CHAPTER 1

LO1 Explain the importance of auditing

Auditing is the verification of information by someone other than the one provid
ing it. Verification reduces the risk of the information being misleading.
The possibility that information is incorrect is known as information risk. When
auditors verify the reliability of financial information, they reduce informati
on risk.
GAAP stands for Generally Accepted Accounting Principles. These are methods that
have been established in a particular jurisdiction by a standard-setting body o
r by authoritative support such as the accounting recommendations in the CICA Ha
ndbook.
Auditors must be perceived as acting in the interest of the financial statement
users (acting in the public interest).
An important distinguishing feature of auditing is known as three party accounta
bility. The three parties are: preparers of the information, users of the inform
ation, and auditors who work for the users, checking the work of the preparer.
LO2 Distinguish auditing from accounting
Accounting is the process of recording, classifying, and summarizing transaction
s into financial statements.
There are three underlying conditions impacting the users demand for accounting i
nformation: complexity, remoteness and consequences. Complexity refers to the in
creasing number and variety of transactions. Remoteness describes how users of f
inancial information are usually separated from a company s accounting records by
distance and time, as well as by lack of expertise. Consequences refer to the fa
ct that decisions involving large dollars and efforts are made based on financia
l information.
Companies prepare information to be used by financial decision makers in order t
o obtain loans or sell stock. This is a potential conflict of interest. As a res
ult, users are a naturally skeptical of the financial information prepared by co
mpanies. External professional auditors are hired to lend credibility to the fin
ancial information.
Lending credibility is also known as providing assurance. Usually when people th
ink of financial statements, they think of the annual report which includes both
the financial statements prepared by management and the audit opinion prepared
by auditors. However, auditing does not include financial report production. Tha
t function is performed by a company s accountants under the direction of manageme
nt. The auditor s role is to determine whether the information in the financial st
atements is reliable, and to communicate this to the users.
Auditing involves a process of obtaining and evaluating evidence in order to ver
ify the accuracy of financial information.
The purpose of an audit is to enhance the degree of confidence of the users of t
he financial statements. Auditors express an opinion on whether the financial st
atements are prepared, in all material respects, in accordance with an applicabl
e financial reporting framework.
Professional judgment is widely used in accounting and auditing It refers to the
application of relevant training, knowledge, and experience in making informed
decisions about the courses of action that are appropriate. Critical thinking is
the process of justifying one s conclusion or decision by providing acceptable re
asons.
An Attest Engagement is an engagement where the PA is hired to perform procedure
s and issue a report to affirm the validity of an assertion.
CAS (Canadian Auditing Standard) is the audit standard in Canada using the equiv
alent International Standard on Auditing (ISA).
LO3 Explain the role of auditing in information risk reduction
Business risk is the risk that a company may fail to achieve its objectives. Bus
iness risk results from economic changes, technology changes, poor management de
cisions, or just bad luck.
Auditors do not influence business risk although they do consider it.
Information risk is the risk that the financial information fails to reflect eco
nomic substance of business activities. From the auditor s perspective, informatio

n risk is the probability that the financial statements distributed by a company

will be materially false and misleading to a financial statement user.
There are two major categories of information risk: audit risk and accounting ri
sk. Audit risk is the risk of insufficient evidence being gathered on the facts
concerning the auditee s economic circumstances.Accounting risk is the risk that e
rrors associated with estimates used in GAAP are not properly disclosed.
LO4 Describe the other major types of audits and auditors
The Institute of Internal Auditors (IIA) defines internal auditing and its purpo
se as: an independent, objective assurance and consulting activity designed to a
dd value and improve an organization s operations.
Some internal auditing activity is known as operational auditing. Operational au
diting is the study of business operations in order to make recommendations abou
t the economic and efficient use of resources, effective achievement of business
objectives, and compliance with company policies. The goal of operational audit
ing is to help managers discharge their management responsibilities and improve
profitability.
The Office of the Auditor General of Canada (OAG) is an accounting, auditing, an
d investigating agency of Parliament, headed by the Auditor General. Many provin
ces have audit agencies similar to the OAG who answer to provincial legislatures
. The OAG is like an external auditor, with respect to the government agencies t
hey audit, because they are organizationally independent. Many government agenci
es also have their own internal auditors. Audit activities of all levels of gove
rnment are frequently referred to as public sector auditing.
In the public sector you see economy, efficiency, and effectiveness audits calle
d value-for-money (VFM) audits. VFM audits are a means of improving accountabili
ty for the efficient and economical use of resources and the achievement of prog
ram goals.
Fraud is an attempt by one party (the fraudster) to deceive someone (the victim)
for gain. Fraud falls under the Criminal Code and includes deception based on m
anipulation of accounting records and financial statements. Recently, auditor re
sponsibilities to detect fraud have significantly increased. Fraud auditing is a
separate engagement that might be done by those with specialized training.
LO5 Provide an overview of international auditing and its impact on Canadian aud
iting standards
Many of the large public accounting firms are worldwide. Developments such as th
e creation of the North American Free Trade Agreement (NAFTA), the evolution of
the European Economic Union and other free trade zones, and the pervasive effect
s of technological change are all contributing to increased global harmonization
of auditing and accounting standards. For these reasons the International Feder
ation of Accountants (IFAC) was created in 1977.
The IFAC publishes its own handbook on auditing standards recommending Internati
onal Standards on Auditing (ISAs). ISAs cover basic principles of auditing, audi
tor s reports, professional independence, reliance on other auditors abroad, and p
rofessional qualifications.
ISAs are increasingly becoming the dominant standards worldwide. The CICA s policy
is to adopt ISAs as is, unless Canadian conditions require a different standard
.
CHAPTER 2
LO1: Describe the current audit environment, including developments in regulator
y oversight and provincial regulation of public accountants in Canada.
The Sarbanes-Oxley Act (SOX) was signed into U.S. legislation in July 2002. SOX
created the PCAOB (Public Company Accounting Oversight Board) which was given th
e authority to tighten quality control of audit practices and to report on resul
ts of inspections of audit firm practices.
The CPAB (Canadian Public Accountability Board) was created in Canada by the CIC
A to oversee auditors of public companies. This board also tightens quality cont
rol of audit practice and reports on inspections of audit firm practices.
Audit committees monitor management s financial reporting responsibilities, includ

ing meeting with the external auditors and dealing with various audit and accoun
ting matters that may arise
In Canada, regulation of public accounting is a provincial matter. Most province
s have public accountancy acts that specify who is allowed to practice public ac
counting in the province. In recent years, the trend in provincial public accoun
tancy legislation has been to open public accounting to CGAs and CMAs, as well a
s CAs. The goal is to increase accessibility to reasonably priced public account
ing services while maintaining standards.
Overall, the profession of auditing is facing an increasingly complex regulatory
environment. Auditors must be aware of this environment in order to perform a p
roper audit.
LO2: List the various practice standards for independent audits of financial s
tatements.
Practice standards are general guides for the quality of professional work. The
list includes Generally Accepted Audit Standards (GAAS), assurance standards, CI
CA s General Standards of Quality Control for Firms Performing Assurance Engagemen
ts and other quality control standards as reflected in firm peer reviews and pro
vincial institutes practice inspection manuals.
LO3: Outline the ethical, examination, and reporting standards that make up ge
nerally accepted auditing standards (GAAS) as set out in the CICA s Canadian Audit
ing Standards (CAS).
GAAS identifies the objectives and key principles of the financial statement aud
it. Audit standards are quality recommendations that are the same for all audits
.
The general standard refers to competence, objectivity and independence, and due
professional care. These are the key supporting rules of professional conduct.
Competence is knowing what to do by having adequate technical training and profi
ciency while objectivity and independence require auditors to have an objective
state of mind. Auditors are expected to have intellectual honesty and impartiali
ty. Due professional care is doing the work to the best of your ability while ob
serving the rules of professional ethics and GAAS.
CAS concepts and principles include how to conduct an audit, the scope of the au
dit, reasonable assurance, audit risk and materiality, planning and supervision,
internal control assessment and sufficient appropriate evidential matter.
The overall objective of a financial statement audit is to enable the auditor to
express an opinion as to whether the financial statements are prepared, in all
material respects, in conformity with an applicable framework, usually GAAP. An
auditor performs work his/her to obtain reasonable assurance that the informatio
n prepared by management is correct, not absolute assurance.
A written audit program of the procedures to be performed, and the timing of the
work, is usually good evidence the audit has been planned in accordance with GA
AS. Before the financial statement audit is planned, an auditor studies the orga
nization and the industry in which it operates to identify probable areas of con
cern or higher risk of misstatement.
A standard audit opinion consists of several parts. The first line identifies th
e key user of the audit opinion. For a public company, this would be the shareho
lders. The first paragraph identifies what was audited. Next are the paragraphs
which clearly identify that it is management s responsibility to prepare the finan
cial statements and that it is the auditor s responsibility to obtain evidence and
express an opinion. Finally, the last paragraph is the expression of an opinion
. In this case, it would be that the financial statements are fairly presented i
n all material respects and are in accordance with GAAP.
An unqualified (clean) opinion implies that the accounting principles used in th
e financial statements have general acceptance and are consistently applied. It
also implies that the statements fully disclose information that most users woul
d consider necessary. Last, and most important, it that means the financial stat
ements are accurate within practical materiality limits.
An adverse opinion is the opposite of an unqualified opinion by stating financia

l statements are not in accordance with GAAP.

A disclaimer of opinion is a statement that no opinion is given.
Management is often evaluated and rewarded based on financial results. As a resu
lt, a potential conflict of interest always exists between management and the au
ditors who are verifying the results. Professional scepticism means that an audi
tor tends not to believe management without other evidence. However, neither sho
uld auditors blindly expect that every manager will be dishonest. The vast major
ity are honest and skilled.
LO4: Explain the importance of general assurance standards, using examples of a
ssurance matters.
An auditor needs to plan their audit. An auditor first decides what type of assu
rance engagement to perform. Most engagements require auditing of the financial
statements as a whole. An auditor needs to clearly understand the financial repo
rting framework, which is usually, but not always, GAAP.
Assurance standards do not replace existing audit and review standards. They wer
e designed to provide guidance for attest engagements other than traditional aud
its. An attest engagement requires a public accountant s conclusion on a written a
ssertion prepared by the accountable party. Attestation engagements include audi
ts as well as reviews.
Assurance standards are more general than GAAS. They refer to expertise in the s
ubject matter as opposed to expertise in accounting, since the engagement may no
t be on financial statements. The assurance standards also do not require a revi
ew of internal controls or the design of fraud detection procedures. Such matter
s are implicit in the design of tests to obtain sufficient evidence.
LO5: Explain how requirements of quality control standards are monitored for P
A firms.
Quality control can be defined as actions taken by a public accounting firm to e
valuate compliance with professional standards. Quality control policies and pro
cedures should be implemented both at the level of the audit firm and on individ
ual audits.
Practice inspections, peer reviews, and quality inspections are audits of the aud
itors. A practice inspection is the system of reviewing and evaluating audit file
s and other documentation by an independent external party. Peer reviews are a p
ractice inspection, usually done as a special engagement, by another audit firm
hired for the task by the firm being reviewed. Quality inspections are an examin
ation and evaluation of the quality of the overall practice.
CHAPTER 3
LO1 Introduce the concept of auditor responsibilities
As part of a privileged profession, auditors are responsible to society. Respons
ibility can be divided into three categories: moral, professional, and legal.
Morality deals with character and doing the right thing as is determined largely b
y social norms.
Professional responsibilities refer to the more formal ethical responsibilities
of auditors. These responsibilities (or professional ethics) are the rules and p
rinciples for the proper conduct of an auditor in his/her work. Professional eth
ics are necessary for a number of reasons: to obtain the respect and confidence
of the public, to distinguish the professional from the general public, to achie
ve order within the profession, and to provide a means of self-policing the prof
ession.
Legal responsibilities are the risks auditors accept in a court of law while pra
cticing public accounting.
LO2 Explain the importance of the study of ethics in helping define auditor resp
onsbilities
Ethics can be defined as that branch of philosophy which is the systematic study
of reflective choice, of the standards of right and wrong by which it is to be g
uided, and of the goods toward which it may ultimately be directed. This definiti

on raises three key elements of ethics: (1) it involves questions requiring refl
ective choice (decision problems), (2) it involves guides of right and wrong (mo
ral principles), and (3) it is concerned with the consequences of decisions.
Problem situations can arise when two or more rules conflict or when a rule and
the criterion of greatest good conflict. Ethical decision problems almost always i
nvolve projecting yourself into the future to imagine living with your decisions
. Professional ethical decisions usually turn on two questions: What written and
unwritten rules govern my behaviour? What are the possible consequences of my c
hoices? Ethical reasoning is different from other types of reasoning because it
includes consideration for the perspective of others.
LO3 Outline the characteristics of professional skepticism and critical thinking
Professional skepticism is an auditor s tendency to not believe management asserti
ons, but to find sufficient support for the assertions through appropriate audit
evidence (must apply due care).
Critical thinking involves questioning the application of a standard, the concep
ts and principles underlying it, and the consistency of standards to one another
. It considers how, when and whom management is trying to persuade in making its
assertions.
Professional judgment in auditing is essentially critical thinking on accounting
issues and the evidence related to them. The critical thinking framework can be
used for deciding when an audit conclusion is sufficiently justified.
LO4 Analyze whether a PA s conduct conforms to principles underlying provincial ru
les of professional ethics
All of the Canadian PA bodies (CAs, CGAs, CMAs) and the International Federation
of Accountants (IFAC) have their own rules of professional conduct for their me
mbers and students, either provincially or nationally. Codes of conduct need a b
alance between detailed rules and more general principles. They also need to be
practical. As a result they all tend to have similar frameworks. Codes of profes
sional conduct apply to all members, with some exceptions for students and membe
rs who are not in public practice.
For CAs in Canada, there are six rules of professional conduct which are summari
zed as follows: 1. The member should act to maintain the profession s reputation.
2. The member should use due care and maintain his or her professional competenc
e. 3. The member should maintain the appearance of independence as well as the f
act of independence of his or her professional judgment. 4. The member should pr
eserve client confidentiality. 5. The member should base his or her reputation o
n professional excellence in particular, advertising should inform, not solicit. 6
. The member should show professional courtesy to other members at all times.
The single most important principle for accountants is to serve the public inter
est; they can only do so if the profession maintains a good reputation. The rema
ining principles all serve to support this first one.
Integrity is the duty to be honest and conscientious. Integrity relates to the b
asic character of a professional and applies to more than just their business de
alings. The public may view any serious transgression of a professional accounta
nt, including those outside business or professional activity, as a black mark a
gainst the profession as a whole. Consequently, if a professional accountant is
convicted of a minimal offense or fraud, his or her certification is usually rev
oked.
LO5 Explain the importance of an independence framework for auditors
Independence is a way of achieving objectivity. Professional accountants in publ
ic practice should be independent in fact and appearance.
There are five threats to a PAs independence:
1.
Self-review providing assurance on his or her own work
2.
Self-interest for example, benefiting from a financial interest in a clien
t
3.
Advocacy promoting a client s position or opinion
4.
Familiarity becoming too sympathetic to a client s interests
5.
Intimidation being deterred from acting objectively by actual or perceived
threats from a client
A PA must identify and evaluate possible independence threats. Unless the threat

s are already insignificant, the PA must reduce them to a level that would pose
no real or perceived compromise to their work. If they cannot, the PA must elimi
nate the activity, interest, or relationship that is creating the threat.
Since the purpose of auditing is to lend credibility to financial statements, au
ditors must be impartial and unbiased. Auditors must be independent in appearanc
e and in fact.
In an audit, programming, investigative, and reporting independence all must be
maintained. Programming independence refers to the need for auditors to remain f
ree from interference by client managers who try to restrict, specify, or modify
the procedures auditors want to perform, including any attempt to assign person
nel or otherwise control the audit work. Investigative independence refers to th
e need for auditors to have free access to books, records, correspondence, and o
ther evidence. Lastly, an auditor must maintain reporting independence by report
ing fully and fairly. Clients cannot overrule auditors judgments on the content o
f an audit report.
Professional competence applies to the professional services that the member und
ertakes. The member must be technically proficient in performing the service. If
they are not, then they must either hire, or be supervised by, someone who is.
Due Professional Care means technical proficiency is applied to the best of the
member s ability.
Professional competence and due care involves adequately planning and supervisin
g audits as well as ensuring sufficient data is obtained to support all conclusi
ons and recommendations.
LO6 Outline auditor legal responsibilities
PAs are potentially liable for monetary damages and can be subject to criminal p
enalties including fines and jail terms, for failure to perform professional ser
vices properly. They can be sued by clients, clients creditors, investors, and th
e government
Law is essentially a social system for resolving conflicts. Common law refers to
the system of law based primarily on previous judicial decisions. Unlike public
law, its laws have not been codified in statutes via legislation (statutory law
). There are several major categories of civil law: contracts (agreements or pro
mises that create expectations for others), torts (civil wrongs such as negligen
t actions which create obligations for the offending party), and property (right
s over goods and land). Common law liabilities for auditors arise from the law o
f contracts or torts.
Research data suggests accountants and auditors are exposed to liability for fai
lure to report known departures from accounting principles, for failure to condu
ct audits properly, for failure to detect management fraud and for actually bein
g parties to fraud.
Many users of audit reports expect auditors to detect fraud, theft, and illegal
acts, and to report them publicly. In the audit report, auditors take responsibi
lity for detecting material misstatements in financial statements, whether due t
o fraud or unintentional misstatements. Users are afraid of information risk due
to intentional misstatements, and they want it reduced, even eliminated. Some o
f their expectations are very high, resulting in an expectation gap between the
diligence users expect and the diligence auditors are able to accept.
LO7 Outline the various types of common law liability for PAs, citing specific c
ase precendents
Tort refers to a private or civil wrong or injury such as fraud. These actions a
re normally brought on by users of financial statements who have suffered a fina
ncial loss, asking the auditors compensate them for their losses.
Most auditor legal liability arises from the law of negligence, a part of the co
mmon law known as the law of torts. Negligence is the failure to perform a duty
to a standard of care. Under common law all of the following four elements of ne
gligence must be established by the plaintiff if he or she is to successfully su
e the auditor. There must be a legal duty of care to the plaintiff; there must b
e a breach in that duty; there must be proof that damage resulted, and there mus
t be a reasonably proximate connection between the breach of duty and the result
ing damage.

The auditor s best defence is to demonstrate that at least one of the preceding el
ements is missing. The auditor may also argue that the plaintiff contributed to
his or her own loss by, for example, not correcting internal control weaknesses.
In a contract, an auditor (the first party) owes the client (the second party) a
duty of care due to privity of contract. The engagement letter is critical in s
pecifying the contractual obligations. The corporation itself, as a legal person,
has to claim any damages. In the case of auditors, the owners are not viewed as
having privity of contract with the auditors; only the corporation has privity o
f contract. Thus, shareholders can take action only as third parties. The most s
ignificant source of liability to auditors, however, is from these third parties
.
Under common law, PAs may also be liable to known third parties and reasonably f
oreseeable beneficiaries creditors, investors, or potential investors who rely on
the accountants work. If the PA is reasonably able to foresee a limited class of
potential users of his work, liability may be imposed for ordinary negligence.
Ordinary negligence is unintentional error in applying professional standards, w
hile gross negligence is intentional error on the part of the auditors. Under gr
oss negligence, auditors are liable to all third parties relying on the statemen
ts.
The second element of negligence is breach of duty of care. Due professional car
e implies the careful application of all the standards of the profession (GAAS,
GAAP) and observance of all the rules of professional conduct. The courts have i
nterpreted care to be reasonably prudent practice; therefore, neither the highes
t possible standards nor the minimum standards would be considered due care from
a legal perspective.
The third element is that some damage must occur to the third party otherwise only
the audit fee can be recovered.
The fourth and last element of negligence requires there be a causal link betwee
n the breach of duty and the resulting damage. Thus, for example, if losses occu
r before the time of the audit, or if it can be proven that the plaintiff did no
t rely on the audited information to any significant degree, the lawsuit will no
t be successful.
The primary defence against a negligence claim is to offer evidence that the aud
it had been conducted in accordance with GAAS and with due professional care. In
several Canadian cases, the auditors successfully argued that clients should no
t have relied on the financial statements to make their decision. A good example
is a bank. Banks usually have available to them not only their customers financi
al statements but a great deal of other information as well. Their decision to e
xtend a loan is very often based on considerations quite apart the opinion of th
e customer s auditors.
The Canada Business Corporation Act (CBCA) was amended in 2001 to change the lia
bility associated with financial statement misrepresentations from one of joint
and several liability to modified proportionate liability. Auditors in Canada ar
e now liable under the CBCA to the extent of their degree of responsibility for
the loss (proportionate liability). However, the proportionate liability is modi
fied in that if other defendants in the lawsuit are unable to pay, the auditor i
s then liable for additional payments capped at 50 percent of his own original l
iability. Under some conditions, the courts can revert to the joint and several
liability, in which case the auditor may be required to pay up to 100 percent of
the damages.
The two US laws that affect auditors are The Foreign Corrupt Practices Act of 19
77 (FCPA) and the Racketeer Influenced and Corrupt Organization Act (RICO). The
FCPA makes it a criminal offence for American companies to bribe a foreign offic
ial. The FCPA is a law directed at company managements. Independent auditors hav
e no direct responsibility under these laws. There are two Canadian versions of
these laws: the Bill C-22 Proceeds of Crime (Money Laundering) and Terrorist Fin
ancing Act (PCMLTFA); and Corruption of Foreign Officials Act. Bill C-22 permits
fines of up to $2 million and prison terms for management and employees if they
engage in money laundering. Auditors should be aware of their reporting respons
ibilities to outside agencies, and the need to avoid being considered accomplice

s under the legislation.

A unique feature of Canadian common law is the expanding concept of accountants
iduciary duty. An accountant may be a fiduciary when he or she acts as an audito
r, or simply an adviser, to a vulnerable client. If a court concludes that an ac
countant is a fiduciary, he or she may be held responsible for damages, even tho
ugh (1) the PA s conduct did not cause the damage, (2) the plaintiff failed to tak
e reasonable steps to mitigate those damages, or (3) the plaintiff was partially
at fault or other third parties contributed to the damages suffered. Thus, a PA s
common defences to a negligence action, such as contributory negligence, remote
ness of damages, failure to mitigate and no duty of care, do not apply to an act
ion in breach of fiduciary duty.

LO1 Describe the association framework

Association is a term used within the profession to indicate a public accountant s
involvement with information issued by an organization. The PA may become assoc
iated with information through their own actions, by an enterprise indicating th
e PA s involvement with or without the PA s knowledge or consent, or when a third pa
rty makes a reasonable assumption that the PA is involved.
Association means the PA is lending credibility to the information. A public acc
ountant associates him or herself with information when they either perform serv
ices, or consent to the use of their name in connection with that information.
LO2 Determine whether a PA is associated with financial statements
Auditing standards require a report in all cases where a PA s name is associated w
ith a financial statement. A PA is associated with a financial statement when (1
) they are reproduced on their letterhead, (2) they are produced by their comput
er as part of a bookkeeping service, or (3) a document containing financial stat
ements identifies them as the public accountant or auditor for the company. A re
port is required because users of financial statements will assume that an audit
has been conducted and that everything is OK on the basis of the association of a
PA.
LO3 Describe the three levels of assurance
In practice, accountants and auditors can render three types of reports, or leve
ls of assurance, about financial statements.
The highest level of assurance is the standard unqualified report, also known as
a clean opinion. Its opinion sentence reads, In our opinion, the accompanying fi
nancial statements present fairly, in all material respects. This opinion sentenc
e is sometimes called positive assurance because it is a forthright and factual
statement of the PA s opinion based on an audit. Positive assurance is the highest
level of assurance.
Moderate assurance is provided for a review engagement. Its report would read, Ba
sed on my review, nothing has come to my attention that causes me to believe tha
t these financial statements are not, in all material respects, in accordance wi
th Canadian generally accepted accounting principles, This conclusion is also cal
led negative assurance.
The lowest level of assurance is a no assurance engagement. The most common exam
ples are compilation engagements and specified procedures engagements. Compilati
on engagements are not considered to be assurance engagements because the practi
tioner is not required to attempt to verify the accuracy or completeness of the
information provided by management. The PA s involvement presumably adds accountin
g credibility to the financial statements only.
The most important aspect to the concept of assurance levels is that it reflects
the separate levels of evidence the PA has gathered to support their conclusion
s. The reason there is less assurance in a review engagement is because the PA i
s required to gather less evidence. Compilations are considered a no assurance e
ngagement because PAs are not required to gather any evidence on the financial i
nformation. In any of these engagements, however, if the financial information i
s misleading, it is PA s responsibility to not be associated.
LO4 Compare and contrast the scope and opinion paragraphs in an independent audi
tor s report
The standard unqualified report contains four basic segments: (1) introductory p

aragraph, (2) management responsibility paragraph, (3) auditor responsibility pa

ragraph(s), and (4) opinion paragraph.
The introductory paragraph declares an audit has been conducted and identifies t
he specific financial statements that the opinion applies to.
The second paragraph declares the management s (or other preparer s) responsibility
to prepare the financial statements in conformity with an applicable reporting f
ramework (usually GAAP).
The auditor responsibility paragraphs, also referred to as the scope paragraphs,
are the auditor s report of the extent of the audit work. It makes explicit the a
uditor s responsibility to detect fraudulent reporting, abide by ethical standards
, and appropriately support the opinion with audit evidence.
Lastly, users of audited financial statements are generally most interested in t
he opinion paragraph, which contains the auditors conclusions about the financial
statements.
When the financial statements contain a departure from GAAP, auditors must choos
e between a qualified opinion and an adverse opinion. The choice depends on the
materiality and pervasiveness of the effect of the GAAP departure. This is calle
d an accounting deficiency reservation.
When there is a scope limitation, auditors must choose between a qualified opini
on and a disclaimer of opinion. The choice depends on the materiality of the mat
ter. This is called an auditing deficiency reservation.
LO5 For a given set of accounting facts and audit circumstances, analyze qualifi
ed, adverse, and disclaimer audit reports.
Audit reports other than the standard unqualified audit report are called audit
report reservations.
The most common report reservations are called qualified reports. There are two
basic types of qualified reports: GAAP departure reports and scope limitation re
ports.
Financial statements may contain an accounting treatment or have disclosure that
is not in conformity with GAAP. If the departure is immaterial or insignificant
, it can be treated as if it did not exist and a clean opinion can be given.
If the auditor judges that the accounting deficiency is material enough to poten
tially affect users decisions, the opinion must be qualified. In this case the op
inion sentence is changed to read In my opinion, except for the [nature of the GA
AP departure], the financial statements present fairly, in all material respects
. . . This identifies the particular departure but says that the financial state
ments are otherwise in conformity with GAAP. The nature of the GAAP departure ca
n also be explained in a separate paragraph (called the reservation paragraph) b
etween the scope paragraphs and the opinion paragraph.
If the GAAP departure is either (1) much more material or (2) pervasive, affecti
ng numerous accounts and financial statement relationships, there is a condition
of pervasive materiality and an adverse opinion should be given. An adverse opi
nion is the opposite of the unqualified opinion. In this type of opinion, audito
rs say the financial statements do not present the financial position, results o
f operations, and changes in financial position in conformity with GAAP.
There are two kinds of situations where the auditors are unable to obtain suffic
ient appropriate evidence (scope limitations): (1) management deliberately refus
es to let auditors perform some procedures or (2) circumstances, such as late ap
pointment of auditor or loss of data that would make it impossible for some proc
edures to be performed. If the effect of the missing data is minor or if suffici
ent appropriate evidence can be obtained by other means, the audit can be consid
ered to be unaffected, and a clean report issued.
If the audit deficiency is considered material, but not pervasively or highly ma
terial enough to overwhelm the usefulness of the remainder of the financial stat
ements, the scope paragraph is adjusted. The audit was not completed entirely in
accordance with generally accepted auditing standards. Whenever the scope parag
raph is qualified for an important omission of audit work, the opinion paragraph
should also be qualified to state
except for the effects of adjustments, if any,
as might have been determined to be necessary had we been able to examine evide
nce

If the missing evidence is too large and too important to say except for adjustme
nts, if any the audit report then must be a disclaimer or denial of opinion. Miss
ing evidence is not evidence the statements are misleading, it is simply that th
ere is not enough evidence to make a determination.
Assurance levels are further explained in terms of (1) reports qualified for sco
pe limitations and departures from GAAP, (2) adverse reports resulting from GAAP
departures, and (3) disclaimers of opinion resulting from lack of independence
and lack of sufficient appropriate evidence. The type of report to issue depends
on materiality.
In practice, when an auditor decides a matter is material enough to make a diffe
rence, a further distinction must be made between misstatements of materiality and
those of pervasive materiality. Materiality means that the information cannot simp
ly be ignored, the item in question is important and needs to be disclosed. Perv
asive materiality means that the item is very important and has a significant im
pact on the reporting decision. The distinction between the two materialities is
the number of users affected by the potential misstatements: pervasive material
ity affects many more users than does materiality.
LO6 Determine the effects of materiality and uncertainty on audit report choices
Present fairly is one of those widely used accounting terms that is never defined
in any standard. As auditor, you must provide an intuitive, reasonable, if not a
uthoritative, explanation of its meaning
a good starting point is that fair pres
entation means not to mislead, but to tell the truth about economic reality usin
g an acceptable accounting framework.

CHAPTER 5
LO1 Summarize the financial statement audit process
Auditors follow an audit process. The audit process involves three steps: 1) ris
k assessment, 2) response to assess risks and 3) concluding and reporting.
Risk Assessment consists of pre-engagement activities, preliminary audit plannin
g (risk identification) and risk assessment procedures.
Responding to the assessed risks involves internal control documentation and tes
ting, making sampling decisions and substantive procedures.
Concluding and reporting consists of reviewing the audit findings, forming an op
inion and issuing a report.
LO2 Explain the main characteristics of an independent audit engagement
Many entities require independently audited financial statements to meet their e
xternal stakeholders information needs. All publicly traded entities require audi
ted financial statements due to securities laws, many private corporations will
require audits due to the demands of their stakeholders and governmental entitie
s may require audits due to laws or demands of stakeholders.
Those charged with governance are people or organizations with the responsibilit
y for overseeing the strategic directions of the entity and the obligations rela
ted to the accountability of the entity. This oversight includes the financial r
eporting process.
The terms auditee or organization or entity refer to the entity whose financial
ents are being audited. Typically, the auditor is engaged by the people charged
with governance within the auditee entity.
LO3 Describe the activities auditors undertake to decide whether to accept a fin
ancial statement audit engagement
Public accounting firms are not obligated to accept undesirable audit clients or
to continue if relationships deteriorate or the auditee s management comes under
a cloud of suspicion.
Acceptance and retention decisions involve the following: obtain and review fina
ncial information about an auditee; evaluate the auditors ability to comply with
ethical requirements; consider whether there is a need for a special skill set;
ask the auditee s management about the business and its risks; consider whether th
e engagement involves any unusual risks; search for information about the organi
zation; and, communicate with the previous auditor, if any.
The auditor must determine whether the organization is auditable and whether the s
tatements will be prepared in accordance with GAAP. The auditor must be satisfie

d that the auditee management understands their responsibilities for preparing f

inancial statements.
Professional conduct rules for public accountants require a successor auditor to
contact the predecessor auditor. The same rules of conduct also require the pre
decessor to respond promptly to communications from the successor, however, the
auditee must give the predecessor permission to discuss any audit matters of a c
onfidential nature (audit files belong to the auditor, not the auditee). Managem
ent s refusal to consent would raise serious concerns about their integrity.
The auditor must obtain an engagement letter for each audit. The engagement lett
er is, in effect, the contract
it is a mutual understanding of, and agreement on
, the terms of the engagement. The engagement letter should cover the objective,
scope and limitations of the audit as well as the responsibilities of both part
ies.
The partner and manager in charge of the audit will prepare a time budget for th
e work, including the number of hours each segment of the audit is expected to t
ake. The budget is based on last year s performance (for continuing auditees), tak
ing into account any changes in the auditee s business. Most audit work is perform
ed just before and just after year end. (year-end audit work) Some work, such as
testing of internal controls, is scheduled several months before year end (inte
rim audit work).
LO4 Explain why auditors need to understand the auditee organization s business an
d environment and its risks and controls at the start of a financial statement a
udit
The objective of a financial statement audit is to render an opinion on whether
the financial statements are fairly presented in accordance with GAAP. Accountin
g is supposed to reflect the economic substance of an entity s transactions, event
s, and conditions. In order to design the audit, auditors must understand the br
oad economic environment the auditee operates in, as well as any key industry ch
aracteristics.
Understanding the auditee s business and its operating environment helps to assess
the risk that the auditee s financial statements might not be fairly presented. R
isk assessment considers classes of transactions, account balances, and disclosu
res in the financial statements. These financial statement elements are made up
of specific assertions or fundamental claims by management.
An overall audit strategy guides the design of a detailed audit plan which conta
ins a set of audit programs to effectively address all significant risks of fina
ncial statement misstatements.
There are five principal assertions: existence, ownership, completeness, valuati
on, and presentation. The auditor considers risks in order to establish an overa
ll audit strategy for the engagement and to design the detailed audit procedures
used to obtain sufficient appropriate evidence about the financial statements.
Some risks are inherent in the auditee s normal business operations. Significant r
isks generally arise when business risks are not adequately managed or controlle
d.
All businesses face risk and it is important for the auditor to understand all t
he risks and how management controls these risks.
LO5 Use preliminary analytical procedures on management s draft financial statemen
ts to identify areas where misstatements are most likely
Preliminary analysis helps identify any key risk areas requiring special attenti
on by the audit team and helps auditors plan the basic scope, nature, and timing
of the work to be performed.
Analytical procedures are required at two points in the audit: at the beginning
of an audit and at the end of an audit. The purpose of doing analysis at the beg
inning of the engagement is attention directing to alert the audit team to problems
(errors, fraud) that may exist in the account balances, transactions, and disclo
sures. Analytical procedures performed at the end are completed by the partners
in charge for the purpose of reviewing the overall quality of the audit work.
Auditors may also decide to include analytical procedures as a way of providing
substantive evidence about specific financial statement assertions.
There are five general types of analytical procedures: compare financial informa

tion with prior period(s); compare financial information with budgets or forecas
ts; study predictable financial information patterns based on the entity s experie
nce; compare financial information to industry statistics; and study financial i
nformation relationships to nonfinancial information.
Many auditors start with comparative financial statements and calculate common-s
ize statements (vertical analysis) and year-to-year change in balance sheet and
income statement accounts (horizontal analysis).
LO6 Explain the materiality levels used for planning the audit and how these amo
unts are determined
Materiality is one of the first important judgments the auditor must make, since
it affects every other planning, examination, and reporting decision. Auditors
should think of materiality as the largest amount of uncorrected dollar misstate
ment that might exist in a published financial statement and still fairly presen
t the company s financial position and results of operations in conformity with GA
AP.
Materiality is both a quantitative and a qualitative judgment and cannot be redu
ced to a formula. Different auditors will make different materiality decisions b
ased on their professional judgment. Judgment is based on training and experienc
e applied to their understanding of the auditee s business and reporting risks and
the likely uses of its financial statements. Auditing standards provide guidanc
e intended to help auditors with these judgments.
Performance materiality is an amount that will be somewhat less than the materia
lity for the financial statements as a whole. It reduces the probability that th
e aggregate of uncorrected and undetected misstatements will exceed materiality.
The difference between overall materiality and performance materiality is a cus
hion against misstatements.
Since materiality is made very early, auditors will reconsider the decision when
new information surfaces during the audit. If materiality is revised to a small
er amount, the auditor may have to extend testing.
specific materiality is the materiality level to be applied to those particular
classes of transactions, account balances, or disclosures for which misstatement
s of lesser amounts than materiality for the financial statements as a whole cou
ld reasonably be expected to influence the economic decisions of users taken on
the basis of the financial statements.
specific performance materiality is the amount set by the auditor at less than t
he specific materiality level to reduce to an appropriately low level the probab
ility that the aggregate of uncorrected and undetected misstatements exceeds spe
cific materiality.
LO7 Identify the principal assertions in management s financial statements and the
related risks of material misstatement
Management the following assertions about how the financial statements represent
the underlying economic data in the accounting system: existence; completeness;
ownership (rights and obligations); valuation (measurement and allocation); and
presentation (classification and disclosure).
Existence establishes with evidence that balance-sheet assets, liabilities, and
equities are actually real. For revenue and expense transactions, the existence
assertion is also described as occurrence.
Completeness establishes with evidence that all valid transactions and accounts
that should be presented in the financial reports are included. A completeness e
rror exists when a transaction total or account balance is understated.
Proper cutoff means accounting for all transactions that occurred during a perio
d without postponing some recordings to the next period (completeness) or accele
rating next-period transactions into the current-year accounts (existence). Simp
le cutoff errors occur in the revenue accounting process when late-December sale
s invoices are recorded for goods not actually shipped until January.
The objective related to ownership is establishing, with evidence, the ownership
(rights) for assets, ownership (obligations) for liabilities, and the propriety o
f revenue and expense transactions.
The objective related to valuation (also stated as measurement, or allocation) i
s determining whether proper dollar amounts have been assigned to the assets, li

abilities, equities, revenue, and expense recognized in the financial statements

. It can involve evaluating the measurement approach used (historic cost, fair v
alue, present value) or the method of allocating joint costs.
Auditors also must determine whether accounting principles are properly selected
and applied and whether disclosures are adequate all of the aspects of financial
statement presentation. One specific objective of presentation is proper balance
sheet classification (e.g., current versus long-term).
Compliance is not normally listed as a separate assertion; however compliance wi
th laws and regulations is very important for a business. Disclosure of known no
ncompliance is necessary for presentation of financial statements in conformity
with GAAP. The compliance assertion will increase in importance as new laws and
regulations come into force to improve governance and accountability. When the s
ole purpose of an engagement is to audit compliance with various laws, regulatio
ns, or rules, it is called a compliance audit.
All financial statement audits are designed to confirm these assertions.
LO8 List the preliminary planning decisions set out in the overall audit strateg
y
Audit planning is an ongoing, iterative process where information gained as the
audit is performed may result in revisions to the plan. The preliminary planning
activities are the basis for the overall audit strategy, which documents inform
ation about:
1.
the investigation or review of the prospective or continuing engagement
and client relationship,
2.
staff, and special technical or industry expertise required,
3.
preliminary materiality levels,
4.
the assessment of significant industry or company risks and related audi
t issues,
5.
the identification of unusual accounting principles,
6.
the use of substantive or combined audit approach,
7.
the nature and extent of resources required,
8.
staff assignment and scheduling of team communications and field work, a
nd
9.
special considerations for initial or group audit engagements.
This overall audit strategy guides development of the detailed audit plan, which
contains the specific programs. The programs include specific audit objectives
and procedures to confirm the management assertions. Often, auditors use checkli
sts to guide their planning.
Checklists are useful to make sure that no step is omitted while pulling togethe
r all of the relevant preliminary planning activities to guide the development o
f the detailed audit plan.
The audit plan details the nature, timing, and extent of the audit procedures fo
r each component of the audit. The nature of audit procedures refers to evidence t
echniques they will use, timing refers to when they will be performed, whether bef
ore (interim date), at, or after the auditee s year end and the extent usually refer
s to the sample sizes of data examined, such as the number of customer accounts
receivable to confirm, or the number of inventory categories/products to count.
CHAPTER 6
LO1 Describe the conceptual audit risk model and its components
Understanding the auditee s business and performing preliminary analytical procedu
res help auditors to identify problem areas and make an overall business risk as
sessment. The organization s management is responsible for addressing business ris
k by implementing effective internal control.
To develop the audit work programs, auditors need to assess risk specifically in
audit-related terms: inherent risk, control risk, and detection risk.
Inherent risk is the probability that material misstatements have occurred in tr
ansactions within the accounting system used to develop financial statements, or
that material misstatements have occurred in an account balance. It is the risk
of material misstatements occurring in the first place and is a characteristic
of the auditee s business, the major types of transactions, and the effectiveness

of its accountants. Management optimism and bias leads to a higher inherent risk
of overstatement in asset and revenue accounts and a higher inherent risk of un
derstatement in liability and expense accounts.
Control risk is the probability that the auditee s internal control policies and p
rocedures will fail to detect or prevent material misstatements. Auditors do not
create or affect the control risk, but they do evaluate the design of an organi
zation s control system and test whether the auditee s system is working as designed
. They then assess the probability of material misstatements. Control risk shoul
d not be assessed so low that auditors place complete reliance on controls and d
o not perform any other audit work.
Inherent and control risks can be difficult to assess separately because some in
ternal controls work only when errors, irregularities, and other misstatements occ
ur, while others are preventive in nature and so tend to reduce inherent risk. A
n auditor may make separate or combined assessments of inherent and control risk
. Combined, inherent risk and control risk is referred to as the risk of materia
l misstatement.
Detection risk is the risk a material misstatement that has not been prevented o
r corrected by the auditee s internal control will not be detected by the auditor.
It is the auditor s responsibility to reduce detection risk to an acceptably low
level by performing evidence-gathering procedures known as substantive procedure
s. Two categories of substantive procedures are (1) tests of the details of tran
sactions and balances and (2) analytical procedures applied to produce circumsta
ntial evidence about dollar amounts in the accounts.
Audit risk is related to information risk and auditing is fundamentally a risk m
anagement process. Audit risk is the probability an auditor will fail to express
a reservation that financial statements are materially misstated. Audit risk ca
n at best be controlled at a low level but not eliminated, even when audits are
well planned and carefully performed. Generally, as the risk of being sued for m
aterial misstatement increases, an auditor will decrease planned audit risk to c
ompensate for the increased risk associated with the engagement.
The audit fails if all of the following three events occur: (1) there is a mater
ial misstatement to start with (inherent risk), (2) the internal controls fail t
o detect and correct the material misstatement (control risk), and (3) the audit
procedures also fail to detect the material misstatement (detection risk).
Audit Risk Model
Audit risk (AR) = Inherent risk (IR) Control risk (CR) Detection r
isk (DR)
LO2 Explain the usefulness and limitations of the audit risk model in conducting
the audit
Audit Risk Model
Audit risk (AR) = Inherent risk (IR) Control risk (CR) Detection risk (DR)
The objective is to limit audit risk to a low level by assessing inherent risk a
nd control risk as high, moderate or low.
For example, an auditor thought an inventory balance had a high inherent risk of
material misstatement (say, IR = 0.90) and that the auditee s internal control wa
s not very effective (say, CR = 0.70). If the auditor wanted audit risk at a 5 p
ercent level (AR = 0.05), planned audit procedures would need to achieve detecti
on risk (DR) that did not exceed 0.08 (approximately). The model can be used for
planning the audit work by rearranging it to solve for DR. AR = IR CR DR DR = A
R / (IR CR) = 0.05 / (0.90 0.70) = 0.08
Materiality refers to the magnitude of a misstatement, while audit risk refers t
o the level of assurance that material misstatement does not exist in the financ
ial statements. The materiality decision is based on how misstatements will affe
ct financial statement users.
Audit risk and materiality are planned early in the audit and are used throughou
t the audit for financial statements as a whole, as well as for individual accou
nts.
Inherent risk, control risk and detection risk vary by assertion for each accoun
t balance, transaction stream and disclosure.
The business risk-based audit approach was set out by CAS. The approach ensures

the auditor understands the client s business risks and strategy before assessing
the risks of material misstatement in the financial statements.
LO3 Explain how auditors assess the auditee s business risk through strategic anal
ysis and business process analysis
The business risk-based approach to auditing requires the auditor to understand
the auditee s business risks and strategy and its related internal control. Audito
rs then assess the risks of material misstatement and design procedures that add
ress the assess risks.
There are two parts of business risk analysis: strategic analysis and business p
rocess analysis. A risk-based audit approach places business risk assessment at
the heart of the audit process.
The strategic analysis begins the auditor s understanding of management s process fo
r identifying business risks and making decision to address those risks.
Business processes are a structured set of activities designed to produce a spec
ific output that matches business strategy
processes work to create value for cu
stomers and thus achieve strategic objectives. Changes in technology and ecommer
ce can affect business risks and processes.
Business performance analysis ideally considers financial and nonfinancial perfo
rmance measures and the interrelationship between the two (for example increasin
g sales and gross margins should relate to market share increases or process eff
iciencies).
LO4 Outline the relationship among the business processes and accounting process
or cycles that comprise an organization s information system and management s gener
al purpose financial statements
An accounting process can be thought of as a cycle. Accounts go together in the
accounting information system because they record transaction information from t
he same business activity and run through the same accounting process over and o
ver, in a cycle. These transactions are recorded by the organization s accountants
using journal entries involving the same set of accounts. The cycle perspective
looks at accounts grouped according to routine transactions. Auditors find it e
asier to audit the related accounts with a coordinated set of procedures instead
of attacking each account alone.
The four simplified accounting processes are the 1) revenue process, 2) purchasi
ng process, 3) production process, and 4) financing process.
LO5 Illustrate how business risk analysis is used to assess the risk of material
misstatement at the financial statement level and at the assertion level
The auditor knows that management has to consider risk as part of the operations
of an organization.
There are four ways of managing risk: avoid it; monitor it; reduce it; or transf
er it.
Risk is composed of two factors in the analysis: the likelihood the risk will oc
cur and the magnitude of the risk. Management controls minimize both the likelih
ood of a risk and the impact that the risk will have.
Risks that are not moved into the low category by management controls represent
categories for which the controls fail to reduce the risks that the financial st
atements do not portray the actual business performance. These are areas that ne
ed to be audited with the greatest care.
LO6 Describe the five components of the internal control framework: the control
environment, management s risk assessment process, information systems and communi
cation, control activities, and monitoring
Business risk and internal control are so tightly linked that auditors need to c
onsider them together.
Internal control is defined as the process designed, implemented, and maintained
by management and other auditee personnel to provide reasonable assurance about
the reliability of financial reporting, effectiveness and efficiency of operati
ons, and compliance with applicable laws and regulations.
The auditor is primarily interested in the accounting controls.
Management s and directors attitudes, awareness, and actions concerning the company
internal controls set the tone for the control environment. Management must act
to remove or reduce incentives and temptations which motivate people in the org

anization to act unethically.

Two categories of controls are preventive controls and detective/corrective cont
rols. Generally, environmental controls can be characterized as preventive contr
ols since they are there to prevent misstatements from arising in the first plac
e. Preventive controls are more effective controls designed to detect and correc
t misstatements after they have entered the system. Auditors tend to focus their
preliminary evaluation on environmental controls.
An information system is defined as a set of interrelated functions that collect
, process, store, and distribute information in an organization. An information
system has three main activities: input, processing, and output. The input is ma
inly data, the raw facts collected from the environment, while processing covert
s data into output in an understandable and useful form referred to as informati
on.
The information system is related to all of the key business processes. An audit
or must understand how the information system relates to financial reporting and
then identify the risk associated with IT use.
Two broad groups of control activities are general controls and application cont
rols. General controls are primarily preventive include organizational features
such as capable personnel, segregation of responsibilities, controlled access an
d periodic comparison. Application controls help ensure all recorded transaction
s really occurred, are authorized, and are completely and accurately entered and
processed through the system.
All control procedures are directed toward preventing, detecting and correcting
errors, irregularities, frauds, and misstatements.
LO7 Explain how the auditor s understanding of an organization s internal control he
lps the auditor to assess and respond to the risk that its financial statements
are misstated
The auditor gains knowledge of controls mainly by making enquiries of auditee pe
rsonnel. This provides an understanding of the flow of transactions through the
accounting information system and the elements of the control environment that a
ffect it. The auditor gathers information about the following features:
a.
the organizational structure,
b.
the methods used by the auditee to communicate responsibility and author
ity,
c.
the methods used by management to supervise the accounting information s
ystems, including the existence of an internal audit function, and
d.
the accounting information system.
A questionnaire is sometimes used to guide the enquiries.
CHAPTER 8
LO1 Outline six general audit techniques for gathering evidence
Auditors obtain six basic types of evidence and use six general techniques to ga
ther evidence: (1) recalculation/reperformance, (2) observation, (3) confirmatio
n, (4) enquiry, (5) inspection, and (6) analysis. Auditors may use a combination
of evidence gathering techniques.
Recalculation is redoing calculations already performed by auditee personnel. Th
is produces compelling mathematical evidence as the auditee calculation is eithe
r right or wrong. Recalculation provides highly reliable evidence of mathematica
l accuracy, but the product is only as good as the components; the auditor must
audit every significant part of the original computation if recalculation is to
provide strong, persuasive evidence.
A related type of evidence is called reperformance. Usually applied in control t
esting, the auditor independently executes a procedure of the organization s inter
nal control. This can provide compelling evidence about the effectiveness of a c
ontrol procedure.
Observation consists of looking at how policy or procedures is applied by others
. It provides highly reliable evidence as to performance or conditions at a give
n point in time, but it does not necessarily reflect performance at other times
or over long periods.
Confirmation consists of a written enquiry to verify accounting records. Direct
correspondence with independent external parties is a confirmation procedure wid

ely used in auditing. Confirmations should be printed on auditee letterhead, how

ever, confirmations should be controlled by the audit firm and responses should
be returned directly to the audit firm.
Enquiry generally involves collecting oral evidence from independent parties, au
ditee officials, and employees. Evidence gathered by formal and informal enquiry
of auditee personnel generally cannot stand alone and must be corroborated by t
he findings of other procedures. Further enquiries could be made and consistent
responses provide an increased degree of assurance. Sometimes, however, the audi
tor will hear conflicting evidence. The auditor will have to use considerable ju
dgment in reconciling the conflicting evidence or in deciding what additional ev
idence to gather.
Inspection consists of looking at records and documents or at assets with physic
al substance. The procedures are of varying degrees of thoroughness: examining,
perusing, reading, reviewing, scanning, scrutinizing, and vouching.
There are a variety of documents that can be inspected. Documents may be prepare
d by independent external parties or may be prepared and processed within the en
tity under audit. The reliability of documents prepared and processed within the
entity depends on the quality of internal control.
Three inspections procedures are vouching, tracing, and scanning. Vouching selec
ts an item of financial information from an account and goes backward through th
e accounting system to find the source documentation. Tracing takes the opposite
direction to vouching. Scanning is looking for anything unusual (for examples,
credits in expense accounts).
Auditors obtain evidence about financial statement accounts by a method of study
and comparison called analysis. Auditing standards provide guidance on using an
alysis at the risk assessment and overall conclusion stages of the audit, and al
so for when auditors use analysis as an evidence-gathering procedure during the
audit.
LO2 Identify the procedures and sources of information auditors can use to obtai
n evidence for understanding an auditee s business and industry, assessing risk, a
nd responding to assessed risk.
The audit process begins by obtaining an understanding of the auditee and its ri
sks. There are a wide variety of information sources auditors use to understand
the auditee s business, industry, and environment. Information gathered in prior a
udits, and documented in the working papers, can also provide relevant and relia
ble information on the organization and its internal control.
For first-time audits there is often no prior working paper information, so this
can require more work than in a repeat engagement. If this is a company s first a
udit but not its first year of operation, additional work includes establishing
a starting place with reliable opening account balances for the audit.
Audit efficiency can be increased by working with internal auditors.
Enquiries of management help the auditor assess what is significant to users.
Tours of the company s physical facilities help auditors look for activities and t
hings that should be reflected in the accounting records.
Research databases are valuable for acquiring and maintaining industry expertise
. Specific information about public companies can be found in registration state
ments and annual report filings with the provincial securities commissions.
LO3 Explain audit evidence in terms of its appropriateness and relative strength
of persuasiveness.
Auditing standards require auditors to obtain sufficient appropriate evidence to
be the basis for an opinion on the financial statements.
Appropriateness of evidence relates to the qualitative aspects of evidence. To b
e considered appropriate, evidence must be relevant and reliable.
Relevant audit evidence assists the auditor in achieving the audit objectives. T
his means that it must relate to at least one of the financial statement asserti
ons, otherwise it is not relevant to the auditor.
The reliability of audit evidence depends on its nature and source.
o
An auditor s direct, personal knowledge, obtained through physical observa
tion and his or her own mathematical recalculations or reperformance, is general
ly considered the most reliable evidence.

Documentary evidence obtained directly from independent external sources

(external evidence) is considered very reliable.
o
Documentary evidence originating outside the auditee s data processing sys
tem but received and processed by the auditee (external-internal evidence) is ge
nerally considered reliable.
o
Internal evidence consisting of documents that are produced, circulated,
and finally stored within the auditee s information system is generally considere
d low in reliability.
o
Analysis using specific data that the auditor has verified is considered
fairly reliable.
o
Spoken and written representations given by the auditee s officers, direct
ors, owners, and employees are generally considered the least reliable evidence.
Such representations should be corroborated with other types of evidence.
Auditors must be careful about the appropriateness of evidence and choose the au
dit procedure providing the most reliable evidence that can be obtained in a cos
t-effective manner. Audit decisions must be based on enough evidence to stand th
e scrutiny of other auditors (test of sufficiency).
LO4 Describe the content and purpose of the audit plan as well as the specific a
udit programs and detailed procedures it contains
Before, during, and after the field work period, the auditor monitors events tha
t may affect an auditee s business risk, the client relationship, or the engagemen
t. All the planning activities are recorded and summarized in a planning documen
t, sometimes referred to as the planning memorandum. This document contains the
results of analytical review, the decision on materiality levels, and the risk a
ssessment. It gives specific attention to the effect of these on the nature, ext
ent, and timing of audit resources needed to perform the work. It is evidence th
at GAAS has been followed by planning the audit work.
Auditors use two types of audit programs to actually guide their field work. The
internal control program lists the specific procedures for gaining an understan
ding of the auditee s business transaction processing systems and controls. The ba
lance audit program lists the substantive procedures for gathering direct eviden
ce on the assertions (i.e., existence, completeness, valuation, ownership, prese
ntation) about dollar amounts in the account balances and related disclosures. A
uditors subdivide the financial statements into accounting processes or cycles a
nd then look at the accounts in each
The detailed audit program indicates the nature, timing and extent of audit proc
edures to be performed. The nature of audit procedures refers to the six general
techniques, the timing of procedures refers to when the audit procedures are pe
rformed and the extent of procedures refers to the amount of work to be done.
LO5Evaluate audit working paper documentation for proper form and content.
An audit is not complete without proper working paper documentation. Documentati
on provides a record of the auditor s work for the purpose of file reviews, practi
ce and regulatory inspections, or in some cases to defend against a law suit. Wo
rking papers are the auditors record of compliance with GAAS.
The auditor is the legal owner of the working papers, but professional ethics re
quire auditee consent before transferring them to a third party as some of the i
nformation in the working papers is confidential to the auditee. Audit files mus
t be retained for several years as required by professional accounting associati
on rules and practice inspection procedures.
Working papers can be classified into three categories: (1) permanent file paper
s, (2) audit administrative papers, and (3) audit evidence papers. The last two
categories are often called the current file because they relate to the audit of
one year.
The permanent file contains information of continuing interest over many years o
f audits of the same auditee. Documents of permanent interest and applicability
include (1) copies or excerpts of the corporate charter and bylaws or partnershi
p agreements; (2) copies or excerpts of continuing contracts, such as leases, bo
nd indentures, royalty agreements, management bonus contracts, etc.; (3) a histo
ry of the company, its products and its markets; (4) excerpts of minutes of shar
eholders and directors meetings on matters of lasting interest; and (5) continuing

schedules of accounts whose balances are carried forward for several years, suc
h as share capital, retained earnings, and partnership capital.
Administrative papers contain the documentation of the early planning phases of
the audit. They usually include the engagement letter, staff assignment notes, c
onclusions related to understanding the auditee s business (including internal con
trol analysis), results of preliminary analytical procedures, initial assessment
of audit risks, initial assessment of audit materiality, the audit plan, a work
ing trial balance and any review notes.
The current-year audit evidence working papers are typically organized in sectio
ns: major accounting processes or cycles and balance sheet accounts. Each sectio
n contains a lead sheet showing the dollar amounts reported in the financial sta
tements, summary of the audit objectives in relation to the account s assertions,
procedures performed, evidence obtained, and conclusions reached for that sectio
n overall. These papers communicate the quality of the audit so they must be cle
ar, concise, complete, neat, well indexed, and informative. Each separate workin
g paper (or multiple pages that go together) must be complete in the sense that
it can be removed from the working paper file and considered on its own, with pr
oper cross-referencing available to show how the paper fits in with the others.
Auditing standards recommend working papers show (1) evidence the work was adequ
ately planned and supervised, (2) a description of audit evidence obtained, (3)
evidence of the evaluation and disposition of misstatements, and (4) copies of l
etters or notes concerning audit matters reported to the auditee.
Electronic working papers boost productivity by automating many tasks, such as c
arrying adjustments over to related working paper documents and the financial st
atements.
CHAPTER 9
LO1 Distinguish between management and auditor s responsibilities regarding an aud
itee organization s internal controls
Internal controls are put in place to keep the company on course toward achievin
g its goals, and to help anticipate changes that can affect their plans. Managem
ent balances the cost of controls with the benefit of risk reduction. At some po
int, the costs will exceed the benefits because it is not possible to reduce ris
ks to zero.
External auditors are not responsible for designing effective internal control f
or auditees. They are responsible for evaluating existing internal controls and
assessing the risk of a material misstatement related to them. They use their as
sessment to determine the audit work required and develop appropriate audit prog
rams to support their opinion.
Public accountants may help design internal control systems as consulting engage
ments for nonaudit clients. Such design work must be separate and apart from an
audit engagement because it could impair the public accountant s objectivity in as
sessing those controls in an audit. This is a threat to auditor independence.
External auditors documentation of control weaknesses can help management carry o
ut its responsibility for maintaining effective internal control.
LO2 Explain why the auditor evaluates an auditee s internal controls
The primary reason for evaluating a company s internal control is to have a basis
for planning the audit nature, timing, and extent of audit procedures in the det
ailed audit plan.
Auditors must make a trade-off between costs of evaluating internal control and
costs of substantive audit tests. An efficient audit program looks for the combi
nation of control evaluation and substantive work that will provide an acceptabl
e level of assurance at the lowest total cost.
In a clean audit, the accounting records are easy to verify and accurate. In a d
irty audit, however, the accounting records may be incomplete, riddled with miss
tatements, and harder to verify. A clean audit should require less work than a d
irty audit, as the controls are likely to be good at meeting their objective of
lowering the risk of material misstatement.
Auditors rely on controls for more than just efficiencies. There may be risks of
misstatements that substantive procedures alone cannot remove. For example, a c

ompleteness assertion is virtually impossible to verify without some evaluation

of control effectiveness.
Examining the business processes and related accounting processes allows the aud
itor to design audit procedures to test controls and financial statement transac
tions and balances. Tests of controls are performed if it is a less costly way t
o obtain audit evidence or if effective control is necessary to getting sufficie
nt appropriate audit evidence. Auditors might try to design dual-purpose tests tes
ts of controls that also provide substantive evidence.
LO3 Define seven internal control objectives, relating them to the assertions in
management s financial statements
The objective of control procedures is to process transactions correctly. Correc
tly processed transactions produce accurate account balances. Each control objec
tives is the flip side of the seven errors and irregularities which can be found
in transactions.
There are seven control objectives: validity, completeness, authorization, accur
acy, classification, accounting and proper period.
Validity is ensuring recorded transactions are ones that should be recorded, tha
t is, they really exist.
Completeness is ensuring valid transactions are not missing from the accounting
records.
Authorization is ensuring transactions are approved before they are recorded, th
at is, they are owned by the company.
Accuracy is ensuring dollar amounts are calculated correctly.
Classification is ensuring transactions are recorded in the right accounts and c
harged or credited to the right customers or suppliers.
Accounting is a general category concerned with ensuring the accounting process
for a transaction is performed completely and in conformity with GAAP.
Proper period refers to ensuring transactions are accounted for in the period th
ey occurred in. This control objective relates to cutoff part of the existence and
completeness assertions.
The control objectives are closely connected to the assertions in management s fin
ancial statements. For example, the accuracy control objective relates to the ex
istence, completeness and valuation assertions as mechanical errors will result
in overstated, understated, or incorrectly measured balances. However, recognizi
ng that the control objective is to assess accuracy is more helpful in designing
appropriate tests, such as tests for errors of billing at too low or high a pri
ce.
LO4 Describe general and application control activities found in an accounting i
nformation system
Work to document and understand the controls is done early in the engagement. Th
is work acquaints auditors with the overall control environment and the flow of
transactions through the accounting system.
Key controls are those controls which are essential to preventing or detecting s
ignificant risks.
Controls can be classified as either General controls or Application controls. G
eneral controls are those that have an overall impact on accounting processes. A
pplication controls address the control objectives relating to input, processing
, and output of data in each accounting process.
General Controls include organizational features like capable personnel, segrega
tion of duties, controlled access, and periodic comparison. Like environmental c
ontrols, general controls are primarily preventive in nature and pervasively imp
act various accounting cycles.
Segregation of duties is an important characteristic of reliable internal contro
l. These are four kinds of functional responsibilities: Authorization to execute
transactions; Recording of transactions; Custody of assets involved in the tran
sactions; Periodic reconciliation of existing assets to recorded amounts. Respon
sibilities are incompatible when they place a single person in a position to cre
ate and conceal errors, irregularities, and misstatements.
Separation of the duties is also an important IT control. Work performed by anal

ysts, programmers, and operators should be segregated. The designer of a process

ing system should not do the technical programming work. Anyone who performs eit
her of these tasks should not be the computer operator when real data are being
processed. People performing each function should not have access to each other s
work, and only the computer operators should have access to the equipment. Lack
of separation of duties along these lines should be considered a serious weaknes
s in general control.
LO5 Document an accounting system to identify key controls and weaknesses in ord
er to assess control risk
Applications control activities are specific procedures used in each accounting
process to meet the relevant control objectives. The audit starts with documenti
ng the accounting processes and information systems, and then identifies the app
lication controls within each system.
Auditors understanding of the internal controls comes through several sources of
information: (1) last year s audit experience with the company, (2) auditee person
nel responses to enquiries, (3) documents and records inspection, and (4) walk-t
hrough observation of the activities and operations of a single transaction.
Working paper documentation should include records showing the audit team s unders
tanding of the internal controls. It can be summarized in the form of questionna
ires, narratives, and flow charts.
Control risk assessment involves
o
identifying specific control objectives based on the risks of misstateme
nts,
o
identifying the points in the flow of transactions where specific missta
tements could occur,
o
identifying specific control procedures designed to prevent or detect mi
sstatements,
o
identifying the control procedures that must function to prevent or dete
ct misstatements, and
o
evaluating the design of control procedures to determine whether it sugg
ests the auditee has strong control procedures in place and whether it may be co
st effective to test these controls as part of the audit.
A useful assessment technique in assessing control risk is to analyze control st
rengths and weaknesses. Weaknesses are a lack of controls in particular areas th
at would allow material errors to get by undetected. Auditors do not need to tes
t control weaknesses just to prove they are weak places as this would be ineffic
ient. However, auditors do always need to take control weaknesses into account i
n assessing the risk of material misstatements in the financial statements.
Complex IT and ecommerce environments are highly automated. Paper documents may
not exist. Documents may be available only in electronic form. When transaction
volumes are high, or when electronic evidence comprising the audit trail is not
retained, the auditor may determine that controls are critical to reducing finan
cial reporting risks to an acceptably low level.
When the auditee engages in ecommerce, the following aspects of internal control
are critical: security; transaction integrity; and process alignment. Security
includes physical and electronic access as well as privacy and data backup conce
rns. Transaction integrity relates to the recording and processing of ecommerce
transactions including the completeness, accuracy, timeliness, and authorization
of information. Process alignment refers to the integration of IT systems so th
at they operate as one system.
LO6 Write key control tests for an audit program
To reach conclusion on control risk, auditors must determine (a) what degree of
compliance with the control policies and procedures is required, and then (b) wh
at degree of control compliance is actually present.
Auditors perform control tests to determine how well the company s control procedu
res actually worked during the period under audit. Control tests that depend on
documentary evidence, such as signatures, initials, checklists, and reconciliati
on working papers provide better evidence than procedures that leave no document
ary traces.
A control test has two parts: 1) identifies the data population from which to se

lect a sample and 2) describes the action that was taken to produce relevant evi
dence.
Control tests should be applied to samples of transactions and control procedure
s executed throughout the whole period being audited.
Control tests and substantive tests have been described as if these are easily d
istinguishable, however many audit procedures can be designed to both test contr
ols and produce substantive evidence (calleddual purpose tests). This allows the
auditor to select an audit approach combining control reliance and substantive
evidence as the basis for a cost effective overall audit plan.
LO7 Outline the auditor s responsibility when internal control evaluation work det
ects or indicates a significant control deficiency or a high risk of fraudulent
misstatement
After the auditor has evaluated and tested internal controls, the auditor is in
a strong position to assess the likelihood of material misstatements.
Financial misstatements can arise either from error or fraud. An error is define
d as an unintentional misstatement, whereas fraud is intentional. Intent is not
something that the auditor can observe, so it is often difficult to determine, p
articularly in the case of accounting estimates or the choice and application of
accounting principles.
The auditor is responsible for reporting all identified deficiencies in internal
control, other than obviously trivial ones, to an appropriate level of manageme
nt as soon as possible. The appropriate level of management is usually the one a
t least one level above those responsible for the deficient controls.
The auditor has a responsibility to report all significant deficiencies in writi
ng to those charged with governance (audit committee or equivalent). The auditor
is required to communicate material weaknesses or other important issues, such
as discovery of a fraud or material misstatement, to management and those charge
d with governance. Serious control weaknesses are usually communicated in writin
g to management in a management representation letter. A copy of the written com
munication should be placed in the working papers.
Communication to management can be oral rather than written when the control def
iciencies are not significant.
CHAPTER 10
LO1 Explain the role of professional judgment in audit sampling decisions
Sampling is the application of an audit procedure to less than 100 percent of th
e items within an account balance population or class of transactions.
When an auditor selects a sample of the population, each element selected is cal
led a sampling unit (e.g., a customer s account). A sample is a set of such sampli
ng units.
The determination of an appropriate sample on a representative basis may be made
using either statistical or non-statistical methods. Their common purpose is to
enable the auditor to reach a conclusion about an entire set of data by examini
ng only a part of it.
Statistical sampling methods allow the auditor to express in mathematical terms
the uncertainty he or she is willing to accept and the conclusions of his or her
test. The use of statistical methods does not eliminate the need for the audito
r to exercise judgment. For example, the auditor has to determine the degree of
audit risk he or she is willing to accept and make a judgment as to materiality.
Audit sampling is concerned primarily with the extent of audit work. Testing is
a means of gaining assurance that the amount of error in large files is not mate
rial.
LO2 Distinguish audit sampling work from nonsampling work
An audit procedure is considered audit sampling only if the auditor s objective is
to reach a conclusion about the entire account balance or transaction class (th
e population) on the basis of the evidence obtained from sample. If the entire p
opulation is audited, or if it is only done to gain general familiarity, the wor
k is not considered audit sampling.
Procedures typically used in audit sampling are: recalculation, physical observa
tion of tangible assets, confirmation, and document examination.

LO3 Compare and contrast statistical and nonstatistical sampling

Auditors use audit sampling when (1) the nature and materiality of the balance o
r class does not demand a 100 percent audit, (2) a decision must be made about t
he balance or class, and (3) the time and cost to audit 100 percent of the popul
ation would be too great.
The two sampling designs used are statistical and non-statistical sampling.
Statistical sampling uses the laws of probability for selecting and evaluating a
sample from a population for the purpose of reaching a conclusion about the pop
ulation. The essential points of this definition include (1) a statistical sampl
e is selected at random, and (2) statistical calculations are used to measure an
d express the results. Both conditions are necessary for a method to be consider
ed statistical sampling rather than non-statistical sampling.
Non-statistical (judgmental) sampling is audit sampling in which auditors do not
use statistical calculations to express the results.
LO4 Differentiate between beta risk, alpha risk, sampling and nonsampling risk
Sampling risk is the probability that an auditor s conclusion based on a sample mi
ght be different from a conclusion based on an audit of the entire population. E
ven when procedures are performed on a sample basis and sufficient evidence is o
btained, a conclusion about the population characteristic can still be wrong. Th
e sample might not reflect the actual condition of the population.
Sampling risk expresses the probability of a wrong decision based on sample evid
ence, and it is a fact in both statistical and non-statistical sampling methods.
With statistical sampling, you can both measure and control it by auditing suff
iciently large samples. With non-statistical sampling, you can consider it without
measuring it, something that requires experience and expertise.
Two types of sampling risk are alpha and beta risk. Alpha risk (Type 1 error ris
k) is the risk the auditor concludes that the population is worse in terms of er
rors than it really is. Beta risk (Type II error risk) is the risk the auditor c
oncludes that the population is better than it really is.
Beta risk is more important for auditors and can be controlled. Beta risk relate
s to audit effectiveness. Alpha risk increases the amount of audit work unnecess
arily and thus, it is characterized as an audit efficiency error.
Non-sampling risk is all risk other than sampling risk. Non-sampling risk can ar
ise from misjudging inherent risk, misjudging control risk or making a poor choi
ce of procedures or making mistakes in execution. Non-sampling risk s problem is t
hat it cannot be measured. Auditors control it and believe they have reduced it
to a negligible level through adequate planning and supervision of the audit, by
having policies and procedures for quality control of their auditing practices.
LO5 Develop a simple audit program for a test of a client s internal control proce
dures
Audit sampling uses a seven-step framework helps auditors plan, perform, and eva
luate control test results. The seven steps are:
1.
Specify the audit objectives.
2.
Define the deviation conditions.
3.
Define the population.
4.
Determine the sample size.
5.
Select the sample.
6.
Perform the control tests.
7.
Evaluate the evidence.
The first three steps are the phase of problem recognition. The audit objective
might be to test that a validity control is working. The control could be that e
ach product sale invoice is matched with a shipping document. The deviation woul
d be product sale invoice without matching shipping document . Specifying the contr
ol test (compliance) audit objectives and the deviation conditions usually defin
es the population; that is, all product sales.
Auditors should identify and audit only the key controls. Incidental controls ar
e not relied on to reduce control risk, and auditing them for compliance wastes
time.
Population definition is important because audit conclusions can only be made ab
out the population the sample was selected from.

Steps four through six represent the evidence collection phase. Auditors must co
nsider four influences on sample size: sampling risk, tolerable deviation rate,
expected population deviation rate, and population size.
The Tolerable Deviation Rate is the rate or number of exceptions that the audito
r would accept and still consider the control to be working.
Sample size varies inversely with the tolerable deviation rate. The expected pop
ulation deviation rate would be based on past years audits and general knowledge.
The expected rate of deviation must be less than the tolerable rate. The closer
the expected rate is to the tolerable rate, the larger the sample needed to rea
ch a conclusion that deviations do not exceed the tolerable rate.
Sampling units must be selected from the population an audit conclusion will app
ly to and a sample must be representative of the population it is drawn from. Th
e internal control program consists of procedures designed to produce evidence a
bout the effectiveness of a client s internal control performance. Each step is ca
rried out on each sample unit and deviations noted.
Based on the deviations found, the auditor can calculate the Sample Deviation Ra
te. The auditor cannot say that the deviation rate in the population is exactly
2 percent. Chances are the sample is not exactly representative. The basic rule
is that if number of deviations observed is greater than the tolerable rate then
the hypothesis that the control is working is rejected.
A single deviation can be the tip of the iceberg a sign of pervasive deficiency. A
uditors must investigate known deviations to determine if they are part of a pat
tern. Qualitative evaluation is sometimes called error analysis. The analysis is
essentially judgmental and involves a decision on whether the deviation is (1)
a pervasive error in principle affecting all like transactions or just the one;
(2) a deliberate control breakdown or unintentional; (3) a result of misundersto
od instructions or careless inattention to control duties; or (4) directly or re
motely related to a money amount measurement in the financial statements.
If auditors perform control testing at an interim date, they must decide what to
do about the period between interim and year end. Depending on circumstances, a
n auditor can decide to continue the test of controls for the period or stop fur
ther test of controls audit work.
LO6 Develop a simple audit program for an account balance, considering the influ
ences of risk and tolerable misstatement
When audit sampling is used for auditing the assertions in account balances, sub
stantive tests of details are done to obtain direct evidence about the dollar am
ounts and disclosures in the financial statements. Analytical procedures are usu
ally not applied on a sample basis.
In the risk model, detection risk (DR) is actually a combination of two risks. A
nalytical procedures risk (APR) is the probability that analytical procedures wi
ll fail to detect material errors and the risk of incorrect acceptance (RIA) is
the probability that test-of-detail procedures will fail to detect material erro
rs.
Sampling for the audit of account balances is similar to the steps of test of co
ntrols audit sampling.
The seven steps are:
1.
Specify the audit objectives.
2.
Define the population.
3.
Choose an audit sampling method.
4.
Determine the sample size.
5.
Select the sample.
6.
Perform the substantive-purpose procedures.
7.
Evaluate the evidence.
The specific objective in balance testing is to decide whether the client s assert
ions about existence, rights (ownership), and valuation are materially accurate.
The evidence will enable them to accept or reject this hypothesis. The populati
on can be defined as dollar units, individual customer or supplier accounts, or
even individual purchases of fixed assets.
An auditor must decide whether to use statistical or non-statistical sampling me
thods. If statistical sampling is chosen, another choice needs to be made betwee

n classical variables sampling methods which are based on the normal distributio
n, or the more widely used dollar unit sampling.
Steps four through six are the evidence-collection phase of the sampling method.
Auditors first need to establish decision criteria for the risk of incorrect ac
ceptance, the risk of incorrect rejection and material misstatement. The materia
l misstatement must be expressed as a dollar amount or as a proportion of the to
tal recorded amount. Sample sizes are based on materiality. The higher the mater
iality, the less likely that there error exists and has not been corrected so th
e smaller the sample needed to confirm there is no material error.
Unrestricted random selection and systematic selection will obtain random sample
s for statistical applications.
Based on your work, determine the known amount of actual monetary error. Next, p
roject the known misstatement to the population. Compare this total (known plus
statistically likely) to the materiality level for the account.
One projection method is called the average difference method, expressed as: PLM
(under the average difference method) = ((Dollar amount of misstatement in the
sample)/ (Number of sampling units)) (Number of population units)
Another method, the DUS projection method automatically takes into account the s
tratification of the population. The dollar-unit sampling method is expressed as
: PLM (dollar-unit method) = (Sum of the proportionate amount of misstatements o
f all dollar units in error in the sample) (Recorded amount in the population)
If the two projections differ, there is a representation issue which does not me
an the sample was wrong, but does mean that the sample design must be considered
. For that reason, the projection method is usually specified in the audit plan.
Auditors are required to follow up each monetary difference to determine whether
it arose from (a) misunderstanding of accounting principles, (b) simple mistake
s or carelessness, (c) an intentional irregularity, or (d) management override o
f an internal control procedure.
Errors found in account balance auditing may also indicate weaknesses in interna
l control procedures the dual-purpose characteristic of auditing procedures. If ma
ny more monetary differences than expected arise, the control risk conclusion ma
y need to be revised and more account balance auditing work done.
CHAPTER 11
LO1 Describe the revenues, receivables, and receipts process, including typical
risks, transactions, account balances, source documents, and controls.
Revenue creation is the focus of strategy and business processes for any organiz
ation because revenues provide cash flows. All businesses deal with clients or c
ustomers, so the accounting cycle for the business process related to accepting
orders, delivering goods and services, accounting for sales and accounts receiva
ble, collecting and depositing cash received and reconciling bank statements is
extremely important.
Due to their liquidity, cash and accounts receivable are the riskiest of all ass
ets. To assess risks in the revenue-generating processes, the auditor considers
the revenue and cash receipts transactions as well as the account receivable bal
ances. In addition there are important disclosures that need to be made with res
pect to revenue recognition policies, related party transactions, commitments an
d economic dependencies.
At the assertion level, risks related to the existence and ownership of revenues
may arise as a result of overly aggressive revenue recognition policies.
There are important control activities that should be in place: controls to conf
irm the existence of accounts receivable as well as controls to provide assuranc
e that process and procedures reduce the risk of material misstatement of revenu
es.
Orders are received and a series of procedures are in place to process orders in
cluding appropriate authorizations (credit). Master file access must be limited
to ensure fictitious orders are not placed into the system. There must be approp
riate physical custody of company assets (inventory) to insure inventory is only
made available for valid orders. Custody of accounts receivable will preclude t
he alteration of these records by unauthorized persons for unauthorized transact

ions. Recording control must be in place to ensure completion of the transaction

by shipping the goods or providing the service with the appropriate documentati
on. Periodic reconciliations performed by appropriate personnel will also provid
e the auditor with evidence as to the existence and completeness of receivables
and revenues.
Revenue completeness usually relies on controls and control testing; substantive
testing alone may not provide sufficient evidence.
The processing of cash receipts and cash balances involves the receipt of paymen
ts. Controls with respect to cash and cheques include physical custody controls.
An important aspect is the segregation of duties.
With respect to audit evidence in management reports and data filesthere are a v
ariety of reports providing important audit evidence for revenues, accounts rece
ivable and cash receipts. Some examples include the pending order master file, c
redit check files, price master list files, sales journals, sales analysis repor
ts, the aged accounts receivable trial balance and the cash receipts journal. ,
The aged accounts receivable trial balance is one of the most valuable tools for
the auditor as it provides important evidence for assessing the existence, comp
leteness and valuation assertions for accounts receivable.
LO2 Describe the auditor s control risk assessment and control tests for auditing
control over customer credit approval, delivery, accounts receivable, cash recei
pts, and bank statements.
Control risk assessment governs the nature, timing and extent of substantive aud
it procedures that will be applied in the audit of account balances in the reven
ues receivables and receipts process. Information about the control structure is
generally gathered through internal control questionnaires.
Control tests would include the sales cutoff test, which is concerned with the p
roper allocation of transactions to the correct accounting period. This test wou
ld involve examining inventory and sales controls to ensure the proper recording
of the sale of goods. Dual-direction testing may be used to audit control over
completeness in one direction and control over validity in the other.
LO3 Explain how the auditor s risk assessment procedures and control testing link
to the key assertions and audit objectives in designing a substantive audit prog
ram for the cash account balance.
Auditors determine specific audit procedures after they assess risk, assertion b
y assertion.
Many auditors use comprehensive audit program templates to start and then tailor
the programs depending on their risk assessment and the cost-benefit of perform
ing audit procedures.
Many auditors find it worthwhile to do a very thorough audit of cash, even if th
e risk of misstatement is quite low because the consequences of missing a big mi
sstatement could be devastating to the auditor s conclusion.
The audit program starts off with the auditor s risk assessment from the planning
stages, and the auditor s conclusions based on performing control tests.
The control test results allow the auditor to conclude on the control risk level
that is appropriate for deciding on the nature, timing and extent of the substa
ntive procedures to be performed.
The audit program helps the scheduling of staff, gives the assigned staff a help
ful set of instructions to follow, and gives the audit manager and partner a con
cise, efficient way to review the adequacy of the audit work performed.
LO4 Describe the typical substantive procedures to address the assessed risk of
material misstatement in the main account balances and transactions in the reven
ues, receivables, and receipts process.
Auditors chose substantive procedures to test evidence related to the five asser
tions: existence, completeness, ownership, valuation and presentation.
Some substantive procedures will provide evidence related to more than one asser
tion.
LO5 Explain the importance of the existence assertion for the audit of cash and
accounts receivable.
Auditors should emphasize the existence and ownership assertions when considerin
g assertions and obtaining evidence about accounts receivable.

The audit procedures that can be used include recalulation, inspection of physic
al assets, confirmation, enquiry, and inspection of documents: vouching, scannin
g and analysis.
Analysis includes comparisons of assets and revenue balances with recent history
or industry statistics. Account interrelationships are also examined through an
alytical review.
LO6 Identify considerations for using confirmations when auditing cash and accou
nts receivable.
Confirmations of accounts receivable (positive or negative) are powerful tools f
or providing evidence with respect to the existence and valuation of accounts re
ceivable.
Positive confirmations are used when individual balances are relatively large or
when accounts are in dispute. A positive confirmation does not contain the bala
nce; customers are asked to fill it in themselves.
A negative confirmation asks for a response only is something is wrong with the
balance. Negative confirmations are used mostly when inherent risk and control r
isk are considered low, when a large number of small balances is involved, and w
hen customers can be expected to consider the confirmation properly.
The auditor must control both the delivery and receipt of accounts receivable co
nfirmations at all times. Positive confirmations require much more follow up whe
n not confirmed. Auditors must carefully monitor the response rate (proportion o
f positive confirmations returns) and the detection rate (the ratio of misstatem
ents reported to auditors to the actual number of account misstatements).
Confirmations are also used for cash and loan balances. Confirmations yield evid
ence about existence and valuation.
LO7 Describe the audit of bank statement reconciliations and how auditors can id
entify accounts receivable lapping and suspicious cash transactions.
A company s bank reconciliation is the primary means of valuing cash in the financ
ial statements. The auditor vouches the bank reconciliation items against a cutoff bank statement.
A cut-off bank statement is a complete bank statement for a 10
20 day period fol
lowing the reconciliation date received directly by the auditors.
Special attention to be given to the possibility of two methods that are used to
misstate cash balances. The first is accounts receivable lapping (a manipulatio
n of accounts receivable to hide a theft or fraud). The second is suspicious cas
h transactions; cheque kiting (building up apparent balances in one or more bank
accounts based on uncollected cheques drawn against similar accounts in other b
anks) orwindow dressing (inappropriate manipulation of account balances by manag
ement to make the financial position appear more attractive to the users).
CHAPTER 15
Overview
This chapter is about tying up loose ends, and bringing together all the work th
at has been performed during the audit with a view to formulating an audit opini
on. It is worthwhile to note that the procedures performed in completing the aud
it have several distinct characteristics. For instance, they do not pertain to s
pecific transactions cycles or accounts; they are performed after the balance sh
eet date; they involve many subjective judgments by the auditor, and are usually
performed by audit managers or other senior members of the audit team. Generall
y speaking, the auditor's responsibilities in completing the audit involve compl
eting the field work, evaluating the findings, and communicating with the client
.
LO1 Describe the balance sheet account groups that the major revenue and expense
accounts are associated with, as well as the substantive analytical procedures
applied to audit revenues and expenses.
As the field work nears its end, the major revenue and expense accounts will hav
e been audited in connection with related balance sheet accounts. Now, auditors
need to consider other revenue and expense accounts.
Analytical procedures can be used as substantive procedures to compare the reven
ue accounts and minor expense accounts with prior-year data and with multiple-ye

ar trends, to look for unusual fluctuations. Management explanations can be veri

fied by further audit procedures.
All miscellaneous or other expense accounts and clearing accounts with debit bal
ances should be analyzed by listing each important item on a working paper and v
ouching it to supporting documents.
Advertising, travel and entertainment expense, and contribution accounts are ana
lyzed in detail as they are particularly sensitive to management policy violatio
ns and income tax consequences.
LO2 Outline the overall analytical procedures to be performed at the final stage
of the audit, including analysis of the income statement, cash flow statement,
financial statement presentation, and disclosures.
Analytical procedures are used: 1) for risk assessment at the planning stage, 2)
as a substantive test procedure during the audit, 3) during the overall evaluat
ion of the financial statements at the end of the audit.
Performing analytical procedures at the end of the field work is a required part
of an overall review. It assesses the conclusions reached during the audit and
evaluates the overall financial statement preparation.
Analytical procedures are also used when verifying the cash flow statement and t
he statement of changes in retained earnings and shareholders' equity.
LO3 Explain the purpose of lawyers' letters and how they are used at the complet
ion stage of an audit to identify any contingencies and claims.
In completing an audit in accordance with GAAS, the auditor must determine wheth
er litigation, claims and assessments are reported in conformity with accounting
standards. Management represents the primary source of such information, wherea
s a letter of audit inquiry to the client's outside legal counsel is the auditor
's primary means of corroborating this information.
The lawyer's letter is an enquiry from management to the lawyer with the lawyer'
s response going directly to the auditor. The objective is to provide audit evid
ence about any potentially material litigation or claims against the auditee and
to determine if management's estimates of the possible costs are reasonable.
Other audit procedures used to identify contingencies and claims include:
o
Management enquiry and discussion
o
Management description and evaluation of litigation and claims
o
Examination of documents in the auditee's possession
Management assurance of full disclosure
Reading contracts, loan agreements, and minutes of meetings
Obtain information regarding guarantees from bank confirmations
LO4 Given a set of facts and circumstances, classify a subsequent event by type
and proper treatment in the financial statements, and outline the implications o
f the timing of discovery of the event for the auditor's report.
Subsequent events are events or transactions that occur after the balance sheet
date but prior to the issuance of the financial statements and the auditors repo
rt.
The auditor is required by GAAS to discover the occurrence of any subsequent eve
nt that has a material effect on the financial statements.
There are two types of subsequent events
Type I and Type II.
Type I events are subsequent events that provide new information regarding finan
cial conditions that existed at the date of the balance sheet and affect the num
bers on it. These events require adjustment of the dollar amounts in the financi
al statements along with any related disclosure.
Type II events are subsequent events involving conditions arising after the bala
nce sheet date and require only disclosure. Occasionally an event is so signific
ant the best disclosure is pro forma financial data (presentation of the financi
al statements as if the event had occurred on the date of the balance sheet).
Stock dividends or stock splits (Type II subsequent event) require retroactive r
ecognition.
LO5 Explain why written management representations are obtained and what items a
re generally included in the representation letter, including identification of
related parties.
The auditor must also obtain written representations from management as to matte

rs that are either individually or collectively material to the financial statem

ents. Such written representation (called amanagement representation letter) com
plements other auditing procedures and may reveal matters not otherwise discover
ed by the auditor.
The management representation letter is addressed to the auditor, signed by the
responsible officers of the auditee, and dated as of the date of the auditor's r
eport.
A primary purpose of the letter is to impress upon management its responsibility
for the financial statements.
It should be noted that refusal by management to provide such a letter in effect
limits the scope of the audit, and could result in the auditor not issuing a st
andard audit report.
Auditors have a responsibility to obtain reasonable assurance related parties ha
ve been identified and that there is appropriate disclosure in the financial sta
tements.
LO6 Outline the procedures used to complete the documentation of the audit engag
ement.
To wrap up the audit field work, the on-site audit supervisor makes a final revi
ew of the audit documentation working papers.
The final review ensures all accounts on the trial balance have a working paper
reference index (the sign that audit work has been finished on that account) and
that all procedures in the audit program are "signed off" with a date and initi
als.
The audit manager and engagement partner's review focuses more on the overall sc
ope of the audit. To-do lists citing omissions or deficiencies that must be clea
red before the final work is completed are prepared during these reviews.
For listed public entities, an engagement-quality review of the working papers a
nd financial statements, including notes, is performed by a partner not responsi
ble for the client relationship. This second-partner review ensures the quality
of audit work and reporting is in keeping with the quality standards of the audi
t firm. This quality review must be complete before the audit report is issued.
Usually working paper files are completed within sixty days of the audit report.
Files are retained for at least five years.
When field work is complete, the final audit time reports for billing purposes a
nd audit staff performance evaluation reports are prepared by the audit supervis
or.