Audit Planning and Compliance Quiz

Questions and Answers

What is the main purpose of pre-planning an audit engagement?

• To decide whether to accept the engagement (correct)
• To finalize financial statements
• To reduce the auditor's workload
• To conduct a post-audit analysis

Why is obtaining background information about a company important in audit planning?

• To assess business and control risks (correct)
• To set the audit fees
• To understand the legal implications of the audit
• To choose the audit team members

Which of the following is NOT a step in planning an audit?

• Set materiality level
• Conduct the audit (correct)
• Develop the overall audit plan
• Understand internal control

What does the process of industry analysis aim to understand?

General risks and norms within the industry (A)

What is a key cybersecurity concern for e-commerce platforms like E-Mart Solutions Inc.?

Data breach risks (D)

Which of the following factors should be considered when setting the materiality level in an audit?

Acceptable risks (D)

In assessing control risks, what is a crucial aspect the auditor should evaluate?

The IT systems and security measures (A)

What can be a result of non-compliance with data privacy regulations for an e-commerce company?

Hefty fines (B)

What was the main purpose of Olympus Corporation's use of shell companies?

To hide ownership of assets and losses (D)

What was the primary method Olympus used to avoid showing losses in the 1990s?

Tobashi (B)

What is the purpose of performing a repeat self-examination as a continuing auditor?

To ensure independence and professional competence. (A)

Which of the following threats to auditor independence involves an auditor auditing their own work?

Self-Review Threat (B)

Which of the following actions raised suspicions during Michael Woodford's tenure as CEO?

Buying companies at inflated prices (D)

What role did Michael Woodford play in addressing the issues at Olympus Corporation?

He became CEO and initiated an investigation into suspicious transactions. (D)

What can publicly available information, such as press releases and regulatory filings, provide to auditors?

Insights into the client’s business. (A)

Which threat arises when an auditor supports the client's interests, risking their objectivity?

Advocacy Threat (A)

What type of fees did Olympus pay that contributed to the suspicions of financial misconduct?

Advisory fees to unknown companies (A)

Why is preplanning important before conducting an audit?

It helps identify potential challenges and risks. (B)

What year did Michael Woodford become CEO of Olympus Corporation?

2011 (C)

Which cycle is associated with financial transactions such as those Olympus was involved in prior to the scandal?

R2R Cycle (B)

What is a possible result of the intimidation threat to an auditor?

Pressure to modify the audit findings. (D)

Which measure should be in place to monitor the security of third-party service providers?

Perform external audits of the providers. (A)

What action did Olympus Corporation take to manage financial transactions and asset ownership?

Utilized shell companies (C)

What type of threat is created when an auditor has a financial interest in the client they are auditing?

Self-Interest Threat (B)

What is the main purpose of rotating key audit personnel?

To mitigate familiarity threats (D)

Which of the following actions creates a self-interest threat for an auditor?

Advocating for a client in a tax dispute with a regulatory body (D)

What type of threat does an auditor face when pressured by client management to sign off on financial statements?

Intimidation threat (A)

During which phase do auditors gather information about a company's legal obligations?

Preplanning phase (D)

Which document should auditors review to understand a company's structure and legal responsibilities?

Articles of Incorporation (D)

What financial metric can be chosen to assess materiality for profit-oriented entities?

Profit before tax (C)

What level of materiality should auditors set when assessing significant financial information?

It should influence economic decisions (D)

Which of the following is NOT an obligation that auditors typically look for in contracts and agreements?

Marketing strategies (A)

What is the primary purpose of assessing control risks during audit planning?

To evaluate the effectiveness of internal controls and determine audit procedures (B)

What is the main purpose of applying a percentage to a chosen benchmark in materiality determination?

To establish preliminary materiality levels (B)

Which component of internal control emphasizes the organization’s commitment to ethics and competence?

Control Environment (B)

What is the role of the audit program in the auditing process?

To translate the audit plan into detailed and actionable audit steps (B)

When determining materiality, which factors should be considered?

Both quantitative and qualitative factors (B)

When is control risk assessed as high?

When internal controls are ineffective at preventing or detecting misstatements (B)

Which statement about materiality is NOT true?

Materiality is determined only at the planning stage. (D)

Which type of risk is defined as the risk of material misstatement due to the nature of the business?

Inherent Risk (B)

What should happen to detection risk if inherent and control risks are both evaluated as high?

Detection risk should also be high to balance the audit risk equation (C)

Which situation exemplifies Control Risk?

The same employee handles multiple accounting functions without oversight. (D)

What might lead to an increased Detection Risk for an auditor?

Using a small sample size for testing (C)

Which aspect does NOT directly contribute to Audit Risk?

Professional judgment (C)

In the context of assessing legal obligations, which of the following actions is most helpful for an auditor?

Examining the minutes of board meetings (D)

Flashcards

Tobashi

A method used by Olympus to conceal losses from risky investments by transferring them to other companies and using complex financial maneuvers.

Shell Companies

Companies that are established with legal paperwork but do not conduct real business activities. They are often used to hold assets, manage finances, or hide ownership.

Suspicious Deals

Unusual financial transactions made by Olympus, like buying companies at greatly inflated prices or paying hefty advisory fees to unknown companies.

Michael Woodford

The British executive who became CEO of Olympus in 2011 and initiated an investigation into the company's questionable financial transactions.

Olympus Accounting Scandal

A scandal involving Olympus Corp., where the company used deceptive practices to hide investment losses and inflate its financial performance.

Hidden Losses (1990s)

The period when Olympus began making risky investments that resulted in significant financial losses.

The Trick (Hiding Losses)

The process of creating or using shell companies to cover up financial misconducts. This practice is a form of fraud.

Michael Woodford Investigates (2011)

The actions taken by Michael Woodford to investigate and expose Olympus's accounting irregularities, ultimately leading to a major corporate scandal.

Continuing Auditor

A professional who has been appointed to audit a company for several consecutive periods.

Self-Interest Threat

The threat that arises when an auditor has a personal or financial interest in the client, which might compromise their objectivity.

Self-Review Threat

The threat that occurs when the auditor is auditing their own work or judgments, potentially leading to biased evaluation.

Familiarity Threat

The threat that arises when the auditor becomes overly familiar with the client's management or systems, affecting their objectivity.

Intimidation Threat

The threat that arises when the auditor feels pressured by the client or worries about negative consequences, which hinders independent judgment.

Advocacy Threat

The threat that occurs when the auditor takes on a role advocating for the client's interests, potentially compromising their objectivity.

Analyzing Public Information

The process of examining publicly available resources like news articles, regulatory filings, and press releases to gain insights into a client's business operations.

Reviewing Prior Audit Reports

Evaluating previous audit reports or financial statements to uncover any past issues or recurring trends within a client's operations.

Sufficient and Appropriate Evidential Matter

Gathering adequate and suitable evidence to support audit conclusions. This ensures the auditor has enough information to form a reasonable opinion on the financial statements.

Minimizing Audit Costs

The process of minimizing costs associated with the audit. It involves selecting efficient audit procedures and managing time effectively.

Clear Understanding Between Company and Auditor

Establishing understanding between the company and the auditor. This ensures both parties are in agreement on the scope and objectives of the audit.

Obtain Background Information

Obtaining background information about the client and its industry. This helps the auditor understand the business environment and potential risks.

Company Legal Obligations

Understanding the client's legal obligations relevant to the audit. This ensures the auditor is aware of any applicable laws and regulations.

Set Materiality Level and Acceptable Risks

Setting the level of materiality and acceptable audit risk. Materiality defines how significant a misstatement must be to affect the financial statements. Acceptable risk is how much uncertainty the auditor is willing to accept in their conclusions.

Understand Internal Control and Assess Control Risks

Understanding the client's internal control system and assessing the risks associated with it. This involves evaluating how the client controls their financial information and transactions.

Develop Overall Audit Plan and Audit Program

Developing the overall audit plan and creating a detailed audit program. The audit plan outlines the scope and objectives of the audit, while the audit program details the specific procedures to be performed.

Control Environment

The organization's culture, ethical values, and commitment to competence. It sets the tone for how control activities are implemented and enforced.

Risk Assessment

The process of identifying and assessing risks that could impact the accuracy and reliability of financial reporting.

Control Activities

Specific actions, policies, and procedures designed to prevent, detect, or correct errors and fraud. They are the practical implementation of controls.

Information and Communication

Systems that ensure reliable and timely communication of financial data throughout the organization.

Monitoring Activities

Processes that monitor the effectiveness of internal controls over time.

Audit Risk

The risk that an auditor might issue an incorrect opinion on financial statements that contain material misstatements.

Inherent Risk

The likelihood of financial statement errors occurring due to inherent factors like a complex business or intricate transactions.

Control Risk

The possibility that a company's internal controls fail to prevent or detect material misstatements in the financial records.

Detection Risk

The risk that the auditor's procedures won't uncover existing material misstatements in the financial statements.

Materiality

A threshold used to determine the significance of potential errors in financial statements. If an error exceeds this threshold, it is considered material.

Percentage Approach to Materiality

Using a percentage applied to a relevant benchmark (like profit or revenue) to establish a preliminary materiality level.

Adjusting Materiality

Adjusting the initial materiality level based on qualitative factors like the company's nature, industry, or financial environment.

Documenting Materiality

Documenting the materiality thresholds used to justify the auditor's decisions and procedures.

Rotating Key Audit Personnel

Regularly changing audit personnel helps prevent auditors becoming too familiar with the client and overlooking potential issues. This helps mitigate the risk of auditors getting too 'comfortable' and missing red flags.

Understanding Legal Obligations

A company's legal obligations are important because they determine the company's legal responsibilities.

Preplanning Phase

The preplanning phase involves gathering information about the client before starting the audit.

Choosing a Materiality Metric

Choosing the right financial metric to assess materiality depends on the company and its stakeholders' needs.

Why Legal Obligations Matter?

Understanding the information about a company's legal obligations helps auditors assess potential risks and liabilities.

Study Notes

Course Information

• Course name: ACC 179
• Course topic: Updates in Management Accounting 1 - Auditing
• Instructor: Eriele June G. Rivera, CPA, CTT, MBA

Overview of Auditing

• Auditing and Auditors
• Planning the Audit
• Order to Cash (O2C) Cycle
• Procure to Pay (P2P) Cycle
• Record to Report (R2R) Cycle
• Hire to Retire (H2R) Cycle
• Internal Control
• Audit Evidence and Documentation
• Audit Objectives and Audit Procedures
• Operations Auditing

School Calendar

• December 23: Start of school break
• January 6: Resumption of classes
• January 6-11: P1 Examination
• February 10-15: P2 Examination
• February 28: PHINMA AU Foundation Day
• March 10-15: P3 Examination (Graduating)
• March 24-29: P3 Examination (Non-Graduating)
• March 29: End of Semester

Supplies

• Binder filler
• Pencil and black ballpen
• Red ballpen for checking
• Passion for the subject

Olympus Accounting Scandal

• Olympus Corporation: Japanese manufacturer of optics and reprography products
• Founded in 1919, initially specializing in microscopes and thermometers
• Headquartered in Hachioji, Tokyo
• Started losing money in the 1990s
• Used "tobashi" (a method of hiding bad investments) to avoid reporting losses

The Hidden Losses

• Olympus started losing money on risky investments in the 1990s.
• To conceal these losses, they used a method called "tobashi."
• This involved hiding bad investments by moving them to other companies.
• They covered up the losses using complicated financial tricks.

The Trick (Hiding Losses)

• Instead of reporting losses, the company created or used separate companies called "shell companies."
• A shell company is registered but doesn't engage in normal business activities.
• Its primary function is to hold assets, manage transactions, or hide ownership of other companies.

The Suspicious Deals (2008-2010)

• Olympus made questionable financial moves, such as:
• Buying companies at inflated prices.
• Paying exorbitant "advisory fees" to unknown companies.

Michael Woodford Investigates (2011)

• Michael Woodford, a British executive, became CEO of Olympus in April 2011.
• Woodford noticed unusual transactions and questioned senior executives.
• He demanded answers and requested an investigation into these suspicious payments.

The Whistleblower is Fired (October 2011)

• Instead of investigating the concerns, Olympus fired Woodford.
• The company claimed the dismissal was due to misconduct
• However, Woodford subsequently exposed the scandal to the media and authorities.
• This revelation brought global attention to Olympus.

Scandal Confirmed (November 2011)

• Olympus admitted to concealing over $1.7 billion in investment losses.
• Investigations revealed the fraud had been going on for decades.
• Key executives were arrested and charged with fraud.
• Olympus was fined ¥700 million (approximately $7 million), and its stock value fell drastically.

What is an Auditor?

• An auditor is an independent professional who examines and validates the accuracy of a company's financial records and reports.

Auditor Responsibilities

• Auditors ensure financial statements are accurate and comply with applicable laws and regulations.
• They provide assurance that financial statements are free from misstatements and fraud.

Audit Activity

• Dividing the class into six groups
• Assigning each group to an area for observing business transactions
• Example areas include: Library, Canteen, Foodie Hub, Food Strip, Acad Food Stalls, HH Food Stalls
• Observing business transactions and flow
• Making reports on observations
• Creating reports on business processes, risks, positive practices, recommendations for improvement (on yellow paper)
• Assigning two representatives to present observations

Planning the Audit

• Why plan? To gather sufficient appropriate evidence, minimize audit costs, and foster clear understanding between the company and auditor.
• Steps in planning:
  • Pre-plan: Obtain details about the company and its industry.
  • Gathering info about company’s legal obligations.
  • Setting acceptable materiality level and risks.
  • Understanding internal control and assessing control risks.
  • Developing the overall audit plan and writing the audit program.

Preplanning

• The auditor decides if they will accept the engagement.

Knowledge of the Prospective Client

• Industry Analysis: Analyze the industry the client operates in, identifying general risks, trends, regulations, and economic conditions.
• Prior Audit Reports: Review prior audits and financial reports for historical issues and trends.
• Public Information: Gather publicly available data such as press releases, regulatory filings, and news about the company.

Industry Analysis- Example

E-Mart Solutions Inc: A global e-commerce platform with high daily transactions of customer data, depending on third-party services for processing operations;

• Key Cybersecurity Concerns: Data breach risks, business disruption, compliance risks, fraudulent transactions
• Understanding the IT Environment: Evaluating the company's IT systems, payment processing software, security infrastructure, and data protection measures, and assessing the reliance on third-party vendors (cloud vendors, payment gateways)
• Enquiries with Management & Key Personnel: Ask about cyberattack measures, past incidents of breaches and handling, and how the company monitors third-party service providers.

Knowledge of the Prospective Client: Examples

• Prior audit reports: Analyze previous audit reports and financial statements.
• Public information: Analyze publicly available data such as press releases, regulatory filings and news articles related to the company.

What if you are a Continuing Auditor

• A continuing auditor is one who has been reappointed to conduct an audit of an entity for successive periods.
• Should perform a repeat self-examination to maintain their independence, objectivity, and professional competence.
• Self-review is important for maintaining integrity.

Five Threats to Auditor Independence

• Self-interest threat: Auditor has a financial or personal interest in the audit client.
• Self-review threat: Auditor audits their own work.
• Familiarity threat: Auditor becomes overly familiar with the client.
• Intimidation threat: Auditor feels pressured or fears repercussions from the client.
• Advocacy threat: Auditor acts in support of the client's interests.

Checkpoint 1: True or False

• Q1-Q5: Statements about audit planning, publicly available information, and gathering knowledge of the prospective client are discussed in detail in this section.

Checkpoint 2: True or False

• Q1-Q5: Statements about audit planning, legal obligations, determining materiality, and documentation are discussed.

Audit Risk

• Audit risk (AR): The risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated.
• Inherent Risk (IR): Risk of misstatement due to the nature of the business or the transactions, without considering controls.
• Control Risk (CR): Risk that a material misstatement won't be prevented or detected by the entity's internal controls.
• Detection Risk (DR): Risk that the auditor’s procedures won't detect a material misstatement.

Inherent Risk Example

• Complex revenue streams from distinct countries, different currencies, and varying regulations
• Online platforms and their vulnerabilities to fraudulent activities, chargebacks, and unauthorized access.
• Improper cutoff or timing issues with revenue recognition in subscription services or prepayment situations.

Control Risk Example

• Similar employee handling customer payments, recording transactions, and reconciling bank accounts.
• A company with an ERP system but lacking role-based access limitations.
• A company with inventory records that are not regularly reconciled with physical counts.

Detection Risk Example

• Auditors testing only a small sample from a large population of invoices.
• Auditors relying solely on client-provided data without performing physical counts, and valuation practices.

Relationships between the components of audit risk

• Audit Risk (AR) = Inherent Risk (IR) × Control Risk (CR) × Detection Risk (DR)

Develop the Audit Strategy

• Acceptable audit risk influences:
• Extent of testing(increase sampling, more substantive tests for higher risks)
• Nature of procedures(Focused on high-risk areas)
• Timing of work (Interim vs year-end testing)

Checkpoint 3: True or false

• Statements about inherent and detection risks based on different client examples are discussed.

Checkpoint 4: True or False

• Statements about audit risk responsibility, control risk assessment, defining audit programs are investigated.

Understanding Internal Control

• Control Environment: Organization's tone at the top (ethics and competence) and commitment.
• Risk Assessment: Process used to identify and manage risks.
• Control Activities: Policies and procedures to prevent, detect, or correct errors and fraud
• Information and Communication: Ensures accurate and timely financial information sharing.
• Monitoring Activities: Processes to ensure controls are effectively working over time.

Write the Audit Program

• Translates the audit plan into detailed, actionable steps for auditors.
• Serves as a guide for ensuring all areas are effectively addressed during audit.

Description

Test your knowledge on the essential aspects of audit planning, including the importance of obtaining background information and assessing control risks. This quiz also examines cybersecurity concerns and compliance in the context of e-commerce. Evaluate your understanding of key concepts in the auditing process.