less than 150wrds more than 100!! try using key terms if applicable please and thank you.

3. You are auditing a public company's financial statements. Due to special circumstances, you are only auditing the company's financial statements this year. You did not perform test of control. Your boss found it and asked why. How would you explain?

Acceptable audit risk-a measure of audit report rendered for the client was how willing the auditor is to accept that correct the financial statements may be materi- Inherent risk-a measure of the audi- ally misstated after the audit is completed and an unmodified audit opinion has been tor's assessment of the susceptibility of an assertion to material misstatement before issued; see also audit assurance considering the effectiveness of internal Audit assurance complement to control acceptable audit risk; an acceptable audit risk of two percent is the same as audit Nonroutine transaction-a transaction that is unusual, either due to size or nature, assurance of 98 percent; also called overall assurance and level of assurance and that is infrequent in occurrence Audit risk model-a formal model Planned detection risk-a measure of reflecting the relationships between the risk that audit evidence for a segment acceptable audit risk (AAR), inherent risk will fail to detect misstatements that could (IR), control risk (CR), and planned detec be material, should such misstatements tion risk (PDR); PDR = AAR(IR CR) exist, PDR = AAR/(IRCR) Control risk-a measure of the auditor's Risk-the acceptance by auditors that assessment of the risk that a material mis- there is some level of uncertainty in per- statement could occur in an assertion and forming the audit function not be prevented or detected on a timely Significant risk-an identified and as- basis by the client's internal controls sessed risk of material misstatement that, Engagement risk-the risk that the audi- in the auditor's professional judgment, tor or audit firm will suffer harm because requires special audit consideration of a client relationship, even though the Assessment inquiry-inquiry to corrobo- Informational inquiryinquiry to ob- rate or contradict prior information obtained tain information about facts and details the Earnings management-deliberate ac- auditor does not have tions taken by management to meet earn- Interrogative inquiry-inquiry used ings objectives to determine if the interviewee is being Fraud risk factors-entity factors that in- deceptive or purposefully omitting disclo- crease the risk of fraud sure of key knowledge of facts, events, or Fraud triangle represents the three con- circumstances ditions of fraud: incentives/pressures, op- Premature revenue recognition-rec- portunities, and attitudes/rationalization ognition of revenue before accounting Horizontal analysis analysis of per- standards requirements for recording rev- enue have been met centage changes in financial statement numbers compared to the previous period Vertical analysis-analysis in which Income smoothing form of earn- financial statement numbers are converted ings management in which revenues and to percentages of a base; also called com- mon-size financial statements expenses are shifted between periods to reduce fluctuations in earnings principles must be functioning for con- Internal controla process designed to trols to be effective provide reasonable assurance regarding Cybersecurity-the information tech- the achievement of management's objec- nology and internal control processes tives in the following categories: (1) reli- an organization has in place to protect ability of reporting. (2) effectiveness and computers, networks, programs, and data efficiency of operations, and (3) compli- from unauthorized access ance with applicable laws and regulations Database management systems Local area networks (LANs) networks hardware and software systems that allow that connect computer equipment, data clients to establish and maintain databases files, software, and peripheral equipment shared by multiple applications within a local area, such as a single building Digital signatures-electronic certificates or a small cluster of buildings, for intracom- that are used to authenticate the validity pany use of individuals and companies conducting Manual controls-application controls business electronically done by people Encryption techniques-computer pro- Monitoring-management's ongoing grams that change a standard message or and periodic assessment of the quality of data file into one that is coded, then de- internal control performance to determine coded using a decryption program that controls are operating as intended and Enterprise resource planning (ERP) are modified when needed systems-systems that integrate numer- Output controls controls designed to Ons aspects of an organization's activities ensure that computer-generated data are into one accounting information system valid, accurate, complete, and distributed Entity-level controls-controls that only to authorized people have a pervasive effect on the entity's sys- Parallel testing a company's computer tem of internal control; also referred to as testing approach that involves operating company-level controls the old and new systems simultaneously Firewall-a system of hardware and soft- Pilot testing a company's computer ware that monitors and controls the flow testing approach that involves implement- of e-commerce communications by chan- ing a new system in just one part of the neling all network connections through a organization while maintaining the old control gateway system at other locations General authorization companywide Processing controls controls designed to policies for the approval of all transactions ensure that data input into the system are within stated limits accurately and completely processed General controls-controls that relate to Risk assessment-management's identi- all parts of the IT function and affect many fication and analysis of risks relevant to different software applications the preparation of financial statements in Hardware controls controls built into accordance with an applicable accounting the computer equipment by the manufac- framework turer to detect and report equipment failure Separation of duties-separation of the Independent checks-internal control following activities in an organization: activities designed for the continuous in- (1) custody of assets from accounting, ternal verification of other controls (2) authorization from custody of assets, Information and communication (3) operational responsibility from record the set of manual and/or computerized pro- keeping, and (4) IT duties from outside cedures that initiate, record, process, and users of IT report an entity's transactions and maintain Service center an organization that accountability for the related assets provides IT services for companies on an Input controls-controls designed by an outsourcing basis organization to ensure that the informa- Specific authorization-case-by-case tion to be processed by the computer is approval of transactions not covered by authorized, accurate, and complete companywide policies Acceptable audit risk-a measure of audit report rendered for the client was how willing the auditor is to accept that correct the financial statements may be materi- Inherent risk-a measure of the audi- ally misstated after the audit is completed and an unmodified audit opinion has been tor's assessment of the susceptibility of an assertion to material misstatement before issued; see also audit assurance considering the effectiveness of internal Audit assurance complement to control acceptable audit risk; an acceptable audit risk of two percent is the same as audit Nonroutine transaction-a transaction that is unusual, either due to size or nature, assurance of 98 percent; also called overall assurance and level of assurance and that is infrequent in occurrence Audit risk model-a formal model Planned detection risk-a measure of reflecting the relationships between the risk that audit evidence for a segment acceptable audit risk (AAR), inherent risk will fail to detect misstatements that could (IR), control risk (CR), and planned detec be material, should such misstatements tion risk (PDR); PDR = AAR(IR CR) exist, PDR = AAR/(IRCR) Control risk-a measure of the auditor's Risk-the acceptance by auditors that assessment of the risk that a material mis- there is some level of uncertainty in per- statement could occur in an assertion and forming the audit function not be prevented or detected on a timely Significant risk-an identified and as- basis by the client's internal controls sessed risk of material misstatement that, Engagement risk-the risk that the audi- in the auditor's professional judgment, tor or audit firm will suffer harm because requires special audit consideration of a client relationship, even though the Assessment inquiry-inquiry to corrobo- Informational inquiryinquiry to ob- rate or contradict prior information obtained tain information about facts and details the Earnings management-deliberate ac- auditor does not have tions taken by management to meet earn- Interrogative inquiry-inquiry used ings objectives to determine if the interviewee is being Fraud risk factors-entity factors that in- deceptive or purposefully omitting disclo- crease the risk of fraud sure of key knowledge of facts, events, or Fraud triangle represents the three con- circumstances ditions of fraud: incentives/pressures, op- Premature revenue recognition-rec- portunities, and attitudes/rationalization ognition of revenue before accounting Horizontal analysis analysis of per- standards requirements for recording rev- enue have been met centage changes in financial statement numbers compared to the previous period Vertical analysis-analysis in which Income smoothing form of earn- financial statement numbers are converted ings management in which revenues and to percentages of a base; also called com- mon-size financial statements expenses are shifted between periods to reduce fluctuations in earnings principles must be functioning for con- Internal controla process designed to trols to be effective provide reasonable assurance regarding Cybersecurity-the information tech- the achievement of management's objec- nology and internal control processes tives in the following categories: (1) reli- an organization has in place to protect ability of reporting. (2) effectiveness and computers, networks, programs, and data efficiency of operations, and (3) compli- from unauthorized access ance with applicable laws and regulations Database management systems Local area networks (LANs) networks hardware and software systems that allow that connect computer equipment, data clients to establish and maintain databases files, software, and peripheral equipment shared by multiple applications within a local area, such as a single building Digital signatures-electronic certificates or a small cluster of buildings, for intracom- that are used to authenticate the validity pany use of individuals and companies conducting Manual controls-application controls business electronically done by people Encryption techniques-computer pro- Monitoring-management's ongoing grams that change a standard message or and periodic assessment of the quality of data file into one that is coded, then de- internal control performance to determine coded using a decryption program that controls are operating as intended and Enterprise resource planning (ERP) are modified when needed systems-systems that integrate numer- Output controls controls designed to Ons aspects of an organization's activities ensure that computer-generated data are into one accounting information system valid, accurate, complete, and distributed Entity-level controls-controls that only to authorized people have a pervasive effect on the entity's sys- Parallel testing a company's computer tem of internal control; also referred to as testing approach that involves operating company-level controls the old and new systems simultaneously Firewall-a system of hardware and soft- Pilot testing a company's computer ware that monitors and controls the flow testing approach that involves implement- of e-commerce communications by chan- ing a new system in just one part of the neling all network connections through a organization while maintaining the old control gateway system at other locations General authorization companywide Processing controls controls designed to policies for the approval of all transactions ensure that data input into the system are within stated limits accurately and completely processed General controls-controls that relate to Risk assessment-management's identi- all parts of the IT function and affect many fication and analysis of risks relevant to different software applications the preparation of financial statements in Hardware controls controls built into accordance with an applicable accounting the computer equipment by the manufac- framework turer to detect and report equipment failure Separation of duties-separation of the Independent checks-internal control following activities in an organization: activities designed for the continuous in- (1) custody of assets from accounting, ternal verification of other controls (2) authorization from custody of assets, Information and communication (3) operational responsibility from record the set of manual and/or computerized pro- keeping, and (4) IT duties from outside cedures that initiate, record, process, and users of IT report an entity's transactions and maintain Service center an organization that accountability for the related assets provides IT services for companies on an Input controls-controls designed by an outsourcing basis organization to ensure that the informa- Specific authorization-case-by-case tion to be processed by the computer is approval of transactions not covered by authorized, accurate, and complete companywide policies