Documente Academic
Documente Profesional
Documente Cultură
4.1 Risks that could adversely affect companies’ ability to achieve its objectives and execute
strategies are called business risks. Business risks might result from setting
inappropriate objectives and strategies or from changes or complexity in the company's
operations or management. A company's objectives are the overall plans established by
management or the board of directors, and strategies are the approaches by which
management intends to achieve its objectives.
4.2 ERM provides a framework for management to assess the firm’s risk environment, set
objectives, identify risk events, assess risks, determine responses to such risk, establish
control activities to mitigate the risks, establish information and communication regarding
the risks, and to monitor the overall risk management process.
4.3 Audit standards are clear that business risks are usually reflected in the financial
statements. For example the economic environment may affect the valuation of inventory
or the likelihood of collecting receivables. Competition may also affect the market value
of inventory. Risks related to suppliers, customers, and bankers may affect a company’s
likelihood of continuing as a going concern. Each of these examples show that there is a
relationship between clients’ business risks and their financial statements which means
that auditors need to be aware of such risks.
4.4 (a) White collar crimes are frauds perpetrated by people in a non-violent manner and are
typically focused on stealing cash or assets. They are often committed by people who
work in offices and steal items such as inventory, cash or other valuable assets. White
collar crimes are often contrasted with violent street crimes like armed robbery, murder
and kidnapping.
(b) Employee fraud is the use of fraudulent means to take money or other property from
an employer. It consists of three phases: (1) the fraudulent act, (2) the conversion of the
money or property to the fraudster’s use, and (3) the cover-up.
4.5 The following are some other conditions that have provided opportunities for fraud in the
past:
4.6
Audit risk is the probability that an audit team will express an inappropriate opinion when
the financial statements are materially misstated. Audit risk is a combination of the other
risks: Audit risk = Risk of material misstatement x Detection risk. Risk of material
misstatement = Inherent risk x Control risk.
“Audit risk in an overall sense” refers to the audit taken as a whole and the probability
that the auditors will issue an inappropriate opinion on financial statements. Generally,
this is the risk of giving the standard unmodified report when the financial statements
contain material misstatements or the report should be qualified or modified in some
manner.
“Audit risk applied to individual account balances and disclosures” refers to the
probability that a misstatement exists in a particular account balance or disclosure at least
equal to the tolerable misstatement assigned to the audit of that balance remains. This
version of audit risk is applied at the individual account balance level or disclosure and is
used to help plan the procedures to be completed on the audit.
4.7 Risk of material misstatement—the likelihood that material misstatement(s) may have
entered the accounting system and not been detected and corrected by the client’s internal
control. It is the combination of inherent risk and control risk.
Inherent risk is the probability that material errors or frauds have entered the accounting
information system. This risk is expressed without regards to internal controls.
Control risk is the probability that the client’s system of internal control will fail to
prevent or detect material misstatements provided that they enter the accounting
information system in the first place.
Audit Risk is the probability that an audit team will express an inappropriate opinion
when the financial statements are materially misstated. It is the combination of risk of
material misstatement and detection risk.
Detection risk is the probability that the auditor’s own procedures will fail to find material
errors and frauds provided any have entered the system and have not been detected or
corrected by the client’s internal control system.
4.8 The auditor uses the Audit Risk Model to determine the nature, timing, and extent of audit
procedures by evaluating the risk of material misstatement for each relevant assertion
related to each significant account and disclosure. Once the risk of material misstatement
has been assessed, the auditor can determine the resulting required detection risk that can
be accepted, given the assessment of the risk of material misstatement. Stated differently,
the auditor will select the mix of substantive procedures that are needed to “set” detection
risk at a level that is needed given the assessed level of the risk of material misstatement
for each assertion.
4.9 The two categories of substantive procedures are (1) tests of detail of transactions and
balances and (2) substantive analytical procedures, which study plausible relationships
among financial and nonfinancial data. When thinking about the nature, timing and
extent of procedures to be performed, it is helpful to consider these categories of
substantive procedures.
The nature of audit procedures refers to the type of tests that the auditor plans to use to
detect errors and fraud. In general tests of details are more effective than substantive
analytical procedures. However, in general, the substantive analytical procedures are
more efficient than tests of details. Thus, when considering the nature of tests to be
performed, if an auditor wants to set detection risk lower, he/she is likely to complete
more tests of details, relative to analytical procedures.
The timing of audit procedures refers to when they are performed, usually at (1) interim
period or at (2) year-end. However, timing may have other aspects such as surprise
procedures (unannounced to client personnel) or procedures performed after the year-end.
To set detection risk lower, auditors would typically complete more testing at year-end,
as compared to interim.
The extent of the application of procedures usually refers to the sample sizes of data
examined, such as the number of customer accounts receivable to confirm or the number
of inventory types to count. To set detection risk lower, the auditor would typically
increase sample sizes.
4.13 The purpose of obtaining an understanding of the company’s objectives, strategies, and
related business risks is to identify business risks that could reasonably be expected to
result in material misstatement of the financial statements. Of course the best starting
point is with management whose job it is to be knowledgeable about the company’s risks,
possibly by using the ERM model discussed in this chapter. In order to get understanding
of a client’s business and industry, an auditor can consider:
4.14 The purpose of performing preliminary analytical procedures in the audit planning stage
is to direct attention to potential problem areas so the audit work can be planned to
reduce the risk of missing something important. In fact, according to auditing standards,
analytical procedures must be applied in the planning stages of each audit. During this
critical point of the engagement, auditors use analytical procedures to identify potential
problem areas so that subsequent audit work can be designed to reduce the risk of
missing something important. Analytical procedures during planning also provide an
organized approach—a standard starting place—for becoming familiar with the client’s
business. Auditors need to remember that preliminary analytical procedures are based on
unaudited data, so they should consider the effectiveness of controls over their reliability
when deciding how much weight to place on the results.
4.15 The five steps auditors use to apply comparison and ratio analysis to unaudited financial
statements when completing preliminary analytical procedures are to: (1) develop an
expectation, (2) define a significant difference, (3) calculate predictions and compare
them with the recorded amount, (4) investigate significant differences, and (5) document
each of the first four steps.
4.16 There are a number of ratios that can be used in completing preliminary analytical
procedures. Some of the ratios that can be used include current ratio, days’ sales in
receivables, doubtful accounts ratio, days’ sales in inventory, receivables turnover,
inventory turnover, cost of goods sold ratio, return on equity, and Altman’s financial
distress ratios and discriminant score. There are a number of other ratios that can be used
as well. In addition, depending on the industry of the client, there may be key
performance metrics within that industry that might be useful to complete such
procedures.
4.17 Analytical procedures are required (1) at the beginning of an audit—the planning stage
by applying analytical procedures discussed in this chapter and (2) at the end of an audit
when the partners in charge review the overall quality of the work and look for apparent
problems. They are optional as substantive audit procedures since test of details can be
used instead when gathering evidence about each relevant financial statement assertion
about each significant account and disclosure.
4.18 Auditors are required to plan their procedures to detect material misstatements due to
errors, fraud, and noncompliance with laws and regulations having a direct effect on
financial statements. For laws and regulations having an indirect effect on financial
statements, auditors are limited to performing specified audit procedures that may
identify noncompliance with those laws and regulations that may have a material effect
on the financial statements, inquiry of management and those charged with governance,
and inspection of correspondence with relevant licensing or regulatory authorities.
However, if auditors become aware of the possibility of indirect-effect noncompliance,
they are required to follow up to ensure there is no material effect on the financial
statements.
4.19 The audit strategy memorandum is the basis for preparing the detailed audit plans (often
called “audit programs”) for each significant account and disclosure on the audit. The
audit plans list the audit procedures to be performed by auditors to gather sufficient
appropriate evidence on which to base their opinion on the financial statements. The audit
strategy memorandum sets the scope, timing, and direction for auditing each relevant
assertion. If the auditors identified fraud risk or significant risks of noncompliance with
laws and regulations, these areas will be specifically addressed in the strategy, including
the possibility of adding fraud specialists to the team or expanding testing.
SOLUTIONS FOR MULTIPLE-CHOICE QUESTIONS
4.22 a. Incorrect. Auditors are supposed to understand the nature of errors and
frauds.
b. Incorrect. Auditors are supposed to assess the risk of occurrence of errors and
frauds.
c. Incorrect. Auditors are supposed to design audits to provide reasonable
assurance of detecting errors and frauds.
d. Correct. Auditors are not required to report all finding of errors and frauds
to police authorities.
4.26 a. Incorrect. Inherent risk is one component of the risk of material misstatement
(the correct answer).
b. Incorrect. Control risk is one component of the risk of material misstatement
(the correct answer).
c. Incorrect. Detection risk is the likelihood that the auditors will not detect
misstatements that may have entered the accounting system and
not been detected or corrected by the client’s internal controls.
d. Correct. This is the definition of the risk of material misstatement.
4.27 a. Correct. The risk of material misstatement is composed of inherent risk and
control risk.
b. Incorrect The risk of material misstatement is composed of inherent risk and
control risk.
c. Incorrect The risk of material misstatement is composed of inherent risk and
control risk.
d. Incorrect The risk of material misstatement is composed of inherent risk and
control risk.
4.28 a. Incorrect Audit risk also considers the risk of material misstatement as well
as auditors’ procedures.
b. Incorrect Inherent risk exists independently of the audit.
c. Incorrect Control risk exists independently of the audit.
d. Correct This is the definition of detection risk.
4.33 a. Incorrect. Physical production statistics are not a source of information for
“comparison of current account balances with prior periods.”
b. Correct. A client’s budgets and forecasts are sources of information for
“comparison of current account balances with expected balances.”
c. Incorrect. Published industry ratios are not a source of information for
“evaluation of current account balances with relation to predictable
historical patterns.”
d. Incorrect. The company’s own historical financial statements are not a good
source of information for “evaluation of current account balances
in relation to nonfinancial information.”
4.35 a. Incorrect. Weaknesses in the company’s internal control are not a subject for
preliminary analytical procedures because auditors can’t examine
the internal controls at this particular time with these kinds of
analyses.
b. Incorrect. Individual transactions are not used in preliminary analytical
procedures.
c. Incorrect. Management assertions in financial statements are not the direct
object of preliminary attention-directing analytical procedures.
d. Correct. With preliminary analytical procedures, the auditors are looking
for signs of accounts and relationships that may represent specific
potential problems and risks in the financial statements.
4.37 a. Correct. Management is responsible for making the estimates in the first
place, just as management is primarily responsible for all the
financial statement elements.
b. Incorrect. Auditors need to determine the reasonableness of estimates.
c. Incorrect. Auditors need to determine estimates are presented in conformity
with GAAP.
d. Incorrect. Auditors need to determine whether estimates are adequately
disclosed in the financial statements.
4.38 a. Incorrect. An audit strategy does not specify audit standards. The standards
are relevant in all audits.
b. Correct. An audit strategy contains specifications of procedures the auditors
believe appropriate for the financial statements under audit.
c. Incorrect. Documentation of the assertions under audit, the evidence
obtained, and the conclusions reached describe audit
documentation, not audit strategies.
d. Incorrect. Reconciliation is a specific procedure, not a strategy.
4.39 a. Correct. The objective is to perform a quality audit and keep audit risk low.
b. Incorrect. Control risk = 0 is generally not warranted.
c. Incorrect. Inherent risk = 0 is generally not warranted.
d. Incorrect. 40% audit risk is too high.
4.40 a. Incorrect. Reporting clearly inconsequential noncompliance with the Act to
the board of directors is not required.
b. Correct. Once informed, the board of directors has the first responsibility to
report to the SEC. If the board does not report these items to the
SEC, the law then requires the auditors to do so.
c. Incorrect. Auditors are not required to report clearly inconsequential
noncompliance with the Act to the board. (Reporting to
management, however, is appropriate.)
d. Incorrect. Audit firm resignation is not required. However, if the audit firm
withdraws and the board does not report the item to the SEC, the
law requires the auditors to report to the SEC, just as though there
had been no resignation.
4.41 a. Incorrect. The audit team would be concerned if key factors are not
consistent with prior periods.
b. Incorrect. The audit team would be concerned if key assumptions are not
similar to industry guidelines.
c. Incorrect. The audit team would be least concerned about measurements that
are objective and not susceptible to bias.
d. Correct. Evidence of a systematic bias, whether aggressive or conservative,
would be of most concern to the audit team.
4.43 a. Incorrect. While the audit team may recommend remedial actions to the audit
committee, the audit team’s first concern is the effect of the
noncompliance on the financial statements.
b. Correct. The audit team’s first concern is the effect of the noncompliance
on the financial statements.
c. Incorrect. While the audit team may consider whether to contact law
enforcement officials, the audit team’s first concern is the effect of
the noncompliance on the financial statements.
d. Incorrect. While the audit team should determine whether other similar acts
may have occurred, the audit team’s first concern is the effect of
the noncompliance on the financial statements.
4.44 a. Incorrect. The responsibility for detecting direct-effect noncompliance
exactly parallels the responsibility for errors and fraud.
b. Incorrect. The audit team must design their tests to detect all material
noncompliance that directly affect the financial statements.
c. Correct. Auditors must design tests to obtain reasonable assurance that all
noncompliance with direct material financial statement effects is
detected.
d. Incorrect. The audit team must design their tests to detect all material
noncompliance that directly affect the financial statements.
4.45 a. Incorrect. Analytical procedures are performed after the engagement letter is
obtained.
b. Correct. This is the “attention-directing” purpose.
c. Incorrect. Significant assertions are determined by understanding the
company, not by analytical procedures.
d. Incorrect. This answer could be good even though it evokes the control risk
assessment standard, but restriction to inventory makes it a poor
choice.