Escolar Documentos
Profissional Documentos
Cultura Documentos
Auditing
At the end of this course you should have a good understanding of:
1. Ethical standards and the 10 generally accepted auditing standards
2. The different types of audit reports used by auditors to communicate
with financial statement users.
3. The audit risk model and how to apply a risk based approach to
auditing.
4. How understanding the business and industry assists the auditor in
developing audit strategies and obtaining audit evidence.
5. Internal controls, the importance of the control environment, and how
information technology is used in implementing a system of internal
control.
6. How to develop audit programs for substantive testing of various
account balances.
7. How to implement audit strategies in the sales and collections cycle
MODERN AUDITING
7th Edition
William C. Boynton
California Polytechnic State
University at San Luis Obispo
Raymond N. Johnson
Portland State University
Walter G. Kell
University of Michigan
Developed by:
Dr. Raymond N. Johnson, CPA
Gregory K. Lowry, MBA, CPA
John Wiley & Sons, Inc.
http://www.sba.pdx.edu/faculty/rayj/courses.html
Grading
Points
Midterm Exams: Best 2 of 3 @ 100 200 40%
Final Exam 150 30%
Case Assignments: 2 @ 50 100 20%
Class Participation 50 10%
500 100%
Course Organization
1. Independent Auditors
2. Internal Auditors
3. Government Auditors
Critical Questions
• What is the role of the following parties in
providing assurance regarding the integrity of
the financial reporting process?
– The Auditor?
– Management?
– Regulators?
– Users and Analysts?
The Accountant’s Value Chain
Figure 1-3
Transforming Vision
into Reality
Business Events
The Accountant’s Value Chain
Figure 1-3
Transforming Vision
into Reality
Importance of Integrity
Business Events of the Financial Reporting System
CPA Vision Project
Figure 1-2
Vision Elements
Consulting
Compilation
Assurance
International Technology
Audit/Attestation
Financial Planning
Services Performed
by CPA Firms
Assurance Services are independent professional
services that improve the quality of information,
or its context, for decision makers.
1. Audit / Attest services
2. Risk assessment services
3. Performance measurement services
4. SysTrust / WebTrust
5. Accounting and compilation services
Services Performed
by CPA Firms
Attest Services are ones in which the CPA firm
issues a written communication that expresses a
conclusion about the reliability of a written
assertion that is the responsibility of another
party.
1. Audit service
2. Examination
3. Review
4. Agreed-upon procedures
Organizations Associated with the Public
Accounting Profession
Figure 1-5
Delta maintains a system of internal financial controls which are independently assessed on an
ongoing basis through a program of internal audits. These controls include the selection and
training of the Company’s managers, organizational arrangements that provide a division of
responsibilities, and communication programs explaining the Company’s policies and
standards. We believe that this system provides reasonable assurance that transactions are
executed in accordance with management’s authorization; that transactions are appropriately
recorded to permit preparation of financial statements that, in all material respects, are
presented in conformity with generally accepted accounting principles; and that assets are
properly accounted for and safeguarded against loss from unauthorized use.
The Board of Directors pursues its responsibilities for these financial statements through its
Audit Committee, which consists solely of directors who are neither officers nor employees of
the Company. The Audit Committee meets periodically with the independent public
accountants, the internal auditors and representatives of management to discuss internal
accounting control, auditing and financial reporting matters.
AR = IR x CR x DR
Audit Risk Model
AR = IR x CR x DR
.02 1.0 .07 ??
Audit Risk Model
AR = IR x CR x DR
.02 1.0 .07 .29
.02 .35 .5 ??
Audit Risk Model
AR = IR x CR x DR
.02 1.0 .07 .29
.02 .80 .5 ??
Audit Risk Model
AR = IR x CR x DR
.02 1.0 .07 .29
William C. Boynton
California Polytechnic State
University at San Luis Obispo
Raymond N. Johnson
Portland State University
Walter G. Kell
University of Michigan
Developed by:
Dr. Raymond N. Johnson, CPA
• Completeness: All transactions and events that should have been recorded
have been recorded.
• Accuracy: Amounts and other data relating to the recorded transactions and
events have been recorded accurately.
• Cutoff: Transactions and events have been recorded in the correct accounting
period.
• Nature: Risk assessment procedures must be performed to understand the nature of the
risk of material misstatement. No default of IR at the maximum without understand
the drivers of risk of material misstatement. However, the lower the assessed level of
inherent risk the more persuasive the evidence needs to be from risk assessment
procedures.
• Timing: Risk assessment procedures will usually be performed at interim and updated
at the end of the year.
• Extent: A lower assessed level of inherent risk will usually be supported by more
reliable evidence rather than more extensive evidence.
• Nature: When control risk is assessed as low the auditor will perform tests of controls.
A low control risk assessment for programmed controls often requires testing several
types of controls (e.g., computer general controls, application controls, and manual
follow-up).
• Timing: Tests of controls will usually be performed at interim and updated at the end
of the year.
• Extent: A lower assessed level of control risk will usually be supported by more
extensive tests of controls rather than less extensive tests of controls.
• Staffing: Some tests of controls may be performed by audit staff with relatively little
experience while other tests of controls require significant experience. Depending on
the nature of the test of controls, a computer audit specialist may be needed. Audit
staff with more experience would normally evaluate the control environment.
Audit Risk Model and
Decisions About Audit Evidence
• Nature: The auditor may choose among analytical procedures, tests of transactions and
tests of balances. The auditor would normally use more reliable evidence when when
detection risk is lower.
• Timing: If detection risk is low substantive tests are normally performed on year-end
balances. If detection risk is moderate or high, substantive tests may be performed on
balances at an interim date.
• Extent: A lower assessed level of detection risk will usually be supported by more
extensive substantive tests rather than less extensive substantive tests.
Authorize
Execute
Risk of Misstatement
Record
Consideration
Control Activities
1.Authorization
2.Segregation of Duties
3.Information Processing
Controls
• General Controls
• Application Controls
• Controls over the Financial
Control Activity - Authorization
• Processing controls
– Control totals - Before & after report
– File identification labels - Sequence tests
– Limit & reasonableness tests - Processing tracing data
• Output controls
– Reconciliation of totals
– Comparison to source documents
– Visual scanning
Information Processing Controls
Spreadsheets
Responsibilities:
– Management & Acct Officers
– Board of Directors
Purpose of Understanding
Internal Control
• The understanding of internal control should
be used to:
– Identify types of potential misstatements
– Consider factors that affect the risk of material
misstatement
– Determine where controls should be tested. For
public companies, necessary to attest to
management’s assertions about the effectiveness
of their internal controls.
– Design substantive tests to provide reasonable
assurance of detecting misstatements related to
specific assertions, taking into account what
relevant tests of controls are being performed if
any.
Understanding and Testing
Internal Control
1. Understand the design of policies and
procedures related to each component of
internal control.
2. Determine whether the policies and
procedures are operating as you expected,
where are attesting or relying on controls.
• Reviewing previous experience with the client
• Inquiring of appropriate management,
supervisory, and staff personnel
• Inspecting documents and records
• Observing entity activities and operations
This often will take the form of a “walk through” of
the system
How Much Depth of Understanding
Do You Need???
• Minimum Understanding
– Control environment
– Risk assessment
– Information and communication
– Control activities (may need very little
knowledge when a primarily substantive
approach is followed).
– Monitoring
Depth: Control Environment