| QuestionAnswer What is a requirement of management of a public company relating to internal control? accept responsibility for the effectiveness of internal control For purposes of an audit of internal control performed under PCAOB standards, a significant deficiency is a control deficiency that: must be communicated to those responsible for oversight of the company's financial reporting For purposes of an audit of internal control performed under PCAOB standards, what has at least a reasonable possibility of resulting in a material misstatement? material weakness A procedure that involves tracing a transaction from its origination through the company's information systems is referred to as walkthrough when performing an audit of internal control for a public company, an auditor will consider what type of controls? preventive and detective Ordinarily the work of internal auditors and others is used primarily in low risk areas A control that reduces the risk than an existing or potential control weakness will result in a failure to meet a control objective is referred to as a compensating control when performing an integrated audit under requirements of the PCAOB, what is correct relating to reporting on internal control and the financial statements? either separate reports or a combined report may be issued An uncorrected material weakness in internal control is most likely to result in what type of opinion? adverse A material weakness correctly shortly after year end but prior to issuance of the financial statements is most likely to result in what type of opinion? adverse Section 404a requires that each annual report filed with the SEC include an internal control report prepared by management Management must acknowledge its responsibility for establishing and maintaining adequate internal control Management must prove an assessment of internal control effectiveness as of the end of the most recent year Section 404b requires the CPA firm to audit internal control and express an opinion on the effectiveness of internal control The Dodd-Frank Act, passed July 21, 2010 exempts small public companies less than 75 mill in market from having to obtain an audit report on the effectiveness of internal control over financial reporting Management's internal control report must state that it is management's responsibility to establish and maintain adequate internal control Management's internal control report must identify management's framework for evaluating internal control Management's internal control report must include management's assessment of the effectiveness of the company's internal control over financial reporting as of the most recent fiscal period, including a statement about if it is effective Management's internal control report must include a statement that the company's auditors have issued an attestation report on management's assessment The company must assess and evaluate internal control itself which do not include the CPA firm auditing its internal control system Management's framework used for evaluating internal control is generally the: Internal Control Integrated Framework created by COSO Management's assessment and evaluation process consists of: establishing or identifying controls and testing their design and operating effectiveness control deficiency when the design or operation of a control does not allow management or employees in the normal course of performing their functions to prevent or detect misstatements significant deficiency a control deficiency or combination of control deficiencies that is less severe than a material weakness material weakness there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected you own Wobble Inc., which manufactures wooden tables. You need to hire an accountant to prepare your MONTHLY financial statements. The service most likely to be appropriate for you is: a compilation What is most likely to be a greater concern on the audit of personal financial statements than on an audit of a corporation? completeness a compilation report is NOT required when compiled financial statements are expected to be used by: management only What should NOT be included in an accountant's standard report based on the compilation of a client's financial statements? The accountant expresses only limited assurance on the financial statements What is most likely to be used in a review engagement? comparison of the total of the current year equipment to the prior year total What represents the highest to lowest level of assurance provided by auditors in the performance of engagements? audit, review, compilation What type of assurance is provided by an auditor in conjunction with a review? limited What is NOT a special purpose financial reporting framework? GAAP basis Independence is required in which types of CPA engagements? review A comfort letter is typically sent to whom and for what reason? The underwriters of a company's securities to assist them in their reasonable investigation of a registration statement. Audit reports on financial statements prepared following what basis are most likely to include a restriction on use? contractual basis Review of financial statements of public companies must follow PCAOB standard public companies are required to have quarterly financial statements reviewed and filed with Form 10Q to the SEC The review of public companies has to be done every quarter by the auditor that audits financial statements A review provides a lower level of assurance than an audit A review consists of obtaining an understanding of the client's business and internal control, performing review procedures, and communicating results through a review report Review procedures consists of inquiries and analytical procedures Auditor generally concludes that we are not aware of any material modifications that should be made to the financial statements for them to conform with GAAP In the review of a public company the auditor must be independent In the review of a public company the auditor must disclaim an opinion The audit firm that performs a review of the public company must perform the annual audit Accounting and review services for nonpublic entities consists of compilation and review engagements Guidance for performing review and compilation services of nonpublic companies Statements on Standards for Accounting and Review Services nature of review engagements for nonpublic companies auditor provides limited assurance that no material modifications should be made to the financial statements for them to conform to GAAP. review procedures of review engagements for nonpublic companies perform analytical procedures, made inquiries of mgmt, obtain letter of rep from mgmt, perform other procedures considered necessary accountant must be independent to issue a review report for nonpublic company The review report of a nonpublic company must include a disclaimer of opinion departures from GAAP must be disclosed in report importance of engagement letter so that client understands its not an audit each page of financial statement includes a caption: "see accountant's review report" engagement letters are required for public and nonpublic Nature of compilation engagements involves the preparation of financial statements from the accounting records and other representations of the client The accountant does not have to be independent to perform compilation but if not they must state so in the last paragraph of the report The compilation report must include a disclaimer of opinion or any other form of assurance Compilation engagement is the lowest level of service recommended to be provided for a client Each page of financial statements include a caption for compilation reports stating: "see accountant's compilation report" accountants reports on comparative statements should update report on prior year review report if also reviewed If a lower level service performed on different comparative statements, should reissue report on prior year's financial statements or include a reference to prior year's report in current year's report Independence is required in these types of reports audit and SSARS review Report provides reasonable assurance in these types of reports audits Report provides negative (limited) assurance in these types of reports SSARS review Consists primarily of inquiries and analytical procedures in these types of reports SSARS review these reports are only performed on financial statements of nonpublic companies SSARS review and compilation these types of reports state that mgmt is responsible for the preparation and fair presentation of the financial statements audit, SSARS review, and compilation these reports provide no explicit assurance compilations these reports require performance of analytical procedures audits and SSARS review these reports state that financial statements were prepared on a basis consistent with the preceding year none these reports require a report modification for substantial doubt about going concern status or uncertainties audits these reports require a report modification for departures from GAAP audits, SSARS review, compilations these reports require a report modification for lack of consistency audits these reports require an understanding of internal control audits lack of independence is permitted in this kind of report compilation must have understanding of accounting principles used in client's industry for these types of reports audits, SSARS reviews, compilations these reports may result in a qualified or adverse opinion audit must corroborate management's response to inquiries for this report audit When an accountant is not independent with respect to an entity, what type of compilation reports may be issued? a compilation report with special wording that notes the accountant's lack of independence may be issued What representation does an accountant make implicitly when issuing the standard report for the compilation of a nonissuer's financial statements the accountant is independent with respect to the entity An accountant's compilation report should be dated as of the date of completion of the compilation What should not be included in an accountant's standard report based upon the compilation of an entity's financial statements? a statement that the accountant does not express an opinion but provides only limited assurance on the statements. Each page of the financial statements compiled and reported on by an accountant should include a reference such as: see accountant's compilation report An accountant's standard report on a review of the financial statements of a nonissuer should state that the accountant is not aware of any material modifications that should be made to the financial statements for them to conform with GAAP What is never included in an accountants report based upon a review of the financial statements of a nonissuer? a statement that the review was in accordance with GAAS Each page of a nonissuer's financial statements reviewed by an accountant should include the following reference: see independent accountant's review report The objective of a review interim financial information of an issuer is to provide an accountant with a basis for reporting whether material modifications should be made to conform with GAAP Auditors of issuers are often requested to report on interim financial statements. A review of interim financial information consists primarily of: inquiries and analytical procedures a modification of the accountant's report on a review of interim financial info of an issuer is necessitated by what? inadequate disclosure What types of services may be performed by CPAs with respect to the financial statements of nonpublic companies? may perform a compilation, a review, or an audit How does a review of the financial statements of a nonpublic company differ from an audit? a review does not involve a consideration of internal control, tests of the accounting records, or obtaining corroborating evidence, which are performed in an audit What is not typically performed when the auditors are performing a review of client financial statements? Confirmation of accounts receivable What must be obtained in a review of a nonpublic company? engagement letter and representation letter A CPA who is not independent may perform what services for a nonpublic company? compilation When performing a review of a nonpublic company, what is least likely to be included in auditor inquiries of management members with responsibility for financial and accounting matters? communications with related parties The proper report by an auditor relating to summarized financial statements includes: an opinion on whether the summarized information is fairly stated in all material respects in relation to the basic financial statements concerning interim quarterly financial statements, management of public companies: must engage CPAs to review the statements A proper compilation report on financial that omit note disclosures: indicates that management has omitted such information What forms of accountant associations always leads to a report intended solely for certain specified parties? agreed upon procedures What assertion is generally most difficult to attest to with respect to personal financial reporting framework? the cash basis of accounting In which report should a CPA not express negative (limited) assurance? a standard compilation report on financial statements for a nonpublic entity Comfort letters to underwriters are normally signed by the: independent auditor source required for an annual review of the financial statements of a nonpublic company Accounting and Review Services Committee Statements on Standards for Accounting and Review Services a quarterly review of the financial statements of a nonpublic company that has an annual audit auditing standards board statements on auditing standards a quarterly review of the financial statements of a public company PCAOB auditing standards an audit of the financial statements of a nonpublic company auditing standards board statements on auditing standards a compilation on the financial statements of a nonpublic company accounting and review services committee statements on standards for accounting and review services a quarterly review on the financial statements of a nonpublic company that annually has a review of its financial statements. accounting and review services committee statements on standards for accounting and review services a letter to an underwriter of a public company PCAOB auditing standards a report on summary financial statements of a nonpublic company auditing standards board statements on auditing standards an audit of a public company PCAOB auditing standards Institution of Internal Auditing founded in 1941 and is the primary organization supporting the field of internal auditing IIA administers the Certified Internal Auditor Program Foreign Corrupt Practices Act of 1977 requires public companies to establish and maintain effective internal control, responsible for helping companies comply with these acts and make sure effective, public companies comply with monitoring component of IC 1987 Report of the National Commission on Fraudulent Financial Reporting provided recommendations about preventing fraudulent financial reporting, suggested that public companies establish an internal auditing function, objectively positioning IC within org and establishing effective reporting relationship b/w director & AC Report of the Blue Ribbon Committee on Audit Effectiveness of 1998 stated that appropriate oversight of the financial integrity and accountability of public companies should be viewed as 3 legged stool- one leg of which is mgmt and internal audit Passage of the Sarbanes Oxely Act of 2002 prohibits CPA firms from providing internal and external services for SEC clients, external may use work of internal, internal used to help document and test controls to support mgmt assertion a/b effectiveness of IC over financial reporting Internal auditing an independent, objective assurance and consulting activity designed to add value and improve an org's operations, helps org by evaluating and improving the effectiveness of risk mgmt, control, and governance processes operational auditing evaluates performance as measured by mgmt objectives. focuses on efficiency, effectiveness, and economy of operations Internal auditors are employees of the organization and thus cannot have perceived independence of external auditor Internal auditors must maintain an impartial, objective attitude and avoid conditions that threaten carrying out work in an unbiased manner External auditor must be independent in fact and appearance responsibility of internal auditors to detect fraud have sufficient knowledge of fraud to be able to identify indicators that fraud may have been committed, be alert to opportunities such as control weaknesses, that could allow fraud. responsibility of external auditors to detect fraud to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatements, assess risk of material misstatement that may be caused by fraud, professional skepticism and due care Scope of activities of an internal auditing program reviewing and evaluating all types of internal controls, evaluating the organizations risk assessment processes, making recommendations regarding the org's system of governance, and performing other assurance and consulting services What have been the principal factors responsible for the rapid expansion of internal audit programs within companies? operational controls became more important, and the scope of the internal auditor's work expanded to include evaluating and testing financial and operational controls When the internal auditing department has sufficient organizational status, the director reports to a level of management that would not inappropriately influence the scope of the internal auditor's work on their reported findings requirements for becoming a CIA have a bachelor's degree, completion of 4 part exam, 2 years work experience in internal auditing, then continuing education In a financial statement audit, the auditors obtain sufficient competent evidential matter to express an opinion on the org's financial position, results of operations, and cash flows Operational audits focus on efficiency, effectiveness, and economy of an org or of a segment of the org Benefits of an internal audit department's program to educate auditees and other parties about the nature and purpose of internal auditing obtain more cooperation, ensure consideration and implementation of their recommendations, obtain support of top mgmt, gain acceptance by external auditors, work effectively w/ audit committee Financial auditing involves tests of the accuracy and reliability of financial info Operational auditing includes evaluating the effectiveness, efficiency, and economy of an org Compliance auditing involves testing for an organization's compliance with various laws and regulations Internal auditing can best be described as: a control function The independence of the internal auditing department will most likely be assured if it reports to the audit committee of the BOD When performing an operational audit, the purpose of a preliminary survey is to: Identify areas that should be included in the audit program Operational auditing is primarily oriented toward: future improvements to accomplish the goals of mgmt The organization that administers the CIA program is the: The Institute of Internal Auditors The proper organization role of internal auditing is to: serve as an independent objective assurance and consulting activity that adds value to operations Internal auditing is a dynamic profession. What best describes the scope of internal auditing as it has developed to date? Internal auditing has evolved to evaluating all risk mgmt, control, and governance processes A major reason for establishing an internal audit activity is to: Evaluate and improve the effectiveness of control processes An audit committee of an organization is being established. What is most likely a responsibility of the committee with regard to the internal audit activity? Approval of the selection and dismissal of the chief audit executive Independence of the internal auditors would be least likely if internal auditors reported to the: controller In performing an operational audit, internal auditors are most likely to focus upon these attributes operations of the business, including efficiency, effectiveness, internal control, and others The primary difference between an operational audit and a compliance audit is what? an operational audit focuses on business efficiencies and effectiveness, while a compliance audit focuses on whether laws and other requirements are being followed The enactment of large federal government financial programs increased the demand for what type of audit? compliance What is the final step that should be undertaken in an operational audit? follow up procedures to determine if recommendations have been implemented Which standards of professional practice for internal auditors does not have a similar standard in the GAAS for independent auditors? scope of work What is not a report that external auditors would issue with respect of an audit based upon Governmental Auditing Standards? an operational report Which report is most likely to result from an audit in conformity with government auditing standards? internal control over financial reporting batch processing input data are gathered and processed periodically in discrete groups online capabilities users have direct access to data stored in the system database system separate application files are replaced with integrated databases that are shared by many users and application programs computer networks the electronic transmission of info between computers end user computing the user departments are responsible for the development and execution of certain computer applications General control activities in an EDP environment apply to all computer applications. include: developing or customizing new programs and systems, changing existing programs and systems, access to programs and data, computer operations application control activities relate to only a specific application such as prep of payroll, consist of programmed control activities and manual follow up activities programmed control activities are concerned with input controls and processing controls manual follow up activities consists of review and analysis of outputs that have been generated in the form of exception reports hash total total of one field of info for all items in a batch, used in the same manner as a control total testing general control activities inquiries of personnel, review documentation of changes, observe seg of duties, test operation controls general control activities is used to describe controls that apply to all or many IT systems in an organization General control activities include controls over the: development of programs and systems, controls over changes to programs and systems, controls over computer operations, and controls over access to programs and data Application control activities are controls that apply to specific computer accounting tasks such as the updating of accounts receivable Application control activities includes: programmed controls embedded in computer programs and manual follow up activities consisting of follow up procedures on computer exception reports Record counts totals that indicate the number of documents or transactions processed, compared with totals determined before processing Purpose of record count control is to compare the computer developed totals with the predetermined totals to detect the loss or omission of transactions or records during processing Limit test control compares the result of computer processing against a min or max amount validity test involves comparison of data against a master file or table for accuracy The purpose of validity tests is to determine that only legitimate data is processed Hash totals are sums of data that would not ordinarily be added, added before processing for later comparison with total of the same items accumulated by the computer purpose of the hash total control is to provide assurance that all and only authorized records were processed Advantage of using an integrated test facility allows continuous testing of the system, test data processed with actual data ensuring that the programs tested are the same as those actually used to process transactions Disadvantage of ITF possibility that personnel may manipulate real data using the test system, risk that the client's real financial records may be contaminated with the test data What controls should the company maintain to ensure the accuracy of processing done by a service center? should establish controls to test the accuracy of the center's activities, developed for input transactions and later reconciled to the center's output, test a sample of the computations performed by the service center's computer How do auditors assess internal control over applications processed for an audit client by a service center? visit the center to consider the center's internal control What is a service auditors report on the processing of transactions by a service organization? service centers engage their own auditors to review their processing controls and provide a report for the users of a center and users' auditors. these reports are known as service auditors' reports What two types of reports are provided by service auditors? may provide a report on management's description and design of its controls (Type 1) or that plus operating effectiveness (Type 2) How do user auditors use each type of report? Type 1 proves an understanding of the prescribed controls at the service center, provides no basis for reliance on service center controls. type 2 provide basis to reduce assessments of control risk LAN is the abbreviation for local area network End user computing is most likely to occur on what type of computer? personal computer When erroneous data are detected by computer program controls, data may be excluded from processing and printed on an exception report. The exception report should probably be reviewed and followed up by the: Supervisor of IT operations An accounts payable program posted a payable to a vendor not included in the online vendor master file. A control which would prevent this error is a: validity check When an online real time IT processing system is in use, internal control can be strengthened by: making a validity check of an identification number before a user can obtain access to the computer files The auditors would most likely be concerned with what control in a distributed data processing system? access controls The auditors would be least likely to use software to: assess computer control risk Auditors often make use of computer programs that perform routine processing functions such as sorting and merging. These programs are made available by IT companies and other and are referred to as: utility programs What is least likely to be considered by the auditors considering engagement of an info technology specialist on an audit? number of financial institutions at which the client has accounts What is an advantage of generalized audit software package? They can be used for audits of clients that use differing computing equipment and file formats The increased presence of user operated computers in the workplace has resulted in an increasing number of persons having access to the system. A control that is often used to prevent unauthorized access to sensitive programs is: user identification passwords An auditor will use the computer test data method in order to gain assurances with respect to the: controls contained within a program Auditing by manually testing the input and output of a computer system auditing around the computer Dummy transactions developed by the auditor and processed by the client's computer programs, generally for a batch processing system test data Fictitious and real transactions are processed together without the client's operating personnel knowing the testing process integrated test facility may include a simulated division or subsidiary in the accounting system with the purpose of running fictitious transactions through it integrated test facility the auditors use generalized audit software to perform processing functions essentially equivalent to those of the client's programs parallel simulation The operational responsibility for the accuracy and completeness of computer based info should be placed on which group? users The purpose of input controls is to ensure the completeness, accuracy, and validity of input When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an error report. This error report should be reviewed and followed up by the: data control group The major purpose of the auditor's study and evaluation of the company's computer processing operations is to: evaluate the reliability and integrity of financial information For audit reliance to be placed on the results of processing in an application system, the auditor should be reasonably satisfied that the system is functioning properly Tests of controls in an advanced computer system: can be performed using actual transactions or simulated transactions After gaining an understanding of a client's cpu processing internal control, a financial statement auditor may decide not to test the effectiveness of the cpu processing control procedures. What is not a valid reason to omit this? The controls appear effective enough to support a reduced level of control risk Auditing through the computer is required when: processing is primarily online and updating is real time when an auditor tests a computerized accounting system, what is true of the test data approach? Test data are processed by the client's computer programs under the auditor's control Parallel simulation is an appropriate audit approach for: calculating amount for declining balance depreciation charges An auditor is least likely to use computer software to assess computer control risk A primary advantage of using generalized audit software packages in auditing the financial statements of a client that uses a computer system is that the auditor may: access info stored on computer files without a complete understanding of the client's hardware and software features. Limitation on the use of generalized audit software can only be used on hardware with compatible operating system Auditors often make use of computer programs that perform routine processing functions, such as sorting and merging. These programs are made available by computer companies and others and are specifically referred to as: utility programs Application control objectives do not normally include assurance that review and approval procedures for new systems are set by policy and adhered to Many customers, managers, employees, and suppliers have blamed computers for making errors. In reality, computers make very few mechanical errors. The most likely source of errors in a fully operational computer based system is: input a company's labor distribution report requires extensive corrections each month because of labor hours charged to inactive jobs. What data processing input controls appears to be missing? validity test One of the greatest difficulties in auditing a computerized accounting system is: data can be erased from the computer with no visible evidence How have electronic data interchange systems affected audits? auditors often need to plan ahead to capture information about selected transactions over the EDI Since the computer can do many jobs simultaneously, segregation is not as defined as it is in a manual system. How can a computer system be modified to compensate for the lack of segregation of duties? Strong controls should be built into both the computer software and hardware to limit access and manipulation. One key control in the organization of the information systems department is the: separation of systems development group and the operations group When would an auditor typically not perform additional tests of a computer systems controls? when controls appear to be weak When would auditing around the computer be appropriate? When controls over the computer system are non existent What would not be an appropriate procedure for testing the general control activities of an info system? testing for the serial sequence of source documents If an auditor is using test data in a client's computer system to test the integrity of the systems output, what type of controls is the auditor testing? application controls What is not a function of generalized audit software? to keep an independent log of access to the computer application software Sampling process of obtaining info about an entire population or universe by only examining part of it purpose of sampling to estimate characteristic of group w/o complete examination of all items constituting the group non statistical sampling use of samples are chosen w/o regard for the statistical requirements that govern the sample size and the method of selection, used when statistical will not satisfy major limitation of non statistical sampling provides no mathematical basis for projecting sample results to the entire population statistical sampling a technique or methodology for determining sample size, selecting items to be tested, and of evaluating the results of the test on the basis of mathematical laws of probability advantages of using statistical sampling can evaluate results mathematically and using probabilities, design more efficient samples and avoid overauditing or underauditing, able to demonstrate mathematically that sampling procedures were justifiable areas requiring the auditor to make judgment decisions defining population, characteristics to be tested, and exceptions, appropriate statistical techniques for drawing a random sample, required precision and reliability level precision the allowable margin of sample error, allowance for sampling risk, range set by + or - limits from the sample results within which the true characteristics lie reliability risk of sampling, expresses the proportion of cases in which the actual value will be somewhere within stated precision limits tolerable rate max rate of deviation from prescribed internal control structure that auditor would be willing to accept w/o altering planned assessed level tolerable misstatement when planning a sample for a substantive test, how much monetary misstatement may exist in the account balance without causing financial statements to be misstated interpret sample results requires decisions as to whether the client's figures are to be accepted, rejected, or whether additional sampling is necessary an unbiased sample must be obtained before statistical sampling can be used to evaluate and interpret the results of sample data unrestricted random sampling selection of a sample from a population of items in such a manner that each item in the population has an equal chance of being chosen for examination systemic selection sample items are selected according to some predetermined fixed interval, 1st is selected at random thus establishing the sequential pattern stratified selection population is divided into classes or strata which are more homogeneous than the population as a whole sample plan characteristics used to estimate the frequency or rate of occurrence of an attribute in a pop. concerned with the question of "how many", primarily use to test controls, factors used to determine sample size population size, planned risk of incorrect rejection, estimated variability, planned allowance for sampling risks sample size formula ((pop size * incorrect rejection coefficient * estimated standard deviation)/planned allowance for sampling risk)^2 tolerable deviation rate estimated deviation rate + upper precision discovery sampling a form of attribute sampling designed to locate at least one critical deviation or exception in the population, used when estimate of occurrence rate is near 0% classical variable sampling characteristics used to provide the auditor with an estimate of numerical quantity such as the dollar amount of an account balance or the estimated error amount in an account balance, concerned w/ question of how much, used to perform substantive procedures mean per unit estimation used to estimate the mean audited value of the items in a population by determining the mean audited value of the items in a sample the estimated audit value of the population equals the average audited value of the sample multiplied by the number of items in the population ratio estimation used to estimate the projected amount of error in account balance or the audited value of the account, used when the size of misstatements is nearly proportional to the book values of the items projected misstatement of population ratio estimation formula (sample net misstatement/book value of sample) * population book value audited value of population formula book value of population + or - PM(projected misstatement) (+ if book value is understated, - if BV is overstated) difference estimation used to estimate the average difference between the audited value and the book value of item in a population, most appropriate when the size of misstatement is nearly proportional to the book value of the items projected misstatement of population difference estimation formula (sample net misstatement/sample items) * pop items probability proportional to size sampling characteristics used for performing substantive tests of account balances, each $ is viewed as sample unit, permits auditor to state that the $ amt of error in the acct does not exceed a certain amt, amt of error cannot be more than BV PPS is primarily used to audit for overstatement advantages of PPS generally easier to use than classical variables sampling, size of the sample is not based on the estimated variation of audited amounts, automatically results in a stratified sample If no errors are expected, PPS sampling will usually result in a smaller sample size than classical variable samples dual purpose test test has 2 purposes: to determine the effectiveness of internal control and to determine if material error exists nonsampling risks risks due to factors not relating to sampling, failure to recognize errors in a doc or trans or failure to apply appropriate audit procedures sampling risks risk that sample results may not represent population sample efficiency risk of underreliance on internal control and risk of incorrect rejection of the account or population sample effectiveness risk of overreliance on internal control and the risk of incorrect acceptance of the account or population variable sampling concerned with how much or dollar amounts attribute sampling concerned with how many or tests of controls precision allowance for sampling risk, allowable margin of sampling error confidence or reliability risk of sampling risk of incorrect acceptance sample effectiveness, falsely accept the population which might lead to an incorrect opinion risk of incorrect injection incorrectly reject the population, too much testing sampling risk sample may not be representative of the population nonsampling risk risk not associated with sampling, more about judgement systematic selection population items do not need to be numbered stratification used to control variability, relates materiality to selection process dollar unit sampling used to audit for overstatement, used to project max amt of error in an acct balance difference estimation used when the size of the misstatement is independent of the book value ratio estimation used when size of misstatement is nearly proportional to the book value discovery sampling used to locate one example of a critical deviation What are the 3 major factors that determine the sample size for an attributes sampling plan? the risks of assessing control risk too low,the tolerable deviation rate, the expected population deviation rate What is a dual purpose test? one which tests and internal control procedure and substantiates the dollar amount of an account balance advantages of applying statistical sampling techniques to audit testing designing efficient samples, measuring the sufficiency of the evidence obtained, objectively evaluating sample results Identifying the controls to be tested involves consideration of the types of misstatements that might occur, identifying the controls that should prevent these misstatements, and deciding whether consideration of these controls to reduce the auditors assessment of control risk Defining a deviation all exception included in the definition of deviation must be similar in their potential audit significance determining the max tolerable deviation rate involves judgement because deviations do not necessarily correspond directly with misstatements in the financial statements What is an element of sampling risk? concluding that no material misstatement exists in a materially misstated population based on taking a sample that includes no misstatement In assessing sampling risk, the risk of incorrect rejection and the risk of assessing control risk too high relate to the: efficiency of the audit What statistical sampling technique is least desirable for use by the auditors? block selection The auditor's primary objective in selecting a sample of items from an audit population is to obtain: a representative sample discovery sampling is particularly effective when: the auditors are looking for critical deviations that are not expected to be frequent in number The auditors are using unstratified mean per unit sampling to audit accounts receivable as they did in the prior year. What changes in characteristics would result in a larger samp size than prior year? larger variance in the dollar value of accounts What sampling techniques is generally used for tests of controls? attribute sampling What is accurate regarding tolerable misstatement? tolerable misstatement is directly related to materiality. Circumstance where it is least likely that tests of controls will be performed the expected deviation rate exceeds the tolerable deviation rate An auditor needs to estimate the average highway weight of tractor trailer trucks using a state's highway system. What estimation method is most appropriate? mean per unit mean per unit formula mean audited value * total number of accounts AU 350, Audit Sampling, identifies 2 general approaches to audit sampling. They are: statistical and nonstatistical In a sampling application, the group of items about which the auditor wants to estimate some characteristic is called the: population An advantage of statistical sampling over nonstatisitcal sampling is that statistical sampling helps an auditor to: measure the sufficiency of the evidential matter obtained When planning a sample for a substantive test of details, an auditor should consider tolerable misstatement for the sample. This consideration should: be related to preliminary judgments about materiality levels As lower acceptable levels of both audit risk and materiality are established, the auditor should plan more work on individual accounts to find smaller misstatements The measure of variability of a statistical sample that serves as an estimate of the population variability is the standard deviation While performing a substantive test of details during an audit, the auditor determined that the sample results supported the conclusion that the recorded account balance was materially misstated. It was in fact not. This situation illustrates the risk of: incorrect rejection Sampling method that is used to estimate a numerical measurement of a population such as a dollar value? variables sampling The appropriate sampling plan to use to identify at least one deviation, assuming some number of such deviations exist in a population and then to discontinue sampling when one irregularity is observed is: discovery sampling In performing tests of controls over authorization of cash disbursements what statistical sampling method is most appropriate? attribute Which audit tests will an auditor most likely use attribute sampling? inspecting employee time cards for proper approval by supervisors In evaluating an attribute sample, the estimated range that is expected to contain the population characteristics is the precision Monetary unit sampling is most useful when the auditor has a probability proportional to its monetary value of being selected Show
Which of the following procedures generally would not be performed in a review of a public entity's interim?Which of the following procedures generally would not be performed in a review of a public entity's interim financial statements? Inquire of the client's attorney is generally not required.
Why would a nonpublic company have its statements audited?Nonpublic companies do not usually require an audit unless it is specifically requested by an interested party, such as a lender. Such organizations are often more sophisticated than the average investor, and possess significant knowledge about the audit client from sources other than the financial statements.
Which of the following bodies develops auditing standards that apply to nonpublic companies?The Auditing Standards Board (ASB) governs non-public company audits, while the Public Company Accounting Oversight Board (PCAOB) and the Securities and Exchange Commission (SEC) set guidelines for audits prepared by public companies that trade on the stock market.
Which standards provide guidance for the audits of non issuers?About the AICPA Auditing Standards Board
The ASB is the senior committee of the AICPA designated to issue auditing, attestation, and quality control standards applicable to the performance and issuance of audit and attestation reports for non-issuers.
|
