Audit Test 2
Terms
undefined, object
copy deck
- SOX 404
- The audit of internal control over financial reporting
- Management responsibilities under SOX 404
- 1. Management must issue an internal control report that explicitly accepts responsiblity for establishing and maintaining adequate internal control over financial reporting. 2. Also, they must issue an assertion as to whether internal control over financial reporting is effective as of year end.
- Auditor responsibilities under SOX 404
- 1. Report on management's assertion about the effectiveneess of internal control.
- Definition of internal control over financial reporting.
- A process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements.
- Company-level controls
- Controls that can have a pervasive effect on the entity's ability to meet the control criteria selected by management. For example: controls to monitor the results of operations, management's risk assessment porcess, the period-end financial reporting process.
- Control deficiency
- a contorl whether by design or operation that does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
- Material weakness
- A significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected.
- Relevant assertions
- assertions that have a meaningful bearing on whether the accoutn is fairly stated.
- Safeguarding of assets
- those policies and procedures that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.
- Significant account
- an account that has more than a remote likelihood of containing misstatements that individually or when aggregated with others, could have a material effect on the financial statements.
- Significant deficiency
- A control deficiency, or combination of control deficiencies, that adversely affects the entity's ability to initiate, authorize, record, process, or report external financial data reliably in accordance with GAAP such that there more than a remote likelihood that a misstatemtn of the entity's annual or interim financial statements that is more than inconsequential will not be prevented or detected.
- Walkthrough
- a transaction being traced by an auditor from origination through the entity's financial reports.
- The steps in the auditor’s process for an audit of internal control over financial reporting are:
-
1. Plan the engagement
2. Evaluate management’s assessment process
3. Obtain and document an understanding of internal control
4. Evaluate the design effectiveness of internal control
5. Test and evaluate the operating effectiveness of internal control
6. Form an opinion on the effectiveness of internal control - At least significant deficiencies and strong indicators of material weakness
-
1. Restatement of previously issued financial statements to reflect the correction of a misstatement
2. Identification by the auditor of a material misstatement in financial statements in the current period that was not initially identified by the company’s internal control over financial reporting
3. Oversight of the company’s external financial reporting and internal control over financial reporting by the company’s audit committee is ineffective
4. The internal audit function or the risk assessment function is ineffective at a company for which such a function needs to be effective for the company to have an effective monitoring or risk assessment component.
5. An ineffective regulatory compliance function
6. Identification of fraud of any magnitude on the part of senior management
7. Significant deficiencies that have been communicated to management and the audit committee remain uncorrected after some reasonable period of time
8. An ineffective control environment. - Design effectiveness of controls
- controls are effectively designed when they prevent or detect errors or fraud that could result in material misstatements in the financial statements.
- Operating effectiveness of controls
- the control is operating as designed and the person performing the control possesses the necessary authority and qualifications to perform the control effectively.
- Unqualified opinion
- If within the controls there are inconsequential deficiencies or significant deficiencies and any scope limitation is not intentional or has no serious effect, an unqualified opinion can be issued.
- Qualified opinion
- If a scope limitation is management imposed and/or has more than a minor effect, a qualified opinion is issued.
- Adverse opinion
- If there is a material weakness in the controls, an adverse opinion is issued.
- Disclaim opinion or withdraw
- If a scope limitation is management imposed and/or has more than a minor effect, an auditor may also issue a disclaim opinion or withdraw depending on the severity of the limitation.
- Integrated audit
- the audits of internal control over financial reporting and of financial statements
- Effect of the audit of internal control on the financial statment audit
- the integrated audit will in most cases lead to a reliance audit strategy.
- Effect of the audit of the financial statements on the audit of internal control
- the absence of misstatements is not permitted as evidence that controls are effective by the PCAOB.
- Analytical procedures
- evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data.
- Application controls
- controls that apply to the processing of specific computer applications and are part of the computer programs used in the accounting system.
- Confirmation
- the process of obtaining and evaluating direct communication from a third party in response to a request for information about a particular item affecting financial statement assertions.
- General controls
- controls that relate to the overall information processing environment and have a pervasive effect on the entity's computer operations.
- Lapping
- The process of covering a cash shortage by applying cash from one customer's accounts receivable against another customer's accounts receivable.
- Negative confirmation
- A confirmation request to which the recipient responds only if the amount or information stated is incorrect
- Positive confirmation
- a confirmation request to which the recipient responds whether or not he or she agrees with the amount or information stated.
- Reliance strategy
- The auditor's decision to rely on the entity's conrols, test those controls, and redue the direct tests of the financial statement accounts.
- When is revenue earned?
- Revenue is earned when an entity has substantially completed the earning process, which generally means a product has been delivered or a service has been provided.
- When is revenue realized?
- Revenue is realized when a product or service is exchanged for cash, a promise to pay cash, or other assets that can be converted into cash.
- 4 criteria for revenue recognition:
-
1. Persuasive evidence of an arrangement exists.
2. Delivery has occurred or services have been rendered.
3. The seller's price to the buyer is fixed or determinable.
4. Collectibility is reasonably assured. - Three types of transactions processed by the revenue process:
-
1. The sale of goods or rendering of a service for cash or credit.
2. The receipt of cash from the customer in payment for the goods or services.
3. The return of goods by the customer for credit or cash. - The major functions of the revenue process
- Order entry, credit authorization, shipping, billing, cash receipts, accounts receivable, general ledger.
- Key segregation of duties in the revenue cycle
-
1. The credit function should be segregated from teh billing function (prevents sales to customers who are not creditworthy)
2. The shipping function should be segregated from teh billing function (prevents unauthorized shipments and assures billing of shipments.)
3. The A/R function should be segregated fro the general ledger function (prevents individual from concealing unauthorized shipments).
4. Cash receipts function should be segregated from teh A/R function (prevents theft of cash) - Inherent risk factors of the revenue process:
-
1. Industry-related factors
2. The complexity and contentiousness of revenue recognition issues.
3. The difficulty of auditing transactions and account balances.
4. Misstatements detected in prior audits. - Audit sampling
- the application of an audit procedure to less than 100 percent of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class.
- Sampling risk
- the possibliity that the sample drawn is not representative of the population.
- Type I error
- Risk of incorrect rejection. Relates to the effeciency of the audit.
- Type II error
- Risk of incorrect acceptance. Relates to the effectiveness of the audit.
- Precision
- relates to how close a sample estimate is to the population characteristic being estimated, given a specificed sampling risk.
- Nonstatistical versus Statistical sampling
-
Nonstatistical (or judgement) sampling - the auditor does not use statistical techniques to determine sample size, select the sample, and/or measure sampling risk when evaluating results.
Statistical Sampling - uses the laws of probability to compute sample size and evaluate the sample results, thereby permitting the auditor to the most efficient sample siize and to quantify the sampling risk for the purpose of reaching a statistical conclusion about the population. - Major advantages of statistical sampling
-
Helps an auditor:
1. Design an efficient sample.
2. Measure the sufficiency of evidence obtained.
3. Quantify sampling risk - Attribute sampling
- used to estimate the porportion of a population that possesses a specified characteristic. The most common use is for tests of controls.
- Blank or zero-balance confirmation
- a confirmation request on which the recipient fills in the amount or furnishes the information requested.
- Three types of transaction processed through the purchasing process
-
1. Purchase of goods and services for cash or credit
2. Payment of the liabilities arising from such purchases.
3. Return of goods to suppliers for cash or credit. - Major functions of the purchasing process
- Requisitioning, purchasing, receiving, invoice processing, disbursements, accounts payable, general ledger.
- Key segregation of duties in the purchasing process
-
1. purchasing function should be segregated from teh requisitioning and receiving functions (prevents fictitious or unauthorized purchases)
2. The invoice-processing function should be segregated from the A/P function
3. The disbursement function should be segregated from teh A/P function
4. The A/P function should be separated from the general ledger function. - Inherent Risk assessment of purchasing process
-
1. whether the supply of raw materials is adequate
2. how volatile raw material prices are.
3. misstatements in prior audits.