Review Questions Solutions
Chapter 6, Audit Planning and Risk Assessment
Page 235
A1 What is the purpose of evidence collected during an ICFR audit?
To support the audit’s opinion on ICFR as of year end, and decision on expected control risk for purposes of the financial statement audit.
A2 When does the collection of information that is used for the planning process begin? When does it end?
Begins: During the client acceptance and continuance process.
Ends: At the completion of the audit when the auditor has obtained the assurance required to express the opinions on the integrated audit.
A3 What are some reasons why the original strategy and plan for an integrated audit may need to be modified?
The audit strategy and plan may need to be modified if the audit gets new information, for example, information suggesting that: the risks are greater than the auditor thought when the original plan was put together, or an area of the company’s activities is larger or more complex than originally believed.
A4 What is involved in developing the audit strategy?
Deciding on the scope of the engagement (the work that has to be performed for the auditor to be able to issue the reports or other products contracted for in the engagement letter), timing of the work, and initial estimates of the risk areas and materiality levels for the engagement.
A5 Why does the audit firm have to plan the audit resources needed for an audit engagement?
To identify and plan for the specific auditor skill levels and hours, and the specific people needed on the engagement to complete the work.
A6 What is an audit plan?
The specific steps to be performed and what is to be accomplished by the audit team.
A7 What is accomplished by risk assessment during planning?
Identifying the important areas of the client’s operations and financial statements, along with determining what may go wrong in those areas. This enables the auditor to determine what needs to be accomplished during the audit.
Page 239
B1 How are auditors able to begin planning an audit engagement for a first-year audit when they have not yet spent any significant time working on the client?
The auditors planning the engagement know the general framework of what has to be done on any audit, and an auditor experienced in the client’s industry understands the activities and risks of business in the industry. Consequently, they also understand the material financial statement accounts and important ICFR areas. Further, the auditor has actually gained quite a bit of client-specific information during the client acceptance and engagement letter processes. The audit team uses this knowledge base as a starting place for planning, with an understanding and expectation that revisions will be needed as the audit progresses.
B2 What services that the auditor performs for an audit client may assist in scoping the audit engagement?
Reviews of quarterly financial statements
B3 How does the client’s industry, its basis of reporting, and regulatory reports required affect scoping the engagement?
The characteristics affect the knowledge the auditor needs to have and the work that has to be done. For example: US GAAP or IFRS? Currencies? State or local government reporting according to GASB? Federal government reporting standards? Regulator requirements? Statutory audit requirements?
B4 How is the audit plan affected if the entity has a parent or subsidiary, or other entities that are related parties?
The engagement will be affected by the audit work performed and reports provided by other auditors of the related entities. If a company has multiple location, the auditor must determine how much work should be done related to the different locations. The scoping decisions on multiple locations are affected not only by the materiality each location contributes to the financial statements, but also by the activities and controls at each location and whether ICFR testing must be carried out at the locations. Sometimes other auditors are hired to perform work at distant locations and this affects the scope of the primary auditor’s work because of a need to plan, supervise and review the other auditor’s work.
B5 How can planning for the audit be affected by the work of the client’s internal auditors? By whether the company outsources any of its processes?
The auditor can consider the internal auditor’s work in deciding on the nature, timing and extent of audit evidence needed. If certain criteria are met, the internal auditor can actually perform audit steps for the external auditor. When a process, for example, payroll, is outsourced, the auditor has to determine whether the outsourced service is important enough to be material to the audit client’s ICFR. If it is material, the auditor has to determine how much audit work has to be performed to obtain assurance that the service provider’s ICFR is effective and its outputs can be relied upon. The user company’s auditor may be able to rely on a report provided by an auditor of the service provider. Alternatively, the user company’s auditor may have to perform various audit steps related to the service provider.
B6 What is important about analytical procedures and audit planning?
Analytical procedures must be used in the planning process. Analytical procedures are useful in providing information such as how material an account is to others, and whether importance or volume related to an account or process has changed over time.
B7 Does the work performed in audit planning change in the subsequent years of auditing the same client?
In subsequent year audits, the auditor knows more about the client’s business, organization, personnel, accounting systems, etc., than in the first year, and updating the information requires less audit effort than learning it all during the first year of the engagement. Although controls that are material have to be tested in the ICFR audit each year, audit information obtained through prior year audits may permit the auditor to alter the nature, timing and extent of the tests performed and in that way impacts the scope of the engagement.
B8 What are some events that must be considered when planning the audit from a timing perspective?
Dates for auditor communications with management, the Audit Committee and the Board of Directors; shareholder meetings
SEC deadlines for filing quarterly and annual financial reports
If the company has business units or related-party entities for which other auditors perform audit work, expectations of reporting by those other auditors must be considered in the time plan.
Deadlines for reporting requirements, if any, beyond those of the SEC, such as of other regulators.
Page 242
C1 What user characteristics do the auditing standards assume users have when judging what is material to a company’s financial statements?
1. Having an appropriate knowledge of business and economic activities and accounting and a willingness to study the information in the financial statements with an appropriate diligence.
2. Understanding that financial statements are prepared and audited to levels of materiality.
3. Recognizing the uncertainties inherent in the measurement of amounts based on the use of estimates, judgment, and the consideration of future events.
4. Making appropriate economic decisions on the basis of information in the financial statements.
C2 What are the risk assessment and planning steps that take the auditor from considering materiality at the financial statement level to designing the audit procedure to testing the operating effectiveness of an internal control?
1. Determine what is material at the financial statement level.
2. Identify various accounts and disclosures that are material to the financial statements along with the management assertions that are relevant for the material accounts and disclosures.
3. Determine what the risks are in the business that might cause material misstatements in the financial statements related to the assertions.
4. Identify controls that address the risks.
5. Structure the audit plan to test the design and functioning of the controls that address the risks of material misstatements.
C3 What are the risk assessment and planning steps that take the auditor from considering materiality at the financial statement level to designing the substantive audit procedure intended to identify any material misstatements in the financial statements and disclosures?
1. Determine what is material at the financial statement level.
2. Identify various accounts and disclosures that are material to the financial statements along with the management assertions that are relevant for the material accounts and disclosures.
3. Evaluate what would be a material misstatement for an account or disclosure assertion.
4. Design audit procedures to identify any such material misstatements that have occurred, whether they result from error or fraud.
C4 What does it mean to use a benchmark to set financial statement materiality? What benchmarks are used? How might the benchmark differ based on the type of company being audited?
A benchmark is a standard measurement, sometimes called a “rule of thumb.” Examples of benchmarks used to set planning materiality are a percentage of: total revenue, gross profit, or profit before taxes for continuing operations. Issues that may affect the benchmark used are: whether a company is public or privately owned, for profit or not-for-profit, highly regulated, with a small profit margin or net income, heavily invested in fixed assets, etc.
C5 What is meant by the terms tolerable misstatement and tolerable rate of error? How do they relate to materiality?
Tolerable misstatement is the material threshold for an account balance or class of transactions.
Tolerable rate of error is the number or percent of times an ICFR and fail and the auditor does not expect the problem to cause a material misstatement.
Page 244
D1 Why is assessing the risk of fraud important for the planning stage? What do the audit standards require regarding fraud risk during planning?
The auditor has to consider “how and where” the financial statements might be misstated as a result of fraud because the auditor standards state:
“The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.” (AU 110.02)
D2 What is the Fraud Triangle? What are its components? Why is it an effective way for the auditor to approach fraud?
This is a theoretical concept proposed as an effective way to consider fraud risk in an audit client, because it requires the auditor to consider the specific characteristics of a client as they might relate to fraud.
Incentive or pressure: Do people within the client organization have a reason or motivation to commit fraud?
Opportunities: Do the circumstances within the client organization allow people to commit fraud?
Attitudes or rationalizations: If a person has committed the fraud being considered is there some way he or she can personally justify that fraud?
D3 What are client anti-fraud controls, and why are they important to the auditor?
Entity level controls implemented by management to address fraud risk, including controls over:
1. significant, unusual transactions, particularly those that result in late or unusual journal entries
2. journal entries and adjustments made in the period-end financial reporting process
3. related party transactions
4. significant management estimates
5. incentives or pressures that could motivate management to falsify or inappropriately manage financial results.
Anti-fraud controls are important because the auditor is more likely to miss financial statement misstatements that result from fraud than those that result from error. (Fraud is more likely to be missed simply because the perpetrator will try to keep it hidden.)
Page 253
E1 What are examples of “recent significant developments?” Why and in what ways would they affect the audit strategy?
On a recurring audit engagement, these are changes that have occurred since the last audit. For a new client, they are changes that occurred since the client was accepted. Recent significant developments are changes within the client and changes in the client’s external environment.
Recent significant developments are changes in: business activities, ownership, capital structure and AIS. These cause the auditor to spend more audit effort on valuation and consolidation, financial statement presentation, understanding-assessing-testing a new system.
External recent significant developments are changes in industry conditions, industry regulations, economic changes and accounting and auditing standards. These cause the auditor to look more at (for example) going concern or increased business activities.
E2 As the auditor’s association with a first-year audit client continues past the client acceptance process, what sources of information about the client become available to the auditor? What information may be received from these sources?
Quarterly reviews: ICFR system, changes to the system and to the business organization, important transactions and customers
Registration statement for offerings: current financial information
Audit of a parent company or sub: transactions with the client
Audit procedures of the ICFR audit: design and effectiveness of ICFR
E3 What would a first-year audit staff member learn from participating in the audit planning meeting of a client to which he or she has been assigned?
The objectives of the engagement, risks—including the risk of fraud, general audit approach, assigned responsibilities
E4 Why is the audit planning memo an important part of audit documentation?
It includes a lot of information about the client, the auditor’s risk assessment, the auditor’s consideration of fraud, the audit strategy. The planning memo adds to the audit documentation that was started during the client acceptance and continuance process.
Page 258
F1 How is supervision defined in the auditing standards?
Instructing members of the audit team
Reviewing the work of team members
Staying up-to-date on issues that come up as a result of the audit work
Managing differences of opinion among team members that arise as a result of audit findings
F2 The supervision and review needed might vary based on the characteristics of the auditing professional and the task to which he or she is assigned. Why? How does that relationship or trade-off work?
In planning the engagement, the audit firm should match jobs to individuals based on the difficulty and complexity of the job and experience and expertise of the individual. When a team member is very experienced for the task to which he or she is assigned, the time budgeted for performing the task, review, or both may be adjusted accordingly.