Download Auditing Risk Assessment and Response: A Guide for Students - Prof. Galloho and more Exams Auditing in PDF only on Docsity!
Assessing and Responding to
Audit Risks
Risk Assessment and Response to Assessed
Risks
Understanding Audit Risk
The correct statement is: d. The auditor should obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach.
According to PSA 400, audit risk means: b. The risk that a misstatement, that could occur in an account balance or class of transactions and that could be material, individually or when aggregated with misstatements in other balances or classes, will not be prevented or detected and corrected on a timely basis by the accounting and internal control systems.
Inherent risk and control risk differ from detection risk in that they: c. Exist independently of the financial statement audit.
Inherent risk and control risk differ from detection risk in that inherent risk and control risk are: d. Functions of the client and its environment while detection risk is not.
The incorrect statement is: d. Detection risk exists independently of the audit of the financial statements.
The incorrect statement is: d. The auditor might make separate or combined assessments of inherent risk and control risk.
The auditor assesses control risk because: c. Because it affects the level of detection risk the auditor may accept.
The relationship between acceptable level of detection risk and the combined level of inherent and control risk is: b. Inverse
If the assessed level of Inherent risk is High and the Control risk is Low, the acceptable level of detection risk would be: c. Lower
To achieve an overall audit risk level that is substantially the same as the planned audit risk level, if the auditor decides to increase the assessed level of control risk, the auditor would: d. Decrease detection risk.
As the acceptable level of detection risk decreases, the assurance directly provided from: a. Substantive tests should increase.
The true statement is: b. If control risk is assessed at maximum, the nature of related substantive tests should be changed from less to more effective.
When the auditor determines that detection risk regarding a financial statement assertion for a material account balance or class of transactions cannot be reduced to an acceptable level, the auditor should express: b. Qualified or disclaimer of opinion
Understanding the Entity and Its Environment and
Assessing the Risks of Material Misstatement
The distinguishing feature of risk-based auditing that is not mentioned is: c. Collecting and evaluating evidence.
The factor that is not a good indicator of potential financial failure is: b. Client's retained earnings were reduced by half as a result of a large dividend payout.
PSA 315 requires: d. All of the above.
The incorrect statement regarding PSA 315 is: d. This PSA discusses the auditor's responsibility to determine overall responses and to design and perform further audit procedures whose nature, timing, and extent are responsive to the risk assessments.
The incorrect statement regarding obtaining an understanding of the entity and its environment is: d. The depth of the overall understanding that is required by the auditor in performing the audit is equal to that possessed by management in managing the entity.
The main purpose of risk assessment procedures is to: a. Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and assertion levels.
The risk assessment procedure that the auditor should not perform is: b. Inquiries of the entity's external legal counsel or of valuation experts that the entity has used.
Inquiries directed towards those charged with governance may most likely: a. Relate to their activities concerning the design and effectiveness of the entity's internal control and whether management has satisfactorily responded to any findings from these activities.
The incorrect statement regarding analytical procedures is: d. When such analytical procedures use data aggregated at a high level (which is often the situation), the results of those analytical procedures provide a clear-cut indication about whether a material misstatement may exist.
The incorrect statement regarding the discussion among the engagement team about the susceptibility of the entity's financial
Significant Risks Requiring Special Audit Consideration
The auditor should determine which of the risks identified are, in the auditor's judgment, risks that require special audit consideration. The auditor excludes the effect of identified controls related to the risk to determine whether the nature of the risk, the likely magnitude of the potential misstatement including the possibility that the risk may give rise to multiple misstatements, and the likelihood of the risk occurring are such that they require special audit consideration. Routine, non-complex transactions that are subject to systematic processing are less likely to give rise to significant risks because they have lower inherent risks. Significant risks are often derived from business risks that may result in a material misstatement.
Examples of Situations Requiring Substantive Procedures
An entity that conducts its business using IT to initiate orders for the purchase and delivery of goods based on predetermined rules, with no other documentation of orders placed or goods received, other than through the IT system. An entity that provides services to customers via electronic media and uses IT to create a log of the services provided, initiate and process its billings, and automatically record such amounts in electronic accounting records.
PSA 330 - The Auditor's Procedures in
Response to Assessed Risks
Determining Overall Responses to Address Risks of
Material Misstatement
The auditor should determine overall responses to address the risks of material misstatement at the financial statement level. Such responses may include emphasizing the need for professional skepticism, assigning more experienced staff or those with special skills, incorporating additional elements of unpredictability, and performing substantive procedures at an interim date.
Assessing the Control Environment and Designing Further
Audit Procedures
Weaknesses in the control environment ordinarily will lead the auditor to modify the nature of audit procedures to obtain more persuasive audit evidence. The auditor should design and perform further audit procedures whose nature, timing, and extent are responsive to the assessed risks of material misstatement at the assertion level.
The most important consideration in responding to the assessed risks is the nature of the audit procedures.
Selecting the Appropriate Audit Approach
The auditor may determine that only by performing tests of controls may the auditor achieve an effective response to the assessed risk of material misstatement for a particular assertion. The auditor may determine that performing only substantive procedures is appropriate for specific assertions and, therefore, the auditor excludes the effect of controls from the relevant risk assessment. The auditor needs to be satisfied that performing only substantive procedures for the relevant assertion would be effective in reducing the risk of material misstatement to an acceptably low level.
Nature, Timing, and Extent of Further Audit Procedures
The nature of further audit procedures refers to their purpose and their type. Certain audit procedures may be more appropriate for some assertions than others. The auditor is required to obtain audit evidence about the accuracy and completeness of information produced by the entity's information system when that information is used in performing audit procedures. The timing of audit procedures refers to when they are performed or the period or date to which the audit evidence applies. The extent of an audit procedure is determined by the judgment of the auditor after considering the materiality, the assessed risk, and the degree of assurance the auditor plans to obtain.
Tests of Controls
Tests of controls are required under certain circumstances, such as when an entity conducts its business using IT and no documentation of transactions is produced or maintained, other than through the IT system. Tests of the operating effectiveness of controls are performed only on those controls that the auditor has determined are suitably designed to prevent, or detect and correct, a material misstatement in an assertion. The absence of misstatements detected by a substantive procedure does not provide audit evidence that controls related to the assertion being tested are effective. A material misstatement detected by the auditor's procedures that was not identified by the entity ordinarily is indicative of the existence of a material weakness in internal control.
Modifying Planned Audit Procedures
As the auditor performs the planned audit procedures, the audit evidence obtained may cause the auditor to modify the nature, timing, or extent of other planned audit procedures.
Considering Audit Evidence
In developing an opinion, the auditor should consider all the audit evidence, not just the evidence that corroborates the assertions in the financial statements.
Insufficient Audit Evidence
If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor should express a qualified opinion or a disclaimer of opinion, as stated in the text.
