question | Answer |
|---|---|
| Management has the responsibility to | to maintain controls that provides reasonable assurance that adequate control exists over the entity’s assets and records |
| The Internal Control System should | ensure that assets and records are safeguarded create an environment in which efficiency and effectiveness are encouraged and monitored generate reliable information for decision making |
| The auditor needs assurance about | the reliability of the data generated by the information system |
| The auditor uses risk assessment procedures to: | obtain an understanding of the entity’s internal control identify the types of potential misstatements ascertain factors that affect the risk of material misstatement design tests of controls and substantive procedures |
| The auditor’s understanding of the internal control is a major factor in determining the overall audit strategy. The auditor has a responsibility to: | (1) obtain an understanding of internal control and (2) assess control risk. |
| COSO's IC- Integrated Framework objectives (3) | -Reliability of financial reporting -Effectiveness and efficiency of operations -Compliance with laws and regulations |
| IC pertaining to the preparation financial stmts for external purposes are | relevant to an audit |
| Components of ICs | Control Environment Entity's Risk assessment process Control activities Monitoring of Controls Info Systems and Related business processes relevant to financial reporting and communication |
| Factors Affecting the Control Environment | Communications& enforcement of integrity& ethical values. Commitment to competence Participation of those charge w/ governance Mgmt’s philosophy & operating style Organizational structure Assignment of authority & responsibility HR policies & practi |
| Control Environment | tone at the top |
| The risk assessment process should consider | external and internal events and circumstances that may arise and adversely affect the entity’s ability to initiate, record, process and report financial data consistent with the assertions of management in the financial statements. |
| Client business risk can arise or change due to the following circumstances: | Changes in the operating environment New personnel, technology Corp restructuring Expanded international growth New acct pronouncements New or revamped information systems New business models, products or activities |
| An effective accounting system gives appropriate consideration to establishing methods and records that will: | identify/rec trans, describe on timelybasis details of class of trans for reporting, measure value of trans for proper monetary value in stmts, determine time period trans occurred in proper acct period, properly present trans/related disclosure in stmts |
| Control activities | are the policies and procedures that help ensure that management’s directives are carried out. Those control procedures that are relevant to the audit include: performance reviews, info processing, physical controls, segregation of duties |
| Monitoring of Controls | process that assesses the quality of ICs performance over time. |
| Effective monitoring | Establishing a foundation for control effectiveness Designing and executing monitoring procedures based on business risks Assessing and reporting results |
| In applying the audit risk model, the auditor must assess | control risk |
| Audit Risk equation | IR*CR=RRM*DR |
| After obtaining an understanding of IC, an auditor may choose to follow a substantive strategy and set control risk at the maximum for some or all assertions because of one or all of the following factors: | Controls do not pertain to an assertion Controls are assessed as ineffective Testing the effectiveness of controls is inefficient |
| Reliance Strategy | Obtain understanding of IC Plan to RELY on IC and assess control risk BELOW MAXIMUM |
| The auditor should obtain an understanding of each of the five components of IC in order to plan the audit. This knowledge is used to: | Identify types of potential misstatements Design test of controls and substantive procedures Pinpoint the factors that affect the RMM |
| Obtain an Understanding of Internal Control | Understand the control environment. Entity’s risk assessment process. Information system and communications. Control activities. Monitoring of controls. |
| Documenting the understanding of IC | Procedure manuals and organizational charts IC questionaires Narrative descriptions Flowcharts |
| While the basic concepts of the five components should be present in all entities, they are likely to be less formal in | a small or midsized entity than in a large one. |
| The Limitations of an Entity’s Internal Control | Management Override of IC Human Errors or Mistakes && Collusion |
| Assessing Control Risk | Identify specific controls that will be relied upon. Perform tests of controls Conclude on the achieved level of control risk. |
| Types of Tests of Controls | Inquiry, Inspection of docs, Observation, Reperformance |
| Tests of Controls: The auditor’s assessment of control risk and the basis for the achieved level can be documented using | a structured working paper, an internal control questionnaire, or a memorandum. |
| Timing of Audit Procedures | Interim or Year End |
| Timing of Audit Procedures timeline: | Beginning of yr-1/1/11 5/31/11- Understand the entity & environment & plan audit 7/31/11 & 11/30/11- Conduct interim tests of controls 11/30/11-2/15/12- Conduct substantive tests 12/31/11- Financial stmt date 2/15/12- Issue audit report |
| Interim Tests of Controls | 1.Assertion being tested not significant 2.Control has been effective in prior audits 3.Efficient use of staff time |
| Interim Substantive Procedures | 1.Assertion probably has low control risk 2.May increase the risk of material misstatements 3.Still requires some year end testing |
| Audit accounting applications processed by service orgs: report #1 | Describes the service organization’s controls and assesses whether they are suitably designed to achieve specified internal control objectives. |
| Audit accounting applications processed by service orgs: report #2 | Goes further by testing whether the controls provide reasonable assurance that the related control objectives were achieved during the period. |
| An auditor may reduce CONTROL RISK below the maximum ONLY | on the basis of a service auditor’s report that includes tests of the controls. |
| Material Weakness | is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented, or detected and corrected |
| Significant Deficiency | is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. |
| Data Violation Control: Limit Test | A test to ensure that a numerical value doesnt exceed some predetermined value. |
| Data Violation Control: Range test | A check to ensure that the value in a field falls within an allowable range of values. |
| Data Violation Control: Sequence check | A check to determine if input data are in proper numerical or alphabetical sequence. |
| Data Violation Control: Existence (validity) test | A test of an ID number or code by comparison to a file or table containing valid ID numbers or codes. |
| Data Violation Control: Field Test | A check on a field to ensure that it contains either all numeric or all alphabetic characters. |
| Data Violation Control: Sign test | A check to ensure that the data in a field have the proper arithmetic sign. |
| Data Violation Control: Check-digit verification | A numeric value computed to provide assurance that the original value was not altered. |
| Assertions about classes of transactions/events and related control procedures: Occurrence/Existence | Segregation of duties Prenumbered docs that are accounted for Daily or monthly reconciliation of subsidiary records with independent review |
| Assertions about classes of transactions/events and related control procedures: Completeness | Prenumbered docs that are accounted for segregation of duties Daily or monthly reconciliation of subsidiary records with independent review |
| Assertions about classes of transactions/events and related control procedures: Accuracy | Internal verification of amts and calculations Monthly reconciliation of subsidiary records by an independent person |
| Assertions about classes of transactions/events and related control procedures: Authorization | General and specific authorization of transaction at important control points |
| Assertions about classes of transactions/events and related control procedures: cutoff | Procedures for prompt recording of transactions Internal review and verification |
| Assertions about classes of transactions/events and related control procedures: Classification | Chart of accounts Internal review and verification |
| Develop an understanding of IC by: | Evaluating design of controls Determining if the controls have been implemented |
| Does the auditor intend to rely on controls? YES! | Reliance strategy |
| Does the auditor intend to rely on controls? NO! | Substantive strategy Set CR at MAX |
| Reliance Strategy First: Second: | Plan & perform test of controls next: set control risk based on test of controls |
| Reliance Strategy Third step: Does the achieve level of control risk support the planned level of control risk? YES! | Document level of CR Then: Perform substantive procedures based on level of CR |
| Reliance Strategy Third step: Does the achieve level of control risk support the planned level of control risk? NO! | Revised planned level of substantive procedures Then: doc level of CR Then: Perform substantive procedures based on level of CR |
| Section 404 of the Sarbanes-Oxley Act requires | managements of publicly traded companies to issue an internal control report that explicitly accepts responsibility for establishing and maintaining “adequate” internal control over financial reporting (ICFR). |
| Management must comply with the following in order for its public accounting firm to complete an audit of ICFR. | Accepts responsibility for effectiveness of entity’s ICFR Evaluate effectiveness of entitys ICFR using suitable control criteria Support evaluation w/ evidence:docs Present a written assessment of effectiveness of entitys ICFR as of most recent yr end |
| Auditor Responsibilities under Section 404 and AS5 | The entity’s independent auditor must audit and report on the effectiveness of ICFR. The auditor is required to conduct an integrated audit of the entity’s ICFR and its financial statements. |
| control deficiency exists when | design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis |
| significant deficiency is | a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting. |
| Design Deficiency | Control to meet objectives is missing OR Even if operate as designed, would not work |
| Operation Deficiency | Does not operate appropriately Person performing does not have the proper authority or qualifications to perform |
| A material weakness is | a deficiency, or a combination of deficiencies, in ICFR, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis |
| The auditor must consider two dimensions of the control deficiency: | likelihood (reasonably possible) and magnitude (material, consequential, or inconsequential) |
| Material * Reasonably possible or probable | Material weakness |
| Not material but significant *Reasonably possible or probable | Significant deficiency |
| Not material or significant *Reasonably possible or probable | Control deficiency |
| The auditor must communicate in writing to management and the audit committee all | significant deficiencies and material weaknesses identified during the audit (AS5). |
| Required Communications in an Audit of ICFR | should be made prior to the issuance of the auditor’s report on ICFR. In addition, the auditor should communicate to management, in writing, all control deficiencies identified during the audit and inform the AC when such a communication has been made |
| Most entities use the framework developed by COSO. This framework identifies three primary objectives of internal control: | (1) reliable financial reporting; (2) efficiency and effectiveness of operations; and (3) compliance with laws and regulations. |
| Committee of Sponsoring Organizations of the Treadway Commission: | COSO |
| COSO | volunatry private sector org, established in US, dedicated to providing thought leadership to exec mgmt and governance entities of critical aspects of org governance, business ehtics, IC, ERM and reporting. |
| Management must develop sufficient documentation to support its assessment of the effectiveness of internal control. This documentation may take many forms such as | paper, electronic files, or other media. It also includes policy manuals, job descriptions, flowcharts, and process models. |
| An integrated audit is composed of | the audits of internal control and the financial statements. The control testing impacts the planned substantive procedures. Also, the results of the substantive procedures are considered in the evaluation of internal control. |
| Integrating the Audits of Internal Control and Financial Statements | _____> Test of IC Substantive audit procedures <______ |
| The planning process is similar to the process used for the audit of financial statements. Consider the following: | Risk assessment and the risk of fraud. Scaling the audit. Using the work of others. Materiality. |
| A major consideration for the external auditor is how much work is to be performed by others. In determining the extent to which the auditor may use the work of others, the auditor should: | (1) evaluate nature of the controls subjected to the work of others (2) evaluate competence & objectivity of individuals who performed the work, and (3) test some of the work performed by others to evaluate the quality and effectiveness of their work. |
| As the risk associated with the control being tested increases, | The external auditor should do more of the work. |
| Identifying Significant Accounts | Size &composition of acct Susceptibility to mstmt due to errors/fraud Volume of activity,complexity,&homogeneity of ind trans processed through acct/reflected in disclosure Nature of acct/disclosure Accting &reporting complexities associated w/ acct/d |
| Identifying Significant Accounts | Exposure to losses in the account Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure Existence of related-party trans in acct Changes from prior period in acct/disclosure characteristics |
| Sources of Misstatement | Understand flow of transactions related to the relevant assertions Identify points w/in entity’s processes at which a mstmt could arise that would be material; Identify controls that management has implemented to address these potential misstatements; |
| Test and evaluate operating effectiveness | Nature: Inquiry, Inspection of documents, observation, and reperformance Timing: Interim vs. “as of” date Extent: Consider (1) Nature of the control; (2) Frequency of operation; and (3) Importance of the control. |
| Test the Design and Operating Effectiveness of Controls | Evaluate design Test and evaluate operating effectiveness |
| Remediation is the process of correcting | a material weakness in the ICFR |
| If a material weakness is corrected before the “as of” date, | there must be sufficient time for both management and the auditor to test the operating effectiveness of the control – if not, an adverse opinion is still issued. Must allow time for work. |
| Failure to obtain written representations from management, including management’s refusal to furnish them | constitutes a limitation on the scope of the audit sufficient to preclude an unqualified opinion. |
| the management representations obtained as part of a financial statement audit, | the auditor also obtains written representations from management related to the audit of ICFR. |
| The auditor must properly document the | the processes, procedures, judgments, and results relating to the audit of internal control. |
| When an entity has effective ICFR, the auditor should be able to perform sufficient | testing of controls to assess control risk for all relevant assertions at a LOW LEVEL. |
| The auditor’s documentation of the process, procedures, judgments and results relating to the audit of ICFR should include: | auditor’s understanding & evaluation of design of ICFR Process used to determine points where material mismts could occur Extent the auditor relied upon the work of others Evaluation of any deficiencies discovered; might result in report modification |
| unqualified opinion | the client’s internal control is designed and operating effectively. |
| A serious scope limitation requires the auditor to | disclaim an opinion |
| adverse opinion | is required if a material weakness is identified. |
| Control deficiency type of audit report | Unqualified opinion |
| Significant deficiency type of audit report | Unqualified opinion |
| Material weakness type of audit report | Adverse opinion |
| Seriousness of scope limitation: Minor Effect | Unqualified opinion |
| Seriousness of scope limitation: Severe limitation | Disclaim opinion or withdraw |
| Other Reporting Issues: 1-3 | Management’s report is incomplete or improperly presented. The auditor decides to refer to the report of other auditors. A significant subsequent event has occurred. |
| Other Reporting Issues: 4 & 5 | There is other information contained in management’s report on internal control. There is a remediated material weakness at an interim date. |
| Auditing standards recognize and permit both | statistical and nonstatistical methods of audit sampling. |
| Two technological advances have reduced the number of times auditors need to apply sampling techniques to gather audit evidence: | 1 Development of well-controlled, automated accounting systems. 2 Advent of powerful PC audit software to download and examine client data. |
| Technology will never eliminate the need for auditors to rely on sampling to some degree because: | Many control processes require human involvement. Many testing procedures require the auditor to physically examine an asset. In many cases auditors are required to obtain and evaluate evidence from third parties. |
| Audit Sampling: | The application of audit procedures to less than 100% of items in a population Selected in such a way that the auditor expects the sample to rep the population & thus likely to provide a reasonable basis for conclusions about population Scope Paragraph |
| Sampling Risk: | the element of uncertainty that enters into the auditor’s conclusions anytime sampling is used. There are two types of sampling risk. |
| Risk of incorrect rejection (Type I): | – in a test of internal controls, it is the risk that the sample supports a conclusion that the control is not operating effectively when, in fact, it is operating effectively. (efficiency) |
| In substantive testing (Type I) is | the risk that the sample indicates that the recorded balance is materially misstated when, in fact, it is not |
| Risk of incorrect acceptance (Type II) | – in a test of internal controls, it is the risk that the sample supports a conclusion that the control is operating effectively when, in fact, it is not operating effectively. (effectiveness) |
| In substantive testing (Type II) is | the risk that the sample supports the recorded balance when it is, in fact, materially misstated. |
| Three Important Factors in Determining Sample Size | The desired level of assurance in the results (or confidence level) Acceptable defect rate (or tolerable error), and The historical defect rate (or estimated error). |
| Confidence level is | the complement of sampling risk |
| The auditor may set sampling risk for a particular sampling application at 5 percent, which results in.. | in a confidence level of 95% |
| Once the desired confidence level is established, the sample size is determine largely by | by how much the tolerable error exceeds expected error. Known as: Precision or Allowance for Sampling Risk |
| When a small number of large transactions make up a relatively large % of an account or class of transactions | ..auditors will typically test all the transactions greater than a particular dollar amount. |
| When an account or class of transactions is made up of a few large items,... | the auditor may examine all the items in the account or class of transaction. |
| Highly automated information systems process transactions consistently unless | the system or programs are changed. |
| The auditor may test the general controls over the system and any program changes,.. | but test only a few transactions processed by the IT system. |
| In nonstatistical (or judgmental) sampling, | the auditor does not use statistical techniques to determine sample size, select the sample items, or measure sampling risk. |
| Statistical sampling | uses the laws of probability to compute sample size and evaluate results. The auditor is able to use the most efficient sample size and quantify sampling risk. |
| Auditing standards recognize and permit both | statistical and nonstatistical methods of audit sampling. |
| Attribute Sampling | Used to estimate the proportion of a population that possess a specified characteristic. The most common use of attribute sampling is for tests of controls. |
| Monetary-Unit Sampling: | Monetary-unit sampling uses attribute sampling theory to estimate the dollar amount of misstatement for a class of transactions or an account balance. Substantive Testing. |
| Attribute Sampling | Used to estimate the proportion of a population that possess a specified characteristic. |
| The most common use of attribute sampling is | for test of controls |
| Monetary-unit sampling | uses attribute sampling theory to estimate the dollar amount of misstatement for a class of transactions or an account balance. |
| In conducting a statistical sample for a test of controls, auditing standards require the auditor to properly | plan, perform, and evaluate the sampling application and to adequately document each phase of the sampling applicat |
| Attribute Sampling Applied to Test of Controls | Plan, perform,evaluate, and document. |
| Planning | Determine test obj Define pop characteristics -sampling population -sampling unit -control deviation conditions Determine sample size using: -desired confidence level/risk of incorrect acceptance -tolerable deviation rate -expected pop deviation r |
| The objective of attribute sampling when used for tests of controls is | to evaluate the operating effectiveness of the internal control. |
| Planning: Define the sampling population | All of the items that constitute the class of transactions make up the sampling population. |
| Planning: Define the control deviation conditions | A deviation is a departure from adequate performance of the internal control. |
| Planning: Determine the sample size using: | The desired confidence level or risk of incorrect acceptance |
| The confidence level is.. | the desired level of assurance that the sample results will support a conclusion that the control is functioning effectively. |
| Generally, when the auditor has decided to rely on controls, the confidence level is set at 90% or 95%. this means... | means the auditor is willing to accept a 10% or 5% risk of accepting the control as effective when it is not. |
| The tolerable deviation rate | is the maximum deviation rate from a prescribed control that the auditor is willing to accept and still consider the control effective |
| The expected population deviation rate | is the rate the auditor expects to exist in the population. The larger the expected population deviation rate, the larger the sample size must be, all else equal |
| The population size has little or no effect on the sample size, unless | the population is relatively small, say less than 500 items. |
| Random-Number sample | Every item in the population has the same probability of being selected as every other sampling unit in the population. |
| Systematic- Selection | The auditor determines the sampling interval by dividing the population by the sample size. A starting number is randomly selected in the first interval and every nth item is selected thereafter. |
| Perform the audit procedures: For example, assume a sales invoice should not be prepared unless | there is a related shipping document. If the shipping document is not present a control deviation exist. |
| Voided documents Unused or inapplicable documents | Unless the auditor finds something unusual about either of these items, they should be replaced with a new sample item. |
| Inability to examine a same item | If the auditor is unable to examine a document or to use an alternative procedure to test the control, the sample item is a deviation for purposes of evaluating the sample results. |
| Stopping the test before completion | If a large number of deviations are detected early in the tests of controls, the auditor should consider stopping the test, as soon as it is clear that the results of the test will not support the planned assessed level of control risk. |
| .Calculate the Sample Deviation and Upper Deviation Rates | After completing the audit procedures, the auditor summarizes the deviations for each control tested and evaluates the results. |
| Calculate the Sample Deviation and Upper Deviation Rates: Example | if the auditor discovered two deviations in a sample of 50, the deviation rate in the sample would be 4% (2 ÷ 50). |
| The upper deviation rate | is the sum of the sample deviation rate and an appropriate allowance for sampling risk |
| Supports the planned level of control risk and is reliable | correct decision |
| Supports the planned level of control risk and is NOT reliable | Risk of incorrect acceptance (TypeII) |
| Does not support the planned level of control risk and reliable | Risk of incorrect rejection (Type I) |
| Does NOT Support the planned level of control risk and NOT reliable | Correct Decision |
| Tolerable Dev rate=6% < Computed Upper Dev rate= 8.2% Auditor's Decision: | Does not support reliance on the control. |
| Three important determinants of sample size are | Desired confidence level. Tolerable misstatement. Estimated misstatement. |
| Misstatements discovered in the audit sample must be projected to the population, .. | and there must be an allowance for sampling risk. |
| Ratio of misstatement is | total amt of overstatement observed in audit sample / Book value of items sampled |
| Applying the ratio to the entire population produces | a best estimate of misstatement of inventory. |
| The results of our audit test depend upon | the tolerable misstatement associated with the inventory account |
| MUS | Monetary- Unit Sampling |
| MUS uses attribute-sampling theory to | express a conclusion in dollar amounts rather than as a rate of occurrence. It is commonly used by auditors to test accounts such as accounts receivable, loans receivable, investment securities, and inventory. |
| MUS uses attribute-sampling theory (used primarily to test controls)... | to estimate the percentage of monetary units in a population that might be misstated and then multiplies this percentage by an estimate of how much the dollars are misstated. |
| 1. Determining the test objectives- Sampling may be used for substantive testing to: | Test the reasonableness of assertions about a financial statement amount (i.e., is amount fairly stated). This is the most common use of sampling for substantive testing. Develop an estimate of some amount. |
| 2. Define the population Characteristics: -Define the population for MUS | as the monetary value of an account balance, such as accounts receivable, investment securities, or inventory. |
| 2. Define the population Characteristics: Define the sample unit | An individual dollar represents the unit. |
| 2. Define the population Characteristics: -Define misstatement | the difference between monetary amts in the client's records and amts supported by audit evidence |
| 3. Determine the sample size, using the following inputs: | -Desired confidence level of incorrect acceptance -Tolerable misstatement -Expected population misstatement -Population size |
| Steps in MUS sampling | uses systematic selection approach: probability-proportional-to-size selection Sampling interval can be determined by BV of pop /sample size. Each individual $ in pop has an = chance of being selected& items/ “logical units” > interval will be selected |
| Steps in MUS sampling 5. Perform auditing procedures | After the sample items have been selected, the auditor conducts the planned audit procedures on the logical units containing the selected dollar sampling units. |
| Steps in MUS sampling 6. Calc projected misstatement and upper limit on misstatement | The misstatements detected in the sample must be projected to the population. |
| Steps in MUS sampling 7. Draw Conclusions | the final decision is whether the accounts receivable balance is materially misstated or not. |
| If the upper misstatement limit is less than or equal to the tolerable misstatement, we conclude | that the balance is not materially misstated. |
| In our example: the upper misstatement limit of $150,621 is greater than the tolerable misstatement of $125,000, so the auditor concludes... | that the accounts receivable balance is materially misstated. |
| When faced with this situation: The accounts receivable balance is materially misstated, the auditor may: | Increase the sample size. Perform other substantive procedures. Request the client adjust the accounts receivable balance. If the client refuses to adjust the account balance, the auditor would consider issuing a qualified or an adverse opinion. |
| The items to be tested individually are (Identifying individually significant items) | are items that may contain potential misstatements that individually exceed the tolerable misstatement. These items are tested 100% because the auditor is not willing to accept any sampling risk. |
| ratio projection- | One way of projecting the sampling results to the population is to apply the misstatement ratio in the sample to the population |
| A purchase transaction usually begins with a... | purchase requisition generated by the user department. |
| The purchasing department prepares a... | Purchase Order that is sent to the vendor. |
| When the goods are received or the services rendered, a... | liability is recorded. |
| Last step in the purchasing process | pays the vendor. |
| Purchase Transaction | A/P Inventory Purchase or COGS Various asset and expense accts |
| Cash Disbursement Transaction | Cash A/P Cash Discounts Various asset and exp accts |
| Purchase Return transaction | Purchase returns Purchase allowance A/P Various asset and exp accts |
| Purchase Requisition – | request to purchase goods or services. |
| Purchase Order - | includes description, quality, and quantity or goods or services being purchased. |
| Receiving Report – | records the receipt of goods. |
| Vendor Invoice – | the bill from the vendor |
| Voucher – | serves as the basis for recording a vendor’s invoice. |
| Voucher Register – | used to record vouchers for goods and services. |
| Accounts Payable Subsidiary Ledger – | includes amount owed to individual vendors. |
| Vendor Statement – . | represents the purchase activity with vendor. |
| Check – | pays for goods or services. |
| Check Register – | contains columns to record credits to cash and debits to accounts payable and cash discounts. |
| Requisitioning | initiation and approval of request for goods and services by authorized individuals consistent with management criteria. |
| Purchasing | Approval of purchase orders and proper execution as to price, qty and quality and vendor. |
| Receiving | Receipt of properly authorized goods and services. |
| Invoice processing | processing of vendor invoice for goods and services received; also, processing of adjustments for allowances, discounts and returns. |
| A/P | Recording of all vendor invoices, cash disbursements, and adjustments in individual vendor accounts. |
| General Ledgers | Proper accumulation, classification and summarization of purchases, cash disbursements and payables in G/L. |
| Industry-Related Factors | 1. Is the supply of raw materials adequate ? 2. How volatile are raw material prices ? |
| Major steps in setting the control risk in the purchasing process. | Understanding and documenting the purchasing process based on a reliance strategy. Planning and performing tests of controls of purchase transactions. Setting and documenting the control risk for the purchasing process. |
| For each major class of transactions in the purchasing process, the auditor must obtain the following information: | How purchases, c/d and purch returns are initiated. Records/docs/accts involved in process Flow of transactions from initiation-inclusion; including comp processing Process to est. accrued liabs. |
| After testing controls, the auditor sets the achieved level of control risk. When tests of controls support the planned level of control risk, no modifications are necessary to... | detection risk. & the auditor may proceed with substantive procedures as planned. |
| When tests do not support the planned control risk, | the auditor lowers the level of detection risk leading to more substantive procedures. |
| Occurrence for purchase transactions | all purchases and cash disbursements have been recorded and have occurred and pertain to the entity. |
| Completeness for purch transactions | all purchs and c/ds that should have been recorded have been recorded. |
| Authorization for purch transactions | all purch and c/ds are properly authorized |
| Accuracy for purch transactions | amts relating to recorded purchases and c/ds have been recorded appropriately and properly accumulated from journals and ledgers |
| Cutoff for purch transactions | recorded in correct accounting period |
| Classification for purch transactions | have been recorded in proper account. |
| (Occurrence) The auditor is concerned with a misstatement caused by a cash disbursement being recorded in the client’s record when no payment was made. The primary control procedures to prevent such misstatements include proper: | segregation of duties, independent reconciliation and review of vendor statements, and monthly bank reconciliations. |
| (Completeness) The major audit concern is that a cash disbursement is made but not recorded in the records. In addition to the example control tests discussed for occurrence, the auditor should also account for the: | numerical sequence of checks and reconcile the daily cash disbursements with posting to the accounts payable subsidiary records. |
| (Authorization) Proper segregation of duties reduces the likelihood that unauthorized cash disbursements are made. The individual who approves a purchase... | should not have direct access to the cash disbursement. |
| (Accuracy)One of the major audit concerns is that the payment amount is recorded incorrectly. To detect such an error, client personnel should reconcile the total of the checks issued each day with the | Daily c/d report |
| (Cutoff) The auditor’s tests of controls include reviewing the reconciliation of checks with postings to the cash disbursements journal and A/P subsidiary records. The auditor also tests cash disbursements... to ensure recorded in proper period | before and after year-end |
| (Classification) The auditor is concerned that a cash disbursement may be charged to the wrong general ledger account. The use of: | The chart of accounts, as well as independent approval and review of the account code on the voucher should provide adequate control. |
| Disclosure Items for the Purchasing Process | Payables by type Purchases from & payables to related parties Short& long-term payables Dependence on a vendor/ small# of vendors Longterm purch contracts including any unusual purch commitments costs by reportable segment of business |
| Accounts payable confirmations are used less often than | Accounts receivable confirmations. The auditor is able to examine externally created source documents relating to accounts payable |
| When confirmations are used, they are usually positive and referred to as | Blank Confirmations The vendor is asked to supply balance owed by client. |
| All identified misstatements should be | aggregated. |
| If the likely misstatement is less than the tolerable misstatement, | the auditor has evidence that the account is fairly presented. |
| If the likely misstatement exceeds the tolerable misstatement, | the auditor should conclude that the account is not fairly presented. |
| Revenue is defined as | inflows or other enhancements of assets of an entity or settlements of its liabilities (or a combination of both) from delivery or producing goods, rendering services, or other activities that constitute the entity’s major or central operations. |
| Side agreements - | arrangements used to alter the terms of sales in order to entice customers to accept delivery of goods. |
| Channel Stuffing (trade loading) - | inducing distributors to buy substantially more inventory than they can promptly resell. |
| Related-Party transactions – | special considerations – substance over form |
| Bill and hold sales (parked inventory schemes) | customer agrees to purchase goods but the seller retains physical possession until the customer requests shipments. Unless certain conditions are met, this arrangement doesnt qualify as a sale because delivery has not occurred. |
| Three types of transactions are typically processed through the revenue process: | The sale of goods or rendering of a service for cash or credit. The receipt of cash from the customer in payment for goods or services. The return of goods by the customer for credit or cash. |
| The revenue process affects numerous accounts in the financial statements. The most significant accounts are: | Sales Transactions: Trade A/R, Sales, Allow. for uncollectible accts, BDExp Cash Receipts transactions:Cash, Trade A/R, Cash Discount Sales returns & allowance transactions: Sales return, Sales allowance, trade A/R |
| Customer Sales Order | Contains the details of the type and quantity of products or services ordered by the customer. |
| Credit Approval Form | For credit sales, the client must have a formal procedure for investigating the creditworthiness of the customer. |
| Open-Order Report | A report of all customer orders for which processing has NOT been completed. |
| Shipping Document | This document generally serves as a bill of lading and contains information on the type of product shipped, the quantity shipped, and other relevant information. |
| Sales Invoice | The document is used to bill the customer. This document contains information on the type of product or service, the quantity, the price, and the terms of trade. |
| Sales Journal | Once a sales invoice has been issued, the sale needs to be recorded in the accounting records. The sales journal is used to record information about the sales transaction. |
| Customer Statement | This document is mailed to the customer and contains details of all sales, cash receipts, and credit memorandum transactions. |
| Accounts Receivable Subsidiary Ledger | This ledger contains an account and the details of transactions for each customer. |
| Aged Trial Balance of Accounts Receivable | This report summarizes all the customer balances in the accounts receivable subsidiary ledger. Each account is classified as current or placed into one of several past due categories. |
| Remittance Advice | This is usually the part of the customer’s bill that should be returned with the payment. |
| Cash Receipts Journal | This journal is used to record the cash receipts of the entity. |
| Credit Memorandum | This document is used to record credits for the return of goods by a customer. |
| Write-Off Authorization | This document authorizes the write-off of an uncollectible account receivable. Final authorization is generally received from the treasurer. |
| Order Entry | The initial function in the revenue process is the entry of a new sales order into the system. |
| Credit Authorization | The credit authorization process must determine that the customer is able to pay for the goods or services purchased. Failure to properly authorize credit can lead to extensive bad debts for the entity. |
| Shipping | Goods should not be shipped, nor should services be provided without proper authorization. The main control is payment or proper credit authorization. |
| Billing: The objective of proper billing is | to ensure that all goods shipped and all services rendered are billed to the customer. |
| Cash Receipts: All cash collected must be | properly identified and promptly deposited intact at the bank. |
| Accounts Receivable: All billings, adjustments, and cash collections... | must be properly recorded in the customers’ accounts receivable records. |
| General Ledger: As related to the revenue process, the general ledger function must ensure that... | all revenues, collections, and receivables are properly recorded and classified. |
| The four inherent risk factors that may affect the revenue process are: | Industry-related factors. The complexity and contentiousness of revenue recognition issues. The difficulty of auditing transactions and account balances. Misstatements detected in prior audits. |
| Substantive analytical procedures are used to examine plausible relationships among | accounts receivable and related accounts. |
| Tests of details focus on: | transactions, account balances, or disclosures. |
| Tests of details concentrate on: | the ending balance for accounts receivable and related accounts as well as related disclosures. |
| Ratios used for comparative purposes include: | Receivables turnover and days outstanding in A/R. Aging categories on aged trial balance of A/R. BDExp as a % of revenue Allowance for uncollectible accounts as a % of A/R / credit sales. Large acct balances compared to last period. |
| Control Risk Assessment Process: | Understand and document the revenue process based on a reliance approach. Next,Plan and perform tests of controls on revenue transactions. Last, Set and document the control risk for the revenue process. |
| Control Environment | Understanding the control environment is generally completed on an overall entity basis. |
| The Entity’s Risk Assessment Process | The auditor must understand how management considers risks that are relevant to the revenue process. The auditor should estimate the significance of the risk and assess the likelihood of occurrence. |
| Auditor’s knowledge | Process by which sales, cash receipts, & credit memoranda are initiated. The flow of each transaction from initiation- inclusion in stmts. Accting records, supporting documents, & accts that are involved. Process to prepare ests for BD & sales returns. |
| The auditor systematically examines the client’s revenue process to... | identify relevant controls that help to prevent, or detect and correct, material misstatements |
| Sales returns and allowances is usually not a material amount in the financial statements. However, credit memoranda that are used to process sales returns can also be used to cover.. | an unauthorized shipment of goods or conceal a misappropriation of cash. As a result, all credit memoranda should be properly authorized. |
| If the results of the tests of controls SUPPORT the planned level of control risk, | the auditor conducts the PLANNED level of substantive procedures for the account balances |
| The level of control risk for the revenue process can be set using either: | quantitative amounts or qualitative terms such as “low,” “medium,” or “high.” |
| The auditor is concerned about two major types of material misstatements: | 1. Sales to fictitious customers. 2. Recording revenue when goods have not been shipped or services have not been performed. |
| The auditor needs assurance that all recorded revenue transactions are ___. | VALID |
| The possible misstatement that concerns the auditor when considering the occurrence assertion is... | that cash receipts are recorded but not deposited in the client’s bank account. |
| Existence is one of the more important assertions for accounts receivable because.. | the auditor wants assurance that this account balance is not overstated through the inclusion of fictitious customer accounts or amounts. |
| What is the primary procedure to test Existence of A/R | Confirmation is the major audit procedure used for testing this assertion. |
| The auditor must determine that all A/R are owned by the entity. This is usually not a problem, however, in some cases, accounts receivable may be... | sold or factored with or without recourse. |
| ____is the process of obtaining information from third parties about the account receivable balance | Confirmation |
| Confirmation is a good source of evidence about the... | existence of the A/R. |
| The confirmation process should be... | controlled by the auditor. |
| Omitting Confirmations | A/R are immaterial. The use of confirmations would not be effective. IR and CR are assessed “low” and evidence gathered from other substantive tests is sufficient to reduce AR to an acceptably low level. |
| Positive Confirmation | Requests that customers indicate whether they agree with the amount due to the client. A response is expected whether the customer agrees or disagrees with the balance indicated. |
| Negative Confirmation | Requests that the customer respond only when they disagree with the amount due to the client. Negative confirmations are used when the client has many small account balances and control risk is assessed as low. |
| Accounts receivable may be confirmed at (timing) | interim or year-end. |
| The confirmation request should be sent soon after the end of the accounting period in order to | maximize the response rate. |
| The auditor should mail the confirmation requests.. | outside the client's facilities. a record should be kept of mailed and returned confirmations. |
| When the auditor does not receive responses to positive confirmations, alternative audit procedures are used. These alternative procedures include: | 1. Examination of subsequent cash receipts. 2. Examination of customer orders, shipping documents, and duplicate sales invoices. 3. Examination of other client documentation. |
| The major misstatement that concerns both management and the auditor is... | that goods are shipped or services are performed and no revenue is recognized. |
| Controls concerning completeness include: | 1) accounting for numerical sequence of shipping documents and sales invoices (2) matching shipping documents with sales invoices (3) reconciling sales invoices to daily sales reports (4) maintaining and reviewing the open-order file |
| A major misstatement is that cash or checks are stolen or lost before being recorded.. | in the cash receipts records. |
| strong controls relating to completeness are | Proper segregation of duties and a lockbox system. |
| Terms of trade are | 2/10, n/30 include discount for early pmts. encouraging customers to pay on time. |
| The auditor’s primary concern is whether all accounts receivable have been... | included in the accounts receivable subsidiary ledger and the general ledger accounts receivable account. |
| Reconciliation of the aged trial balance to the general ledger account should detect... | an omission of a receivable from either the subsidiary or general ledger. |
| Possible misstatements due to improper authorization include: | shipping goods to, or performing services for, customers who are bad credit risks and making sales at unauthorized prices or terms. |
| The presence of an authorized price list and terms of trade reduces... | the risk of inaccuracies. The sales invoice should also be verified for mathematical accuracy before being sent to the customer. |
| The wrong amount of cash could be recorded from the remittance advice, or the receipt could be incorrectly processed during data entry. To minimize these types of errors: | daily remittance reports should be reconciled to a control listing of remittance advices. All bank statements should be reconciled monthly. |
| Sales may be recorded in the wrong accounting period unless | proper controls are in place. |
| All shipping documents should be forwarded to... | the billing department daily. |
| The use of a chart of accounts & proper codes for recording transactions should provide adequate assurance about the... | proper classification of revenue transactions. |
| The cutoff test attempts to determine whether all revenue transactions and related accounts receivable are... | record in the proper period. |
| If the client uses a lockbox system or if cash is deposited daily in the bank, | there is a small possibility of cash being recorded in the wrong accounting period. |
| The auditor seldom has major concerns about cash receipts being.. | recorded in the wrong financial stmt acct. |
| Accounts receivable should be shown on the balance sheet at | net realizable value (gross amt - allowance for uncollectible accts) |
| The auditor must verify the adequacy of the allowance for uncollectible accounts. The first step is to prepare | aged trial balance and compare with last year's results. |
| The major issues related to presentation, disclosure, and classification are: | Identifying and reclassifying any material credits contained in A/R. Segregating short-term and long-term receivables. Ensuring that different types of receivables are properly classified. |
| When the auditor has completed the planned substantive procedures, the likely misstatement | (projected misstatement plus an allowance for sampling risk) for A/R is determined. |
| Likely misstatement less than tolerable misstatement | Accept the account as fairly presented. |
| Likely misstatement greater than tolerable misstatement | Account is NOT fairly presented. |
| Top down, risk-based approach to the audit of ICFR in their proper order: | Identify entity controls Identify significant accts and disclosures and their relevant assertions Understand likely sources of misstatements Select controls to test |
| All of the following controls may address the risk of fraud and management override: | Controls over related-party transactions. Controls over period-end adjusting entries. Controls related to significant management estimates. |
| Walkthrough | extensively review a business process or activity. To confirm if a documented process is in use and is accurately reflecting workflow. |
| Suppose a client works in the oil industry, where there is always some risk of environmental damage. The auditor should obtain sufficient knowledge about the how the client manages environmental risks, because environmental accidents can result in | costly litigation against the entity. |
| SOX as implemented by AS 5 requires public company auditors to test and report on the | design and effectiveness of ICFR. |
| because of one of the following: -implemented controls don't pertain to assertion -implemented controls are assessed as ineffective -testing the operating effectiveness of controls would be inefficient | Substantive Strategy |
Created by:
edoyle1011