Professional Documents
Culture Documents
This review does not cover every thing. You need to study your text book, notes,
and other handouts.
You need to know:
1. What auditing is
Auditing
is the accumulation and evaluation of evidence about
information to determine and report on the degree of
correspondence between the information and established
criteria.
Auditing should be done by a competent, independent
person.
2. Reasons for audit planning
10-1
• Inherent risk is a measure of the auditor's assessment
of the likelihood that there are material misstatements in
an account balance before considering the effectiveness
of internal control.
o If, for example, the auditor concludes that there
is a high likelihood of material misstatement in an account
such as accounts receivable, the auditor would conclude
that inherent risk for accounts receivable is high.
10-2
required by SAS 84 (AU 315) to communicate with the
predecessor auditor. The communication may inform
the successor auditor that the client lacks integrity or
that there have been disputes over accounting prin-
ciples, audit procedures, or fees.
6. The purpose of an engagement letter
A clear understanding of the terms of the engagement
should exist between the client and the CPA firm. SAS
108 (AU 310) requires that auditors must document
their understanding with the client in an engagement
letter, including the engagement's objectives, the
responsibilities of the auditor and management, and the
engagement's limitations.
The engagement letter should specify whether the
auditor will perform an audit, a review, or a
compilation, plus any other services such as tax returns
or management consulting.
It should also state any restrictions to be imposed on the
auditor's work, deadlines for completing the audit,
assistance to be provided by the client's personnel in
obtaining records and documents, and schedules to be
prepared for the auditor. It often includes an agreement
on fees. The engagement letter is also a means of
informing the client that the auditor cannot guarantee
that all acts of fraud will be discovered.
The engagement letter does not affect the CPA firm's
responsibility to external users of audited financial
statements, but it can affect legal responsibilities to the
client.
10-3
The engagement letter will also include the agreement
for the audit of the effectiveness of internal control over
financial reporting.
An example of an engagement letter is given in Figure
8-2 (p. 212
7. ?who is responsible for establishing a private company’s internal control
Management has responsibility for establishing and
maintaining the entity's internal controls. Management is
also required by Section 404 to publicly report on the
operating effectiveness of those controls.
In contrast, the auditor's responsibilities include
understanding and testing internal control over financial
reporting. The auditor is also required by Section 404 to
issue an audit report on management's assessment of its
internal controls.
8. what are the key concepts that underlie management’s design and
implementation of internal control
10-4
9. The study and evaluation of internal control of public and private companies are
required by who or what
10-5
U.S. companies is the Committee of Sponsoring
Organizations of the Treadway Commission (COSO)
Internal Control—Integrated Framework, issued in
1992.
• The SEC requires management to include its report on
internal control in its annual Form 10-K report filed
with the SEC.
10-6
• Separation of the Custody of Assets from
Accounting
• Separation of the Authorization of Transactions
from the Custody of Related Assets
• Separation of Operational Responsibility from
Record-Keeping Responsibility
• Separation of IT Duties from User Departments
Naturally, the extent of separation of duties depends
heavily on the size of the organization.
13. under SOX, what are public companies responsibilities in terms of internal
control
10-7
executed at a later date. For example, separation of
duties relies on specific persons performing specific
tasks, and there is typically no documentation of the
separate performance.
4. Reperform client procedures.
16. What are the important documents that are used in the sales cycle
2. Initial audit planning involves four matters. Which of the following is not one of these?
a. Develop an overall audit strategy.
b. Request that bank balances be confirmed.
c. Schedule engagement staff and audit specialists.
d. Identify the client’s reason for the audit.
3. A CPA firm may choose to not continue working with an audit client for which of the
following reasons?
a. Conflicts over past audits.
b. Disagreements regarding the type of opinion to issue.
c. Disagreements regarding audit fees.
d. All of the above.
10-8
b. The predecessor should attempt to respond fully and truthfully to the successor’s
inquiries.
c. The predecessor should communicate with the successor only if the client is
public.
d. There is no requirement that the predecessor and successor communicate.
5. An engagement letter sent to an audit client usually would not include a(n):
a. reference to the auditor’s responsibility for the detection of errors or irregularities.
b. estimation of the time to be spent on the audit work by audit staff and
management.
c. statement that management advisory services would be made available upon
request.
d. reference to management’s responsibility for the financial statements.
6. Discuss the factors an auditor should consider before accepting a company as an audit
client.
Answer:
The auditor should investigate and consider the prospective client’s standing in
the business community, financial stability, management’s integrity, and relations with its
bankers, attorneys, and previous CPA firm. The auditor should also determine whether he
or she possesses the required competence and independence to do the audit.
7. Define the term “related party” and discuss why an auditor should identify the client’s
related parties early in the audit.
Answer:
A related party is an affiliated company, principal owner of the client company, or
any other party with which the client deals where one of the parties can influence the
management or operating policies of the other. Auditors need to be aware of who the
client’s related parties are early in the audit to enable the auditor to identify related-party
transactions, especially those that have not been disclosed.
8. There are three main reasons why an auditor should properly plan audit engagements.
Discuss each of these reasons.
Answer:
Three reasons why an auditor should properly plan audit engagements are:
10-9
• To enable the auditor to obtain sufficient competent evidence for the
circumstances. This is essential for minimizing legal liability and maintaining a good
profession reputation.
• To help keep audit costs reasonable. Given the competitive auditing environment,
keeping costs reasonable helps the firm obtain and retain clients.
• To avoid misunderstandings with the client. This is important for good client
relations.
Answer:
Auditing standards require a successor auditor to communicate with the predecessor
auditor whenever accepting a client that has been previously audited. The purpose of the
communication is to help the successor auditor evaluate whether to accept the
engagement. While the burden of initiating the communication rests on the successor
auditor, the predecessor auditor must respond to the request for information. However,
because of the requirements related to confidentiality, the predecessor must obtain the
former client’s permission prior to providing information to the successor.
10. Discuss the four primary purposes of analytical procedures performed during the
planning phase of an audit.
Answer:
The four primary purposes of preliminary analytical procedures are:
• to help the auditor understand the client’s industry and business,
• to help the auditor assess the going concern assumption,
• to indicate areas of possible misstatements, and
• to reduce the extent of detailed tests.
11. Which of the following is responsible for establishing a private company’s internal
control?
a. Management.
b. Auditors.
c. Management and auditors.
d. Committee of Sponsoring Organizations.
10-10
12. Which of the following parties provides an assessment of the effectiveness of internal
control over financial reporting for public companies?
a. Management.
b. Financial statement auditors.
c. Management and the financial statement auditors.
d. Committee of Sponsoring Organizations.
13. When management is evaluating the design of internal control, management evaluates
whether the control can do all but which of the following?
a. Prevent material misstatements.
b. Detect material misstatements.
c. Correct material misstatements.
d. None of the above is correct.
14.
There are four steps in the auditor’s process of understanding internal control and
assessing control risk for a public company. Step one is obtain and document an
understanding of internal control: design and operation. What are the remaining three
steps?
Answer:
The remaining three steps are:
• Assess control risk.
• Design, perform, and evaluate tests of controls.
• Decide planned detection risk and substantive tests.
15.
During a financial statement audit of a private company, three steps must be completed
by the auditor before concluding that control risk is low. What are these steps?
Answer:
The three steps that must be completed by the auditor before concluding that control risk
is low are:
1. obtaining an understanding of the control environment, risk assessment
procedures, accounting information and communication system, and monitoring
methods at a fairly detailed level;
2. identify specific controls that will reduce control risk and make an assessment of
control risk; and
3. test the effectiveness of controls.
16.
10-11
The internal control framework developed by COSO includes five so-called
“components” of internal control. Discuss each of these five components.
Answer:
Five components of internal control are:
• The control environment. The control environment consists of the actions,
policies, and procedures that reflect the overall attitudes of top management about
control and its importance to the company.
• Risk assessment. This is management’s identification and analysis of risks
relevant to the preparation of financial statements in accordance with GAAP.
• Information and communication. This is the set of manual and/or computerized
procedures that identifies, assembles, classifies, analyzes, records, and reports a
company’s transactions and maintains accountability for the related assets.
• Control activities. These are the policies and procedures that help ensure
necessary actions are taken to address risks in the achievement of the company’s
objectives.
• Monitoring. This is management’s ongoing and periodic assessment of the quality
of internal control performance to determine that controls are operating as
intended and modified when needed.
17. Which of the following is not one of the five classes of transactions included in the
sales and collection cycle?
a. Sales returns and allowances
b. Charge-off of uncollectible accounts
c. Bad debt expense
d. Depreciation expense
10-12
d
18. Most companies recognize sales revenue when:
a. sales are invoiced.
b. customer orders are received.
c. goods are shipped.
d. customer orders are approved.
19. The credit-granting function should be separated from which of the following?
a. Purchasing function
b. Manufacturing function
c. Sales function
d. None of the above
20. Explain each of the following types of documents and indicate the class of
transactions in which they are commonly used.
1. Customer order
2. Shipping document
3. Remittance advice
4. Sales returns and allowance journal
5. Uncollectible account authorization form
Answer:
1. Customer order – request for merchandise by a customer. Appears in the Sales
class of transactions.
2. Shipping document – document prepared to initiate shipment of goods, indicating
the description of the merchandise, the quantity shipped, and other relevant data.
Appears in the Sales class of transactions.
3. Remittance advice – document that accompanies the sales invoice mailed to the
customer and can be returned to the seller with payment. Appears in the Cash
receipts class of transactions.
4. Sales returns and allowance journal – journal used to record all sales returns and
allowances, analogous to the sales journal. Appears in the Sales returns and
allowance class of transactions.
5. Uncollectible account authorization form – document used internally to indicate
authority to write off an account receivable. Appears in the charge off of
Uncollectible accounts class of transactions.
21. When testing the occurrence objective for sales, the auditor is concerned with the
possibility of three types of misstatements. One type is sales being included in the journal
for which no shipment was made. Discuss the other two types of misstatements.
Answer:
10-13
The auditor is also concerned with the possibility of (1) shipments being made to
nonexistent customers and recorded as sales, and (2) sales being recorded more
than once.
22. Describe the three basic steps an auditor should follow when designing tests of
controls and substantive tests of transactions.
Answer:
The three basic steps in designing tests of controls and substantive tests of
transactions are:
• Determine key internal controls for each audit objective.
• Design tests of controls for each control used to support a reduced control risk.
• Design substantive tests of transactions to test for monetary misstatements for
each objective.
10-14