Escolar Documentos
Profissional Documentos
Cultura Documentos
ing meeting with the external auditors and dealing with various audit and accoun
ting matters that may arise
In Canada, regulation of public accounting is a provincial matter. Most province
s have public accountancy acts that specify who is allowed to practice public ac
counting in the province. In recent years, the trend in provincial public accoun
tancy legislation has been to open public accounting to CGAs and CMAs, as well a
s CAs. The goal is to increase accessibility to reasonably priced public account
ing services while maintaining standards.
Overall, the profession of auditing is facing an increasingly complex regulatory
environment. Auditors must be aware of this environment in order to perform a p
roper audit.
LO2: List the various practice standards for independent audits of financial s
tatements.
Practice standards are general guides for the quality of professional work. The
list includes Generally Accepted Audit Standards (GAAS), assurance standards, CI
CA s General Standards of Quality Control for Firms Performing Assurance Engagemen
ts and other quality control standards as reflected in firm peer reviews and pro
vincial institutes practice inspection manuals.
LO3: Outline the ethical, examination, and reporting standards that make up ge
nerally accepted auditing standards (GAAS) as set out in the CICA s Canadian Audit
ing Standards (CAS).
GAAS identifies the objectives and key principles of the financial statement aud
it. Audit standards are quality recommendations that are the same for all audits
.
The general standard refers to competence, objectivity and independence, and due
professional care. These are the key supporting rules of professional conduct.
Competence is knowing what to do by having adequate technical training and profi
ciency while objectivity and independence require auditors to have an objective
state of mind. Auditors are expected to have intellectual honesty and impartiali
ty. Due professional care is doing the work to the best of your ability while ob
serving the rules of professional ethics and GAAS.
CAS concepts and principles include how to conduct an audit, the scope of the au
dit, reasonable assurance, audit risk and materiality, planning and supervision,
internal control assessment and sufficient appropriate evidential matter.
The overall objective of a financial statement audit is to enable the auditor to
express an opinion as to whether the financial statements are prepared, in all
material respects, in conformity with an applicable framework, usually GAAP. An
auditor performs work his/her to obtain reasonable assurance that the informatio
n prepared by management is correct, not absolute assurance.
A written audit program of the procedures to be performed, and the timing of the
work, is usually good evidence the audit has been planned in accordance with GA
AS. Before the financial statement audit is planned, an auditor studies the orga
nization and the industry in which it operates to identify probable areas of con
cern or higher risk of misstatement.
A standard audit opinion consists of several parts. The first line identifies th
e key user of the audit opinion. For a public company, this would be the shareho
lders. The first paragraph identifies what was audited. Next are the paragraphs
which clearly identify that it is management s responsibility to prepare the finan
cial statements and that it is the auditor s responsibility to obtain evidence and
express an opinion. Finally, the last paragraph is the expression of an opinion
. In this case, it would be that the financial statements are fairly presented i
n all material respects and are in accordance with GAAP.
An unqualified (clean) opinion implies that the accounting principles used in th
e financial statements have general acceptance and are consistently applied. It
also implies that the statements fully disclose information that most users woul
d consider necessary. Last, and most important, it that means the financial stat
ements are accurate within practical materiality limits.
An adverse opinion is the opposite of an unqualified opinion by stating financia
on raises three key elements of ethics: (1) it involves questions requiring refl
ective choice (decision problems), (2) it involves guides of right and wrong (mo
ral principles), and (3) it is concerned with the consequences of decisions.
Problem situations can arise when two or more rules conflict or when a rule and
the criterion of greatest good conflict. Ethical decision problems almost always i
nvolve projecting yourself into the future to imagine living with your decisions
. Professional ethical decisions usually turn on two questions: What written and
unwritten rules govern my behaviour? What are the possible consequences of my c
hoices? Ethical reasoning is different from other types of reasoning because it
includes consideration for the perspective of others.
LO3 Outline the characteristics of professional skepticism and critical thinking
Professional skepticism is an auditor s tendency to not believe management asserti
ons, but to find sufficient support for the assertions through appropriate audit
evidence (must apply due care).
Critical thinking involves questioning the application of a standard, the concep
ts and principles underlying it, and the consistency of standards to one another
. It considers how, when and whom management is trying to persuade in making its
assertions.
Professional judgment in auditing is essentially critical thinking on accounting
issues and the evidence related to them. The critical thinking framework can be
used for deciding when an audit conclusion is sufficiently justified.
LO4 Analyze whether a PA s conduct conforms to principles underlying provincial ru
les of professional ethics
All of the Canadian PA bodies (CAs, CGAs, CMAs) and the International Federation
of Accountants (IFAC) have their own rules of professional conduct for their me
mbers and students, either provincially or nationally. Codes of conduct need a b
alance between detailed rules and more general principles. They also need to be
practical. As a result they all tend to have similar frameworks. Codes of profes
sional conduct apply to all members, with some exceptions for students and membe
rs who are not in public practice.
For CAs in Canada, there are six rules of professional conduct which are summari
zed as follows: 1. The member should act to maintain the profession s reputation.
2. The member should use due care and maintain his or her professional competenc
e. 3. The member should maintain the appearance of independence as well as the f
act of independence of his or her professional judgment. 4. The member should pr
eserve client confidentiality. 5. The member should base his or her reputation o
n professional excellence in particular, advertising should inform, not solicit. 6
. The member should show professional courtesy to other members at all times.
The single most important principle for accountants is to serve the public inter
est; they can only do so if the profession maintains a good reputation. The rema
ining principles all serve to support this first one.
Integrity is the duty to be honest and conscientious. Integrity relates to the b
asic character of a professional and applies to more than just their business de
alings. The public may view any serious transgression of a professional accounta
nt, including those outside business or professional activity, as a black mark a
gainst the profession as a whole. Consequently, if a professional accountant is
convicted of a minimal offense or fraud, his or her certification is usually rev
oked.
LO5 Explain the importance of an independence framework for auditors
Independence is a way of achieving objectivity. Professional accountants in publ
ic practice should be independent in fact and appearance.
There are five threats to a PAs independence:
1.
Self-review providing assurance on his or her own work
2.
Self-interest for example, benefiting from a financial interest in a clien
t
3.
Advocacy promoting a client s position or opinion
4.
Familiarity becoming too sympathetic to a client s interests
5.
Intimidation being deterred from acting objectively by actual or perceived
threats from a client
A PA must identify and evaluate possible independence threats. Unless the threat
s are already insignificant, the PA must reduce them to a level that would pose
no real or perceived compromise to their work. If they cannot, the PA must elimi
nate the activity, interest, or relationship that is creating the threat.
Since the purpose of auditing is to lend credibility to financial statements, au
ditors must be impartial and unbiased. Auditors must be independent in appearanc
e and in fact.
In an audit, programming, investigative, and reporting independence all must be
maintained. Programming independence refers to the need for auditors to remain f
ree from interference by client managers who try to restrict, specify, or modify
the procedures auditors want to perform, including any attempt to assign person
nel or otherwise control the audit work. Investigative independence refers to th
e need for auditors to have free access to books, records, correspondence, and o
ther evidence. Lastly, an auditor must maintain reporting independence by report
ing fully and fairly. Clients cannot overrule auditors judgments on the content o
f an audit report.
Professional competence applies to the professional services that the member und
ertakes. The member must be technically proficient in performing the service. If
they are not, then they must either hire, or be supervised by, someone who is.
Due Professional Care means technical proficiency is applied to the best of the
member s ability.
Professional competence and due care involves adequately planning and supervisin
g audits as well as ensuring sufficient data is obtained to support all conclusi
ons and recommendations.
LO6 Outline auditor legal responsibilities
PAs are potentially liable for monetary damages and can be subject to criminal p
enalties including fines and jail terms, for failure to perform professional ser
vices properly. They can be sued by clients, clients creditors, investors, and th
e government
Law is essentially a social system for resolving conflicts. Common law refers to
the system of law based primarily on previous judicial decisions. Unlike public
law, its laws have not been codified in statutes via legislation (statutory law
). There are several major categories of civil law: contracts (agreements or pro
mises that create expectations for others), torts (civil wrongs such as negligen
t actions which create obligations for the offending party), and property (right
s over goods and land). Common law liabilities for auditors arise from the law o
f contracts or torts.
Research data suggests accountants and auditors are exposed to liability for fai
lure to report known departures from accounting principles, for failure to condu
ct audits properly, for failure to detect management fraud and for actually bein
g parties to fraud.
Many users of audit reports expect auditors to detect fraud, theft, and illegal
acts, and to report them publicly. In the audit report, auditors take responsibi
lity for detecting material misstatements in financial statements, whether due t
o fraud or unintentional misstatements. Users are afraid of information risk due
to intentional misstatements, and they want it reduced, even eliminated. Some o
f their expectations are very high, resulting in an expectation gap between the
diligence users expect and the diligence auditors are able to accept.
LO7 Outline the various types of common law liability for PAs, citing specific c
ase precendents
Tort refers to a private or civil wrong or injury such as fraud. These actions a
re normally brought on by users of financial statements who have suffered a fina
ncial loss, asking the auditors compensate them for their losses.
Most auditor legal liability arises from the law of negligence, a part of the co
mmon law known as the law of torts. Negligence is the failure to perform a duty
to a standard of care. Under common law all of the following four elements of ne
gligence must be established by the plaintiff if he or she is to successfully su
e the auditor. There must be a legal duty of care to the plaintiff; there must b
e a breach in that duty; there must be proof that damage resulted, and there mus
t be a reasonably proximate connection between the breach of duty and the result
ing damage.
The auditor s best defence is to demonstrate that at least one of the preceding el
ements is missing. The auditor may also argue that the plaintiff contributed to
his or her own loss by, for example, not correcting internal control weaknesses.
In a contract, an auditor (the first party) owes the client (the second party) a
duty of care due to privity of contract. The engagement letter is critical in s
pecifying the contractual obligations. The corporation itself, as a legal person,
has to claim any damages. In the case of auditors, the owners are not viewed as
having privity of contract with the auditors; only the corporation has privity o
f contract. Thus, shareholders can take action only as third parties. The most s
ignificant source of liability to auditors, however, is from these third parties
.
Under common law, PAs may also be liable to known third parties and reasonably f
oreseeable beneficiaries creditors, investors, or potential investors who rely on
the accountants work. If the PA is reasonably able to foresee a limited class of
potential users of his work, liability may be imposed for ordinary negligence.
Ordinary negligence is unintentional error in applying professional standards, w
hile gross negligence is intentional error on the part of the auditors. Under gr
oss negligence, auditors are liable to all third parties relying on the statemen
ts.
The second element of negligence is breach of duty of care. Due professional car
e implies the careful application of all the standards of the profession (GAAS,
GAAP) and observance of all the rules of professional conduct. The courts have i
nterpreted care to be reasonably prudent practice; therefore, neither the highes
t possible standards nor the minimum standards would be considered due care from
a legal perspective.
The third element is that some damage must occur to the third party otherwise only
the audit fee can be recovered.
The fourth and last element of negligence requires there be a causal link betwee
n the breach of duty and the resulting damage. Thus, for example, if losses occu
r before the time of the audit, or if it can be proven that the plaintiff did no
t rely on the audited information to any significant degree, the lawsuit will no
t be successful.
The primary defence against a negligence claim is to offer evidence that the aud
it had been conducted in accordance with GAAS and with due professional care. In
several Canadian cases, the auditors successfully argued that clients should no
t have relied on the financial statements to make their decision. A good example
is a bank. Banks usually have available to them not only their customers financi
al statements but a great deal of other information as well. Their decision to e
xtend a loan is very often based on considerations quite apart the opinion of th
e customer s auditors.
The Canada Business Corporation Act (CBCA) was amended in 2001 to change the lia
bility associated with financial statement misrepresentations from one of joint
and several liability to modified proportionate liability. Auditors in Canada ar
e now liable under the CBCA to the extent of their degree of responsibility for
the loss (proportionate liability). However, the proportionate liability is modi
fied in that if other defendants in the lawsuit are unable to pay, the auditor i
s then liable for additional payments capped at 50 percent of his own original l
iability. Under some conditions, the courts can revert to the joint and several
liability, in which case the auditor may be required to pay up to 100 percent of
the damages.
The two US laws that affect auditors are The Foreign Corrupt Practices Act of 19
77 (FCPA) and the Racketeer Influenced and Corrupt Organization Act (RICO). The
FCPA makes it a criminal offence for American companies to bribe a foreign offic
ial. The FCPA is a law directed at company managements. Independent auditors hav
e no direct responsibility under these laws. There are two Canadian versions of
these laws: the Bill C-22 Proceeds of Crime (Money Laundering) and Terrorist Fin
ancing Act (PCMLTFA); and Corruption of Foreign Officials Act. Bill C-22 permits
fines of up to $2 million and prison terms for management and employees if they
engage in money laundering. Auditors should be aware of their reporting respons
ibilities to outside agencies, and the need to avoid being considered accomplice
If the missing evidence is too large and too important to say except for adjustme
nts, if any the audit report then must be a disclaimer or denial of opinion. Miss
ing evidence is not evidence the statements are misleading, it is simply that th
ere is not enough evidence to make a determination.
Assurance levels are further explained in terms of (1) reports qualified for sco
pe limitations and departures from GAAP, (2) adverse reports resulting from GAAP
departures, and (3) disclaimers of opinion resulting from lack of independence
and lack of sufficient appropriate evidence. The type of report to issue depends
on materiality.
In practice, when an auditor decides a matter is material enough to make a diffe
rence, a further distinction must be made between misstatements of materiality and
those of pervasive materiality. Materiality means that the information cannot simp
ly be ignored, the item in question is important and needs to be disclosed. Perv
asive materiality means that the item is very important and has a significant im
pact on the reporting decision. The distinction between the two materialities is
the number of users affected by the potential misstatements: pervasive material
ity affects many more users than does materiality.
LO6 Determine the effects of materiality and uncertainty on audit report choices
Present fairly is one of those widely used accounting terms that is never defined
in any standard. As auditor, you must provide an intuitive, reasonable, if not a
uthoritative, explanation of its meaning
a good starting point is that fair pres
entation means not to mislead, but to tell the truth about economic reality usin
g an acceptable accounting framework.
CHAPTER 5
LO1 Summarize the financial statement audit process
Auditors follow an audit process. The audit process involves three steps: 1) ris
k assessment, 2) response to assess risks and 3) concluding and reporting.
Risk Assessment consists of pre-engagement activities, preliminary audit plannin
g (risk identification) and risk assessment procedures.
Responding to the assessed risks involves internal control documentation and tes
ting, making sampling decisions and substantive procedures.
Concluding and reporting consists of reviewing the audit findings, forming an op
inion and issuing a report.
LO2 Explain the main characteristics of an independent audit engagement
Many entities require independently audited financial statements to meet their e
xternal stakeholders information needs. All publicly traded entities require audi
ted financial statements due to securities laws, many private corporations will
require audits due to the demands of their stakeholders and governmental entitie
s may require audits due to laws or demands of stakeholders.
Those charged with governance are people or organizations with the responsibilit
y for overseeing the strategic directions of the entity and the obligations rela
ted to the accountability of the entity. This oversight includes the financial r
eporting process.
The terms auditee or organization or entity refer to the entity whose financial
ents are being audited. Typically, the auditor is engaged by the people charged
with governance within the auditee entity.
LO3 Describe the activities auditors undertake to decide whether to accept a fin
ancial statement audit engagement
Public accounting firms are not obligated to accept undesirable audit clients or
to continue if relationships deteriorate or the auditee s management comes under
a cloud of suspicion.
Acceptance and retention decisions involve the following: obtain and review fina
ncial information about an auditee; evaluate the auditors ability to comply with
ethical requirements; consider whether there is a need for a special skill set;
ask the auditee s management about the business and its risks; consider whether th
e engagement involves any unusual risks; search for information about the organi
zation; and, communicate with the previous auditor, if any.
The auditor must determine whether the organization is auditable and whether the s
tatements will be prepared in accordance with GAAP. The auditor must be satisfie
tion with prior period(s); compare financial information with budgets or forecas
ts; study predictable financial information patterns based on the entity s experie
nce; compare financial information to industry statistics; and study financial i
nformation relationships to nonfinancial information.
Many auditors start with comparative financial statements and calculate common-s
ize statements (vertical analysis) and year-to-year change in balance sheet and
income statement accounts (horizontal analysis).
LO6 Explain the materiality levels used for planning the audit and how these amo
unts are determined
Materiality is one of the first important judgments the auditor must make, since
it affects every other planning, examination, and reporting decision. Auditors
should think of materiality as the largest amount of uncorrected dollar misstate
ment that might exist in a published financial statement and still fairly presen
t the company s financial position and results of operations in conformity with GA
AP.
Materiality is both a quantitative and a qualitative judgment and cannot be redu
ced to a formula. Different auditors will make different materiality decisions b
ased on their professional judgment. Judgment is based on training and experienc
e applied to their understanding of the auditee s business and reporting risks and
the likely uses of its financial statements. Auditing standards provide guidanc
e intended to help auditors with these judgments.
Performance materiality is an amount that will be somewhat less than the materia
lity for the financial statements as a whole. It reduces the probability that th
e aggregate of uncorrected and undetected misstatements will exceed materiality.
The difference between overall materiality and performance materiality is a cus
hion against misstatements.
Since materiality is made very early, auditors will reconsider the decision when
new information surfaces during the audit. If materiality is revised to a small
er amount, the auditor may have to extend testing.
specific materiality is the materiality level to be applied to those particular
classes of transactions, account balances, or disclosures for which misstatement
s of lesser amounts than materiality for the financial statements as a whole cou
ld reasonably be expected to influence the economic decisions of users taken on
the basis of the financial statements.
specific performance materiality is the amount set by the auditor at less than t
he specific materiality level to reduce to an appropriately low level the probab
ility that the aggregate of uncorrected and undetected misstatements exceeds spe
cific materiality.
LO7 Identify the principal assertions in management s financial statements and the
related risks of material misstatement
Management the following assertions about how the financial statements represent
the underlying economic data in the accounting system: existence; completeness;
ownership (rights and obligations); valuation (measurement and allocation); and
presentation (classification and disclosure).
Existence establishes with evidence that balance-sheet assets, liabilities, and
equities are actually real. For revenue and expense transactions, the existence
assertion is also described as occurrence.
Completeness establishes with evidence that all valid transactions and accounts
that should be presented in the financial reports are included. A completeness e
rror exists when a transaction total or account balance is understated.
Proper cutoff means accounting for all transactions that occurred during a perio
d without postponing some recordings to the next period (completeness) or accele
rating next-period transactions into the current-year accounts (existence). Simp
le cutoff errors occur in the revenue accounting process when late-December sale
s invoices are recorded for goods not actually shipped until January.
The objective related to ownership is establishing, with evidence, the ownership
(rights) for assets, ownership (obligations) for liabilities, and the propriety o
f revenue and expense transactions.
The objective related to valuation (also stated as measurement, or allocation) i
s determining whether proper dollar amounts have been assigned to the assets, li
of its accountants. Management optimism and bias leads to a higher inherent risk
of overstatement in asset and revenue accounts and a higher inherent risk of un
derstatement in liability and expense accounts.
Control risk is the probability that the auditee s internal control policies and p
rocedures will fail to detect or prevent material misstatements. Auditors do not
create or affect the control risk, but they do evaluate the design of an organi
zation s control system and test whether the auditee s system is working as designed
. They then assess the probability of material misstatements. Control risk shoul
d not be assessed so low that auditors place complete reliance on controls and d
o not perform any other audit work.
Inherent and control risks can be difficult to assess separately because some in
ternal controls work only when errors, irregularities, and other misstatements occ
ur, while others are preventive in nature and so tend to reduce inherent risk. A
n auditor may make separate or combined assessments of inherent and control risk
. Combined, inherent risk and control risk is referred to as the risk of materia
l misstatement.
Detection risk is the risk a material misstatement that has not been prevented o
r corrected by the auditee s internal control will not be detected by the auditor.
It is the auditor s responsibility to reduce detection risk to an acceptably low
level by performing evidence-gathering procedures known as substantive procedure
s. Two categories of substantive procedures are (1) tests of the details of tran
sactions and balances and (2) analytical procedures applied to produce circumsta
ntial evidence about dollar amounts in the accounts.
Audit risk is related to information risk and auditing is fundamentally a risk m
anagement process. Audit risk is the probability an auditor will fail to express
a reservation that financial statements are materially misstated. Audit risk ca
n at best be controlled at a low level but not eliminated, even when audits are
well planned and carefully performed. Generally, as the risk of being sued for m
aterial misstatement increases, an auditor will decrease planned audit risk to c
ompensate for the increased risk associated with the engagement.
The audit fails if all of the following three events occur: (1) there is a mater
ial misstatement to start with (inherent risk), (2) the internal controls fail t
o detect and correct the material misstatement (control risk), and (3) the audit
procedures also fail to detect the material misstatement (detection risk).
Audit Risk Model
Audit risk (AR) = Inherent risk (IR) Control risk (CR) Detection r
isk (DR)
LO2 Explain the usefulness and limitations of the audit risk model in conducting
the audit
Audit Risk Model
Audit risk (AR) = Inherent risk (IR) Control risk (CR) Detection risk (DR)
The objective is to limit audit risk to a low level by assessing inherent risk a
nd control risk as high, moderate or low.
For example, an auditor thought an inventory balance had a high inherent risk of
material misstatement (say, IR = 0.90) and that the auditee s internal control wa
s not very effective (say, CR = 0.70). If the auditor wanted audit risk at a 5 p
ercent level (AR = 0.05), planned audit procedures would need to achieve detecti
on risk (DR) that did not exceed 0.08 (approximately). The model can be used for
planning the audit work by rearranging it to solve for DR. AR = IR CR DR DR = A
R / (IR CR) = 0.05 / (0.90 0.70) = 0.08
Materiality refers to the magnitude of a misstatement, while audit risk refers t
o the level of assurance that material misstatement does not exist in the financ
ial statements. The materiality decision is based on how misstatements will affe
ct financial statement users.
Audit risk and materiality are planned early in the audit and are used throughou
t the audit for financial statements as a whole, as well as for individual accou
nts.
Inherent risk, control risk and detection risk vary by assertion for each accoun
t balance, transaction stream and disclosure.
The business risk-based audit approach was set out by CAS. The approach ensures
the auditor understands the client s business risks and strategy before assessing
the risks of material misstatement in the financial statements.
LO3 Explain how auditors assess the auditee s business risk through strategic anal
ysis and business process analysis
The business risk-based approach to auditing requires the auditor to understand
the auditee s business risks and strategy and its related internal control. Audito
rs then assess the risks of material misstatement and design procedures that add
ress the assess risks.
There are two parts of business risk analysis: strategic analysis and business p
rocess analysis. A risk-based audit approach places business risk assessment at
the heart of the audit process.
The strategic analysis begins the auditor s understanding of management s process fo
r identifying business risks and making decision to address those risks.
Business processes are a structured set of activities designed to produce a spec
ific output that matches business strategy
processes work to create value for cu
stomers and thus achieve strategic objectives. Changes in technology and ecommer
ce can affect business risks and processes.
Business performance analysis ideally considers financial and nonfinancial perfo
rmance measures and the interrelationship between the two (for example increasin
g sales and gross margins should relate to market share increases or process eff
iciencies).
LO4 Outline the relationship among the business processes and accounting process
or cycles that comprise an organization s information system and management s gener
al purpose financial statements
An accounting process can be thought of as a cycle. Accounts go together in the
accounting information system because they record transaction information from t
he same business activity and run through the same accounting process over and o
ver, in a cycle. These transactions are recorded by the organization s accountants
using journal entries involving the same set of accounts. The cycle perspective
looks at accounts grouped according to routine transactions. Auditors find it e
asier to audit the related accounts with a coordinated set of procedures instead
of attacking each account alone.
The four simplified accounting processes are the 1) revenue process, 2) purchasi
ng process, 3) production process, and 4) financing process.
LO5 Illustrate how business risk analysis is used to assess the risk of material
misstatement at the financial statement level and at the assertion level
The auditor knows that management has to consider risk as part of the operations
of an organization.
There are four ways of managing risk: avoid it; monitor it; reduce it; or transf
er it.
Risk is composed of two factors in the analysis: the likelihood the risk will oc
cur and the magnitude of the risk. Management controls minimize both the likelih
ood of a risk and the impact that the risk will have.
Risks that are not moved into the low category by management controls represent
categories for which the controls fail to reduce the risks that the financial st
atements do not portray the actual business performance. These are areas that ne
ed to be audited with the greatest care.
LO6 Describe the five components of the internal control framework: the control
environment, management s risk assessment process, information systems and communi
cation, control activities, and monitoring
Business risk and internal control are so tightly linked that auditors need to c
onsider them together.
Internal control is defined as the process designed, implemented, and maintained
by management and other auditee personnel to provide reasonable assurance about
the reliability of financial reporting, effectiveness and efficiency of operati
ons, and compliance with applicable laws and regulations.
The auditor is primarily interested in the accounting controls.
Management s and directors attitudes, awareness, and actions concerning the company
internal controls set the tone for the control environment. Management must act
to remove or reduce incentives and temptations which motivate people in the org
schedules of accounts whose balances are carried forward for several years, suc
h as share capital, retained earnings, and partnership capital.
Administrative papers contain the documentation of the early planning phases of
the audit. They usually include the engagement letter, staff assignment notes, c
onclusions related to understanding the auditee s business (including internal con
trol analysis), results of preliminary analytical procedures, initial assessment
of audit risks, initial assessment of audit materiality, the audit plan, a work
ing trial balance and any review notes.
The current-year audit evidence working papers are typically organized in sectio
ns: major accounting processes or cycles and balance sheet accounts. Each sectio
n contains a lead sheet showing the dollar amounts reported in the financial sta
tements, summary of the audit objectives in relation to the account s assertions,
procedures performed, evidence obtained, and conclusions reached for that sectio
n overall. These papers communicate the quality of the audit so they must be cle
ar, concise, complete, neat, well indexed, and informative. Each separate workin
g paper (or multiple pages that go together) must be complete in the sense that
it can be removed from the working paper file and considered on its own, with pr
oper cross-referencing available to show how the paper fits in with the others.
Auditing standards recommend working papers show (1) evidence the work was adequ
ately planned and supervised, (2) a description of audit evidence obtained, (3)
evidence of the evaluation and disposition of misstatements, and (4) copies of l
etters or notes concerning audit matters reported to the auditee.
Electronic working papers boost productivity by automating many tasks, such as c
arrying adjustments over to related working paper documents and the financial st
atements.
CHAPTER 9
LO1 Distinguish between management and auditor s responsibilities regarding an aud
itee organization s internal controls
Internal controls are put in place to keep the company on course toward achievin
g its goals, and to help anticipate changes that can affect their plans. Managem
ent balances the cost of controls with the benefit of risk reduction. At some po
int, the costs will exceed the benefits because it is not possible to reduce ris
ks to zero.
External auditors are not responsible for designing effective internal control f
or auditees. They are responsible for evaluating existing internal controls and
assessing the risk of a material misstatement related to them. They use their as
sessment to determine the audit work required and develop appropriate audit prog
rams to support their opinion.
Public accountants may help design internal control systems as consulting engage
ments for nonaudit clients. Such design work must be separate and apart from an
audit engagement because it could impair the public accountant s objectivity in as
sessing those controls in an audit. This is a threat to auditor independence.
External auditors documentation of control weaknesses can help management carry o
ut its responsibility for maintaining effective internal control.
LO2 Explain why the auditor evaluates an auditee s internal controls
The primary reason for evaluating a company s internal control is to have a basis
for planning the audit nature, timing, and extent of audit procedures in the det
ailed audit plan.
Auditors must make a trade-off between costs of evaluating internal control and
costs of substantive audit tests. An efficient audit program looks for the combi
nation of control evaluation and substantive work that will provide an acceptabl
e level of assurance at the lowest total cost.
In a clean audit, the accounting records are easy to verify and accurate. In a d
irty audit, however, the accounting records may be incomplete, riddled with miss
tatements, and harder to verify. A clean audit should require less work than a d
irty audit, as the controls are likely to be good at meeting their objective of
lowering the risk of material misstatement.
Auditors rely on controls for more than just efficiencies. There may be risks of
misstatements that substantive procedures alone cannot remove. For example, a c
lect a sample and 2) describes the action that was taken to produce relevant evi
dence.
Control tests should be applied to samples of transactions and control procedure
s executed throughout the whole period being audited.
Control tests and substantive tests have been described as if these are easily d
istinguishable, however many audit procedures can be designed to both test contr
ols and produce substantive evidence (calleddual purpose tests). This allows the
auditor to select an audit approach combining control reliance and substantive
evidence as the basis for a cost effective overall audit plan.
LO7 Outline the auditor s responsibility when internal control evaluation work det
ects or indicates a significant control deficiency or a high risk of fraudulent
misstatement
After the auditor has evaluated and tested internal controls, the auditor is in
a strong position to assess the likelihood of material misstatements.
Financial misstatements can arise either from error or fraud. An error is define
d as an unintentional misstatement, whereas fraud is intentional. Intent is not
something that the auditor can observe, so it is often difficult to determine, p
articularly in the case of accounting estimates or the choice and application of
accounting principles.
The auditor is responsible for reporting all identified deficiencies in internal
control, other than obviously trivial ones, to an appropriate level of manageme
nt as soon as possible. The appropriate level of management is usually the one a
t least one level above those responsible for the deficient controls.
The auditor has a responsibility to report all significant deficiencies in writi
ng to those charged with governance (audit committee or equivalent). The auditor
is required to communicate material weaknesses or other important issues, such
as discovery of a fraud or material misstatement, to management and those charge
d with governance. Serious control weaknesses are usually communicated in writin
g to management in a management representation letter. A copy of the written com
munication should be placed in the working papers.
Communication to management can be oral rather than written when the control def
iciencies are not significant.
CHAPTER 10
LO1 Explain the role of professional judgment in audit sampling decisions
Sampling is the application of an audit procedure to less than 100 percent of th
e items within an account balance population or class of transactions.
When an auditor selects a sample of the population, each element selected is cal
led a sampling unit (e.g., a customer s account). A sample is a set of such sampli
ng units.
The determination of an appropriate sample on a representative basis may be made
using either statistical or non-statistical methods. Their common purpose is to
enable the auditor to reach a conclusion about an entire set of data by examini
ng only a part of it.
Statistical sampling methods allow the auditor to express in mathematical terms
the uncertainty he or she is willing to accept and the conclusions of his or her
test. The use of statistical methods does not eliminate the need for the audito
r to exercise judgment. For example, the auditor has to determine the degree of
audit risk he or she is willing to accept and make a judgment as to materiality.
Audit sampling is concerned primarily with the extent of audit work. Testing is
a means of gaining assurance that the amount of error in large files is not mate
rial.
LO2 Distinguish audit sampling work from nonsampling work
An audit procedure is considered audit sampling only if the auditor s objective is
to reach a conclusion about the entire account balance or transaction class (th
e population) on the basis of the evidence obtained from sample. If the entire p
opulation is audited, or if it is only done to gain general familiarity, the wor
k is not considered audit sampling.
Procedures typically used in audit sampling are: recalculation, physical observa
tion of tangible assets, confirmation, and document examination.
Steps four through six represent the evidence collection phase. Auditors must co
nsider four influences on sample size: sampling risk, tolerable deviation rate,
expected population deviation rate, and population size.
The Tolerable Deviation Rate is the rate or number of exceptions that the audito
r would accept and still consider the control to be working.
Sample size varies inversely with the tolerable deviation rate. The expected pop
ulation deviation rate would be based on past years audits and general knowledge.
The expected rate of deviation must be less than the tolerable rate. The closer
the expected rate is to the tolerable rate, the larger the sample needed to rea
ch a conclusion that deviations do not exceed the tolerable rate.
Sampling units must be selected from the population an audit conclusion will app
ly to and a sample must be representative of the population it is drawn from. Th
e internal control program consists of procedures designed to produce evidence a
bout the effectiveness of a client s internal control performance. Each step is ca
rried out on each sample unit and deviations noted.
Based on the deviations found, the auditor can calculate the Sample Deviation Ra
te. The auditor cannot say that the deviation rate in the population is exactly
2 percent. Chances are the sample is not exactly representative. The basic rule
is that if number of deviations observed is greater than the tolerable rate then
the hypothesis that the control is working is rejected.
A single deviation can be the tip of the iceberg a sign of pervasive deficiency. A
uditors must investigate known deviations to determine if they are part of a pat
tern. Qualitative evaluation is sometimes called error analysis. The analysis is
essentially judgmental and involves a decision on whether the deviation is (1)
a pervasive error in principle affecting all like transactions or just the one;
(2) a deliberate control breakdown or unintentional; (3) a result of misundersto
od instructions or careless inattention to control duties; or (4) directly or re
motely related to a money amount measurement in the financial statements.
If auditors perform control testing at an interim date, they must decide what to
do about the period between interim and year end. Depending on circumstances, a
n auditor can decide to continue the test of controls for the period or stop fur
ther test of controls audit work.
LO6 Develop a simple audit program for an account balance, considering the influ
ences of risk and tolerable misstatement
When audit sampling is used for auditing the assertions in account balances, sub
stantive tests of details are done to obtain direct evidence about the dollar am
ounts and disclosures in the financial statements. Analytical procedures are usu
ally not applied on a sample basis.
In the risk model, detection risk (DR) is actually a combination of two risks. A
nalytical procedures risk (APR) is the probability that analytical procedures wi
ll fail to detect material errors and the risk of incorrect acceptance (RIA) is
the probability that test-of-detail procedures will fail to detect material erro
rs.
Sampling for the audit of account balances is similar to the steps of test of co
ntrols audit sampling.
The seven steps are:
1.
Specify the audit objectives.
2.
Define the population.
3.
Choose an audit sampling method.
4.
Determine the sample size.
5.
Select the sample.
6.
Perform the substantive-purpose procedures.
7.
Evaluate the evidence.
The specific objective in balance testing is to decide whether the client s assert
ions about existence, rights (ownership), and valuation are materially accurate.
The evidence will enable them to accept or reject this hypothesis. The populati
on can be defined as dollar units, individual customer or supplier accounts, or
even individual purchases of fixed assets.
An auditor must decide whether to use statistical or non-statistical sampling me
thods. If statistical sampling is chosen, another choice needs to be made betwee
n classical variables sampling methods which are based on the normal distributio
n, or the more widely used dollar unit sampling.
Steps four through six are the evidence-collection phase of the sampling method.
Auditors first need to establish decision criteria for the risk of incorrect ac
ceptance, the risk of incorrect rejection and material misstatement. The materia
l misstatement must be expressed as a dollar amount or as a proportion of the to
tal recorded amount. Sample sizes are based on materiality. The higher the mater
iality, the less likely that there error exists and has not been corrected so th
e smaller the sample needed to confirm there is no material error.
Unrestricted random selection and systematic selection will obtain random sample
s for statistical applications.
Based on your work, determine the known amount of actual monetary error. Next, p
roject the known misstatement to the population. Compare this total (known plus
statistically likely) to the materiality level for the account.
One projection method is called the average difference method, expressed as: PLM
(under the average difference method) = ((Dollar amount of misstatement in the
sample)/ (Number of sampling units)) (Number of population units)
Another method, the DUS projection method automatically takes into account the s
tratification of the population. The dollar-unit sampling method is expressed as
: PLM (dollar-unit method) = (Sum of the proportionate amount of misstatements o
f all dollar units in error in the sample) (Recorded amount in the population)
If the two projections differ, there is a representation issue which does not me
an the sample was wrong, but does mean that the sample design must be considered
. For that reason, the projection method is usually specified in the audit plan.
Auditors are required to follow up each monetary difference to determine whether
it arose from (a) misunderstanding of accounting principles, (b) simple mistake
s or carelessness, (c) an intentional irregularity, or (d) management override o
f an internal control procedure.
Errors found in account balance auditing may also indicate weaknesses in interna
l control procedures the dual-purpose characteristic of auditing procedures. If ma
ny more monetary differences than expected arise, the control risk conclusion ma
y need to be revised and more account balance auditing work done.
CHAPTER 11
LO1 Describe the revenues, receivables, and receipts process, including typical
risks, transactions, account balances, source documents, and controls.
Revenue creation is the focus of strategy and business processes for any organiz
ation because revenues provide cash flows. All businesses deal with clients or c
ustomers, so the accounting cycle for the business process related to accepting
orders, delivering goods and services, accounting for sales and accounts receiva
ble, collecting and depositing cash received and reconciling bank statements is
extremely important.
Due to their liquidity, cash and accounts receivable are the riskiest of all ass
ets. To assess risks in the revenue-generating processes, the auditor considers
the revenue and cash receipts transactions as well as the account receivable bal
ances. In addition there are important disclosures that need to be made with res
pect to revenue recognition policies, related party transactions, commitments an
d economic dependencies.
At the assertion level, risks related to the existence and ownership of revenues
may arise as a result of overly aggressive revenue recognition policies.
There are important control activities that should be in place: controls to conf
irm the existence of accounts receivable as well as controls to provide assuranc
e that process and procedures reduce the risk of material misstatement of revenu
es.
Orders are received and a series of procedures are in place to process orders in
cluding appropriate authorizations (credit). Master file access must be limited
to ensure fictitious orders are not placed into the system. There must be approp
riate physical custody of company assets (inventory) to insure inventory is only
made available for valid orders. Custody of accounts receivable will preclude t
he alteration of these records by unauthorized persons for unauthorized transact
The audit procedures that can be used include recalulation, inspection of physic
al assets, confirmation, enquiry, and inspection of documents: vouching, scannin
g and analysis.
Analysis includes comparisons of assets and revenue balances with recent history
or industry statistics. Account interrelationships are also examined through an
alytical review.
LO6 Identify considerations for using confirmations when auditing cash and accou
nts receivable.
Confirmations of accounts receivable (positive or negative) are powerful tools f
or providing evidence with respect to the existence and valuation of accounts re
ceivable.
Positive confirmations are used when individual balances are relatively large or
when accounts are in dispute. A positive confirmation does not contain the bala
nce; customers are asked to fill it in themselves.
A negative confirmation asks for a response only is something is wrong with the
balance. Negative confirmations are used mostly when inherent risk and control r
isk are considered low, when a large number of small balances is involved, and w
hen customers can be expected to consider the confirmation properly.
The auditor must control both the delivery and receipt of accounts receivable co
nfirmations at all times. Positive confirmations require much more follow up whe
n not confirmed. Auditors must carefully monitor the response rate (proportion o
f positive confirmations returns) and the detection rate (the ratio of misstatem
ents reported to auditors to the actual number of account misstatements).
Confirmations are also used for cash and loan balances. Confirmations yield evid
ence about existence and valuation.
LO7 Describe the audit of bank statement reconciliations and how auditors can id
entify accounts receivable lapping and suspicious cash transactions.
A company s bank reconciliation is the primary means of valuing cash in the financ
ial statements. The auditor vouches the bank reconciliation items against a cutoff bank statement.
A cut-off bank statement is a complete bank statement for a 10
20 day period fol
lowing the reconciliation date received directly by the auditors.
Special attention to be given to the possibility of two methods that are used to
misstate cash balances. The first is accounts receivable lapping (a manipulatio
n of accounts receivable to hide a theft or fraud). The second is suspicious cas
h transactions; cheque kiting (building up apparent balances in one or more bank
accounts based on uncollected cheques drawn against similar accounts in other b
anks) orwindow dressing (inappropriate manipulation of account balances by manag
ement to make the financial position appear more attractive to the users).
CHAPTER 15
Overview
This chapter is about tying up loose ends, and bringing together all the work th
at has been performed during the audit with a view to formulating an audit opini
on. It is worthwhile to note that the procedures performed in completing the aud
it have several distinct characteristics. For instance, they do not pertain to s
pecific transactions cycles or accounts; they are performed after the balance sh
eet date; they involve many subjective judgments by the auditor, and are usually
performed by audit managers or other senior members of the audit team. Generall
y speaking, the auditor's responsibilities in completing the audit involve compl
eting the field work, evaluating the findings, and communicating with the client
.
LO1 Describe the balance sheet account groups that the major revenue and expense
accounts are associated with, as well as the substantive analytical procedures
applied to audit revenues and expenses.
As the field work nears its end, the major revenue and expense accounts will hav
e been audited in connection with related balance sheet accounts. Now, auditors
need to consider other revenue and expense accounts.
Analytical procedures can be used as substantive procedures to compare the reven
ue accounts and minor expense accounts with prior-year data and with multiple-ye