Assertion
Representations by management that are communicated, explicitly or implicitly, in the financial statements.
Five Management Assertions for the Financial Statements
� Existence/Occurrence
� Completeness
� Valuation
� Rights and Obligations
� Presentation and Disclosure
Transaction related audit objectives
� Occurrence - Transactions and events that have been recorded have occurred and pertain to the entity.
� Completeness - All transactions and events have been recorded.
� Accuracy - Amounts and other data relating to recorded transactions have been record
Balance Sheet related audit objectives
� Existence - Assets, liabilities, and equity interests exist.
� Rights and Obligation - The entity holds or controls the rights to assets, and liabilities are the obligations of the entity.
� Completeness - All assets, liabilities, and equity interests h
Audit Risk Model
AR = Inherent Risk x Control Risk x Detection Risk
Audit Risk
At the overall engagement level, this is the risk that the auditors may unknowingly fail to appropriately modify their opinion on financial statements that are materially misstated.
Inherent Risk
The risk of material misstatement of an assertion about an account without considering internal control.
Control Risk
The risk that a material misstatement that could occur in an account will not be prevented or detected on a timely basis by internal control.
Detection Risk
The risk that the auditors' procedures will lead them to conclude that a financial statement assertion is not materially misstated when in fact such misstatement does exist.
Risk of Material Misstatement =
Inherent Risk x Control Risk
Audit Evidence
Any information that corroborates or refutes the auditors' premise that the financial statements present fairly the client's financial position and operating results.
Criteria for Audit Evidence
� Sufficient and appropriate. (Appropriate means that it is relevant to the assertion and objective and is reliable.)
-Weaker internal controls mean the more evidence that should be collected.
-Testing the controls in order to determine if internal contro
Risk Assessment Procedures
Procedures performed by the auditor to obtain an understanding of the entity and its environment, including its internal control.
Two risk assessment procedures
Test of Controls and Substantive Procedures
Test of Controls
Procedures performed by the auditor to test the operating effectiveness of controls in preventing or detecting material misstatements at the relevant assertion level.
Substantive Procedures
Procedures performed by the auditor to detect material misstatements in account balances, classes of transactions, and disclosures.
Eight types of audit evidence
� Inspection of records or documents
� Inquiry
� External Confirmation
� Inspection of tangible assets
� Observation
� Recalculation
� Reperformance
� Analytical Procedures
Inspection of records or documents
Examining a record or document.
Examples:
-Examined sales invoices for attached bill of landing.
-Examined sales invoices for accuracy of prices used in determining amount of sale with approved price list for accuracy.
Inquiry
Seeking information of knowledgeable persons within or outside the organization; inquiry may be oral or written.
Examples:
-Inquired of management regarding inventory pledged as collateral.
-Inquired of the controller as to the adequacy of the bad debt pr
External Confirmation
Obtaining a written response about a particular item from a third party.
Example:
-Obtained confirmation replies directly from customers concerning the correctness of client's recorded year-end accounts receivable balances.
Inspection of Tangible Assets
Physical examination of the tangible assets.
Examples:
-Examined Stock Certificates of marketable securities purchased and held by client.
-Counted selected inventory and compared to inventory count sheet.
Observation
Watching a process or procedure being performed by the entity's personnel or the performance of control activities.
Examples:
-Observed the client counting the inventory.
-Observed the client personnel performing manufacturing functions.
Recalculation
Testing the mathematical accuracy of documents or records.
Example:
-Recomputed the depreciation expense computed at year end by the client for accuracy.
Reperformance
An independent execution of procedures or controls that were originally performed by the client.
Examples:
-Footed Sales Journal and traced to General Ledger account
-Footed Accounts Receivable Subsidiary Ledger and traced the total to the General Ledger
Analytical Procedures
Evaluations of financial information through analysis of plausible relationships among among both financial and nonfinancial data.
Examples:
-Compared inventory turnover with industry average
Three types of Analytical Procedures
-Horizontal Analysis: Review ratios over time.
-Cross-section Analysis: Analyze ratios of similar firms at a point in time.
-Vertical Analysis: Analyzing within a period of time; also known as "Common-size Financial Statements".
A basic premise underlying analytical procedures is that
Plausible relationships among data may reasonably be expected to exist and continue in the absence of known conditions to the contrary. Therefore auditors can use these relationships to obtain evidence about the reasonableness of financial statement amoun
Timing of analytical procedures (when used)
Required at the beginning for the planning stage to highlight risks and at the end of the audit in order to summarize and connect everything.
Can also be used during the audit for testing purposes for balances.
Areas subjective in nature
�Accounting estimates - This is subjective; bad debt provisions, warranty expense, etc.
�Fair Values - Seeing if the values are "reasonable".
�Related Party Transactions - Lack of arms-length transactions.
Workpapers
Audit documentation that records audit procedures performed, relevant audit evidence obtained, and the conclusions the auditors reach.
Current File
-Current year working papers
-Index and cross-referencing
Permanent File
-Items of continuing audit interest
Steps in the audit process
1)Plan the audit
2)Obtain an understanding of the client and its environment, including internal control
3)Assess the risks of misstatement and design further audit procedures
4)Perform further audit procedures
5)Complete the audit
6)Form an opinion and i
Obtaining Clients
1. Initial Investigation (Sources): Submit a Proposal and develop quality control policies
2. Communication with Predecessor Auditor: Communication is important for the evaluation of management integrity. Topics of communication include: integrity of mana
Information gathering to obtain an understanding of the clients and its environment
Perform risk assessment procedures, including:
-Inquiries of management and others within the entity
-Analytical procedures
-Observation and inspection relating to client activities, operations, documents, reports and premises
-Other procedures, such as i
Understanding the client's business - Nature of the Client
-Competitive position
-Organizational structure
-Accounting policies and procedures
-Ownership
-Capital structure
-Product and service lines
-Critical business processes
-Internal control
Understanding the client's business - Industry, Regulatory, and Other External Factors
-Competitive environment
-Supplier and customer relationships
-Technology developments
-Major laws and regulations
-Economic conditions
-Attractiveness of the industry:
-Barriers to entry
-Strength of competitors
-Bargaining power of suppliers of raw mate
Materiality
FASB�Information is material if omitting it or misstating it could influence decisions that users make on the basis of the financial information of a specific reporting entity.
PCAOB interpretation of federal securities laws�A fact is material if there is
Performance Materiality
The amount set by the auditors at less than materiality for accounts (or individual financial statements) to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the fi
The four bases that are used to determine materiality levels
1) 5% to 10% of net income before taxes
2) .5% to 1% of total assets
3) .5% to 1% of total revenues
4) 1% of total equity
Procedures for assessing risk of material misstatement due to Fraud (AU-C 315)
Procedures to assess fraud risks:
-Discussion among engagement team
-Inquiries of management and other personnel
-Risk assessment analytical procedures (to aid in planning the audit)
-Considering fraud risk factors
~Incentives
~Opportunity
~Attitude or ab
Internal Control
A process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding achievement of (the entity's) objectives relating to:
�Operations,
�Reporting, and
�Compliance
Foreign Corrupt Practices Act (1977)
Passed in 1977 in response to American corporation practice of paying bribes and kickbacks to officials in foreign countries to obtain business
The Act
�Makes illegal payment of bribes to foreign officials
�Requires an effective system of internal control
Preventive Controls
Controls that deter problems before they arise.
Detective Controls
Controls designed to discover control problems that were not prevented.
The components of Internal Control
-The Control Environment
-Risk Assessment
-Control Activities
-AIS
-Monitoring Activities
The Control Environment
� Commitment to integrity and ethical values.
� Board of directors demonstrates independence from management and exercises oversight of internal control.
� Establishment of effective structure, including reporting lines, and appropriate authorities and re
Risk Assessment
� Clearly specify objectives to allow the identification and assessment of risks related to those objectives.
� Identify and analyze risks to the achievement of its objectives to determine how they may be managed.
� Consider potential fraud relating to th
Control Activities
� Performance reviews
� Transaction control activities
� Physical controls
� Segregation of duties:
-Segregate authorization, recording, and custody of assets
AIS
� Identify and record valid transactions
� Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions
� Measure the value of transactions appropriately
� Determine the time period in which the transact
Monitoring Activities
�Ongoing monitoring activities
-Regularly performed supervisory and management activities
-Example: Continuous monitoring of customer complaints
�Separate evaluations
-Performed on nonroutine basis
-Example: Periodic audits by internal audit
Limitations of Internal Control
-Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc.
-Controls that depend on the segregation of duties may be circumvented by collusion
-Management may override internal controls
-Compliance may deteriorate over t
Purpose of Test of Controls and Substantive Tests
To address the effectiveness of the internal controls. They provide us with a way to determine the extent of substantive testing that will need to be done.
Substantive Testing is evidence gathering.
Control Deficiency
A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis.
Requ
Significant Deficiency
A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
Required Communication: With management and those in charge of gover
Material Weakness
A significant deficiency in internal control that, by itself or in combination with other significant deficiencies, results in a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected.
Required Co
Intergrated audit
An audit where auditors, in addition to an opinion on the financial statements, express an opinion on the effectiveness of a company's internal control over financial reporting.
The five stages for an integrated audit (internal control audit)
-Plan the engagement
-Use a top-down approach to identify the controls to test
-Test and evaluate design effectiveness of internal control
-Test and evaluate operating effectiveness of internal control
-Form an opinion on effectiveness of internal control
Management surveys customers about their satisfaction with the company's service. Which control is this?
Monitoring
The human resources department investigates the educational background of prospective employees. Which control is this?
Control Environment
Invoices are reviewed for accuracy before they are mailed to customers. Which control is this?
Control Activity
Management periodically evaluates the threats to preparing reliable financial statements. Which control is this?
Risk Assessment
The internal auditors periodically evaluates the controls in the various departments of the company. Which control is this?
Monitoring
Management has developed and distributed a code of conduct. Which control is this?
Control Environment
Management compares actual performance with budgets and forecasts. Which control is this?
Control Activity
The accounting department uses a manual of accounting policies and procedures. Which control is this?
AIS
Entry into the warehouse is strictly controlled by security personnel. Which control is this?
Control Activity
Management has prepared and distributed an organizational chart. Which control is this?
Control Environment