2C1 - Document Understanding of Entity and Environment

.docx
2C1 - Document Understanding of Entity and Environment Obtain Understanding of The Entity and Its Environment, Including Internal Control - Auditor MUST perform Risk Assessment Procedures (RAP) - The nature, timing, and extent (NTE) of RAP depend on: o Size and complexity of entity o Auditor's experience with client Purpose of Risk Assessment Procedures - Gather information about the entity and its environment, including internal controls , to: o Identify relevant risk factors o Evaluate likelihood and magnitude o Identify mitigating or eliminating controls o Evaluate design and implementation o Design tests of operating effectiveness, if applicable o Design nature, timing, and extent of substantive tests Understanding Internal Control - Obtain an understanding of design and implementation of relevant internal o Usually external financial reporting controls - Understand components of internal control o CRIME o Inquiry, observation, inspection, and reperformance Understanding Internal Control - Ultimate Goal - Basis for identifying and assessing risk of material misstatement o Extent is a matter of professional judgment Control Objectives: Sales, Cash Receipts, A/R - Transactions are recorded accurately as to account, amount, and period - Cash receipts are properly applied to customer accounts - Sales represent valid transactions - Customer returns are approved/recorded - Allowance for doubtful accounts is recognized timely Financial Statement Assertions - Existence or Occurrence o Exist at balance sheet - Completeness o Population of transactions complete - Rights and Obligations o Clear title/actual obligations - Valuation and Allocation o Properly valued and measured - Accuracy and Classification o Properly classified and understandable to user - Cut-off
Document Considerations - Existing documents MAY be starting point o Prior year working papers o Client's internal documentation - MUST verify as implemented to ensure control exists and the entity is using it o Evolving way controls are applied o New personnel o Varying effectiveness of training and supervision o Time and resource constraints o Circumstances for original design change o Intentional fraud Nature of Documentation Flexible - Flowcharts - Narratives or memoranda - Internal control questionnaires - Decision tables o Graphic measures describing the logic of decisions - Matrixes Required Documentation - Key elements of the understanding obtained o Each of the aspects of the entity and its environment o Each of the internal control components - Source of information - Risk assessment procedures performed - Risks identified and related controls about which the auditor has obtained an understanding Efficiency Tips for Smaller Entity Audits - Documentation MAY be incorporated into documentation of overall audit plan for smaller entity audits - MAY be simple and relatively brief for entity's that have uncomplicated businesses and processes - It is NOT necessary to document the entirety of the auditor's understanding and the matters related to it o Focus on elements on which the auditor based assessed risks of material misstatement Question #1 An auditor uses the knowledge provided by the understanding of internal control and the final assessed level of control risk primarily to determine the nature, timing, and extent of the: a) Attribute tests b) Compliance tests c) Tests of controls d) Substantive tests
Question #2 Which of the following is NOT a reason why an auditor SHOULD obtain an understanding of the components of an entity's internal control in planning an audit? a) Identify the types of potential misstatements that can occur b) Design substantive tests c) Consider the operating effectiveness of the internal control structure d) Consider factors that affect the risk of material misstatements Question #3 Which of the following statements regarding auditor documentation of the client's system of internal control is correct? a) Documentation MUST include flow charts b) Documentation MUST include procedural write-ups c) NO documentation is necessary although it is desirable d) NO one particular form of documentation is necessary, and the extent of documentation may vary Question #4 A flowchart is most frequently used by an auditor in connection with the: a) Preparation of generalized computer audit programs b) Documentation of the client's internal control procedures c) Use of statistical sampling in performing an audit d) Performance of analytical review procedures of account balances
Page1of 3
Uploaded by JusticeCapybaraMaster1521 on coursehero.com