Audit Planning and Compliance Quiz

Questions and Answers

What is the main purpose of pre-planning an audit engagement?

To decide whether to accept the engagement (correct)

To finalize financial statements

To reduce the auditor's workload

To conduct a post-audit analysis

Why is obtaining background information about a company important in audit planning?

To assess business and control risks (correct)

To set the audit fees

To understand the legal implications of the audit

To choose the audit team members

Which of the following is NOT a step in planning an audit?

Set materiality level

Conduct the audit (correct)

Develop the overall audit plan

Understand internal control

What does the process of industry analysis aim to understand?

General risks and norms within the industry

What is a key cybersecurity concern for e-commerce platforms like E-Mart Solutions Inc.?

Data breach risks

Which of the following factors should be considered when setting the materiality level in an audit?

Acceptable risks

In assessing control risks, what is a crucial aspect the auditor should evaluate?

The IT systems and security measures

What can be a result of non-compliance with data privacy regulations for an e-commerce company?

Hefty fines

What was the main purpose of Olympus Corporation's use of shell companies?

To hide ownership of assets and losses

What was the primary method Olympus used to avoid showing losses in the 1990s?

Tobashi

What is the purpose of performing a repeat self-examination as a continuing auditor?

To ensure independence and professional competence.

Which of the following threats to auditor independence involves an auditor auditing their own work?

Self-Review Threat

Which of the following actions raised suspicions during Michael Woodford's tenure as CEO?

Buying companies at inflated prices

What role did Michael Woodford play in addressing the issues at Olympus Corporation?

He became CEO and initiated an investigation into suspicious transactions.

What can publicly available information, such as press releases and regulatory filings, provide to auditors?

Insights into the client’s business.

Which threat arises when an auditor supports the client's interests, risking their objectivity?

Advocacy Threat

What type of fees did Olympus pay that contributed to the suspicions of financial misconduct?

Advisory fees to unknown companies

Why is preplanning important before conducting an audit?

It helps identify potential challenges and risks.

What year did Michael Woodford become CEO of Olympus Corporation?

2011

Which cycle is associated with financial transactions such as those Olympus was involved in prior to the scandal?

R2R Cycle

What is a possible result of the intimidation threat to an auditor?

Pressure to modify the audit findings.

Which measure should be in place to monitor the security of third-party service providers?

Perform external audits of the providers.

What action did Olympus Corporation take to manage financial transactions and asset ownership?

Utilized shell companies

What type of threat is created when an auditor has a financial interest in the client they are auditing?

Self-Interest Threat

What is the main purpose of rotating key audit personnel?

To mitigate familiarity threats

Which of the following actions creates a self-interest threat for an auditor?

Advocating for a client in a tax dispute with a regulatory body

What type of threat does an auditor face when pressured by client management to sign off on financial statements?

Intimidation threat

During which phase do auditors gather information about a company's legal obligations?

Preplanning phase

Which document should auditors review to understand a company's structure and legal responsibilities?

Articles of Incorporation

What financial metric can be chosen to assess materiality for profit-oriented entities?

Profit before tax

What level of materiality should auditors set when assessing significant financial information?

It should influence economic decisions

Which of the following is NOT an obligation that auditors typically look for in contracts and agreements?

Marketing strategies

What is the primary purpose of assessing control risks during audit planning?

To evaluate the effectiveness of internal controls and determine audit procedures

What is the main purpose of applying a percentage to a chosen benchmark in materiality determination?

To establish preliminary materiality levels

Which component of internal control emphasizes the organization’s commitment to ethics and competence?

Control Environment

What is the role of the audit program in the auditing process?

To translate the audit plan into detailed and actionable audit steps

When determining materiality, which factors should be considered?

Both quantitative and qualitative factors

When is control risk assessed as high?

When internal controls are ineffective at preventing or detecting misstatements

Which statement about materiality is NOT true?

Materiality is determined only at the planning stage.

Which type of risk is defined as the risk of material misstatement due to the nature of the business?

Inherent Risk

What should happen to detection risk if inherent and control risks are both evaluated as high?

Detection risk should also be high to balance the audit risk equation

Which situation exemplifies Control Risk?

The same employee handles multiple accounting functions without oversight.

What might lead to an increased Detection Risk for an auditor?

Using a small sample size for testing

Which aspect does NOT directly contribute to Audit Risk?

Professional judgment

In the context of assessing legal obligations, which of the following actions is most helpful for an auditor?

Examining the minutes of board meetings

Study Notes

Course Information

• Course name: ACC 179
• Course topic: Updates in Management Accounting 1 - Auditing
• Instructor: Eriele June G. Rivera, CPA, CTT, MBA

Overview of Auditing

• Auditing and Auditors
• Planning the Audit
• Order to Cash (O2C) Cycle
• Procure to Pay (P2P) Cycle
• Record to Report (R2R) Cycle
• Hire to Retire (H2R) Cycle
• Internal Control
• Audit Evidence and Documentation
• Audit Objectives and Audit Procedures
• Operations Auditing

School Calendar

• December 23: Start of school break
• January 6: Resumption of classes
• January 6-11: P1 Examination
• February 10-15: P2 Examination
• February 28: PHINMA AU Foundation Day
• March 10-15: P3 Examination (Graduating)
• March 24-29: P3 Examination (Non-Graduating)
• March 29: End of Semester

Supplies

• Binder filler
• Pencil and black ballpen
• Red ballpen for checking
• Passion for the subject

Olympus Accounting Scandal

• Olympus Corporation: Japanese manufacturer of optics and reprography products
• Founded in 1919, initially specializing in microscopes and thermometers
• Headquartered in Hachioji, Tokyo
• Started losing money in the 1990s
• Used "tobashi" (a method of hiding bad investments) to avoid reporting losses

The Hidden Losses

• Olympus started losing money on risky investments in the 1990s.
• To conceal these losses, they used a method called "tobashi."
• This involved hiding bad investments by moving them to other companies.
• They covered up the losses using complicated financial tricks.

The Trick (Hiding Losses)

• Instead of reporting losses, the company created or used separate companies called "shell companies."
• A shell company is registered but doesn't engage in normal business activities.
• Its primary function is to hold assets, manage transactions, or hide ownership of other companies.

The Suspicious Deals (2008-2010)

• Olympus made questionable financial moves, such as:
• Buying companies at inflated prices.
• Paying exorbitant "advisory fees" to unknown companies.

Michael Woodford Investigates (2011)

• Michael Woodford, a British executive, became CEO of Olympus in April 2011.
• Woodford noticed unusual transactions and questioned senior executives.
• He demanded answers and requested an investigation into these suspicious payments.

The Whistleblower is Fired (October 2011)

• Instead of investigating the concerns, Olympus fired Woodford.
• The company claimed the dismissal was due to misconduct
• However, Woodford subsequently exposed the scandal to the media and authorities.
• This revelation brought global attention to Olympus.

Scandal Confirmed (November 2011)

• Olympus admitted to concealing over $1.7 billion in investment losses.
• Investigations revealed the fraud had been going on for decades.
• Key executives were arrested and charged with fraud.
• Olympus was fined ¥700 million (approximately $7 million), and its stock value fell drastically.

What is an Auditor?

• An auditor is an independent professional who examines and validates the accuracy of a company's financial records and reports.

Auditor Responsibilities

• Auditors ensure financial statements are accurate and comply with applicable laws and regulations.
• They provide assurance that financial statements are free from misstatements and fraud.

Audit Activity

• Dividing the class into six groups
• Assigning each group to an area for observing business transactions
• Example areas include: Library, Canteen, Foodie Hub, Food Strip, Acad Food Stalls, HH Food Stalls
• Observing business transactions and flow
• Making reports on observations
• Creating reports on business processes, risks, positive practices, recommendations for improvement (on yellow paper)
• Assigning two representatives to present observations

Planning the Audit

• Why plan? To gather sufficient appropriate evidence, minimize audit costs, and foster clear understanding between the company and auditor.
• Steps in planning:
  • Pre-plan: Obtain details about the company and its industry.
  • Gathering info about company’s legal obligations.
  • Setting acceptable materiality level and risks.
  • Understanding internal control and assessing control risks.
  • Developing the overall audit plan and writing the audit program.

Preplanning

• The auditor decides if they will accept the engagement.

Knowledge of the Prospective Client

• Industry Analysis: Analyze the industry the client operates in, identifying general risks, trends, regulations, and economic conditions.
• Prior Audit Reports: Review prior audits and financial reports for historical issues and trends.
• Public Information: Gather publicly available data such as press releases, regulatory filings, and news about the company.

Industry Analysis- Example

E-Mart Solutions Inc: A global e-commerce platform with high daily transactions of customer data, depending on third-party services for processing operations;

• Key Cybersecurity Concerns: Data breach risks, business disruption, compliance risks, fraudulent transactions
• Understanding the IT Environment: Evaluating the company's IT systems, payment processing software, security infrastructure, and data protection measures, and assessing the reliance on third-party vendors (cloud vendors, payment gateways)
• Enquiries with Management & Key Personnel: Ask about cyberattack measures, past incidents of breaches and handling, and how the company monitors third-party service providers.

Knowledge of the Prospective Client: Examples

• Prior audit reports: Analyze previous audit reports and financial statements.
• Public information: Analyze publicly available data such as press releases, regulatory filings and news articles related to the company.

What if you are a Continuing Auditor

• A continuing auditor is one who has been reappointed to conduct an audit of an entity for successive periods.
• Should perform a repeat self-examination to maintain their independence, objectivity, and professional competence.
• Self-review is important for maintaining integrity.

Five Threats to Auditor Independence

• Self-interest threat: Auditor has a financial or personal interest in the audit client.
• Self-review threat: Auditor audits their own work.
• Familiarity threat: Auditor becomes overly familiar with the client.
• Intimidation threat: Auditor feels pressured or fears repercussions from the client.
• Advocacy threat: Auditor acts in support of the client's interests.

Checkpoint 1: True or False

• Q1-Q5: Statements about audit planning, publicly available information, and gathering knowledge of the prospective client are discussed in detail in this section.

Checkpoint 2: True or False

• Q1-Q5: Statements about audit planning, legal obligations, determining materiality, and documentation are discussed.

Audit Risk

• Audit risk (AR): The risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated.
• Inherent Risk (IR): Risk of misstatement due to the nature of the business or the transactions, without considering controls.
• Control Risk (CR): Risk that a material misstatement won't be prevented or detected by the entity's internal controls.
• Detection Risk (DR): Risk that the auditor’s procedures won't detect a material misstatement.

Inherent Risk Example

• Complex revenue streams from distinct countries, different currencies, and varying regulations
• Online platforms and their vulnerabilities to fraudulent activities, chargebacks, and unauthorized access.
• Improper cutoff or timing issues with revenue recognition in subscription services or prepayment situations.

Control Risk Example

• Similar employee handling customer payments, recording transactions, and reconciling bank accounts.
• A company with an ERP system but lacking role-based access limitations.
• A company with inventory records that are not regularly reconciled with physical counts.

Detection Risk Example

• Auditors testing only a small sample from a large population of invoices.
• Auditors relying solely on client-provided data without performing physical counts, and valuation practices.

Relationships between the components of audit risk

• Audit Risk (AR) = Inherent Risk (IR) × Control Risk (CR) × Detection Risk (DR)

Develop the Audit Strategy

• Acceptable audit risk influences:
• Extent of testing(increase sampling, more substantive tests for higher risks)
• Nature of procedures(Focused on high-risk areas)
• Timing of work (Interim vs year-end testing)

Checkpoint 3: True or false

• Statements about inherent and detection risks based on different client examples are discussed.

Checkpoint 4: True or False

• Statements about audit risk responsibility, control risk assessment, defining audit programs are investigated.

Understanding Internal Control

• Control Environment: Organization's tone at the top (ethics and competence) and commitment.
• Risk Assessment: Process used to identify and manage risks.
• Control Activities: Policies and procedures to prevent, detect, or correct errors and fraud
• Information and Communication: Ensures accurate and timely financial information sharing.
• Monitoring Activities: Processes to ensure controls are effectively working over time.

Write the Audit Program

• Translates the audit plan into detailed, actionable steps for auditors.
• Serves as a guide for ensuring all areas are effectively addressed during audit.

Description

Test your knowledge on the essential aspects of audit planning, including the importance of obtaining background information and assessing control risks. This quiz also examines cybersecurity concerns and compliance in the context of e-commerce. Evaluate your understanding of key concepts in the auditing process.