Chapter 4

SOLUTIONS FOR REVIEW CHECKPOINTS

4.1 Risks that could adversely affect companies’ ability to achieve its objectives and execute
strategies are called business risks. Business risks might result from setting
inappropriate objectives and strategies or from changes or complexity in the company's
operations or management. A company's objectives are the overall plans established by
management or the board of directors, and strategies are the approaches by which
management intends to achieve its objectives.

4.2 ERM provides a framework for management to assess the firm’s risk environment, set
objectives, identify risk events, assess risks, determine responses to such risk, establish
control activities to mitigate the risks, establish information and communication regarding
the risks, and to monitor the overall risk management process.

4.3 Audit standards are clear that business risks are usually reflected in the financial
statements. For example the economic environment may affect the valuation of inventory
or the likelihood of collecting receivables. Competition may also affect the market value
of inventory. Risks related to suppliers, customers, and bankers may affect a company’s
likelihood of continuing as a going concern. Each of these examples show that there is a
relationship between clients’ business risks and their financial statements which means
that auditors need to be aware of such risks.

4.4 (a) White collar crimes are frauds perpetrated by people in a non-violent manner and are
typically focused on stealing cash or assets. They are often committed by people who
work in offices and steal items such as inventory, cash or other valuable assets. White
collar crimes are often contrasted with violent street crimes like armed robbery, murder
and kidnapping.

(b) Employee fraud is the use of fraudulent means to take money or other property from
an employer. It consists of three phases: (1) the fraudulent act, (2) the conversion of the
money or property to the fraudster’s use, and (3) the cover-up.

(c) Embezzlement is a type of fraud involving employees or nonemployees wrongfully

taking funds or property entrusted to their care, custody, and control, often accompanied
by false accounting entries and other forms of lying and cover-up.

(d) Larceny is simple theft of an employer’s property that is not entrusted to an

employee’s care, custody or control.

(e) Defalcation is another name for employee fraud and embezzlement.

(f) Management fraud is deliberate fraud committed by management that injures

investors and creditors through materially misstated information. Because management
fraud usually takes the form of deceptive financial statements, management fraud is
 sometimes referred to as fraudulent financial reporting. AU 240 defines fraudulent
financial reporting as “intentional misstatements, including omissions of amounts or
disclosures in financial statements to deceive financial statement users. It can be caused
by the efforts of management to manage earnings in order to deceive financial statement
users

(g) Errors are unintentional misstatements or omissions of amounts or disclosures in

financial statements.

4.5 The following are some other conditions that have provided opportunities for fraud in the
past:

Fraud Risk Factors - Management’s Characteristics and Influence

 Management has a motivation (bonus compensation, stock options, etc.) to engage in

fraudulent reporting.
 Management decisions are dominated by an individual or a small group.
 Management fails to display an appropriate attitude about internal control and
financial reporting.
 Managers’ attitudes are very aggressive toward financial reporting.
 Managers place too much emphasis on earnings projections.
 Nonfinancial management participates excessively in the selection of accounting
principles or determination of estimates.
 The company has a high turnover of senior management.
 The company has a known history of violations.
 Managers and employees tend to be evasive when responding to auditors’ inquiries.
 Managers engage in frequent disputes with auditors.

Fraud Risk Factors – Industry Conditions

 Company profits lag those of the industry.

 New requirements are passed that could impair stability or profitability.
 The company’s market is saturated due to fierce competition.
 The company’s industry is declining.
 The company’s industry is changing rapidly.

Fraud Risk Factors –Operating Characteristics and Financial Stability

 A weak internal control environment prevails.

 The company is not able to generate sufficient cash flows to ensure that it is a going
concern.
 There is pressure to obtain capital.
 The company operates in a tax haven jurisdiction.
 The company has many difficult accounting measurement and presentation issues.
 The company has significant transactions or balances that are difficult to audit.
  The company has significant and unusual related-party transactions.
 Company accounting personnel are lax or are not experienced in performing their
duties.

4.6
Audit risk is the probability that an audit team will express an inappropriate opinion when
the financial statements are materially misstated. Audit risk is a combination of the other
risks: Audit risk = Risk of material misstatement x Detection risk. Risk of material
misstatement = Inherent risk x Control risk.

“Audit risk in an overall sense” refers to the audit taken as a whole and the probability
that the auditors will issue an inappropriate opinion on financial statements. Generally,
this is the risk of giving the standard unmodified report when the financial statements
contain material misstatements or the report should be qualified or modified in some
manner.

“Audit risk applied to individual account balances and disclosures” refers to the
probability that a misstatement exists in a particular account balance or disclosure at least
equal to the tolerable misstatement assigned to the audit of that balance remains. This
version of audit risk is applied at the individual account balance level or disclosure and is
used to help plan the procedures to be completed on the audit.

4.7 Risk of material misstatement—the likelihood that material misstatement(s) may have
entered the accounting system and not been detected and corrected by the client’s internal
control. It is the combination of inherent risk and control risk.

Inherent risk is the probability that material errors or frauds have entered the accounting
information system. This risk is expressed without regards to internal controls.

Control risk is the probability that the client’s system of internal control will fail to
prevent or detect material misstatements provided that they enter the accounting
information system in the first place.

Audit Risk is the probability that an audit team will express an inappropriate opinion
when the financial statements are materially misstated. It is the combination of risk of
material misstatement and detection risk.

Detection risk is the probability that the auditor’s own procedures will fail to find material
errors and frauds provided any have entered the system and have not been detected or
corrected by the client’s internal control system.

4.8 The auditor uses the Audit Risk Model to determine the nature, timing, and extent of audit
procedures by evaluating the risk of material misstatement for each relevant assertion
related to each significant account and disclosure. Once the risk of material misstatement
has been assessed, the auditor can determine the resulting required detection risk that can
be accepted, given the assessment of the risk of material misstatement. Stated differently,
 the auditor will select the mix of substantive procedures that are needed to “set” detection
risk at a level that is needed given the assessed level of the risk of material misstatement
for each assertion.

4.9 The two categories of substantive procedures are (1) tests of detail of transactions and
balances and (2) substantive analytical procedures, which study plausible relationships
among financial and nonfinancial data. When thinking about the nature, timing and
extent of procedures to be performed, it is helpful to consider these categories of
substantive procedures.

The nature of audit procedures refers to the type of tests that the auditor plans to use to
detect errors and fraud. In general tests of details are more effective than substantive
analytical procedures. However, in general, the substantive analytical procedures are
more efficient than tests of details. Thus, when considering the nature of tests to be
performed, if an auditor wants to set detection risk lower, he/she is likely to complete
more tests of details, relative to analytical procedures.

The timing of audit procedures refers to when they are performed, usually at (1) interim
period or at (2) year-end. However, timing may have other aspects such as surprise
procedures (unannounced to client personnel) or procedures performed after the year-end.
To set detection risk lower, auditors would typically complete more testing at year-end,
as compared to interim.

The extent of the application of procedures usually refers to the sample sizes of data
examined, such as the number of customer accounts receivable to confirm or the number
of inventory types to count. To set detection risk lower, the auditor would typically
increase sample sizes.

4.10 The nature of the company includes:

 The company's organizational structure and management personnel.

 The sources of funding of the company's operations and investment activities
 The company's significant investments.
 The company's operating characteristics, including its size and complexity.
 The sources of the company's earnings, including the relative profitability of key products
and services as well as key supplier and customer relationships.

4.11 The purpose of obtaining an understanding of the company's performance measures is to

be able to determine what information management and others deem to be key indicators
of company performance. It also reveals items to which management might be sensitive.
For example, measures used to determine management compensation or analysts’ ratings
might place pressure on management to manipulate results. Also, auditors might gain a
better understanding of their clients by reviewing measures that management uses to
monitor operations, such as budget variances or trend analysis. Finally, those measures
might be indicators of qualitative materiality factors.
4.12 Related parties include those individuals or organizations that can influence or be
influenced by decisions of the company, possibly through family ties or investment
relationships. Because one of the basic assumptions of historical cost accounting is that
transactions are valued at prices agreed on by two independent parties, valuation of
related-party transactions is particularly troublesome. Auditors also should question the
persuasiveness of the evidence obtained from related parties because the source of the
evidence may be biased. Finally, related party transactions have been used by companies
to perpetrate fraudulent transactions. Thus, auditors need to consider such transactions as
higher risk of fraud.

4.13 The purpose of obtaining an understanding of the company’s objectives, strategies, and
related business risks is to identify business risks that could reasonably be expected to
result in material misstatement of the financial statements. Of course the best starting
point is with management whose job it is to be knowledgeable about the company’s risks,
possibly by using the ERM model discussed in this chapter. In order to get understanding
of a client’s business and industry, an auditor can consider:

 Studying numerous sources such as AICPA industry accounting and auditing

guides, specialized trade magazines and journals, registration statements and 10-K
reports filed with the SEC, general business magazines and newspapers
(Bloomberg Businessweek, Forbes, Fortune, Harvard Business Review, Barron’s,
and The Wall street Journal).

 Using inquiry of client personnel, including review of prior-year audit

documentation (personnel who worked on the audit in prior years are available to
convey their understanding of the business), inquiry, and interviews with the
company’s management, directors, and audit committee.

 Using information from client acceptance and retention evaluation, audit

planning, past audits, and other engagements.

 Considering the results of the audit team discussions (brainstorming), this

involves sharing information among members of the engagement team.

4.14 The purpose of performing preliminary analytical procedures in the audit planning stage
is to direct attention to potential problem areas so the audit work can be planned to
reduce the risk of missing something important. In fact, according to auditing standards,
analytical procedures must be applied in the planning stages of each audit. During this
critical point of the engagement, auditors use analytical procedures to identify potential
problem areas so that subsequent audit work can be designed to reduce the risk of
missing something important. Analytical procedures during planning also provide an
organized approach—a standard starting place—for becoming familiar with the client’s
business. Auditors need to remember that preliminary analytical procedures are based on
unaudited data, so they should consider the effectiveness of controls over their reliability
when deciding how much weight to place on the results.
4.15 The five steps auditors use to apply comparison and ratio analysis to unaudited financial
statements when completing preliminary analytical procedures are to: (1) develop an
expectation, (2) define a significant difference, (3) calculate predictions and compare
them with the recorded amount, (4) investigate significant differences, and (5) document
each of the first four steps.

4.16 There are a number of ratios that can be used in completing preliminary analytical
procedures. Some of the ratios that can be used include current ratio, days’ sales in
receivables, doubtful accounts ratio, days’ sales in inventory, receivables turnover,
inventory turnover, cost of goods sold ratio, return on equity, and Altman’s financial
distress ratios and discriminant score. There are a number of other ratios that can be used
as well. In addition, depending on the industry of the client, there may be key
performance metrics within that industry that might be useful to complete such
procedures.

4.17 Analytical procedures are required (1) at the beginning of an audit—the planning stage
by applying analytical procedures discussed in this chapter and (2) at the end of an audit
when the partners in charge review the overall quality of the work and look for apparent
problems. They are optional as substantive audit procedures since test of details can be
used instead when gathering evidence about each relevant financial statement assertion
about each significant account and disclosure.

4.18 Auditors are required to plan their procedures to detect material misstatements due to
errors, fraud, and noncompliance with laws and regulations having a direct effect on
financial statements. For laws and regulations having an indirect effect on financial
statements, auditors are limited to performing specified audit procedures that may
identify noncompliance with those laws and regulations that may have a material effect
on the financial statements, inquiry of management and those charged with governance,
and inspection of correspondence with relevant licensing or regulatory authorities.
However, if auditors become aware of the possibility of indirect-effect noncompliance,
they are required to follow up to ensure there is no material effect on the financial
statements.

4.19 The audit strategy memorandum is the basis for preparing the detailed audit plans (often
called “audit programs”) for each significant account and disclosure on the audit. The
audit plans list the audit procedures to be performed by auditors to gather sufficient
appropriate evidence on which to base their opinion on the financial statements. The audit
strategy memorandum sets the scope, timing, and direction for auditing each relevant
assertion. If the auditors identified fraud risk or significant risks of noncompliance with
laws and regulations, these areas will be specifically addressed in the strategy, including
the possibility of adding fraud specialists to the team or expanding testing.
SOLUTIONS FOR MULTIPLE-CHOICE QUESTIONS

4.20 a. Correct ERM is the responsibility of company management.

b. Incorrect Auditors are responsible for limiting audit risk.
c. Incorrect Insurance providers only limit selected risks determined by
management.
d. Incorrect Only a. is correct.

4.21 a. Incorrect Information risk is the risk of issuing misleading or inaccurate

financial statements.
b. Incorrect Audit risk is the risk of an incorrect audit opinion being issued.
c. Correct This is the definition of business risk.
d. Incorrect Inherent risk is the risk of a material misstatement before
considering controls.

4.22 a. Incorrect. Auditors are supposed to understand the nature of errors and
frauds.
b. Incorrect. Auditors are supposed to assess the risk of occurrence of errors and
frauds.
c. Incorrect. Auditors are supposed to design audits to provide reasonable
assurance of detecting errors and frauds.
d. Correct. Auditors are not required to report all finding of errors and frauds
to police authorities.

4.23 a. Incorrect. In credit sales and debit receivables, not inventory.

b. Incorrect. In credit sales and debit receivables, not cost of goods sold.
c. Incorrect. In credit sales and debit receivables, not bad debt expense.
d. Correct. In (fictitious) credit sales and (fictitious) receivables.

4.24 a. Incorrect. Falsification of documents is characteristic, but management fraud

does not involve stealing funds from an employer.
b. Correct. Management fraud is victimization of investors through the use of
materially misleading financial statements.
c. Incorrect. Management fraud principally involves misleading financial
statements that might or might not involve illegal acts committed
by management to evade laws and regulations.
d. Incorrect. Conversion of stolen inventory to cash deposited in a falsified bank
account describes an employee fraud.
4.25 a. Incorrect. Extended procedures would be used if supporting documents are
not produced when requested.
b. Correct. If the client made several large adjustments at year-end (a red
flag), extended procedures would be considered necessary to
ensure that fraud was not taking place.
c. Incorrect. Unless the previous CFO left the company under suspicious
circumstances, extended procedures would probably not be
considered necessary.
d. Incorrect. Due to the immateriality of petty cash funds, the audit team would
probably not use extended procedures under these circumstances.

4.26 a. Incorrect. Inherent risk is one component of the risk of material misstatement
(the correct answer).
b. Incorrect. Control risk is one component of the risk of material misstatement
(the correct answer).
c. Incorrect. Detection risk is the likelihood that the auditors will not detect
misstatements that may have entered the accounting system and
not been detected or corrected by the client’s internal controls.
d. Correct. This is the definition of the risk of material misstatement.

4.27 a. Correct. The risk of material misstatement is composed of inherent risk and
control risk.
b. Incorrect The risk of material misstatement is composed of inherent risk and
control risk.
c. Incorrect The risk of material misstatement is composed of inherent risk and
control risk.
d. Incorrect The risk of material misstatement is composed of inherent risk and
control risk.

4.28 a. Incorrect Audit risk also considers the risk of material misstatement as well
as auditors’ procedures.
b. Incorrect Inherent risk exists independently of the audit.
c. Incorrect Control risk exists independently of the audit.
d. Correct This is the definition of detection risk.

4.29 a. Incorrect DR = AR/ (IR x CR) = 0.05/0.50 = 0.10.

b. Correct. DR = AR/ (IR x CR) = 0.05/0.50 = 0.10.
c. Incorrect DR = AR/ (IR x CR) = 0.05/0.50 = 0.10.
d. Incorrect DR = AR/ (IR x CR) = 0.05/0.50 = 0.10.
4.30 a. Incorrect While solving for DR works mathematically, you will find that IR
(not given in the problem) has to be more than 100%; therefore,
the solution is not possible. (Very tricky!)
b. Incorrect If control risk rises, detection risk should decrease.
c. Correct This solution is both mathematically and practically correct.
d. Incorrect If control risk rises, detection risk should decrease.

4.31 a. Incorrect. This is a type of “overall response,” not a “specific procedural

response.”
b. Incorrect. Auditors ought to direct specific procedures toward the area where
the suspicion lies.
c. Correct. This is a specific procedural response mentioned in audit
standards.
d. Incorrect. This is an overall response, not a “specific procedural response.”

4.32 a. Incorrect. Confirmation is not an analytical procedure.

b. Incorrect. Physical observation is not an analytical procedure.
c. Correct. Analytical procedures incorporate information from a variety of
sources.
d. Incorrect. Examination of documents is not an analytical procedure.

4.33 a. Incorrect. Physical production statistics are not a source of information for
“comparison of current account balances with prior periods.”
b. Correct. A client’s budgets and forecasts are sources of information for
“comparison of current account balances with expected balances.”
c. Incorrect. Published industry ratios are not a source of information for
“evaluation of current account balances with relation to predictable
historical patterns.”
d. Incorrect. The company’s own historical financial statements are not a good
source of information for “evaluation of current account balances
in relation to nonfinancial information.”

4.34 a. Incorrect. Analytical procedures can be used as a method of overall review at

the end of an audit. In fact, this is required by professional
standards.
b. Incorrect. Analytical procedures can be used when directing the attention of
auditors to certain accounts and disclosures when planning the
audit. In fact, this is required by professional standards.
c. Incorrect. Analytical procedures can be used when performing substantive
procedures during an audit. The other choice is tests of details. It
is entirely up to the auditor which tests are used based on the facts,
circumstances, and risk of the assertion and the account or
disclosure.
d. Correct. The answer is all of the above. Analytical procedures can be used
when planning the audit, when performing substantive procedures
 during an audit, and as a method of overall review at the end of an
audit.

4.35 a. Incorrect. Weaknesses in the company’s internal control are not a subject for
preliminary analytical procedures because auditors can’t examine
the internal controls at this particular time with these kinds of
analyses.
b. Incorrect. Individual transactions are not used in preliminary analytical
procedures.
c. Incorrect. Management assertions in financial statements are not the direct
object of preliminary attention-directing analytical procedures.
d. Correct. With preliminary analytical procedures, the auditors are looking
for signs of accounts and relationships that may represent specific
potential problems and risks in the financial statements.

4.36 a. Incorrect. The ratio of cost/sales does not increase.

b. Correct. The numerator (cost of goods sold) increases relatively less than
the denominator (sales) increases.
c. Incorrect. The ratio of cost/sales does not remain unchanged.
d. Incorrect See answer b.

4.37 a. Correct. Management is responsible for making the estimates in the first
place, just as management is primarily responsible for all the
financial statement elements.
b. Incorrect. Auditors need to determine the reasonableness of estimates.
c. Incorrect. Auditors need to determine estimates are presented in conformity
with GAAP.
d. Incorrect. Auditors need to determine whether estimates are adequately
disclosed in the financial statements.

4.38 a. Incorrect. An audit strategy does not specify audit standards. The standards
are relevant in all audits.
b. Correct. An audit strategy contains specifications of procedures the auditors
believe appropriate for the financial statements under audit.
c. Incorrect. Documentation of the assertions under audit, the evidence
obtained, and the conclusions reached describe audit
documentation, not audit strategies.
d. Incorrect. Reconciliation is a specific procedure, not a strategy.

4.39 a. Correct. The objective is to perform a quality audit and keep audit risk low.
b. Incorrect. Control risk = 0 is generally not warranted.
c. Incorrect. Inherent risk = 0 is generally not warranted.
d. Incorrect. 40% audit risk is too high.
4.40 a. Incorrect. Reporting clearly inconsequential noncompliance with the Act to
the board of directors is not required.
b. Correct. Once informed, the board of directors has the first responsibility to
report to the SEC. If the board does not report these items to the
SEC, the law then requires the auditors to do so.
c. Incorrect. Auditors are not required to report clearly inconsequential
noncompliance with the Act to the board. (Reporting to
management, however, is appropriate.)
d. Incorrect. Audit firm resignation is not required. However, if the audit firm
withdraws and the board does not report the item to the SEC, the
law requires the auditors to report to the SEC, just as though there
had been no resignation.

4.41 a. Incorrect. The audit team would be concerned if key factors are not
consistent with prior periods.
b. Incorrect. The audit team would be concerned if key assumptions are not
similar to industry guidelines.
c. Incorrect. The audit team would be least concerned about measurements that
are objective and not susceptible to bias.
d. Correct. Evidence of a systematic bias, whether aggressive or conservative,
would be of most concern to the audit team.

4.42 a. Incorrect An audit committee is composed of members of a company’s

board of directors who are not involved in the day-to-day
operations of the company.
b. Incorrect An audit committee is composed of members of a company’s
board of directors who are not involved in the day-to-day
operations of the company.
c. Correct. An audit committee is composed of members of a company’s
board of directors who are not involved in the day-to-day
operations of the company.
d. Incorrect An audit committee is composed of members of a company’s
board of directors who are not involved in the day-to-day
operations of the company.

4.43 a. Incorrect. While the audit team may recommend remedial actions to the audit
committee, the audit team’s first concern is the effect of the
noncompliance on the financial statements.
b. Correct. The audit team’s first concern is the effect of the noncompliance
on the financial statements.
c. Incorrect. While the audit team may consider whether to contact law
enforcement officials, the audit team’s first concern is the effect of
the noncompliance on the financial statements.
d. Incorrect. While the audit team should determine whether other similar acts
may have occurred, the audit team’s first concern is the effect of
the noncompliance on the financial statements.
4.44 a. Incorrect. The responsibility for detecting direct-effect noncompliance
exactly parallels the responsibility for errors and fraud.
b. Incorrect. The audit team must design their tests to detect all material
noncompliance that directly affect the financial statements.
c. Correct. Auditors must design tests to obtain reasonable assurance that all
noncompliance with direct material financial statement effects is
detected.
d. Incorrect. The audit team must design their tests to detect all material
noncompliance that directly affect the financial statements.

4.45 a. Incorrect. Analytical procedures are performed after the engagement letter is
obtained.
b. Correct. This is the “attention-directing” purpose.
c. Incorrect. Significant assertions are determined by understanding the
company, not by analytical procedures.
d. Incorrect. This answer could be good even though it evokes the control risk
assessment standard, but restriction to inventory makes it a poor
choice.

4.46 a. Incorrect. This is an objective of a preliminary analytical review.

b. Incorrect. This is an objective for tests of details.
c. Incorrect. This is an objective for fraud procedures that are targeted to
mitigate the risk of fraud in the financial statements.
d. Correct. This is the correct answer. At the final review stage, analytical
review procedures are designed to provide an overall test of
reasonableness about the financial statements being reviewed, in
light of all available evidence.

4.47 a. Correct. This is the correct answer. An error in recording amortization of

the excess of the investor’s cost over the investment’s underlying
book value could have been the cause of a lower than expected
return on an equity method investment.
b. Incorrect. This is not the correct answer. A reduction in cash dividends made
by the investee could not have been the cause of a lower than
expected return on an equity method investment.
c. Incorrect. This is not the correct answer. An error in recording the unrealized
gain from an increase in fair value of available-for-sale
investments could not have been the cause of a lower than
expected return on an equity method investment.
d. Incorrect. This is not the correct answer. A significant fluctuation in the
price of an investee’s stock price would not have been the cause of
a lower than expected return on an equity method investment.
4.48 a. Incorrect.
The performance of substantive audit testing, whether substantive analytical auto
procedures or tests of details, would not increase or decrease inherent risk.
 b. Incorrect. The performance of substantive audit testing, whether substantive
analytical procedures or tests of details, would not increase or
decrease control risk.
c. Correct. The decision to perform substantive analytical procedures (as
compared to a test of details) at interim (as compared to the
balance sheet date) would increase detection risk.
d. Incorrect. Sampling is typically not performed when completing substantive
analytical procedures. Thus, there would be no impact on
sampling risk.
4.49 a. Incorrect. The fiscal year end date is not likely to have an impact on the
auditor’s inherent risk assessment.
b. Correct. By their very nature, derivative transactions are designed to be
used as hedges for exposure on existing contracts are quite
complex. The accounting rules that provide the basis for GAAP in
this area are also complex. As a result of this complexity, the
inherent risk of material misstatement is higher.
c. Incorrect. The generation of financial statements at an outside service center
may be a concern to the auditor. However, it is primarily a factor
that would relate to the auditor’s control risk assessment.
d. Incorrect. The observation that the entity’s financial data is only available in
computer-readable form is likely to be a concern for the auditor.
However, it is primarily a factor that would relate to the auditor’s
control risk assessment.
4.50 a. Incorrect. The fraud brainstorming session is primarily focused on fraud risk
assessment, which is the potential for material misstatement due to
fraud in the financial statements. While information may come to
light during the session that relates to audit risk assessment and/or
materiality determination, it is not the primary objective of the
session, according to professional standards (i.e., SAS No. 99).
b. Incorrect. The fraud brainstorming session is primarily focused on fraud risk
assessment, which is the potential for material misstatement due to
fraud in the financial statements. While information may come to
light during the session that relates to the application of analytical
procedures on the revenue account, it is not the primary objective
of the session, according to professional standards (i.e., SAS No.
99).
c. Correct. The fraud brainstorming session is primarily focused on fraud risk
assessment, which is the potential for material misstatement due to
fraud in the financial statements. This is the primary objective of
the session, according to professional standards (i.e., SAS No. 99).
d. Incorrect. The fraud brainstorming session is primarily focused on fraud risk
assessment, which is the potential for material misstatement due to
fraud in the financial statements. While information may come to
light during the session that relates to the audit plan, this is not the
primary objective of the session, according to professional
standards (i.e., SAS No. 99).