ch06 by uc86


									                             Review Questions Solutions
                    Chapter 6, Audit Planning and Risk Assessment

Page 235
A1 What is the purpose of evidence collected during an ICFR audit?

To support the audit’s opinion on ICFR as of year end, and decision on expected control
risk for purposes of the financial statement audit.

A2 When does the collection of information that is used for the planning process
begin? When does it end?

Begins: During the client acceptance and continuance process.
Ends: At the completion of the audit when the auditor has obtained the assurance required
to express the opinions on the integrated audit.

A3 What are some reasons why the original strategy and plan for an integrated
audit may need to be modified?

The audit strategy and plan may need to be modified if the audit gets new information,
for example, information suggesting that: the risks are greater than the auditor thought
when the original plan was put together, or an area of the company’s activities is larger or
more complex than originally believed.

A4 What is involved in developing the audit strategy?

Deciding on the scope of the engagement (the work that has to be performed for the
auditor to be able to issue the reports or other products contracted for in the engagement
letter), timing of the work, and initial estimates of the risk areas and materiality levels for
the engagement.

A5 Why does the audit firm have to plan the audit resources needed for an audit

To identify and plan for the specific auditor skill levels and hours, and the specific people
needed on the engagement to complete the work.

A6 What is an audit plan?

The specific steps to be performed and what is to be accomplished by the audit team.

A7 What is accomplished by risk assessment during planning?

Identifying the important areas of the client’s operations and financial statements, along
with determining what may go wrong in those areas. This enables the auditor to
determine what needs to be accomplished during the audit.

Page 239
B1 How are auditors able to begin planning an audit engagement for a first-year
audit when they have not yet spent any significant time working on the client?

The auditors planning the engagement know the general framework of what has to be
done on any audit, and an auditor experienced in the client’s industry understands the
activities and risks of business in the industry. Consequently, they also understand the
material financial statement accounts and important ICFR areas. Further, the auditor has
actually gained quite a bit of client-specific information during the client acceptance and
engagement letter processes. The audit team uses this knowledge base as a starting place
for planning, with an understanding and expectation that revisions will be needed as the
audit progresses.

B2 What services that the auditor performs for an audit client may assist in scoping
the audit engagement?

Reviews of quarterly financial statements

B3 How does the client’s industry, its basis of reporting, and regulatory reports
required affect scoping the engagement?

The characteristics affect the knowledge the auditor needs to have and the work that has
to be done. For example: US GAAP or IFRS? Currencies? State or local government
reporting according to GASB? Federal government reporting standards? Regulator
requirements? Statutory audit requirements?

B4 How is the audit plan affected if the entity has a parent or subsidiary, or other
entities that are related parties?

The engagement will be affected by the audit work performed and reports provided by
other auditors of the related entities. If a company has multiple location, the auditor must
determine how much work should be done related to the different locations. The scoping
decisions on multiple locations are affected not only by the materiality each location
contributes to the financial statements, but also by the activities and controls at each
location and whether ICFR testing must be carried out at the locations. Sometimes other
auditors are hired to perform work at distant locations and this affects the scope of the
primary auditor’s work because of a need to plan, supervise and review the other
auditor’s work.

B5 How can planning for the audit be affected by the work of the client’s internal
auditors? By whether the company outsources any of its processes?

The auditor can consider the internal auditor’s work in deciding on the nature, timing and
extent of audit evidence needed. If certain criteria are met, the internal auditor can
actually perform audit steps for the external auditor. When a process, for example,

payroll, is outsourced, the auditor has to determine whether the outsourced service is
important enough to be material to the audit client’s ICFR. If it is material, the auditor
has to determine how much audit work has to be performed to obtain assurance that the
service provider’s ICFR is effective and its outputs can be relied upon. The user
company’s auditor may be able to rely on a report provided by an auditor of the service
provider. Alternatively, the user company’s auditor may have to perform various audit
steps related to the service provider.

B6 What is important about analytical procedures and audit planning?

Analytical procedures must be used in the planning process. Analytical procedures are
useful in providing information such as how material an account is to others, and whether
importance or volume related to an account or process has changed over time.

B7 Does the work performed in audit planning change in the subsequent years of
auditing the same client?

In subsequent year audits, the auditor knows more about the client’s business,
organization, personnel, accounting systems, etc., than in the first year, and updating the
information requires less audit effort than learning it all during the first year of the
engagement. Although controls that are material have to be tested in the ICFR audit each
year, audit information obtained through prior year audits may permit the auditor to alter
the nature, timing and extent of the tests performed and in that way impacts the scope of
the engagement.

B8 What are some events that must be considered when planning the audit from a
timing perspective?

         Dates for auditor communications with management, the Audit Committee and
the Board of Directors; shareholder meetings
         SEC deadlines for filing quarterly and annual financial reports
         If the company has business units or related-party entities for which other auditors
perform audit work, expectations of reporting by those other auditors must be considered
in the time plan.
         Deadlines for reporting requirements, if any, beyond those of the SEC, such as of
other regulators.

Page 242
C1 What user characteristics do the auditing standards assume users have when
judging what is material to a company’s financial statements?

1. Having an appropriate knowledge of business and economic activities and accounting
and a willingness to study the information in the financial statements with an appropriate
2. Understanding that financial statements are prepared and audited to levels of

3. Recognizing the uncertainties inherent in the measurement of amounts based on the
use of estimates, judgment, and the consideration of future events.
4. Making appropriate economic decisions on the basis of information in the financial

C2 What are the risk assessment and planning steps that take the auditor from
considering materiality at the financial statement level to designing the audit
procedure to testing the operating effectiveness of an internal control?

1. Determine what is material at the financial statement level.
2. Identify various accounts and disclosures that are material to the financial statements
along with the management assertions that are relevant for the material accounts and
3. Determine what the risks are in the business that might cause material misstatements in
the financial statements related to the assertions.
4. Identify controls that address the risks.
5. Structure the audit plan to test the design and functioning of the controls that address
the risks of material misstatements.

C3 What are the risk assessment and planning steps that take the auditor from
considering materiality at the financial statement level to designing the substantive
audit procedure intended to identify any material misstatements in the financial
statements and disclosures?

1. Determine what is material at the financial statement level.
2. Identify various accounts and disclosures that are material to the financial statements
along with the management assertions that are relevant for the material accounts and
3. Evaluate what would be a material misstatement for an account or disclosure assertion.
4. Design audit procedures to identify any such material misstatements that have
occurred, whether they result from error or fraud.

C4 What does it mean to use a benchmark to set financial statement materiality?
What benchmarks are used? How might the benchmark differ based on the type of
company being audited?

A benchmark is a standard measurement, sometimes called a “rule of thumb.” Examples
of benchmarks used to set planning materiality are a percentage of: total revenue, gross
profit, or profit before taxes for continuing operations. Issues that may affect the
benchmark used are: whether a company is public or privately owned, for profit or not-
for-profit, highly regulated, with a small profit margin or net income, heavily invested in
fixed assets, etc.

C5 What is meant by the terms tolerable misstatement and tolerable rate of error?
How do they relate to materiality?

Tolerable misstatement is the material threshold for an account balance or class of
Tolerable rate of error is the number or percent of times an ICFR and fail and the auditor
does not expect the problem to cause a material misstatement.

Page 244
D1 Why is assessing the risk of fraud important for the planning stage? What do the
audit standards require regarding fraud risk during planning?

The auditor has to consider “how and where” the financial statements might be misstated
as a result of fraud because the auditor standards state:
“The auditor has a responsibility to plan and perform the audit to obtain reasonable
assurance about whether the financial statements are free of material misstatement,
whether caused by error or fraud.” (AU 110.02)

D2 What is the Fraud Triangle? What are its components? Why is it an effective
way for the auditor to approach fraud?

This is a theoretical concept proposed as an effective way to consider fraud risk in an
audit client, because it requires the auditor to consider the specific characteristics of a
client as they might relate to fraud.

Incentive or pressure: Do people within the client organization have a reason or
motivation to commit fraud?
Opportunities: Do the circumstances within the client organization allow people to
commit fraud?
Attitudes or rationalizations: If a person has committed the fraud being considered is
there some way he or she can personally justify that fraud?

D3 What are client anti-fraud controls, and why are they important to the auditor?

Entity level controls implemented by management to address fraud risk, including
controls over:
1. significant, unusual transactions, particularly those that result in late or unusual journal
2. journal entries and adjustments made in the period-end financial reporting process
3. related party transactions
4. significant management estimates
5. incentives or pressures that could motivate management to falsify or inappropriately
manage financial results.

Anti-fraud controls are important because the auditor is more likely to miss financial
statement misstatements that result from fraud than those that result from error. (Fraud is
more likely to be missed simply because the perpetrator will try to keep it hidden.)

Page 253

E1 What are examples of “recent significant developments?” Why and in what ways
would they affect the audit strategy?

On a recurring audit engagement, these are changes that have occurred since the last
audit. For a new client, they are changes that occurred since the client was accepted.
Recent significant developments are changes within the client and changes in the client’s
external environment.

Recent significant developments are changes in: business activities, ownership, capital
structure and AIS. These cause the auditor to spend more audit effort on valuation and
consolidation, financial statement presentation, understanding-assessing-testing a new
External recent significant developments are changes in industry conditions, industry
regulations, economic changes and accounting and auditing standards. These cause the
auditor to look more at (for example) going concern or increased business activities.

E2 As the auditor’s association with a first-year audit client continues past the client
acceptance process, what sources of information about the client become available
to the auditor? What information may be received from these sources?

Quarterly reviews: ICFR system, changes to the system and to the business organization,
important transactions and customers
Registration statement for offerings: current financial information
Audit of a parent company or sub: transactions with the client
Audit procedures of the ICFR audit: design and effectiveness of ICFR

E3 What would a first-year audit staff member learn from participating in the audit
planning meeting of a client to which he or she has been assigned?

The objectives of the engagement, risks—including the risk of fraud, general audit
approach, assigned responsibilities

E4 Why is the audit planning memo an important part of audit documentation?

It includes a lot of information about the client, the auditor’s risk assessment, the
auditor’s consideration of fraud, the audit strategy. The planning memo adds to the audit
documentation that was started during the client acceptance and continuance process.

Page 258
F1 How is supervision defined in the auditing standards?

Instructing members of the audit team
Reviewing the work of team members
Staying up-to-date on issues that come up as a result of the audit work
Managing differences of opinion among team members that arise as a result of audit

F2 The supervision and review needed might vary based on the characteristics of
the auditing professional and the task to which he or she is assigned. Why? How
does that relationship or trade-off work?

In planning the engagement, the audit firm should match jobs to individuals based on the
difficulty and complexity of the job and experience and expertise of the individual. When
a team member is very experienced for the task to which he or she is assigned, the time
budgeted for performing the task, review, or both may be adjusted accordingly.
If an audit procedure is new to an individual, or complex relative to the person’s
experience and expertise, the audit plan should allow for this and budget more time for
performance of the task, as well as more time for instruction an review.

F3 Why might some audit procedures need to be performed exactly at the end of the
fiscal year?

Depending on the type of company and the records and documents it produces, it might
only be possible or efficient to obtain the required audit evidence at the end of the year.

F4 What are the reasons an auditor might plan to perform some procedures at an
interim date and others during or after the client has closed its books after the fiscal
year end?

Reasons to perform procedures at an interim date: The audit firm may be very busy after
the company’s fye. Performing procedures at an interim date may uncover problems and
permit the auditor to alert management to the issues; planning can be adjusted to direct
more year end audit effort to the problem areas. The client may retain records needed for
audit evidence for a limited period of time.

Reasons to perform procedures at fiscal year end: Some work can only be performed after
fye, such as: ICFR procedures on the closing and financial statement preparation
process; agreeing the financial statements to the accounting records; examining that
adjustments were posted to the client’s general ledger. Some work might be more
efficiently performed after year end, such as confirmation of accounts receivable.

F5 Considering only the core members of the audit team, how might an area being
labeled “high risk” affect the audit plan for staffing the area?

More experienced members of the audit team may be assigned to areas of high risk and
more tests may be planned for the related controls, account balances and disclosures.

F6 Why might specialists be needed on an audit engagement? What areas of
knowledge and skills might be provided by specialists?

A specialist is defined as, “a person (or firm) possessing special skill or knowledge in a
particular field other than accounting or auditing.” A specialist may be required because
that person better understands the risks and the required evidence.

Actuarial, appraisal, engineering, environmental, geology, IT, legal

F7 What client circumstances might cause the need for an IT specialist to be
involved in an audit?

When the accounting information system is pervasive throughout the company and
critical to its operations, new, recently changed, very complex, uses emerging technology
or the company is involved in e-commerce.

F8 If an audit team needs an IT specialist to be involved in the audit, when might
the IT specialist become involved? What tasks might the IT specialist perform at
various stages of the audit?

The IT specialist can be involved as early as planning.
Planning: Inquiry about how transactions are initiated and authorized, how data are
captured, recorded, processed and reported. Inquiry about how IT controls are designed.
Inspecting system documentation. Observing operation of IT controls. Planning tests of
IT controls.

After planning: Performing audit tests on ICFR. Extracting and analyzing data for audit

Page 264
G1 What do the auditing standards mean when they refer to the nature, timing, and
extent of audit tests? How does nature, timing, and extent relate to materiality,
management’s assertions and controls?

Nature generally refers to what type of test is performed and the procedure used. Timing
refers to whether the test is performed at an interim date or at/after fiscal year end. Extent
refers to the number of audit procedures performed and the number of items of evidence
included or examined.

The management assertion that is involved with the financial statement account and any
related controls affects the nature of the test and the timing. One audit procedure might
work for one assertion, while a different procedure is required for another one. (For
example and auditor might confirm accounts receivable to test existence, and recalculate
the aging schedule and examine subsequent cash received to test valuation of accounts
receivable.) The more material an item is, the greater the extent of testing is likely to be.
The control involved, its importance, whether it has been in place the entire year, etc. are
likely to impact timing and extent of testing.

G2 How does the auditor plan for the ICFR audit? For the financial statement
audit? In other words, what linkages are important to develop and document as a
part of drafting the audit plan?

See Exhibit 6-8
For substantive procedures
Account or disclosure>Assertion>Risk of material misstatement>Audit procedure
For ICFR procedures
Account or disclosure>Assertion>Risk of material misstatement>Cause of the
risk>Control>Test of Control

G3 What audit procedures are useful for a financial statement audit but not an
ICFR audit, and why?

Inspection of tangible assets
Analytical procedures
These steps deal with ending balances and are not useful for assessing ICFR operating

G4 What are the wrap up steps of the audit that are included in the audit plan?

Communications to management and the audit committee
Communicating with the client’s attorney
Obtaining a management representations letter

                            Review Questions Solutions
                 Chapter 6, Appendix A, Using the Work of Others

Page 276
H1 What impact does the work of others have on decisions the auditor makes about
work he or she must perform?

It can impact the nature, timing and extent of work the auditor decides must be performed
on the audit.

H2 How does the work of others affect the auditor’s responsibility for the audit

The auditor remains ultimately responsible

H3 Who can perform work that may be of value to the independent auditor?

Internal auditors and others who perform work related to management’s assessment of
the effectiveness of ICFR

Page 278
I1 How do the competence and objectivity of others affect the auditor’s use of their

The more objective and competent the person is, the more the auditor will consider using
the work performed. Additionally, the assessment of objectivity and competence impacts
the amount of testing that must be performed on others’ work before the auditor can feel
comfortable using it.

I2 What are indicators of the competence of others performing work that is used by
the auditor?

Education level
Professional experience
Professional certification
Continuing education
Policies, programs, and procedures
Assignment of individuals to work areas
Supervision and review
Quality of documentation of the work
Quality of reports and recommendations
Evaluations of performance

I3 What are indicators of the objectivity of others performing work that is used by
the auditor?

Organizational position: Does the perform report to an officer of sufficient status within
the company to ensure broad coverage in the procedures performed and appropriate
consideration of the findings and recommendations?
BOD or audit committee oversight of internal auditor hiring process
Personal loyalties

I4 How can management’s control over a low-ranking person affect the value of that
person’s work to the auditor?

Management might be able to direct the work away from areas that it wishes to keep
hidden or suppress findings.

Page 280
J1 In what way can work on the control environment performed by others affect the
auditor’s work?

It can assist the auditor in obtaining an understanding of the accounting system

J2 Does materiality and risk of misstatement have a positive or an inverse
relationship with the amount of work the auditor performs personally?

Positive relationship. As an account is more material, risk is greater, and importance of a
control to preventing a risk of misstatement is greater, the auditor performs more work

J3 What do the subjectivity and judgment involved in a procedure have to do with
the auditor’s use of the work of others?

The more subjective the process and the more judgment required in performing the
procedure or interpreting the result, the less the auditor relies on the work of others.

Page 281
K1 What does the auditor consider in evaluating the work of others? What tests
might the auditor perform?

The auditor evaluates the quality of the work; work that will have a greater impact on the
auditor’s decisions requires a more careful assessment of the quality of the work.

Examine some of the controls, transactions or balances that others examined
Examining similar controls, transactions, or balances not actually examined by others
Compare the results of work performed personally with the results of the work of others

K2 What does the auditor have to do if others provide direct assistance on the

Assess competence and objectivity
Supervise, review, evaluate and test the work performed
Inform others about:
       Objectives of the procedures
       Matters that affect nature, timing and extent of procedures
       That all significant accounting and auditing issues identified should be reported to
       the auditor


To top