Auditing and Professional Judgment

Questions and Answers

What do policies primarily aim to effect within an entity?

Control over the entity's operations (correct)

Control over the IT environment

Control over financial reporting

Implementation of procedures

What is the primary purpose of procedures in an entity?

To process information in IT applications

To develop general IT controls

To identify inherent risk factors

To implement policies (correct)

What type of controls support the continued proper operation of the IT environment?

Inherent risk controls

Procedural controls

Information processing controls

General IT controls (correct)

What do information processing controls directly address?

Risks to the integrity of information

What is an example of a qualitative inherent risk factor?

Subjectivity

What affects inherent risk due to fraud or error?

Complexity and subjectivity

What is an inherent risk factor related to?

An assertion about a class of transactions

What type of inherent risk factor is 'susceptibility to misstatement due to management bias'?

Qualitative

What is one aspect of the information gathering process for an auditor?

Understanding the entity's communication of significant matters

What is the primary purpose of performing risk assessment procedures?

To identify controls that address risks of material misstatement

What is an example of a control activity?

Authorizing transactions

What is the focus of an auditor's understanding of the entity's communication?

Communication among all parties, including internal and external

What is the purpose of identifying controls that address risks of material misstatement?

To obtain an understanding of the control activities component

What is an example of a component of internal control?

Information system

What is the focus of an auditor's understanding of the entity's resources?

IT environment and other resources relevant to the financial reporting process

What is the purpose of evaluating the design of controls?

To evaluate the effectiveness of internal controls

What is the term used to describe the varying degree of inherent risk for different assertions and related classes of transactions, account balances, and disclosures?

Spectrum of inherent risk

What is the focus of ISA 240 in relation to risk assessment procedures and related activities?

Error and fraud

What is the nature of the auditor's risk identification and assessment process?

Iterative and dynamic

What is the source of the auditor's initial expectations of risks in the risk identification and assessment process?

The auditor's understanding of the entity and its environment

What is the relationship between the auditor's understanding of the entity and its environment, the applicable financial reporting framework, and the entity's system of internal control?

They are interdependent with concepts within the requirements to identify and assess the risks of material misstatement

What is the purpose of the auditor's risk assessment process?

To identify and assess the risks of material misstatement

What is the focus of the requirements in ISA 200?

Overall objectives of the independent auditor and the conduct of an audit

What is the outcome of the auditor's risk assessment process?

Identification and assessment of the risks of material misstatement

What is the primary requirement of ISA 200 in planning and performing an audit?

Exercising professional judgment and skepticism

Which type of risk relates to the financial statements as a whole and potentially affects many assertions?

Risks at the financial statement level

What is the primary purpose of assessing risks of material misstatement at the assertion level?

To determine the nature, timing, and extent of further audit procedures

What is inherent risk described as?

The susceptibility of an assertion to a misstatement

What is control risk described as?

The risk that a misstatement will not be prevented or detected

What is the requirement of ISA 200 for assessing risks of material misstatement at the assertion level?

A separate assessment of inherent risk and control risk is required

What is the primary objective of assessing risks of material misstatement?

To obtain sufficient appropriate audit evidence

What is the relationship between risks of material misstatement and audit procedures?

Audit procedures are determined by the risks of material misstatement

When making inquiries of those who may have information that is likely to assist in identifying risks of material misstatement, auditors of public sector entities may obtain information from which of the following additional sources?

Auditors involved in performance or other audits related to the entity

What is the purpose of making inquiries of the internal audit function, if the function exists?

To assist the auditor in understanding the entity and its environment, and the entity's system of internal control

What is a specific consideration for auditors of public sector entities when making inquiries of the internal audit function?

Identifying the risk of material non-compliance with applicable laws and regulations

Why are analytical procedures performed as a risk assessment procedure?

To help identify inconsistencies, unusual transactions or events, and amounts, ratios, and trends that indicate matters that may have audit implications

What is a specific responsibility of auditors of public sector entities when making inquiries of the internal audit function?

Identifying the risk of material non-compliance with applicable laws and regulations

What is the primary purpose of making inquiries of the internal audit function?

To understand the entity's internal control and its environment

When making inquiries of the internal audit function, what is the auditor trying to identify?

Risk of material non-compliance with applicable laws and regulations

What is the ultimate goal of performing analytical procedures as a risk assessment procedure?

To identify matters that may have audit implications

Study Notes

ISA 200 and Audit Planning

• ISA 200 requires auditors to exercise professional judgment in planning and performing an audit with professional skepticism.
• The auditor plans and performs an audit to identify circumstances that may cause the financial statements to be materially misstated.

Risks of Material Misstatement

• Risks at the financial statement level relate to the financial statements as a whole and potentially affect many assertions.
• Risks of material misstatement at the assertion level consist of two components: inherent risk and control risk.
• Inherent risk is the susceptibility of an assertion to a misstatement that could be material, either individually or when aggregated with other misstatements.
• Control risk is the risk that a misstatement will not be prevented, or detected and corrected, on a timely basis by the entity's system of internal control.

Assessing Risks of Material Misstatement

• Risks of material misstatement are assessed at the assertion level to determine the nature, timing, and extent of further audit procedures.
• A separate assessment of inherent risk and control risk is required for each identified risk.
• Inherent risk varies, and the degree to which it varies is referred to as the 'spectrum of inherent risk'.

Risks of Material Misstatement Due to Fraud

• Risks of material misstatement include both those due to error and those due to fraud.
• Further requirements and guidance are included in ISA 240 for risk assessment procedures and related activities to identify, assess, and respond to risks of material misstatement due to fraud.

Risk Identification and Assessment Process

• The auditor's risk identification and assessment process is iterative and dynamic.
• The process involves understanding the entity and its environment, the applicable financial reporting framework, and the entity's system of internal control.

Understanding the Entity and Its Environment

• The auditor obtains an understanding of the entity and its environment, including the identification of policies, procedures, and general information technology (IT) controls.
• The auditor also understands how the entity communicates significant matters that support the preparation of financial statements.

Control Activities

• The auditor obtains an understanding of the control activities component by identifying controls that address risks of material misstatement at the assertion level.
• The auditor evaluates whether the control is properly designed and operating effectively.

Considerations Specific to Public Sector Entities

• Auditors of public sector entities may obtain information from additional sources, such as from auditors involved in performance or other audits related to the entity.
• Inquiries of the internal audit function may assist the auditor in identifying risks of material non-compliance with applicable laws and regulations.
• Analytical procedures help identify inconsistencies, unusual transactions or events, and amounts, ratios, and trends that indicate matters that may have audit implications.

Description

Quiz on auditing principles, focusing on professional judgment and skepticism in planning and performing audits, and identifying risks of material misstatement.