AUD RISK ASSESSMENT - NOV 2012

shared by: Danial Parahani

Note: These notes were provided to members of the CPAnet Forum (cpaforum.cpanet.com) by member
Danial Parahani. For more members notes, please join CPA Exam Club and visit the CPA Exam Notes
group. Happy studying and here are the links to help you along your CPA Exam journey! CPAnet

CPAnet Forum cpaforum.cpanet.com/

CPA Exam Club cpaexamclub.com/
CPA Exam Notes Group cpaexamclub.com/groups/cpaexamnotes
Facebook facebook.com/cpaexamclub
Twitter twitter.com/cpaexamtweets
LinkedIn linkedin.com/groups?gid=3804041

From Danial:
These files * contain the following subjects:
1. Audit Opinion Chart
2. Internal Control
3. Risk Assessment
4. Fraud & Illegal
5. Accounting Estimates
6. Inquiry Regarding Litigation, Claims, and Assessments
7. Auditing Fair Value
8. Related Party Transactions

All the best

*three separate downloads

==========

THANK YOU and feel free to share!

*** TO HELP YOU PASS, PREPARE YOUR OWN NOTES ***

If you have notes you would like to share, please contact CPAnet here:
http://www.cpanet.com/home/contact_cpanet.asp#contact
 Risk Assessment
Audit Steps Obtaining Assessing Risk of Documentation
(IM A CPA) Understanding Material Required
Misstatement

Audit Steps
I M A C P A
Obtain Assessing Risk of Respond to Test Internal Perform Evaluate
understanding of Material Assessed level Control Substantive Sufficiency and
entity and its Misstatements of risk and Evaluate Test appropriateness
environment, (by designing operating of Audit
including its further audit effectiveness Evidence
Internal Control procedure) obtained

Risk Assessment Risk Assessment Procedure
Procedure
1. Inquiries
2. Analytical Procedures
3. Observation &
Inspection
4. Discuss Among Audit
Team
5. Other Procedures
Obtain Understanding
(RAP) and Audit Evidence
Risk Assessment Procedures
PROVIDES Audit Evidence
even if it not designed to do.
Substantive testing or Test of
Control performed
CONCURRENTLY with RAP
Ongoing Assessment Factors to understand
Obtaining understanding 1. Industry, Regulatory, and
CONTINUE AND other External Factor
EVOLVING 2. Nature of Entity
THROUGHOUT THE 3. Objectives, Strategies and
AUDIT Business Risk
Auditor RISK 4. Entitys Financial
ASSESSMENT might Performance
CHANGE AS 5. Internal Control. Including
ADDITIONAL AUDIT Selection and Application of
EVIDENCE OBTAINED Accounting Principles

Assessing Risk of Material Misstatement

Purpose
Identify NET of further
Audit Procedure
Assessing Specific Risk Significant Risk
Assertion Level / MM / Specific Audit 1. Indicative Factors of Significant Risk
Consideration / Substantive Testing/ 2. Responding to Significant Risk
Specific Relevant Assertions or 3. Tests of Control
Pervasive effect on FS. 4. Other Matter Noted

Documentation Requirements
Required Documentation Extent of Documentation Form of Documentation
Discussion / Key understanding / More Complex Entity -> FIND
Assessment RMM / Identified Risk More extensive Audit Procedure ->
& Related Controls evaluated. More extensive Audit Documentation
 Internal Control
Internal Control Internal Control Effect of Services
Component Organizations on
Internal Control

Internal Control
Effect of
Auditors
Component Auditors Small & Inherent Information
Entity Understanding
of Internal Understanding of Midsized Limitation of Technology on
Objectives of Internal
Control Acctg Policies Entities Internal Control Internal
Control
Control
Reliability/ 1.CRIME 1.Evaluate 1.Understand Use less 1. Human error 1. Effect on
Effectiveness 2. Auditor Design of selection and formal 2.Circumvention Internal
and use of control application. means of control by Control
Efficiency components 2.Assess RMM 2.Implementation to collusion 2. Manual vs.
and 3.Design NET of New Standard achieve 3.Mgmt Automated
Compliance a.Framework of further 3.Evaluate internal override of Control
b.Relevance Audit presentation and control. control 3. Testing
to audit Procedure disclosure (e.g. A3- 4.Diffculty in Automated
c.Factors 46) achieving controls
affecting segregation of 4. IT Benefits
application duties in small 5.IT Risks
of entities 6.Organization
framework Structure of IT
Dept.

Internal Control Component

Importance of control Environment Internal Control Component
Foundation for other Internal Control
CRIME
Component
 Internal Control Component
Info. &
Risk Existing Control
Control Environment Communication Monitoring
Assessment Activities
System
1.Set Tome of Risk arise Indentify, Assess quality (POLICIES &
Organization from Capture, of IC PROCEDURES
2.Factors Include exchange performance by ENSURE MGMT
(Comm. & information in assessing design DIRECTIVE
enforcement of timely and useful and operation CARRIED & STEPS
integrity / manner. of control TAKEN TO
Commitment to ADDRESS RISK)
competence/ 1.Information (ESTABLISHING
Participation of 2.Acctg IS & PAID TIPS
TCWG/ 3.Communication MAINTAINING
Mgmt philosophy & IC IS MGMT P-Prenumbering
operating style/ RESPONSIBILITY A-Authorization
Organization THEREFORE I Independent
Structure/ MGMT MUST check
Assign authority, MONITOR ITS D-Documentation
Responsibility, and OPERATING AS T-Timely &
accountability/ INTENDED AND Approp.
HR policies & MODIFIED FOR Performance
practices) CHANGES) review
3.Focus on substance I-Info. Processing
rather than form Monitoring Control
(procedure Process P-Physical
established not Controls for
forced) safeguard assets
4.TCWG-(overseeing / S-Segregation of
Balancing conflicts / Duties
ear Responsibilities)
5.Pervasive effect on
IC WC- More (STRONG IC HAS
Substantive as of B/s PAID TIPS)
Date (Increase extent CPA SHOULD OBTAIN
and use more UNDERSTANDING &
persuasive evidence KNOWLEDGE
test)
SC Use less
persuasive evidence
test (reduce extent)
and perform test at
interim date
 Effect of Service Organizations on Internal Control
When services affect Initiation / Execution / Processing / Reporting of user companies transactions
here we can say that service organizations services are considered to be part of an entity Information
System.

User Implement its own effective controls on those transactions.

Service Organizations Controls placed in operation by it considered part of user organizations
information system
Users Auditor Responsibilities
A. Consider effect of service bureau on IC of user
organization & availability of evidence.
1. Obtain understanding of users IC
2. Assess control risk (user org.)
3. Perform Substantive procedures
B. Inquiries of service auditors prof. reputation
c. No reference to the report of service auditors
Service Auditor Responsibilities
1. Inquire of Mgmt regarding subsequent events
2. Representation in service auditor report & due
care in applying procedures
3. Its report describe scope and nature of
procedure
4. Types of Report:
REPORTS ON CONTROLS PLACED IN OPERATION
Obtain understanding of controls
Provided: Test of operating effectiveness not
Performed therefore not provide USER
AUDITOR basis for reducing Control
risk assessment
Report:
States Whether Control:
a. Suitably designed
b. Implemented
Include DISCLAIMER on operating effectiveness
of control.

REPORTS ON CONTROLS PLACED IN OPERATION

AND TESTS OF OPERATING EFFECTIVENESS

1. Provide evidence to REDUCE ASSESSED

LEVEL OF CONTROL RISK Obtained
directly by USER AUDITOR by:

a. Test user control over service activity

b. Perform TOC at service org.

Report:
States Whether Control:
a. Suitably designed
b. Implemented
c. Operated effectively

5.Service org. controls designed under assumption

that there are COMPLEMENTARY controls
implemented by users.
Fraud and Illegal Act
Consideration of Fraud Illegal Act
What is Fraud Responsibility Audit Requirements

What is Fraud
1. Fraud & Error
2.Types of Fraud
a. Fraudulent financial Report
b. Misappropriation of Assets
3. Characteristics of Fraud
a. Fraud Risk Factor
b. Mgmt Involvement
4. Reasonable Assurance
Consideration of Fraud
Responsibility
1. Mgmt responsibilities:
Design & implement programs
and controls to prevent, deter, &
detect fraud.
2. Auditors responsibilities:
Plan & perform audit to obtain
reasonable assurance on
whether F/S are free of material
misstatement whether caused by
error or fraud.
Audit Requirements
1. Prof. Skepticism
Consider fraud regardless pf:
- Past experience
- Mgmt honesty & integrity
Not dismiss info. that is indicative of
fraud.
2. Audit Procedures (DOAE_CD)
- Discuss among engagement
- Obtain information (identify FR)
Identify Risk
- Assess identified Risk
Response to assessed risk
- Evaluate evidence
- Communicate about fraud
- Document auditors
consideration of fraud

Discuss Among Engagement

Discussion Topic Other requirements
1. Brainstorming Discussion require:
2. Emphasis Prof. Skepticism 1. All team member
3. Consideration of Fraud Risk Factor 2. Specialist (may include)
4. Consideration of risk of Mgmt Override of control 3. Occur in multiple location
5. How respond to identified Risk 4. Continue throughout the audit

Obtaining Information (Procedures should be followed)

Inquire of entity Consider Result of Evaluate Fraud Risk Consider Other relevant
personnel Analytical Review Factor consideration
1. Inquire of Mgmt, employee During Planning, Existence of FRF: 1. Discussion
involved in financial reporting, Require to Perform it RMM due fraud is 2. Performance of
legal, operating, internal audit for revenue to greatest if all 3 procedure relate to
and TCWG.
identify unusual presents, however acceptance/continuance
(Overall risk of fraud,
relationship which existence of all 3 is not of clients
suspect instance of fraud,
might indicate of absolute indication of 3. Review interim F/S
Programs & control,
fraud. fraud. 4. Evaluate IR.
extent of distant location,
Mgmt reported to TCWG
Used data aggregated Absence of FRF:
regard IC and how it
at high level. Lack of observation of all or
function to prevent, any Doesnt there is no fraud
deter, and detect MM risk It means it reduced.
due to fraud.)
2. Additional evidence for One of them if enough to
cause RMM due to fraud.
inconsistent response

Attribute of Risk
1. Type of risk
2. Significance of risk
3. Likelihood of Risk
4. Pervasiveness of Risk
Obtain understanding of entity
and its environment, including it
IC.
Required Response
Identifying Risk
Presumption of Risk Additional Consideration
1. Revenue Recognition 1. What extent FRF present
2. Mgmt override of control 2. Size, Complexity, and
ownership characteristics of
entity.
Large entity:
Internal Audit/Audit Committee.
Code of ethic (serve deter fraud)
Small Entity:
Lack such feature, however, it ha
strong corporate culture
(discourage fraud)
3. Susceptibility of items to
manipulate when:
- Mgmt Judgment
- Very complex acctg principles
Assessing Identified Risk
Specific control mitigate specific risk Identified control deficiency
Boarder control mitigate overall risk make risk worsen (exacerbate)
Responding to Assessed Risk
Overall, General Response consider by auditor when
Assign personnel
Determine level of supervision
Evaluate Mgmt selection and application of acctg.
Appropriate level of unpredictability in select audit procedure
from one year to others
Response Encompassing Specific audit procedure
Respond to specific identified Risk
1. By alter (NET) 2. Should include ST and TOC
Nature: More reliable + Obtain corroborative evidence
Extent: Increasing Sample size + Test perform at reliable level or extensive
Timing: Apply SP near or at end of reporting period would reduce risk
Response Addressing Risks related to Mgmt override:
1. Auditor focus on nonstandard or unusual entries
2. Review acctg estimates for biases result in MM due to fraud
(Auditor should perform retrospective review Comparing prior
year estimates to actual subsequent events
3. Evaluate business purpose of unusual transactions.
(Complex Transactions + Acctg reflect substance of transaction)
Significant Fraud Risk
Examples of Response to
identified risk
Withdrawing from engagement bcoz it wont be practicable or possible to
design audit procedures that sufficiently address risk
Revenue Recognition:
1. Analytical Review of revenue using disaggregated data
Revenue by Month 2009 Revenue by Month 2008
Revenue y product 2009 Revenue by product 2008
Sales Return included
2. Confirm customer contract term
3. Inquire of unusual conditions
4. Physically observation of shipment close to period end
5. Test control surrounding electronic processing of revenue trans.

Inventory Quantities:

1. Examine inventory records (items require specific attention)

2. Observe inventory at unannounced basis
3. Conduct inventory count at different location on same day
4. Conduct inventory count at or near end of period
5. Compare current period quantity with prior period
6. During observation Do rigorous examination and additional
testing

Mgmt Estimates:

1. Engage specialist to evaluate Mgmt estimates

2. Develop independent estimates
3. Perform retrospective review of prior period estimates

Evaluate Audit Evidence

Conditions Discrepancies in acctg records:
Identified during
fieldwork Improper recording of transaction
Unauthorized / unsupported balance
Subsidiary and control accounts lack agreement
Last minute adjustment
Inappropriate access to system or records
Compliant to auditor about alleged (Suppose) fraud

Conflicting or Missing Evidential Matter:

Unavailable documents / electronic evidence

Alteration of documents
Unexplained significant reconciliation
Discrepancies between record and confirmation
Missing inventory or asset value
Inability to produce evidence supporting systems development/ modification/
implementation activities.
 Problematic or unusual relationship between Auditors and Mgmt:

Denied of access to records, customers, vendors, employee, etc..

Management compliant
Undue time pressure imposed by Mgmt to resolve complex issues
Mgmt intimidation (Threats) of audit team
Unusual delay in providing info
Unwillingness to facilitate auditor access to electronic access
Unwillingness to add or revise F/S disclosure
Denial access to IT operations staff and facilities
Analytical Results of AP performed by auditor during or at the completion of audit
Procedures indicate fraud

Unusual relationship between year-end Revenue and Income

Misstatements due If misstatements are indicative of fraud the audit should evaluate the related
the fraud implications:

- Indicate problem with Mgmt integrity

- Auditor should Reevaluate
1. Assessment of fraud risk
2. Assessed effectiveness of controls
3. Appropriateness of audit procedures
Final Evaluation At or near the completion of fieldwork should be made regarding assessment of
risk of material misstatements due to fraud.

Communication among engagement personnel regarding Material misstatement:

Not Significant -> Perform additional audit procedure

Significant -> Withdraw from engagement

Communication
Mgmt Audit Fraud Communication to
Committee Causes Material Misstatement of F/S Audit Committee (TCWG)
Involved Senior Manager Audit Committee (TCWG)
Internal control weakness or deficiency Mgmt & Audit Committee (TCWG)
Identified Fraud Risk Audit Committee (TCWG)
Parties Outside the Is not an auditors responsibility, however, in certain cases duty to disclose
Entity outside entity may exist:
- Comply with legal and regulatory form / Private Securities litigation
- Successor Auditors
- Subpoena
- Finding agency
Documentation
First: Complete Documentation of RISK ASSESSMENT AND RESPONSE IS REQUIRED
Then:
1. Planning discussion among team members (How & When Discussion occurred Participant
Subject discuss)
2. Procedure performed to obtain info.
3. Specific identified RMM due to fraud
4. Non identification of improper revenue recognition as fraud risk (Conclusion support)
5. Results of procedure performed to identified risk of Mgmt override of control
6. Other conditions and analytical relationship
7. Nature of communication

Illegal Act
Definition Violation of laws or governmental regulation

Auditors Responsibilities to detect illegal Act

Direct effect on F/S Indirect effect on F/S
Plan and Perform (design) audit to obtain If information comes to auditors attention ->
reasonable assurance that F/S is free of MM auditor should apply appropriate audit procedure
Less the Act affects the F/S -> Less likely auditors will discover it

Audit Procedures
No audit procedure specifically to detect illegal acts.

May discover through other procedures:

1. Read minutes of meeting
2. Inquire of Mgmt and legal counsel

Info may be indicative of illegal acts include:

1. Unauthorized / improperly recorded transactions.
2. Unusual payments (Fines and Penalties).
3. Unusual large or excessive payment (Especially those in cash)
4. Unexplained payment (Payments for unspecified services)
5. Investigation by governmental agencies ( Known violations of laws and regulations)
6. Fail to file tax & Pay other appropriate fees.
 Auditors Response to Illegal Acts
Possible Illegal Act - Obtain understanding
- Inquire of Mgmt (level above those involved)
- Consult clients legal counsel (Application of laws and regulations)
- Apply additional audit procedures
Detected Illegal Act - Consider effect of it
- Evaluate materiality of illegal act (Quantitative and qualitative factors)
- Evaluate Disclosure of loss contingencies (fine/Penalties/Damages)
- Consider implications for other areas of the audit
- Communicate illegal act to the audit committee.

Effect of Illegal Act on the Audits Report

Effect Action
Departure from Material Illegal acts exist and not Qualified / Adverse (full disclosure)
GAAP properly accounted and disclosed and
client refuse to revise the F/S.
Insufficient Preclude from obtaining conclusive Disclaimer of Opinion
Evidence evidence
Client Response If client refuses to accept auditors Withdraw from engagement
report as modified

Implication of Illegal Acts

Consider effect of illegal act on Evaluation of IC and Planned degree of reliance on Mgmt Rep.

If client fails to take remedial action regarding illegal (even immaterial) Withdraw from engagement

Communication
Audit Committee Should be adequately informed unless Illegal act are inconsequential (minor)
Parties Outside the Is not an auditors responsibility, however, in certain cases duty to disclose
Entity outside entity may exist:
- Comply with legal and regulatory form / Private Securities litigation
- Successor Auditors
- Subpoena
- Finding agency