Review Questions Solutions Chapter 6, Audit Planning and Risk Assessment Page 235 A1 What is the purpose of evidence

collected during an ICFR audit? To support the audits opinion on ICFR as of year end, and decision on expected control risk for purposes of the financial statement audit. A2 When does the collection of information that is used for the planning process begin? When does it end? Begins: During the client acceptance and continuance process. Ends: At the completion of the audit when the auditor has obtained the assurance required to express the opinions on the integrated audit. A3 What are some reasons why the original strategy and plan for an integrated audit may need to be modified? The audit strategy and plan may need to be modified if the audit gets new information, for example, information suggesting that: the risks are greater than the auditor thought when the original plan was put together, or an area of the companys activities is larger or more complex than originally believed. A4 What is involved in developing the audit strategy? Deciding on the scope of the engagement (the work that has to be performed for the auditor to be able to issue the reports or other products contracted for in the engagement letter), timing of the work, and initial estimates of the risk areas and materiality levels for the engagement. A5 Why does the audit firm have to plan the audit resources needed for an audit engagement? To identify and plan for the specific auditor skill levels and hours, and the specific people needed on the engagement to complete the work. A6 What is an audit plan? The specific steps to be performed and what is to be accomplished by the audit team. A7 What is accomplished by risk assessment during planning? Identifying the important areas of the clients operations and financial statements, along with determining what may go wrong in those areas. This enables the auditor to determine what needs to be accomplished during the audit.

Page 239 B1 How are auditors able to begin planning an audit engagement for a first-year audit when they have not yet spent any significant time working on the client? The auditors planning the engagement know the general framework of what has to be done on any audit, and an auditor experienced in the clients industry understands the activities and risks of business in the industry. Consequently, they also understand the material financial statement accounts and important ICFR areas. Further, the auditor has actually gained quite a bit of client-specific information during the client acceptance and engagement letter processes. The audit team uses this knowledge base as a starting place for planning, with an understanding and expectation that revisions will be needed as the audit progresses. B2 What services that the auditor performs for an audit client may assist in scoping the audit engagement? Reviews of quarterly financial statements B3 How does the clients industry, its basis of reporting, and regulatory reports required affect scoping the engagement? The characteristics affect the knowledge the auditor needs to have and the work that has to be done. For example: US GAAP or IFRS? Currencies? State or local government reporting according to GASB? Federal government reporting standards? Regulator requirements? Statutory audit requirements? B4 How is the audit plan affected if the entity has a parent or subsidiary, or other entities that are related parties? The engagement will be affected by the audit work performed and reports provided by other auditors of the related entities. If a company has multiple location, the auditor must determine how much work should be done related to the different locations. The scoping decisions on multiple locations are affected not only by the materiality each location contributes to the financial statements, but also by the activities and controls at each location and whether ICFR testing must be carried out at the locations. Sometimes other auditors are hired to perform work at distant locations and this affects the scope of the primary auditors work because of a need to plan, supervise and review the other auditors work. B5 How can planning for the audit be affected by the work of the clients internal auditors? By whether the company outsources any of its processes? The auditor can consider the internal auditors work in deciding on the nature, timing and extent of audit evidence needed. If certain criteria are met, the internal auditor can actually perform audit steps for the external auditor. When a process, for example,

payroll, is outsourced, the auditor has to determine whether the outsourced service is important enough to be material to the audit clients ICFR. If it is material, the auditor has to determine how much audit work has to be performed to obtain assurance that the service providers ICFR is effective and its outputs can be relied upon. The user companys auditor may be able to rely on a report provided by an auditor of the service provider. Alternatively, the user companys auditor may have to perform various audit steps related to the service provider. B6 What is important about analytical procedures and audit planning? Analytical procedures must be used in the planning process. Analytical procedures are useful in providing information such as how material an account is to others, and whether importance or volume related to an account or process has changed over time. B7 Does the work performed in audit planning change in the subsequent years of auditing the same client? In subsequent year audits, the auditor knows more about the clients business, organization, personnel, accounting systems, etc., than in the first year, and updating the information requires less audit effort than learning it all during the first year of the engagement. Although controls that are material have to be tested in the ICFR audit each year, audit information obtained through prior year audits may permit the auditor to alter the nature, timing and extent of the tests performed and in that way impacts the scope of the engagement. B8 What are some events that must be considered when planning the audit from a timing perspective? Dates for auditor communications with management, the Audit Committee and the Board of Directors; shareholder meetings SEC deadlines for filing quarterly and annual financial reports If the company has business units or related-party entities for which other auditors perform audit work, expectations of reporting by those other auditors must be considered in the time plan. Deadlines for reporting requirements, if any, beyond those of the SEC, such as of other regulators. Page 242 C1 What user characteristics do the auditing standards assume users have when judging what is material to a companys financial statements? 1. Having an appropriate knowledge of business and economic activities and accounting and a willingness to study the information in the financial statements with an appropriate diligence. 2. Understanding that financial statements are prepared and audited to levels of materiality.

3. Recognizing the uncertainties inherent in the measurement of amounts based on the use of estimates, judgment, and the consideration of future events. 4. Making appropriate economic decisions on the basis of information in the financial statements. C2 What are the risk assessment and planning steps that take the auditor from considering materiality at the financial statement level to designing the audit procedure to testing the operating effectiveness of an internal control? 1. Determine what is material at the financial statement level. 2. Identify various accounts and disclosures that are material to the financial statements along with the management assertions that are relevant for the material accounts and disclosures. 3. Determine what the risks are in the business that might cause material misstatements in the financial statements related to the assertions. 4. Identify controls that address the risks. 5. Structure the audit plan to test the design and functioning of the controls that address the risks of material misstatements. C3 What are the risk assessment and planning steps that take the auditor from considering materiality at the financial statement level to designing the substantive audit procedure intended to identify any material misstatements in the financial statements and disclosures? 1. Determine what is material at the financial statement level. 2. Identify various accounts and disclosures that are material to the financial statements along with the management assertions that are relevant for the material accounts and disclosures. 3. Evaluate what would be a material misstatement for an account or disclosure assertion. 4. Design audit procedures to identify any such material misstatements that have occurred, whether they result from error or fraud. C4 What does it mean to use a benchmark to set financial statement materiality? What benchmarks are used? How might the benchmark differ based on the type of company being audited? A benchmark is a standard measurement, sometimes called a rule of thumb. Examples of benchmarks used to set planning materiality are a percentage of: total revenue, gross profit, or profit before taxes for continuing operations. Issues that may affect the benchmark used are: whether a company is public or privately owned, for profit or notfor-profit, highly regulated, with a small profit margin or net income, heavily invested in fixed assets, etc. C5 What is meant by the terms tolerable misstatement and tolerable rate of error? How do they relate to materiality?

Tolerable misstatement is the material threshold for an account balance or class of transactions. Tolerable rate of error is the number or percent of times an ICFR and fail and the auditor does not expect the problem to cause a material misstatement. Page 244 D1 Why is assessing the risk of fraud important for the planning stage? What do the audit standards require regarding fraud risk during planning? The auditor has to consider how and where the financial statements might be misstated as a result of fraud because the auditor standards state: The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. (AU 110.02) D2 What is the Fraud Triangle? What are its components? Why is it an effective way for the auditor to approach fraud? This is a theoretical concept proposed as an effective way to consider fraud risk in an audit client, because it requires the auditor to consider the specific characteristics of a client as they might relate to fraud. Incentive or pressure: Do people within the client organization have a reason or motivation to commit fraud? Opportunities: Do the circumstances within the client organization allow people to commit fraud? Attitudes or rationalizations: If a person has committed the fraud being considered is there some way he or she can personally justify that fraud? D3 What are client anti-fraud controls, and why are they important to the auditor? Entity level controls implemented by management to address fraud risk, including controls over: 1. significant, unusual transactions, particularly those that result in late or unusual journal entries 2. journal entries and adjustments made in the period-end financial reporting process 3. related party transactions 4. significant management estimates 5. incentives or pressures that could motivate management to falsify or inappropriately manage financial results. Anti-fraud controls are important because the auditor is more likely to miss financial statement misstatements that result from fraud than those that result from error. (Fraud is more likely to be missed simply because the perpetrator will try to keep it hidden.) Page 253

E1 What are examples of recent significant developments? Why and in what ways would they affect the audit strategy? On a recurring audit engagement, these are changes that have occurred since the last audit. For a new client, they are changes that occurred since the client was accepted. Recent significant developments are changes within the client and changes in the clients external environment. Recent significant developments are changes in: business activities, ownership, capital structure and AIS. These cause the auditor to spend more audit effort on valuation and consolidation, financial statement presentation, understanding-assessing-testing a new system. External recent significant developments are changes in industry conditions, industry regulations, economic changes and accounting and auditing standards. These cause the auditor to look more at (for example) going concern or increased business activities. E2 As the auditors association with a first-year audit client continues past the client acceptance process, what sources of information about the client become available to the auditor? What information may be received from these sources? Quarterly reviews: ICFR system, changes to the system and to the business organization, important transactions and customers Registration statement for offerings: current financial information Audit of a parent company or sub: transactions with the client Audit procedures of the ICFR audit: design and effectiveness of ICFR E3 What would a first-year audit staff member learn from participating in the audit planning meeting of a client to which he or she has been assigned? The objectives of the engagement, risksincluding the risk of fraud, general audit approach, assigned responsibilities E4 Why is the audit planning memo an important part of audit documentation? It includes a lot of information about the client, the auditors risk assessment, the auditors consideration of fraud, the audit strategy. The planning memo adds to the audit documentation that was started during the client acceptance and continuance process. Page 258 F1 How is supervision defined in the auditing standards? Instructing members of the audit team Reviewing the work of team members Staying up-to-date on issues that come up as a result of the audit work Managing differences of opinion among team members that arise as a result of audit findings

F2 The supervision and review needed might vary based on the characteristics of the auditing professional and the task to which he or she is assigned. Why? How does that relationship or trade-off work? In planning the engagement, the audit firm should match jobs to individuals based on the difficulty and complexity of the job and experience and expertise of the individual. When a team member is very experienced for the task to which he or she is assigned, the time budgeted for performing the task, review, or both may be adjusted accordingly. If an audit procedure is new to an individual, or complex relative to the persons experience and expertise, the audit plan should allow for this and budget more time for performance of the task, as well as more time for instruction an review. F3 Why might some audit procedures need to be performed exactly at the end of the fiscal year? Depending on the type of company and the records and documents it produces, it might only be possible or efficient to obtain the required audit evidence at the end of the year. F4 What are the reasons an auditor might plan to perform some procedures at an interim date and others during or after the client has closed its books after the fiscal year end? Reasons to perform procedures at an interim date: The audit firm may be very busy after the companys fye. Performing procedures at an interim date may uncover problems and permit the auditor to alert management to the issues; planning can be adjusted to direct more year end audit effort to the problem areas. The client may retain records needed for audit evidence for a limited period of time. Reasons to perform procedures at fiscal year end: Some work can only be performed after fye, such as: ICFR procedures on the closing and financial statement preparation process; agreeing the financial statements to the accounting records; examining that adjustments were posted to the clients general ledger. Some work might be more efficiently performed after year end, such as confirmation of accounts receivable. F5 Considering only the core members of the audit team, how might an area being labeled high risk affect the audit plan for staffing the area? More experienced members of the audit team may be assigned to areas of high risk and more tests may be planned for the related controls, account balances and disclosures. F6 Why might specialists be needed on an audit engagement? What areas of knowledge and skills might be provided by specialists?

A specialist is defined as, a person (or firm) possessing special skill or knowledge in a particular field other than accounting or auditing. A specialist may be required because that person better understands the risks and the required evidence. Actuarial, appraisal, engineering, environmental, geology, IT, legal F7 What client circumstances might cause the need for an IT specialist to be involved in an audit? When the accounting information system is pervasive throughout the company and critical to its operations, new, recently changed, very complex, uses emerging technology or the company is involved in e-commerce. F8 If an audit team needs an IT specialist to be involved in the audit, when might the IT specialist become involved? What tasks might the IT specialist perform at various stages of the audit? The IT specialist can be involved as early as planning. Planning: Inquiry about how transactions are initiated and authorized, how data are captured, recorded, processed and reported. Inquiry about how IT controls are designed. Inspecting system documentation. Observing operation of IT controls. Planning tests of IT controls. After planning: Performing audit tests on ICFR. Extracting and analyzing data for audit evidence. Page 264 G1 What do the auditing standards mean when they refer to the nature, timing, and extent of audit tests? How does nature, timing, and extent relate to materiality, managements assertions and controls? Nature generally refers to what type of test is performed and the procedure used. Timing refers to whether the test is performed at an interim date or at/after fiscal year end. Extent refers to the number of audit procedures performed and the number of items of evidence included or examined. The management assertion that is involved with the financial statement account and any related controls affects the nature of the test and the timing. One audit procedure might work for one assertion, while a different procedure is required for another one. (For example and auditor might confirm accounts receivable to test existence, and recalculate the aging schedule and examine subsequent cash received to test valuation of accounts receivable.) The more material an item is, the greater the extent of testing is likely to be. The control involved, its importance, whether it has been in place the entire year, etc. are likely to impact timing and extent of testing.

G2 How does the auditor plan for the ICFR audit? For the financial statement audit? In other words, what linkages are important to develop and document as a part of drafting the audit plan? See Exhibit 6-8 For substantive procedures Account or disclosure>Assertion>Risk of material misstatement>Audit procedure For ICFR procedures Account or disclosure>Assertion>Risk of material misstatement>Cause of the risk>Control>Test of Control G3 What audit procedures are useful for a financial statement audit but not an ICFR audit, and why? Inspection of tangible assets Confirmation Analytical procedures These steps deal with ending balances and are not useful for assessing ICFR operating effectiveness. G4 What are the wrap up steps of the audit that are included in the audit plan? Communications to management and the audit committee Communicating with the clients attorney Obtaining a management representations letter Review Questions Solutions Chapter 6, Appendix A, Using the Work of Others Page 276 H1 What impact does the work of others have on decisions the auditor makes about work he or she must perform? It can impact the nature, timing and extent of work the auditor decides must be performed on the audit. H2 How does the work of others affect the auditors responsibility for the audit opinions? The auditor remains ultimately responsible H3 Who can perform work that may be of value to the independent auditor? Internal auditors and others who perform work related to managements assessment of the effectiveness of ICFR

Page 278 I1 How do the competence and objectivity of others affect the auditors use of their work? The more objective and competent the person is, the more the auditor will consider using the work performed. Additionally, the assessment of objectivity and competence impacts the amount of testing that must be performed on others work before the auditor can feel comfortable using it. I2 What are indicators of the competence of others performing work that is used by the auditor? Education level Professional experience Professional certification Continuing education Policies, programs, and procedures Assignment of individuals to work areas Supervision and review Quality of documentation of the work Quality of reports and recommendations Evaluations of performance I3 What are indicators of the objectivity of others performing work that is used by the auditor? Organizational position: Does the perform report to an officer of sufficient status within the company to ensure broad coverage in the procedures performed and appropriate consideration of the findings and recommendations? BOD or audit committee oversight of internal auditor hiring process Personal loyalties I4 How can managements control over a low-ranking person affect the value of that persons work to the auditor? Management might be able to direct the work away from areas that it wishes to keep hidden or suppress findings. Page 280 J1 In what way can work on the control environment performed by others affect the auditors work? It can assist the auditor in obtaining an understanding of the accounting system

10

J2 Does materiality and risk of misstatement have a positive or an inverse relationship with the amount of work the auditor performs personally? Positive relationship. As an account is more material, risk is greater, and importance of a control to preventing a risk of misstatement is greater, the auditor performs more work personally. J3 What do the subjectivity and judgment involved in a procedure have to do with the auditors use of the work of others? The more subjective the process and the more judgment required in performing the procedure or interpreting the result, the less the auditor relies on the work of others. Page 281 K1 What does the auditor consider in evaluating the work of others? What tests might the auditor perform? The auditor evaluates the quality of the work; work that will have a greater impact on the auditors decisions requires a more careful assessment of the quality of the work. Tests: Examine some of the controls, transactions or balances that others examined Examining similar controls, transactions, or balances not actually examined by others Compare the results of work performed personally with the results of the work of others K2 What does the auditor have to do if others provide direct assistance on the audit? Assess competence and objectivity Supervise, review, evaluate and test the work performed Inform others about: Responsibilities Objectives of the procedures Matters that affect nature, timing and extent of procedures That all significant accounting and auditing issues identified should be reported to the auditor

11