AUD - Notes Chapter 1http://www.cpa-cfa.org Reports on Comparative Statements If the prior year’s financial statements were not audited and that the current year’s financial statements are being audited, the auditor is facing a scope limitation (because the beginning balances may not be correct) and may require a disclaimer opinion. When updating (changing prior) periods the explanatory should disclose the: D – Date of the auditor’s previous report O – Opinion type previously issued R – Reason for prior opinion C – Changes that have occurred S – Statement “opinion…is different” Only DORCS change their mind Update or change opinion when now in conformity with GAAP (restate prior yr F/S) Report of a predecessor auditor – presented The prior (old) CPA should: Read the current period statements Compare the statements audited with the current period statements Obtain a letter of representation from the successor auditor Obtain a letter of representation from mgmt If the report is unrevised use the original report date in any reissue If the report is revised dual date Report of a predecessor auditor – not presented The current (new) CPA should: Not name the predecessor auditor The date of the predecessors auditors report The type of opinion expressed by the predecessor auditor The substantive reasons for other than an unqualified report Subsequent Events Type I events – conditions on or before balance sheet date, accrue, looking backward Requires a F/S adjustment Type II events – conditions existing after the balance sheet date, disclose in footnotes, looking forward May require footnote disclosure Auditors responsibility for subsequent events – PRIME is included in yr end fieldwork P – Post balance sheet transactions R – Representation letter should be obtained from mgmt I – Inquiry M – Minutes of stockholders, directors, and other committee meetings should be read E – Examine latest available interim F/S; compare them with the F/S under audit Auditors responsibility after the original date of the auditors report The auditor has no active responsibility. However, if the auditor becomes aware of a subsequent event, auditor must use professional judgement to decide whether to adjust the F/S or disclosures If adjusts are made after the original date of the auditors report, the auditor may dual date the report Ex. “Jan, 21, 2000, except for Note 2, as to which the date is Feb 3, 2000” 1 AUD - Notes Chapter 1 http://www.cpa-cfa.org Facts discovered after report is issued (the auditors missed it) Auditor action Advise client to issue revised F/S or make additional disclosures Provide notification that the F/S can not be relied upon If the client refuses to follow procedures Notify the board of the directors Dissociate with the client Inform any regulatory agencies (if applicable) Notify parties relying on the F/S Omitted audit procedures discovered after submission of the audit program (we forgot to do it) Auditor should determine whether other audit procedures tended to compensate for the omitted procedures Apply the omitted procedures (or alternative procedures) Reporting on Other Information Auditor should perform limited procedures on supplementary information and report deficiencies & omissions 1. Inquire of mgmt 2. Determine if the methods uses are consistent with mgmt’s responses, audited F/S and other knowledge 3. Consider whether the client representation letter should refer to the supplementary information Segment information is required by GAAP Material misstatement – GAAP problem qualified or adverse opinion Scope limitation – GAAS problem qualified or disclaimer opinion When an auditor submits a document containing audited F/S to a client or others, the auditor has a responsibility to report on all information in the document The auditor must indicate in the report whether the accompanying information is fairly stated in all material respects in relation to the basic F/S taken as a whole. The report should also describe the character of the auditor examination and the degree of responsibility the auditor is assuming. Condensed F/S The Auditor must indicate: That the auditor audited and expresses an opinion on the complete F/S Date of the auditors report on the complete F/S Type of opinion expressed Whether the information in the condensed statements is fairly stated, in all material respects Selected financial data The auditor must indicate whether the selected financial data is fairly stated, in all material respects, in relation to the F/S from which it has been derived. An accountants report should include 1. Brief description of the nature of the engagement 2. Statement that the engagement was performed in accordance with AICPA standards 3. Identification specific entity, descriptions of the transactions, statement about the source of the information 4. A statement describing the appropriate acctg principles (including country of origin) to be applied 5. Statement that mgmt is responsible 6. A statement that any differences in the facts, circumstances or assumptions may change the report 7. Restrict use of report to mgmt, board of directors, prior and current auditors 2 AUD - Notes Chapter 1 http://www.cpa-cfa.org Reporting on F/S prepared for use in other countries Distribution outside U.S. only: auditor may use either - The report of the other country - US style report modified to the accounting principles of another country Distribution within the US: auditors report should be the US standard report modified as appropriate for departures from US GAAP. 3 cpa-cfa. assignment of the firms personnel to engagements. Reports and Accounting Services Auditing standards have restricted special reports to the following 5 areas 1. regulatory requirements. professional development and advancement Assurance regarding engagement performance Policies and procedures that assure that the engagement work meets professional standards.Purpose is to determine and report whether CPA firm being reviewed has developed adequate policies and procedures for quality control and they are following them . Other Engagements.Notes Chapter 1 http://www. a report is issued with conclusions and recommendations Personnel Management Criteria for hiring. occurs every 3 years for a CPA firm that is a member of the AICPA.org Quality Control Standards The five interrelated elements of quality control are: A – Acceptance and continuance of client’s engagement I – Independence. price-level adjusted F/S) The use of non-GAAP requires the auditor to issue either a qualified or adverse opinion unless the non-GAAP method is an OCBOA (in which case an unqualified opinion is appropriate) 4 . integrity and objectivity C – Continuous monitoring P – Personnel management A – Assurance regarding engagement performance Acceptance and continuance of clients and engagements Considers the risk associated with clients (don’t accept a client whose mgmt lacks integrity) Undertakes only those engagements that the firm can reasonably expect to complete with professional care Independence. integrity and objectivity Policies and procedures which help maintain personnel independence in fact and appearance Lead partner and the reviewing partner must rotate off the audit every five years Routine tax return preparation.One CPA firm reviews another CPA firms quality control system. tax planning and employee personal tax services are allowed under Sarbanes-Oxley but must be approved by the audit committee in writing Continuous monitoring What the title implies Peer review .AUD . . and the firms own standards of quality GAAS relate to the conduct of each individual engagement. OCBOA – use of other comprehensive basis of accounting F/S (cash basis. whereas quality control relate to the conduct of all professional activities of the firms practice as a whole The quality control standards of a firm affect both the performance of each audit and the performance of the audit practice as a whole Deficiencies in a firm’s quality control do not necessarily mean/indicate a lack of GAAS compliance.Upon completion. 3. A piecemeal opinion may be expressed if the items do not constitute a major portion of the F/S. The auditor may make modifications to an unqualified special report by adding an explanatory paragraph after the opinion paragraph Compilation and Review of Financial Statements CPA’s can perform two levels of service (compilation and review) with respect to unaudited F/S of a non-public company. Financial information presented in prescribed forms or schedules – the auditor may attest to the fairness on financial information presented in prescribed forms such as loan applications or regulatory filings. in the form of F/S. CPA does not perform any audit or review procedures. Compilation engagement – No assurance or opinion. STK EQ. A Review – Limited (negative) assurance. if the element is far-reaching or pervasive (NI.Notes Chapter 1 http://www. information that is the representation of mgmt A – Statement that the accountant has not audited the F/S R – Statement that the accountant has not reviewed the F/S D – Disclaimer of opinion and a statement that the accountant gives no assurance on the F/S You’re A LARD when all you do is compile F/S Compiled F/S that omit GAAP disclosures are acceptable if: Reason for omission was not to deceive user Compilation report warns user of missing disclosures Compilation with limited disclosures are labeled “Selected Information – Substantially All Disclosures Required By GAAP Are Not Included” 5 . An engagement letter is recommended but not required Statements on Standards for Accounting and Review Services – pronouncements issued by the accounting and review services committee of the AICPA A compilation engagement may involve compiling and reporting on only one financial statement The compilation engagement report should include: ALARD A – Statement that a compilation has been performed in accordance with SSARS issued by the AICPA L – Statement that a compilation is limited to presenting. accounts or items of a F/S – The auditor expresses an opinion on each of the specified elements. A piecemeal opinion cannot be issued if the auditor has expressed a disclaimer or adverse opinion.org 2. Limitedly distributed 4. Specific elements. or any item based thereon) the auditor must audit the complete set of financial statements. Issue special report on a clients compliance with contractual agreements or regulatory requirements Auditor must have audited the F/S and may only issue negative assurance. Cannot be issued if the auditor has expressed a disclaimer or adverse opinion. CPA performs inquiry and analytical procedures When a CPA performs more than one service (such as complication and an audit) the CPA should issue a report that is appropriate for the highest level of service rendered. Special purpose financial presentations to comply with contractual agreements or regulatory provisions 5.cpa-cfa.AUD . Notes Chapter 1 http://www. the report on the prior period should be updated and issued as the last paragraph of the current period’s report Downgrade in service (last yr we reviewed.AUD . even qualified or adverse. Or issue both a review report and compilation report 6 . Not required to communicate with predecessor auditor Make inquires of internal personnel. not external people or entities. no required to obtain an understanding of internal control or assess control risk An auditor is required to perform these in a Review: U – Understanding with client must be established L – Learn and or obtain sufficient knowledge of the entity’s business I – Inquires A – Analytical procedures R – Review.org An opinion. the report should be modified or the CPA with withdraw from the engagement. Reviews include inquiry and analytical procedures. this yr we compile). other procedures C – Client representation letter required from mgmt (don’t need with a compilation) P – Professional judgement should be used A – Auditor should communicate results The objective of a review of financial information is to determine whether material modifications are necessary for the information to be in conformity with GAAP. including testing internal controls. requires and audit. is not performed The accountants report in a review engagement should include: A – the review has been performed in accordance with SSARS standards established by the AICPA M – All F/S information is the representation of mgmt I – a review consists principally of inquiries of company personnel A – a review consists of analytical procedures applied to financial data S – a review is substantially less in scope than an audit N – no opinion is expressed M – accountant is not aware of any material modifications that should be made to the F/S in order for them to be in conformity with GAAP AM I A SNM Reporting on Comparative F/S When the continuing auditor performs a higher level of service (service upgrade) in the current period.cpa-cfa. When an accountant performing a compilation or review becomes aware of a GAAP departure. Issue a compilation report and add a paragraph to describe prior period responsibility assumed. Client representation letter from mgmt is required which covers all F/S’s and periods covered by the review report Audit test work. However. An opinion would not be expressed An accountant who submits unaudited F/S to the client that are not expected to be used by a third party may use an engagement letter rather than a compilation report Review of F/S – a higher level of service than compilation because it results in an expression of limited assurance. parties other than the names underwriter must provide the CPA with an attorney’s opinion or representation letter. and Financial info derived from accounting records A comfort letter is solely to assist the underwriters in conducting and documenting their investigation of the company in connection with the offering Provide positive assurance on: 7 . they become aware of a departure from GAAP Going concern no modification if disclosed Lack of Consistency no modification if disclosed Letters for Underwriters A comfort letter is a letter from the CPA to the named underwriter. review the predecessor’s documentation Inquiry of clients lawyer is not required but may be appropriate in certain circumstances Going concern is not required but may be appropriate Likely misstatement – best estimate of the total misstatement in an account balance or class of transactions. When a comfort letter is issued. the accountant should make inquires of the predecessor auditor.AUD . and if allowed.cpa-cfa.org Whenever prior accountants are asked to reissue a prior report (audit. It covers the period from the date of the last auditors’ report to the “effective date” of the registration. or Include an additional paragraph in the current report describing the responsibility assumed for the prior period statements Review of Interim Financial Information In an initial review of interim financial information. The accountant should: Accumulate all such estimates for further evaluation Consider that the aggregated effect of several immaterial misstatements Evaluate potential effect on current and future periods A review of interim F/S of a public company is conducted in accordance with AICPA auditing standards not SSARS Should modify their report if. the CPA is required to perform a review of interim financial information in accordance with auditing standards To obtain a comfort letter. review or compilation) they should reas the new F/S and obtain a representation letter from the new accountant Reporting when one period is audited Reissue the prior period report. during the review.Notes Chapter 1 http://www. confirming that such a party has a “due diligence defense” Comments in a comfort letter a limited to: Financial info expressed in dollars. procedures performed and findings obtained should be listed Changes in selected financial information during subsequent period Whether non-financial data in the registration statement complies with regulation S-K Attest Engagements Attest engagements – CPA is engaged to issue or does issue an examination. assuming the F/S are audited Provide negative assurance on: Unaudited F/S – if a review has not been performed. a review.org CPA’s independence Compliance of the F/S with the SEC Act. Agreed upon procedures may be performed is the following conditions exist: I – Independence of the practitioner A – Agreement of the parties M – Measurability and consistency 8 . or an agreed-upon procedures report on subject matter.Notes Chapter 1 http://www. or an assertion that is the responsibility of another party (usually mgmt).cpa-cfa.AUD . Major attest services: Agreed-upon procedures Financial forecasts and projections Pro forma F/S Internal control over financial reporting The following standards apply to services a CPA may offer: Audit engagements – SAS (Statements on Auditing Standards) Compilation and review engagements – SSARS (Statements on Standards for Accounting and Review Services) Attest engagements – SSAE (Statements on Standards for Attest Engagements) SSAE does not apply to: Providing consulting/advisory services Operational audits (usually performed by internal auditors) There are 11 attestation standards: TIPPY PE ACRS General Standards – TIPPY T – Training and proficiency I – Independence P – Performance/due professional care in planning and performance P – Professional knowledge of subject matter Y – Your belief that the assertion and the criteria is objective. measurable and complete Field work Standards – PE P – Planning and supervision E – Evidence to provide reasonable basis for the conclusion Reporting Standards – ACRS A – Assertion or subject matter should be identified C – Conclusions should be expressed R – Reservations or unresolved issues should be disclosed S – Statement restricting use of the report to specified parties should be included (if necessary) Agreed-upon procedures – CPA is engaged to issue a report of findings based on specific agreed upon procedures (example is mutual fund performance). cpa-cfa.AUD . budget) Financial projection – financial results based on a “what if” scenario. based on expected conditions (i. While both.e. Pro forma F/S are different.Notes Chapter 1 http://www. Compilation of prospective F/S – the proper assembling of financial data based on the party’s assumptions No assurance of any kind given The practitioner is not required to gather supporting evidence Significant assumptions must be disclosed otherwise cannot issue compilation 9 . based on hypothetical assumptions Forecasts and projections are two types of prospective F/S. because it shows what past financial results of an expired period would have been if something had been different.org S – Sufficiency of the procedures U – Use of the report is restricted to the specified parties R – Responsibility for the subject matter rests with the client E – Engagements to perform agreed upon procedures on prospective financial statements I AM SURE you can perform these agreed upon procedures Financial forecasts – the expected financial results of a future period. Only a financial forecast is appropriate for general use. forecasts and projections are appropriate for limited use. org Planning and Supervision TIP PIE ACDO The audit committee is responsible for the selection and the appointment of the auditor and the reviewing the nature and scope of the engagement In a new client relationship. If the client is unwilling it is a scope limitation. internal control matters After acceptance.cpa-cfa. inquiry the old CPA regarding: Make specific inquiries about the audit Review predecessors audit documentation (workpapers) Preliminary Engagement Activities Assess the integrity of mgmt Assess the availability and adequacy of the clients accounting records (lack of records = scope limitation) Evaluate the firm’s quality control policies and procedures An engagement letter – a signed contract which documents the understanding with the client is required for an audit engagement (should be signed and dated by the client) Management’s is responsible for: The F/S Internal controls Compliance with laws Representation letter (letter to auditor at end of the engagement that confirms the representation made) Auditor is responsible for: Conduct the audit in accordance with GAAS (obtain reasonable assurance about whether the F/S are free from material misstatements An audit is not designed to detect error or fraud that is immaterial to the F/S An audit is not designed to provide assurance on internal control or to identify significant deficiencies Audit is subject to inherent risks that errors and fraud will not be detected. its environment and internal controls Obtain knowledge about the clients industry and business through: Audit guides. auditing procedures) Reasons for change of auditor Communication to the audit committee regarding fraud. inquiry the old CPA regarding: Information that may reveal mgmt integrity Disagreements with mgmt (accounting principles.AUD .Notes Chapter 1 http://www. Before accepting the client. trade publications and public information 10 . extent and timing of planning procedures will vary based on the engagement (the NET we cast over the audit) The auditor is required to obtain an understanding of the entity. If we discover fraud then we report it to the audit committee Planning the Audit The nature. it is mandatory to make inquiries of the predecessor auditor. illegal acts. Client permission is needed. the basis for those levels and any subsequent changes 11 . and timing of other audit procedures (required) Substantive tests to obtain evidential matter (optional) Overall review in the final stage of the audit (required) Analytical procedures performed during planning Used to enhance the auditors understanding. such as comparing financial statements to budgeted amounts Financial data is used through relevant nonfinancial data (number of employees.org Tour client facilities Review financial history of client Obtain understanding of client accounting Inquire of client personnel Analytical Procedures used for: For planning the nature.Planned further audit procedures Timing of audit procedures should be discussed with mgmt Materiality Known misstatements – specific misstatements identified during the audit Likely misstatements – misstatements the auditor considers likely to exist due to differences between auditor and mgmt judgements or from audit evidence Tolerable misstatements – maximum error in a specific population that the auditor is willing to accept All misstatements must be communicated to mgmt Because the F/S are interrelated. extent. analytical procedures consist of a review of data aggregated at a high level. extent.cpa-cfa. contracts or regulatory provisions Increase mgmt’s compensation Affect significant F/S elements Can be objectively determined The auditor should document: Planning levels of materiality and tolerable misstatement. both individually and in aggregate.AUD . and identify unusual transactions. the auditor should use the smallest level of misstatement that could be material to any one of the F/S The auditor must consider the effects. events and amounts During planning. square footage) The audit plan Must be written Specific audit procedures are documented Description of the nature.Planned risk assessment procedures (assess risk of material misstatement) (required) . of the uncorrected misstatements (both known and likely) Misstatements are more likely to be considered if they: Affect trends in profitability Affect’s entity’s compliance with loan covenants.Notes Chapter 1 http://www. and timing of: . Auditor assesses IR but can’t change Control risk (CR) – risk that a material misstatement could occur in a relevant assertion will not be prevented or detected on a timely basis by the clients internal controls (clients internal control does not catch it) Detection risk (DR) – risk that the auditor will not detect a misstatement that exists within a relevant assertion (auditor will miss the mistake).org Known and likely misstatements that were corrected by mgmt A summary of uncorrected misstatements (known and likely).Notes Chapter 1 http://www. auditors conclusions on whether those misstatements cause the F/S to be materially misstated. Risk assessment procedures 2. potentially affecting many relevant assertions The account balance level (transaction & item level) is used to determine the nature. extent. Greater the risk (RMM) the more persuasive evidence needed. When risk of material misstatement is high. Test of controls – test of internal controls (CRIME) 3. Detection risk is a function of the effectiveness of audit procedures.AUD . Audit risk and materiality must be considered at both the F/S level and the account balance (item level) At the F/S level. detection risk should be set low (so we have to do more work) Substantive procedures are always required Direct relationship between RMM and assurance required from Substantive procedures. Substantive procedures – tests $ balances F/S Assertions (made by mgmt) Transactions and events C – Completeness P – Proper period cutoff A – Accuracy C – Classification O – Occurrence 12 . assuming there are no related controls (mistake in the clients acctg system). The auditor can change the detection risk RMM and DR have inverse relationship. Inverse relationship between audit risk and materiality Audit Procedures: 1.cpa-cfa. and the basis for the conclusion Documentation of uncorrected misstatements should include: Separate identification of known and likely misstatements The aggregate effect on the F/S Relevant qualitative factors affecting materiality judgements Audit Risk Audit risk is the risk that the auditor may unknowingly fail to modify appropriately the opinion on the F/S that are materially misstated (risk that the auditor will give the wrong opinion) AR = RMM * DR AR = (IR * CR) * DR Audit risk (AR) should be low Risk of Material Misstatement (RMM) – assessed by auditor and is independent of F/S audit Inherent risk (IR) – susceptibility of a relevant assertion to a material misstatement. the auditor should consider risks that have pervasive effect on the F/S. and timing of audit procedures. the auditor should consider the extent of involvement of the client’s internal auditors in the audit.org Account balances C – Completeness A – Allocation and valuation R – Rights and obligations E – Existence Presentation and disclosure C – Completeness U – Understandability and classification R – Rights and obligations V – Valuation and accuracy After sufficient planning information has been gathered. Fraud and Illegal Acts Errors – unintentional Fraud – intentional.AUD . the external auditor can’t share with the internal auditor any responsibility for audit decisions. 2 types 1.Notes Chapter 1 http://www. Auditor must obtain an understanding of the internal audit function If the auditor uses the work of internal audit. the more objectivity can be assumed The auditor remains solely responsible for the report on the F/S. competence and objectivity must be assessed The higher the level the internal auditors report to. Fraudulent financial reporting (lying) – designed to deceive F/S users. Misappropriation of assets (stealing) – theft of an entities assets Fraud risk factors include: Incentives/pressures: a reason to commit fraud Opportunity: lack of effective controls Rationalization/attitude: an attempt to justify fraudulent behaviour Its mgmt’s responsibility to design and implement programs and controls to prevent and detect fraud The auditor has a responsibility to plan and perform (referred to as design) the audit to obtain reasonable assurance about whether the F/S are free from material misstatement. The internal auditor may not be utilized to make judgement calls If a specialist is used must evaluate the competence and objectivity of the specialist. Inquire entire personnel regarding their views of fraud risk . Mgmt override of controls is a major factor in fraud. misrepresentation. Treat like one of your staff. A written audit plan is required for every audit.cpa-cfa.Inconsistent responses indicate a need for additional evidence Consider the results of analytical procedures (required during the planning and final stage) 13 . thus. When planning the audit. Usually involve manipulation. Internal auditors are not independent. intentional misapplication of accounting principles 2. whether caused by error or fraud. an audit plan should be drafted. review accounting estimates for biases . Overall. collectability Inventory quantities . Response addressing risks related to mgmt override .evaluate the business purpose for significant unusual transactions Significant fraud risk – may consider withdrawing from the engagement Revenue recognition . The auditor may need to reevaluate the assessment of fraud risk. general response .concern that there may be a failure to reconcile books to physical inventory Mgmt estimates . Inform the audit committee of any fraud.develop an independent estimate . Parties outside the entity that we may communicate with in certain circumstances: 14 .determining the appropriate level of supervision of engagement personnel .org Attributes of risk: Type of risk: fraudulent F/S or misappropriation of assets Significance of risk: can it lead to a material misstatement Likelihood of the risk: how likely is this to happen Pervasiveness of the risk: does it affect the whole F/S or only specific accounts or transactions 2 Areas of greatest fraud concern: 1.confirm with customers contract terms and the absence of side agreements Revenue recognition criteria 1. the assessed effectiveness of controls. Highly complex accounting principles The auditor is required to respond to the results of the risk assessment on three levels 1. must have an arrangement (signed agreement) 2. Response encompassing specific audit procedures . must be a delivery 3.engage a specialist .perform substantive analytical procedures relating to revenue . High degree of mgmt judgement and subjectivity 2.AUD . Improper revenue recognition 2.change nature .examine journal entries and other adjustments .change timing 3.assigning personnel to the engagement .change extent .cpa-cfa.evaluating mgmt’s selection and application of accounting principles 2.perform a retrospective review of prior period estimates (how good were last yr’s estimates) Misstatements caused by fraud (even immaterial misstatements) may be indicative of an underlying problem with mgmt integrity. must be fixed or determinable price 4. Mgmt override controls Items are more susceptible to manipulation when they involve: 1. and the appropriateness of audit procedures applied.Notes Chapter 1 http://www. Business risks – events or circumstances that could adversely affect the firm (ie competition) Financial performance Internal controls and accounting policies M – Material misstatement. support for this conclusion Illegal acts – violation of law The auditors responsibility to detect illegal acts are the same for fraud and errors. if its efficient to do so Factors to understand Industry. assessing the risks Factors that my be indicative of significant risks Unusual.to a funding agency Complete documentation of the auditors risk assessment and response is required If the auditor has not identified improper revenue recognition as fraud risk.in response to a subpoena . complex transactions Business risks Fraud risk 15 .cpa-cfa. assess A – Assess risk control C – Control testing P – Perform substantive testing A – Audit evidence. understand M – Material misstatement.to a successor auditor .Notes Chapter 1 http://www.AUD . strategies and business risks . evaluate appropriateness and sufficiency I .to comply with certain legal and regulatory requirements .Internal control – obtain an understanding of the entity and its environment Risk assessment procedures Inquires Analytical procedures (required for planning and final stages) Observation and inspection Discussion among audit team Other procedures The auditor may choose to perform substantive procedures or tests of controls. and other external factors Nature of the entity Objectives.org . The auditor has no obligation to look for illegal acts having an indirect effect on the F/S The auditor generally does not include procedures to specifically detect illegal acts Effect of illegal acts on the auditors report Departure from GAAP – “expect for” or adverse Insufficient evidence – “except for” or disclaimer Clients refuses to modify report – withdraw Risk Assessment TIP PIE ACDO (fieldwork) Audit Steps IMACPA I – Internal control. regulatory. org Significant related party transactions Highly subjective accounting estimates and principles Response to significant risks Evaluate the design of the entity’s related controls Determine whether the controls have been implemented Evaluate whether and how mgmt responds to such risks Test of controls – test strengths to be relied upon. processes and documents. its subsequent processing. than controls which only relate indirectly to an assertion. and its final disposition IT flowcharts are initially created to document the logic and existing flow of a computer program Internal control questionnaires – used for each item of mgmt assertions Narratives – a narrative is a written version of a flow chart (hard to “see” weaknesses Decision tables or trees – graphic illustrations that depict the logic of an operation or a process A flowchart is sequential while a decision table/tree is logical Internal Control TIP PIE ACDO Entity objectives 1. control factors that helped ensure mgmt rules and directives were followed Forms of documentation may include any item the auditor can FIND F – Flowchart I – Internal control questionnaire or checklists N – Narrative D – Decision table Flowcharts – symbolic diagram representing the sequential flow of authority. Reliability of financial reporting (most relevant to the audit) 2.Notes Chapter 1 http://www.cpa-cfa.AUD . Depicts the auditors understanding of the system An adequate flowchart shows the origin of each document in the system. not weaknesses Controls that are more directly related to an assertion are more effective in preventing. Documentation requirements Discussion among the audit team Key elements of the understanding of the entity and its environment The assessment of the risks of material misstatement The identified risks and related controls evaluated by the auditor Document 1. detecting and correcting a misstatement in that assertion. Compliance with applicable laws and regulations 16 . Effectiveness and efficiency of operations 3. control factors that were used/helped to plan the audit engagement 2. and these are the controls that the auditor must consider and understand. extent and timing of further audit procedures (CPA tests internal controls in order to adequately plan the NET audit) Limitations of internal controls Human error Collusion Mgmt override Segregation of duties may be difficult to achieve in a smaller entity IT system may make it impossible to reduce detection risk through substantive testing alone (must do control testing as well) IT benefits: Ability to process large volumes of transactions accurately Improved timeliness and availability of information Facilitation of data analysis and performance monitoring Reduction is the risk that controls will be circumvented Enhanced segregation of duties through effective security controls IT Risks: Potential reliance on inaccurate systems Unauthorized access to data Unauthorized changes to data. evaluate the design of relevant controls and determine whether then have been implemented 2. systems and programs Failure to make required changes and updates to systems or programs Auditor should document use of programs and perform tests more often during the yr Organizational structure of the IT department C – Control group – responsible for internal control within IT dept. assess the risk of material misstatement 3. while programmers do the detailed work L – Librarian – maintains the storage of the data 17 .cpa-cfa.Notes Chapter 1 http://www. Five components of internal controls – CRIME C – Control environment: overall tone of the organization R – Risk assessment – mgmt’s identification of risk I – Information and communication systems M – Monitoring: assessment of internal controls over time E – Existing control activities: control policies and procedures It’s a CRIME not to have strong internal controls Control testing = internal controls (CRIME) Substantive testing = $ balances The auditor should obtain an understanding of CRIME as it pertains to financial reporting: 1. O – Program Operators – input data P – Programmers – write and develop computer programs A – System Analysts – design the overall program. design the nature.org Controls that pertain to the first objective (reliability of financial reporting) are the most relevant to the audit.AUD . Custody of related assets The internal control environment should be detected in the ordinary course of business by an employee.Authorization .Application controls – controls for processing of individuals transactions . not . responsibility and accountability Human resource policies and practices R – Risk assessment CPA should obtain understanding and knowledge I – Information and communication CPA should obtain understanding and knowledge Accounting process (automated and manual). authorizing. influencing the control consciousness of its people Communication and enforcement of integrity and ethical values Mgmt’s philosophy and operating style Organizational structure Assignment of authority.Mgmt overrides For internal controls the auditor should Obtain the necessary understanding of the user organizations internal control to plan the audit Assess the control risk at the user organization.Recordkeeping . recording.AUD .org Anyone doing for an 1 job or supervising another area is a weakness CRIME C – Control Environment – has pervasive effect on the auditors risk of assessment and preliminary judgements about its effectiveness may influence NET of further audit procedures to be performed Sets the tone of an organization. and accurate . and 18 . authrorized. processing and reporting transactions The financial reporting process. from initiation of a transaction to F/S Accounting records (electronic and manual) supporting information and specific accounts involved in initiating.General controls – apply to information processing throughout the company P – Physical controls for safeguarding assets – simply security S – Segregation of duties – client should separate: ARC . including the development of significant accounting estimates and the inclusion of appropriate disclosure M – Monitoring CPA should obtain understanding and knowledge Process that assesses the quality of internal control performance over time Establishing and maintaining internal control is a responsibility of mgmt E – Existing control activities Control activities in a strong internal control system have PAID TIPS P – Prenumbering of documents A – Authorization of transactions I – Independent checks to maintain asset accountability D – Documentation T – Timely and appropriate performance reviews I – Information processing controls – ensure that transactions are valid.Notes Chapter 1 http://www.Collusion .cpa-cfa. or disclosures) Risk level high medium low Test of Controls . less assurance will be required from substantive procedures. If controls are operating effectively. Personal observation and knowledge 2. transaction classes. observation.Notes Chapter 1 http://www. and therefore it does not provide the user with a basis for reducing the assessment of control risk Responding to Assessed Risks IMACPA Audit approach – the auditors specific approach to identified risks at the relevant assertion level may consist of either a substantive or combined approach Use substantive approach when: Controls are not strong for an assertion Not cost/benefit to test the effectiveness of the controls Combined approach – both control testing and substantive procedures are used. the auditor should obtain more reliable or more extensive audit evidence Evidence hierarchy: 1.AUD .cpa-cfa. (test control strengths.IMACPA Test of controls are performed when the auditors risk assessment is based on the assumption that controls are operating effectively. however. and reperfornance As the planned level of assurance (about operating effectiveness) increases. inspection. not weaknesses) Obtaining an understanding of internal controls includes evaluating the design of controls and determining whether they have been implemented Only controls that are suitably designed to prevent or detect material misstatements are subject to tests of operating effectiveness Inspect client records documenting use and changes to IT programs Nature of tests of controls Tests of operating effectiveness of controls include: inquiries. Test of controls may be required in highly electronic environments. substantive procedures alone may not be sufficient Status of internal control None or weak Some Strong Audit approach Perform control tests Perform substantive tests No (because nothing to rely on) yes-maximum Yes Yes minimal (but never eliminate for material balances. or when substantive procedures alone are insufficient.org Perform substantive procedures Report on controls placed in operation – may aid the auditor in obtaining an understanding of controls. it is provided when tests of operating effectiveness were not performed. External evidence 19 . the auditor should modify planned procedures accordingly The auditor uses judgement to evaluate the sufficiency and appropriateness of audit evidence 20 . evaluate appropriateness and sufficiency – IMACPA Audit evidence obtained may cause the auditor to modify this or her initial risk assessment The auditor should not assume that an identified instance of fraud or error is an isolated occurrence When there is a change in the assessed level of risk. Look for support = vouching Test existence for overstatement of assets and revenues To test completeness assertion – Bottom up. Test of details – applied to transaction classes. the auditor should perform further substantive procedures (maybe with test of controls) to provide reasonable basis for extending audit conclusions to period end If risk of material misstatement is low. Oral evidence Timing of tests of controls When tests of controls are performed at one particular time. the auditor may choose to perform substantive procedures at or near period end. look to see its included/covered in F/S = tracing Test completeness for understatement of liabilities and expenses If substantive procedures are performed at an interim date. Substantive analytical procedures – used for large volume predictable transactions Directional testing To test existence or occurrence assertion – Top down. operating effectiveness must be tested at least one every third year Perform substantive testing – IMACPA Used to detect material misstatements at the relevant assertion level Substantive procedures should be designed to be responsive to assessed risks. account balances and disclosures. start from item.org 3. $ balances. Controls tested throughout the period provide evidence of operating effectiveness during that period Controls that are tested only during an interim period should be supplemented by additional evidence for the remaining period (roll forward) If controls have changed since they were last tested.AUD . they provide evidence that controls operated effectively only at that time.Notes Chapter 1 http://www. operating effectiveness must be retested in the current period Even if controls have not changed. performing substantive procedures at interim increases the risk that the auditor will not detect material misstatements in the F/S In certain situations. Internal evidence 4. regardless of the assessed risk.cpa-cfa. such as those in which there is an identified fraud risk. start from F/S. Audit evidence. however. ratios 2. substantive procedures are required for each material transaction class or account balance 2 types of substantive procedures 1. for entry into the general ledger Testing controls for Sales Inquire about credit procedures for new customers (valuation) (ARC) Compare sales journal to subsidiary ledgers Inspect a sample of prenumbered shipping documents and . the related receivable is eliminated Cash receipts 1. sales orders.Notes Chapter 1 http://www. for entry into the A/R subsidiary ledger.org Transaction Cycles TIP PIE ACDO – whole chapter 4 Revenue cycle – includes sales revenues. Preparation of sales order – a serially numbered sales order is prepared and sent to the credit department for approval 2. Credit approval – valuation assertion.agree to sales order (existence) . credit department determines (ARC) 3. Collection – incoming mail must be opened by a person who does not have access to the A/R ledger. completeness. needing an asset or services sends an approved serially numbered requisition to the purchasing dept 2. Collection of cash receipts 3. rights and valuation) Send confirmations – follow up on error reports (rights and obligations) Test cutoff Test adequacy of uncollectible accounts Expenditure cycle Purchases 1. Use prenumbered purchase orders 3. and invoices are compared to ensure that all shipments were based on customer orders and properly billed. The invoice is then sent to the customer and A/R dept. Receipt of goods or services.account for prenumbered (completeness) Vouch a sample of sales invoices. Purchase orders – obtain competitive bids from various suppliers to make sure that the best price is obtained.it is preferable that the copy not indicate the quantity ordered (blind copy). One receipt copy should be sent to cashier (or treasury) for bank deposit. Purchase requisition – the dept. Another copy sent to A/R dept. receivables and cash receipts Sales (serially number documents are PAID TIP) 1. Accounting – the sale is entered into the sales journal and a receivable is recorded (ARC) Accounts receivable 1. thus the receiving dept is forced to count the goods upon arrival 21 . Auditor observes the preparation of aging schedule to support assessing control risk below maximum 4.AUD . Sales 2. Shipping documents. Uncollectible receivables – an aging schedule is prepared and sent to the credit department for use in carrying out its collection program. trace a sample of shipping documents Inspect customer exception file and disposition (existence. A third copy should be sent to acctg dept. Sales returns – a serially numbered receiving report may be used as a sales return slip. Shipment – Shipping department prepares a serially numbered bill of lading (ARC) 4. (ARC) 5. Once the return is approved. Billing – Billing dept. prepares serially numbered sales invoice.cpa-cfa. Inspect checks when deposited/cashed and compare to when accts receivable was booked Kiting – when a check drawn on one bank is deposited in another bank and no record is made (cash is recorded in 2 places at once (Dec 31)) A bank transfer schedule compares the dates checks are drawn to the dates checks are deposited A standard bank confirmation should be sent to all banks that the client has done business with during the year.Notes Chapter 1 http://www.org Accounts payable 1. receiving report. the accounting department approves it by matching the invoice. and (sometimes) the requisition Cash disbursements 1. regardless of whether there is a year end balance to confirm. Audit procedures related to cash Internal controls over the handling of cash is one the most critical areas of an audit. purchase order. reconcile bank statements. Treasurer pays the bills The accounting department has three functions 1. proper segregation of duties The auditor should obtain cutoff bank statements used to test for lapping and kiting Vouch postings to ledger accounts. and verify cash transactions Simultaneously verify internal and external evidence Internal evidence – includes counting cash on hand and reconciling it with the journals External evidence – includes confirming accounts on deposit with banks. to approve the invoice for payment 3. record the payable 2. best for internal control to segregate approving payment and writing checks 3. to record the payable 2. to record the payment after its paid by the treasurer The auditor should review bills in January to determine is they were incurred in Nov or Dec (search for unrecorded liabilities.AUD . approve the bill – when the invoice arrives. all securities on deposit and obtaining bank cut-off statements Lapping – theft of cash is often concealed by failing to account for cash receipts (today’s cash receipts cover yesterday’s theft) Best way to guard against lapping is to use a lock box system. best for internal controls to pay invoices by check 2.cpa-cfa. Potential misstatements Recording fictitious sales (existence assertion) Holding open the sales journal to include next year’s sales (improper cutoff) Shipping unordered goods near year end which can be returned (bill and hold) Failure to record payments Sales adjustments may be used to conceal thefts of cash collections Reduce risk by ARC 22 . leases.AUD . pension plans. insurance company.Notes Chapter 1 http://www. stock options. observation. such as: Selection and application of accounting principles Possible material misstatements Need to revise the auditors previous risk assessment Significant difficulty in applying necessary audit procedures Modification to the auditors standard report You can provide audit documentation to another party without the clients permission: If it’s subpoenaed in court To your defense team: lawyers. and conclusions reached. auditing standards require audit documentation be completed 60 days from report release date and held for 5 years from that date For private companies. such as retracing. recalculation and reconciliation Corroborating evidence – provides additional support for the acctg data.org Audit Documentation Audit documentation (workpapers) belong to the CPA (not the clients acctg records) and are meant to support the auditors opinion and record audit procedures performed and evidence obtained Audit documentation should: Indicate that the accounting records support/reconcile to the F/S Contain enough detail so an auditor with no prior knowledge can understand the whole audit Support that the audit was conducted in accordance with GAAS Report release date – date on which the auditor grants the client permission to use the report (usually date report is delivered to the client) For private companies.cpa-cfa. inquiry and inspection 23 . type and content of audit documentation are based on the auditors judgement Permanent (continuous) file – audit documentation that has continuing interest from year to year . the PCAOB requires audit documentation be completed 45 days from report release date and held for 7 years from that date The specific quantity. bylaws Current file – all audit documentation applicable to the year under the audit Audit documentation should include significant audit findings. expert witnesses AICPA for an investigation or quality review Audit Evidence Audit evidence – all the information an auditor uses to arrive at the opinion The auditor should have access to all pertinent accounting data and corroborating evidential matter (otherwise it’s a scope limit) Types of audit evidence Underlying accounting records – test through analytical procedures and substantive tests.contracts. actions taken. additional audit procedures performed and results of those procedures Investigate significant differences (if found): make inquires of mgmt. but simply indicate the need for further investigation Analytical procedures are applied during the overall review stage of an audit to evaluate the overall F/S presentation and assess the conclusions reached Test of Details Directional testing refers to testing either forward or backward If a test starts with items in the accounting records.AUD . expectation. The third standard of fieldwork – “The auditor must obtain sufficient appropriate evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the F/S under audit” Evidential matter must persuade the auditor that the ending balance in the F/S are fairly presented (persuasive rather than conclusive) Cost/benefit relationship may be a valid reason for performing only certain procedures.cpa-cfa. Test of details (applied to transactions balances and disclosures) 2. industry norms. Differences do not necessarily indicate errors or fraud. However analytical procedures used as substantive tests are not required. in necessary expand audit procedures or alternative substantive procedures.Notes Chapter 1 http://www. extent and timing of audit procedures. factors.org Electronic evidence – consider the time during which information exists or is available in determining the nature. Documentation requirements. the proper assertion is most likely existence 24 . and nonfinancial information Most effective and efficient for assertions in which potential misstatements are not apparent from detailed evidence or is not available The I/S has more predictable relationships than the B/S Accts with mgmt discretion are less predictable\ Analytical procedures for planning phase and final review phase are required. cost alone or difficulty in obtaining evidence is not a valid basis for omitting a procedure Evidential matter should be valid and relevant The greater the risk of material misstatement the more evidence will be required The higher the quality of audit evidence the less audit evidence needed Evidence must relate to the financial statement assertion under consideration The evaluation of evidential matter must take into consideration the achievement of audit objectives Substantive procedures are performed to evaluate mgmt’s assertions which help detect material misstatement Substantive procedures consist of: 1. Substantive analytical procedures Analytical Procedures Comparison of financial data – review current and prior year’s F/S and the current years budget. results. the client may have to intervene.org If a test starts with source documents. sales. sales returns and allowances.AUD . recalculation – verify mathematical accuracy I – Inquiry – both internal and external V – Vouching – directional testing. direct labor rates and test the computation of overhead rates Accounts receivable confirmations Positive confirmations – request response from the recipient (may be blank) Best type of confirmation for: large accounts. purchases. expect errors and disputes.cpa-cfa. examines support for the completeness assertions S – Subsequent events review – perform certain procedures after balance sheet date Other procedures Cut-off testing Test related account simultaneously Requesting a comprehensive mgmt representation letter Reading pertinent information Evidential Procedures for Selected Accounts Inventory The observation of beginning and ending inventory is required.Notes Chapter 1 http://www. perform alternative procedures Generally provide evidence regarding existence and rights and obligations Negative confirmations – recipient is asked to respond only if the amount stated in incorrect Not as good as positive confirmation 25 . May use alternative procedures to justify an opinion (acceptable when its impractical or impossible to observe inventory. crossfooting. The client counts the inventory and the auditor simply observes and test counts certain items Consigned inventory on hand is excluded from inventory count Related accounts – inventories. weak internal controls A greater degree of assurance but may result in lower response rate Non-responses should be: followed up. and COGS The auditor should examine purchase invoices and receiving report around yr end for cut-off testing The auditor should examine sales invoices and compare them to shipping documents around yr end for cut-off Determine whether inventory adhere to lower of cost or market principles and whether inventory is pledged or subject to liens Examine vendor invoices. auditor examines support for existence and occurrence assertions E – Examination/Inspection – provides evidence about the existence assertion C – Confirmation – Type of inquiry obtained from third party A – Analytical procedures – evaluate financial information through the study of data relationships R – Reperformance – auditor re-performs procedures or controls originally performed by the client R – Reconciliation – substantiates the existence and valuation of accounts O – Observation – auditor looks at a process or procedure performed by others T – Tracing – directional testing. it is most likely related to the completeness assertion Standard auditing procedures – FIVE CARROTS F – Footing. belief that the receipt would respond if there was a discrepancy Accounts payable confirmation – not required Are positive confirmations and generally left blank Objective is to determine whether A/P is understated Should be sent when internal control is weak Typically send to vendors with small or zero balances would be selected for confirmation However. Compare to authorization in the minutes of the board meeting Stock transactions – vouch to supporting documentation All issues relating to stock. Compare interest expense with the bond payable amount for reasonableness Contingencies – look at guarantees. and TS must be authorized by the board of directors Articles of incorporation goes in the permanent audit file 26 . later signed by the treasurer Control procedures – PAID TIPS PPE Acquisition – a special requisition form is needed. small balances. tax returns. hours worked or jobs completed Payroll check preparation – computes salary based on information received.AUD .Companies do not pay real estate taxes on property they don’t own . purchase commitments.Notes Chapter 1 http://www. valuation is fairly reported. Interest expense should be independently computed Long term debt – ensure that interest expense is properly reported. leases.org Use when there is low risk. dividends. Acquisitions are ties to the capital budget and the board of directors should also have to approve the acquisition. comparing terms and amounts to board approval. unrecorded liabilities generally surface eventually when unpaid vendors stop delivering goods Payroll and Personnel There should be segregation of duties as follows Authorization to employ and pay – function of HR to hire new employees Supervision – all pay base data (hours. time-off) should be approved Timekeeping and costs accounting – data on which pay is based. all debt has been recorded.cpa-cfa.Tour plant and inquire Liabilities Notes payable – examine the note. clients legal counsel Owners Equity Treasury stock – auditor should examine all shares of treasury stock and reconcile the number of TS shares. Subsidiary ledgers – detailed information on each asset is kept in the subsidiary ledger Physical security Written policies – on depreciation and capitalization Disposition – retirement of assets should be documented and sequentially numbered Audit procedures Vouch additions Review retirements and recalculate any gains/losses Review repair and maintenance accounts in order to locate items that should have been capitalized Be alert for lien’s on assets (borrowed) .Companies cannot/do not insure fixed assests they do not have . Notes Chapter 1 http://www.org If the client uses a stock transfer agent.cpa-cfa. Determine whether mgmt’s significant assumptions provide a reasonable basis for fair value measurement Litigation Mgmt is the primary source of information regarding litigation. claims Letter inquiry to clients attorneys should be signed by the client but sent to the lawyer by the auditor 27 . R Review minutes. The auditor focuses on evaluating the presentation and disclosure of the F/S (mgmt assertions = classification & understandability) Audit Evidence: Miscellaneous Items Related Party Transactions Concerned about valuation and accuracy A related party transaction is not considered to be an arms length transaction Should be adequately disclosed Determining the existence of related party transactions Evaluate company’s procedures and policies for related party transactions Inquire mgmt and predecessor auditor Review entity’s filings with the SEC Review board minutes Compensating balance agreements Loan agreements Unusual. and IRS correspondence Its mgmt’s responsibility to identify and account for litigation.AUD . non-recurring transactions new year end Accounting Estimates Assess mgmt’s written policies and practices of acctg estimates Verify that all material estimates have been developed Determine that the accounting estimates are reasonable Ensure that the accounting estimates are properly presented and disclosed in conformity with GAAP Test for reasonableness Are they using the same methods Past track record of estimates is good Justify any changes in approach Auditing Fair Values Estimates and valuation methods may be used when market values are not available Changes in fair value measurements may be treated in different ways under GAAP (NI or OCI) Evaluate the sufficiency. and consistency of evidence obtained with respect to fair value measurements and disclosures. check the stock certificate book Consider whether any appropriations of retained earnings are necessary (due to loan covenants). competency. An external inquiry of the entity’s attorney is simply a means to corroborate information provided by mgmt. use third party confirmations If the client doesn’t use a stock transfer agent. invoices from lawyers. Notes Chapter 1 http://www. including court costs If the lawyer refuses to respond scope limitation qualified or disclaimer opinion Client refuses to permit inquiry disclaimer opinion 28 .cpa-cfa.org The lawyers response to the letter should include a professional opinion on the expected outcome of any lawsuit and the likely outcome of any liability.AUD . Population of 1000 and sample 100 items and 7 deviations identified within the sample 7% sample deviation rate Estimate 70 deviations in the population (7% sample deviation rate) 29 . Auditors usually accept a risk of 5% (or 10%).Notes Chapter 1 http://www. Inverse to the risk is the confidence level (also called reliability).cpa-cfa. The auditor is 95% confident that the sample is representative of the population.org Audit Sampling (statistic sampling) Sampling risk – reach the wrong conclusion based on the sample Although statistical sampling aids the auditor in quantitative ways. sample results indicate a greater deviation rate than actually exists in the population There are two sorts of mistakes an auditor can make with sampling: 1. Variable sampling (probability-proportional to size PPS or estimation sampling or numerical quantity) – used in substantive testing of account balances ($ values) Audit risk – risk of getting the opinion wrong due to uncertainty in applying audit procedures (sampling and other) Risk of assessing control risk too low – risk that the assessed level of control risk based on the sample is less than the true risk based on the actual operating effectiveness of the control (i.AUD . sample results indicate a lower deviation rate than actually exists in the population) Risk of assessing control risk too high – risk that the assessed level of control risk based on the sample is greater than the true risk based on the actual operating effectiveness of the control. 2 main types of sampling 1. Professional judgement is still needed/required to set parameters and evaluate the results. it is not a substitute for professional judgement. the smaller the sample size would be needed. Rate set by the auditor Auditors allowable risk of assessing control risk too low Characteristics of the population Deviation rate – auditors best estimate of the deviation rate in the population from which the sample was selected. Attribute sampling (rate of occurrence) – used for testing internal controls (yes/no questions) 2. The auditor may falsely identify a problem where none exist (incorrect rejection and assessing control risk too high) The risk of incorrect acceptance and the risk of assessing control risk too low relate to the effectiveness of an audit in (possibly not) detecting an existing material misstatement. The auditor may fail to identify an existing problem (incorrect acceptance and assessing control risk too low) 2. The risk of incorrect rejection and the risk of assessing control risk too high relate to the efficiency of the audit (the auditor does more audit work than is necessary) Attribute Sampling Planning considerations Relationship between the sample to the objective of the test of controls Tolerable deviation rate – maximum rate of deviation from a prescribed procedure the auditor will tolerate without modifying planned reliance (or changing control risk assessment) on internal control.e. There is a direct relationship to sample size: the fewer the deviations expected. Commonly used when a population has highly variable recorded amounts Higher the tolerable misstatement the lower the sample size The auditor projects the misstatements found in the sample to the population using one of several methods (MPU. the auditor may conclude that there is an acceptably low sampling risk that the true deviation rate in the population exceeds the tolerable rate of 5% (this is because the sample deviation rate is much less than the tolerable rate) If the sample includes two or more deviations (2 in 60 = 3. expected deviation rate Sample deviation rate + allowance for sampling risk = Upper deviation rate Allowance for sampling risk = what we found in the sample isn’t representative of the population If the upper deviation rate is less than or equal to the auditors tolerable deviation rate.Notes Chapter 1 http://www. or Modify the nature. difference. the auditor may rely on the control (assuming results of other audit tests do not contradict such results) If the upper deviation rate exceeds the auditors tolerable deviation rate. etc). Instead the auditor would either: Select and test compliance with some other internal accounting control. For example assume the tolerable rate for a population is 5% and the sample consists of 60 items: If no deviations are found in the sample of 60. The projected misstatement is applied to the recorded balance to obtain a “point estimate” of the true balance.org If the estimated deviation rate for the entire population is less than the tolerable rate for the population. the auditor may conclude that there is an unacceptably high sampling risk that the rate of deviations in the population exceeds the tolerable rate of 5% (this is because the sample deviation rate is close to the tolerable rate) The auditor applies professional judgement in making such evaluations Perform the following steps when conducting attribute sampling Define the objective of the test Define the population Define the sampling unit Define the attributes of interest Determine the sample size including risk of assessing control risk.33%). the auditor would not rely on the control. ratio. extent. the auditor should consider the risk that such a result might be obtained even though the true deviation rate for the population exceeds the tolerable rate for the population.AUD .cpa-cfa. tolerable deviation rate. which usually results in a reduced sample size. or timing of related substantive tests to reflect the reduced reliance Discovery sampling – used for detecting fraud Stop-or-go sampling – allows auditor to stop and audit test before completing all the steps (to avoid over sampling) used when few error are expected in the population Variable sampling (estimation sampling) Stratification – items subject to sampling are separated into relatively homogenous groups and treated as a separate population. The auditor must then add an allowance for the sampling risk (sometimes called a precision interval) to this estimate 30 . the allowance for sampling risk).Notes Chapter 1 http://www.org In deciding whether to accept the clients book value. branch. off-line.the maximum dollar error that may exist in the account without causing the F/S to be materially misstated Reliability factors correspond to the risk of incorrect acceptance and are generally obtained from a table The Effect of Information Technology on the Audit Test data (test deck) – technique that uses the application program to process a set of test data.AUD . the book value is fairly stated Probability-Proportional to size (PPS) PPS – sampling unit is defined as an individual dollar in a population Advantages Emphasizes larger items by stratifying the sample. PPS sampling generally requires a smaller sample than other methods Disadvantages Items with zero. and while under the auditors control Integrated test facility (ITF) – similar to test data approach except that the test data is commingled with live data (the clients system is used to process the auditors data. the results of which are already known. This is usually accomplished by processing the test data to dummy accounts (fictitious customer. The chance of an item being selected is proportionate to its dollar amount If no errors are expected. (the clients system is used to process the auditors data. negative or understated balances require special design considerations Sampling interval = tolerable misstatement ÷ reliability factor Sample size = recorded amount of the population ÷ sampling interval Tolerable misstatement .e. vendor) Client personnel are not informed that the test is being run Parallel simulation (reperformance test) – auditor re-processes some or all the clients live data (using auditor software) and then compares the results with the clients files (the auditors system is used to process client data) Generalized audit software packages (GASPs) – allows the auditor to have little technical knowledge of the clients system (computerized environment) Internal Control Communication 2 types of control deficiency – deficiency in design and deficiency in operation Significant deficiency – adversely affects the fairness of the F/S Previously communicated significant deficiencies and material weaknesses that have not been corrected should be communicated again It is mgmt’s responsibility to evaluate and address control deficiencies 31 . If so.cpa-cfa. point estimate +/. on-line) Test data must be separated from the live data before the reports are created. the auditor determines whether the recorded book value falls within the acceptable range (i. reviews. while In a separate examination of internal control. use of the report is generally not restricted SOX requirements related to internal controls PCAOB standards require: Issuers report (within the annual report) on mgmt’s assessment of the effectiveness of the company’s internal control over financial reporting. the auditor may indicate in the auditors report that the audit was conducted in accordance with both standards Government Auditing Auditors responsibilities Obtaining reasonable assurance that the F/S are free of material misstatements resulting from violations of laws and regulations that have direct and material effect on the F/S Obtaining an understanding of the possible effects on F/S of laws and regulations Assessing whether mgmt has identified laws and regulations that have direct and material effect Communicating to mgmt and the audit committee that an audit in accordance with GAAP may not be sufficient if. Expanded internal control documentation and testing requirements 2. and not on mgmt’s assertion In a F/S audit.org Reporting on an entity’s internal control over financial reporting (not an audit. and agreed upon procedures by reference and include expanded requirements Audit requirements for federal financial assistance 1. during the audit. a representation letter to the accounts When a material weakness exists.Notes Chapter 1 http://www. the auditor becomes aware that the entity is subject to additional audit requirements that may not be encompassed in the terms of the engagement Attestation engagements performed in conformity with Generally Accepted Government Auditing Standards (GAGAS) (the yellow book) incorporate the AICPA’s standards for examinations. and Auditors attest to (audit) the accuracy of mgmt’s report The auditors report must disclose material weaknesses in internal control. The assertion may be presented in two ways: 1. but is not required to disclose significant deficiencies that are not material weakness (different than the attestation standards) If an auditor conducts the audit (of a nonissuer) in accordance with both GAAS and PCAOB.AUD . a separate report that will accompany the accountants report 2. Expanded reporting to include whether the federal financial assistance has been administered in accordance with applicable laws and regulations (compliance requirements) 4. Auditors provide a copy of their peer review to government audit clients 32 . just hired to review internal controls) The CPA may report on mgmt’s assertion or may report directly on the effectiveness of the entity’s internal control Obtain from mgmt a written assertion about the effectiveness of the entity’s internal control. Application of single audit standards to federal financial assistance 5. Expanded reporting to include formal written reports on the consideration of internal control and the assessment of control risk 3. use of the report on the internal control is restricted.cpa-cfa. the CPA should express an opinion directly on the effectiveness of internal control. Outside directors are not employees of the firm and do not have a material financial interest in the firm main purpose is to enhance the internal control by creating a means of direct communication between the committee and the auditors. Auditors often have the responsibility of reporting significant deficiencies to specific regulatory bodies or grantor agencies A5-47 chart memorize Communication with the Audit Committee Audit committee – committee of the board of directors. This is different from GAAS. To confirm representations explicitly or implicitly given to auditor 2.audits of an entire organization that include additional audit procedures on specific programs and include a report on the F/S of the whole organization and audit reports on the specific programs program-specific audits . To indicate and document the continuing appropriateness of such representations 3.Notes Chapter 1 http://www.cpa-cfa. and oversee the services All material communications must be made to the audit committee before the auditors report is filed with the SEC Communication may be oral or written. composed of 3-5 members of the board who are outside directors. If its oral the auditor should document the conversation Do not communicate with the audit committee on how we (the auditor) plan to implement the audit Management Representations Obtained from mgmt at the conclusion of fieldwork and should address all F/S covered by the report even if current mgmt was not present during all such periods Purpose: 1.000 or more in federal financial assistance. but smaller programs may be deemed major is they are classified as high risk Materiality evaluation in a single audit includes a separate evaluation of materiality for each major program selected Single audits .00 in a fiscal year to have an audit performed in accordance with the Act Programs classified as major are those that expend $300.org Mgmt is responsible for the entity’s compliance with laws and regulations Mgmt has identified and disclosed in writing to the auditor all the laws and regulations that have a direct and material effect on its F/S Audit reports should be distributed to the appropriate officials of the entity requiring or arranging for the audit (including external funding sources) GAGAS requires a written report on the auditors understanding of internal control and the assessment of control risk in all audits. which requires written communication only when significant deficiencies are noted Single audits: OMB Circular A-133 The single audit act (OMB Circular A-133) requires entities that expend total federal assistance equal to or in excess of $500. An audit committee is considered to be part of the internal control structure SOX requires the audit committee to approve the engagement of an auditor.AUD . To reduce the possibility of misunderstanding concerning matter that are the subject of the representations 33 .audits of specific programs and do not include reports on the F/S of the organization taken as a whole Auditor communication requirements increase in government settings. inventory obsolescence) 34 . impairment of an asset.Notes Chapter 1 http://www.AUD . otherwise issue disclaimer or withdraw Dated same as the audit report Signed by the CEO and CFO Representations may be limited to items that mgmt and the auditor agree are material The auditor should obtain additional representations from mgmt for special or specific situations.cpa-cfa.org Letter is mandatory to issue an unqualified opinion. Changes in the business that may impact the F/S (new acctg principle.