Internal Controls and Sampling Tests

Transcription

1 Question 1: What important concepts should management consider in the design and implementation of internal controls? The two concepts that are important for management to consider in the design and implementation of internal controls are as follows: Reasonable assurance: Internal controls should be developed that provide a reasonable but not absolute assurance that the financial statements are fairly stated. Internal controls are developed by management after considering both the costs and the benefits of the controls. Reasonable assurance allows for only a remote likelihood that material misstatement will not be prevented or detected on a timely basis by internal control. Inherent limitations: Internal controls can never be regarded as completely effective regardless of the care followed in their design and implementation. The effectiveness of internal controls will depend on the competency and dependability of the people using it. Question 2: What are representative, reasonably representative, and nonrepresentative auditing samples? The objective of an auditor when selecting sample transactions for auditing a total population of transactions is to obtain a representative sample. A representative sample is one in which the characteristics in the sample are approximately the same as those of the total population. This means that the sampled items are similar to the items not sampled. If a control procedure requires an employee to match receiving reports with vendor invoices and this procedure is not done exactly 2% of the time, then the audited sample should reflect the same percentage. If the audit sample reflects less than 1% not matched, then the audit sample would be considered a reasonably representative sample. But if the audit sample was to find no missing matches or a large amount of missing matches, the audit sample would be considered a nonrepresentative sample. If it is determined that the audit sample is nonrepresentative, the auditor can increase the sample size, audit the total population of transactions, or review the sampling method selected and make the appropriate changes to achieve a representative sample. An example of this would be to change the approach of the audit to using the receiving log to select the samples instead of from the vendor invoice register. 1

2 Question 3: What three audit development steps should be used for developing tests of controls and substantive tests? The auditor should perform the following three steps when developing tests of controls and substantive tests: 1. Plan the sample: Planning the sample makes sure that the audit tests are performed in a manner that provides the desired sampling risk and minimizes the likelihood of nonsampling error. 2. Select the sample and perform the tests: Selecting the sample involves deciding how to select sample items from the population. Performing the tests is the examination of documents and doing other audit procedures. 3. Evaluate the results: Evaluating the results involves drawing conclusions based on the audit tests. To illustrate this procedure, assume that an auditor selects a sample of 150 inventory items to audit the results of a physical inventory. The auditor tests each inventory tag count against the physical inventory on the shelf and determines that there is one inventory error. Deciding the necessary sample size is a part of planning the sample. Deciding which 150 items to select from the inventory population is a sample selection problem. Doing the audit procedure for each of the 150 inventory items and determining that there was one error constitutes performing the tests. Reaching conclusions about the likely error rate in the total inventory population when there is a sample error rate of one per 150 inventory items (0.66%) is evaluating the results. Question 4: What is meant by statistical versus nonstatistical and probabilistic versus nonprobabilistic sample selection? Through the application of mathematical rules, statistical sampling allows for the quantification of sampling risk in planning the sample and evaluating the results. Statistically, a 98% confidence level in a selected sample provides for a 2% sampling risk. In nonstatistical sampling, the auditor does not quantify sampling risk. Instead, those sample items that the auditor believes will provide the most useful information in the area being audited are selected. Conclusions are reached about populations on a judgmental basis. For that reason, the selection of nonstatistical samples is often termed judgmental sampling. Probabilistic and nonprobabilistic sample selections are part of selecting the 2

3 sample and performing the tests. Probabilistic sample selection is a method of selecting a sample such that each population item has a known probability of being included in the sample and the sample is selected by a random process. Nonprobabilistic sample selection is a method of selecting a sample in which the auditor uses professional judgment rather than probabilistic methods to select sample items. Question 5: What is meant by block sample selection, and when might an auditor choose to use this method of sampling? Block sample selection is the selection of several items in a sequence. Once the first item in the block is selected, the remainder of the block is chosen automatically. This is a nonprobabilistic (judgmental) sample selection method. It is used mostly as a supplemental method used in conjunction with other sampling methods. A common use for block sampling is when a known exception has occurred for a period of time and the auditor wants to sample all occurrences during that period. For example, a temporary employee was employed during a vacation period to perform matching cash receipts with invoices. Question 6: How are tests of controls, substantive tests, and tests of details designed? The methodology used for designing tests of controls, substantive tests, and tests of details for all balance sheet accounts: accounts payable, accounts receivable, inventory and warehousing, and capital acquisition and repayment cycle are the following: 1. Identify the client s business risks affecting the cycle. 2. Set tolerable misstatements and assess inherent risk for the cycle. 3. Assess control risk for each step or process within the cycle. 4. Design and perform tests of controls and substantive tests of transactions for each step or process within the cycle. 5. Design and perform analytical procedures for the cycle. 6. Design tests of details for the cycle to satisfy balance related and audit objective. This includes audit procedures, sample size, items to select, and timing. Steps 1 through 3 are included in phase I (planning the sample), step 4 is 3

4 included in phase II (select the sample and perform the tests), and steps 5 and 6 are included in phase III (evaluate the results) of the audit development process. Question 7: What key control activities need to be considered when designing tests of transactions? When designing tests of controls and substantive tests of transactions for the sales and cash receipt cycle, the key control activities that need to be considered are these: Adequate separation of duties: This prevents various types of misstatement, both intentional and unintentional. It is important that anyone responsible for recording sales and cash receipts be denied access to the cash. It is also important that granting credit be separated from the sales function and that any batch control checking be separate from data input. Proper authorization: It is important that all pricing and discounting, payment terms, and freight terms have proper authorization. Shipments should include a shipping authorization before the shipment is made. Adequate documents and records: Adequate record-keeping procedures must exist before most of the transaction-related audit objectives can be met. This includes invoices, monthly statements, shipping records, and any other appropriate documentation relating to sales and cash receipts. Prenumbered documents: All documents used in the sales and cash receipt should be prenumbered for control and matching purposes. Monthly statements: This allows the customer to check outstanding balances with his/her records and initiate a correction when required. Internal verification procedures: The use of computer programs or independent persons for checking the processing and recording of sales transactions is essential for fulfilling each of the transaction-related audit objectives. Examples of these procedures include accounting for the numerical sequence of prenumbered documents, checking the accuracy of document preparation, and reviewing reports for unusual or incorrect items. Other cycles key control activities may include the following: The Procurement and Payment Cycle Purchase requisition 4

5 Receiving reports Vendor invoices being prenumbered and accounted for Comparing batch totals with computer summaries Checking charts of accounts to assure classifications are correct The Capital Acquisition and Repayment Cycle Cash bank account transactions Notes payable Observing taking of physical inventory of assets Checking physical inventory versus asset master file Checking methodology of depreciating assets The Accounting for Inventory Raw material requisition WIP inventory transfers Cost accounting records Observe taking of the physical inventory Check physical inventory versus perpetual inventory master file Question 8: What types of control confirmations are used for tests of controls when auditing accounts receivable? The two most common types of control confirmations are positive confirmation and negative confirmation. Positive confirmations are communications addressed to the customer that request confirmation of the balance as stated on the confirmation request. Another type of positive confirmation is a blank confirmation where customers are requested to state the balance based on their records. Negative confirmations are requests sent to customers requesting them to respond if the balance on the request does not match their records. This type of confirmation is less reliable because they may not be a reply even if the balance does not agree with the customer s records. A no reply will be considered a positive agreement. Question 9: What is the key difference between auditing a nonpublic and a publicly held company? The audit of a nonpublic company is not subject to Section 404 of the Sarbanes-Oxley Act and PCAOB requirements to report on internal control over 5

6 financial reporting. When auditing a nonpublic company, an auditor has the option of assessing a higher level of control risk depending on the quality of the client s internal controls and cost-benefit considerations. Question 10: What are the most and least costly types of tests for performing an audit of the financial statements? The costs for performing an audit of the financial statement can vary from audit to audit and company to company depending on size and strength of its internal controls. However, as a rule of thumb, the following lists the tests by lowest to highest costs: Analytical procedures: Costs are low because it is relatively easy to make calculations and comparisons of large amounts of data using a minimum amount calculation and time by using computers. Procedures to obtain an understanding of internal control and tests of controls: Again, costs are low because an auditor can use auditing software and computerized accounting systems. Substantive tests of transactions: These are more costly because they usually require recalculations and tracing of transactions requiring the auditing team s time. Tests of details of balances: These are the most expensive part of the audit because of the cost of sending confirmations to customers and vendors and the timely counting of assets such as inventory. 6