AFM 201 Audit: Midterm 1Fall 2011

Joanne Toporowski

Introduction to Auditing

• Why do we conduct audits?– Verification of information without self-review

• Three party accountability– First party: auditor– Second Party: accountable party– Third Party: user– Auditors vs. other professionals

Definition of Auditing

• Auditing is the accumulation and evaluation of evidence about information to determine and report on the degree of correspondence between the information and established criteria.

Key Components of Auditing

1. Quantifiable information (related to entity)

2. Criteria: GAAP generally3. Evidence gathering and evaluation4. Competent, independent person5. Reporting

Demand for Audits• Remoteness of information

– External auditors increase credibility• Bias and motives of provider

– May want loans, maintain stock price, management bonuses, etc.

• Voluminous data – Details can be lost in summary

• Complex exchange transactions– Not everyone has studied accounting or business

• Perceived cost/benefit– Reduce information risk

Internal Auditing

• Independent, objective assurance and consulting activity designed to add value and improve an organization’s operations.

• Internal auditors must be independent• Operational auditing

– Use of resources– Achievement of business objectives– Compliance with company policies

Types of Auditing• Public Sector Audits:

– Financial statement– Compliance

• Laws and regulations– Value-for-money

• Economy, efficiency and effectiveness

• Regulatory Audits:– Canada Customs and Revenue Agency– Federal and Provincial bank examiners

• Fraud Audits• Forensic Accounting• International Auditing

– International harmonization is a key focus

Financial Statement Audit

Compliance Audit Operational Audit

Purpose F/S in accordance with GAAP and represent underlying economic reality

Predefined set of standards. Determine whether the organization is following procedures (CSR) – externally laid out or internal

Efficiency – optimal use or resourcesEffective – get the job done

Users of Audit Report

F/S users - mainly external usersSometimes management

Banks, Insurance companiesPollution control, labour laws – authority/contract

Organization – internal – managers, senior level management.

Nature of Audit Report

Highly regulated with GAAS and GAAP – very standardized. (theoretically)

Slightly different for each audit procedure-wise. Criteria used is fairly standardized.

Not standardized

Perform by: PA – cannot be internal auditor ONLY PERSON that can sign off on an audit opinion is a PA

Public Accountant Public Accountant

Public Accountant Yes – This is where they spend the majority of their time.

Yes Yes

Government Auditor Occasionally Yes, frequently (Ontario Health Ministry, etc..)

Yes

CRA Never Yes Never

Internal Auditor Cannot do a F/S audit but can do a F/S review – but it has no weight.

Yes, frequently Yes, frequently

GAAS: Auditing Requirements

• The examination is to be performed and the report prepared by persons having adequate technical training and proficiency in auditing, with due care and with an objective state of mind.

Competent- Education and experience- Competence allows the auditor to:

1. recognize underlying assertions made by management,

2. decide which evidence is relevant to support assertion,

3. select and perform procedures for obtaining evidence, and

4. evaluate evidence for reality and conformity to GAAP.

Training and Proficiency

formal accounting education, continuing professional education technical qualifications experience in client industry

Objectivity

• Unbiased and impartial– This is achieved by maintaining

independence.• Independence in fact• Independence in appearance• Threats to independence

Threats to Independence

• Self-Interest • Self-Review• Advocacy• Familiarity

– Professional Scepticism• Intimidation

• Independence must be DOCUMENTED!

A note on independence…

Due Professional Care

• The quality of the audit work:• completeness of working papers, • evidence• appropriate conclusions based on the

evidence

• Court precedents “prudent practitioner;”• Firm will have quality control procedures in place

Practice Standards

• GAAS: Generally Accepted Accounting Standards– Overall responsibilities of auditors

• Ethical requirements• Examination standards

– Lists objectives of the audit• Express an opinion on whether the f/s are prepared in

conformity with an applicable framework– List principles and fundamental concepts

• NOT an “instruction manual”

GAAS: Examination Standards

• Planning: Plan and perform the audit to reduce audit risk to an acceptably low level consistent with the objectives of the audit

• Supervision: Plan the nature and timing of the audit as well as supervision and review of the engagement team’s work

Examination Standards Continued

• Internal Control Assessment: The auditor should obtain an understanding of the entity and its environment, including internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures.

Examination Standards Continued

• Sufficient evidence: The auditor should obtain sufficient appropriate audit evidence to be able to draw a reasonable conclusion on which to base an audit opinion.

• We will discuss evidence collection methods in a later chapter

GAAS: Reporting Standards

• Use of a standard report• Qualified – financial statements depart from

GAAP or the scope of the audit work was limited• Unqualified – auditors are not calling attention

to anything wrong• Report conclusion:

– Adverse opinion– Disclaimer of opinion

Final Notes

• Professional Scepticism– Inclination to question all material assertions made by

management– Results from potential conflict of interests between

management and users• Critical Thinking

– Who is management trying persuade– Statements must represent underlying activities

• F/S can be prepared in accordance with GAAP but not accurately represent the underlying transactions

The Audit Process

1. Preplanning– Engagement letter, staffing, independence threat analysis

2. Are preconditions for an audit present.– Acceptability of the financial reporting framework. – Management’s understanding of its reporting

responsibilities.– Scope limitations that may be present in the

engagement.

The Audit Process

3. Evaluate compliance with ethical requirements, including independence.– Assess independence of the auditor– Assess competence of the auditor

• Engagement teams

The Audit Process

4. Decide whether to accept or retain the audit engagement.– The PA needs to assess each potential

client for risk, and should re-assess existing clients on an annual basis.

The Audit Process

5. Establish an understanding of the terms of the engagement.– Document the expectations and limitations

of the engagement.– Obtain an understanding of the client’s

business, control environment and related risks.

Understanding the Client’s Business

• The auditor needs to identify risky areas that will require attention in the audit.– previous working paper files– preliminary analytic review– enquiries and interviews– trade publications and review of industry– client and competitor websites.

• Forensic auditors may be used to screen for fraud risks.

The Audit Process

• 6. Plan the Audit:– assess materiality,– assess risk,– make a preliminary assessment of inherent

and control risk, and– decide on audit approach for gathering

evidence.

The Audit Process

7. Perform the Audit Tests and Evaluate the results

– Test internal controls• Issue a report on managements internal controls

– Analytical procedures– Substantive testing

• Test of details of balances

8. Form an opinion9. Issue the appropriate report

Materiality

• Recall:– “Reduce risk to an acceptably low level”– “Free from material misstatements”

• Identify the acceptable amount of misstatements allowed in the financial statements.– Qualitative and Quantitative factors– Some inaccuracy is unavoidable

• Cost/benefit, time, budget.

Materiality

•Definition: Materiality is the largest amount of uncorrected misstatement that might exist in financial statements that still fairly present the company’s financial position and results of operations.•Material if: the information is likely to influence the economic decisions of financial statement users.• Focus on users of the F/S• Critical Thinking

Materiality• Auditors are generally left without definite,

quantitative guidelines to determine materiality.

• Quantitative guidelines:– 5% of income from continuing operations,– 5% of net income before bonus,

• Cumulative effect of errors

Materiality• Quantitatively immaterial misstatements

become material if:– Makes a change in earnings– Hides a failure to meet analysts’ expectations– Changes a loss into income– Affects the auditee’s compliance with regulatory

requirements– Involves the concealment of unlawful transaction

or fraud– Has the effect of increasing management

compensation

Risk Reduction

• Information Risk– Financial statements provide information that does not

accurately reflect the underlying transactions• Audit Risk

– Risk of insufficient evidence being gathered to correctly assess the underlying economic climate

– Created by the fact that you are taking a sample• Accounting Risk

– Risk that errors associated with forecasts used in GAAP and accounting estimates are not properly disclosed.

Audit Risk• The probability that an auditor will fail to express a

reservation that financial statements are materially misstated is audit risk.– The risk that the auditor’s opinion is incorrect– Auditors assess risk in audit related terms; inherent risk, control risk

and detection risk.

Inherent Risk• The probability of material misstatement occurring

in transactions entering the accounting system or being in the account balances is inherent risk.– Auditors do not create or control inherent risk.

• Auditors only try to assess its magnitude based on prior experience, management bias, and nature of the transactions.

• The auditor will consider factors that contribute to inherent risk.– Prior history of errors– Nature of the item– Process/calculation complexity– Management judgement/bias– Nature of account (understated or overstated)

Control Risk

• The risk that the client’s internal control system will not prevent or detect a material misstatement is control risk.– Auditors do not create or manage Control Risk;

• They evaluate or assess probability of failure to detect material misstatements.

• This assessment of effectiveness may be tested by the auditor in the audit.

– To justify assessment of LOW control risk

– Assessment is based on study and evaluation of the company’s control system.

– If you plan on relying on controls, you must test controls.

Detection Risk

• Definition: The risk that any material misstatement that has not been corrected by the client’s internal control will not be detected by the auditor.– Auditors can control this risk by conducting

substantive (balance audit) tests.• Substantive tests include audit of details of transactions

and balances, and analytical procedures applied to dollar amounts in the accounts.

Audit Risk Model

Audit Risk = Inherent Risk x Control Risk x Detection Risk

• Auditors generally try to limit audit risk to less than 5%

• AR, IR and CR cannot be 0%

Internal Controls

• Internal control is defined as the process designed, implemented, and maintained by management to provide reasonable assurance about:– the reliability of financial reporting, – effectiveness and efficiency of operations, and – compliance with applicable laws and regulations.

Internal Control Consists of:

• Control environment– management attitudes, structure, effective

communication of control objectives and supervision of personnel and activities

– Preventive vs. Detective/Corrective• Risk assessment process

– How does management identify and deal with potential risks?

– Starting point of the auditor’s business risk analysis

Internal Control Consists of:

• Information Systems and business processes– Support management decisions, related to all key business

processes– Open communication increases internal control effectiveness

• Control Activities– Capable personnel, segregation of duties, controlled access,

periodic comparison• Monitoring of controls

– How does management know that IC procedures are being followed?

Quality Control

• QC policies at firm and individual audit level• QC procedures should be communicated to

personnel in an understandable manner• Auditors should implement QC procedures.

Review any delegated work.• Document QC• Monitoring QC:

– Practice inspections, peer reviews, quality inspections

Financial Statement Assertions

• Assertions are claims management makes in financial statements.– Systems create trial balance– Management summarizes the information into

financial statements– Audit objectives are to obtain and evaluate

evidence about assertions made by management• Assertions are the fundamental management claims to

be audited

Five Principle Assertions

• Existence– Do assets, obligations (liabilities) and equities exist? – Did included transactions actually happen?

• Completeness– All transactions and amounts that happened are

included? Was anything MISSED or FORGOTTEN (cut-off considerations)?

• Ownership– Rights: Do the assets on hand belong to the company?– Obligations: Were the obligations incurred by the

company (not by someone else)?

Five Principle Assertions

• Valuation– Is the asset at lower of cost or net realizable

value? Is the liability at cost?• Presentation

– Do the statements include all relevant information in a way that financial statement users can understand?

– Assume a prudent user

Evidence Collection

• Inspection • Observation• Inquiry• Confirmation• Re-calculation• Re-performance• Analytical procedures

Evidence Collection

• Inspection– Inspection or count of a tangible asset or

document– Very reliable

• Observation– use of the senses to assess certain activities– Rarely sufficient evidence on it’s own– Must be DOCUMENTED!

Evidence Collection

• Inquiry– Obtaining of written or oral information from the

client in response to questions from the auditor– Assess risk, but don’t rely upon

• Confirmation– The receipt of a written or oral response from an

independent third party verifying the accuracy of information

– Extremely reliable but costly

Evidence Collection

• Re-calculation– Involves rechecking the computations and

mathematical work completed by the client during the period under audit.

• Re-performance– The redoing of other non-mathematical procedures

such as internal controls.• Analytical Procedures

– Use comparisons and relationships between financial and non-financial information to determine whether account balances appear reasonable.

Persuasive Evidence• Persuasive evidence is:

– Appropriate• Relevant – does the evidence pertain to the audit assertion being

tested?• Reliable

– Sufficient• Would another professional reach the same conclusion as you

did?– Timely

• Part of the evidence gathering decision is related to the tradeoff of the cost of gathering evidence versus its persuasiveness.

Reliable Evidence

• Auditor’s direct knowledge• Independence of provider• Effectiveness of client’s internal controls• Qualifications of individuals providing the

information• Degree of objectivity• Consistency from multiple sources

Reliable Evidence

• Most reliable: physical inspection, confirmation, external documentation, recalculation, re-performance

• Less reliable: external-internal documentation, internal documentation (with good internal controls), observation, analytical procedures with specific data

• Least reliable: internal documentation (if poor internal controls), inquiry, broad analytical procedures

The Auditor’s Report

• Recall: GAAS requires a standard report• Last paragraph is what is most important to

users

Introduction

• We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as of December 31, 20x1 and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory notes.

Management’s Responsibility

• Management is responsible for the preparation and fair presentation of these F/S in accordance with Canadian GAAP; this includes the design, implementation and maintenance of internal control relevant to the preparation and fair presentation of F/S that are free from material misstatement, whether due to fraud or error.

Auditor’s Responsibility

• Our responsibility is to express an opinion on these F/S based on our audit. We conducted our audit in accordance with Canadian GAAS. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance whether the F/S are free from material misstatement.

Explanation• An audit involves performing procedures to obtain audit

evidence about the amounts and disclosures in the F/S. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the F/S, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the F/S in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control.

DisclaimersAn audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of F/S.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Opinion Paragraph

• In our opinion, the F/S present fairly, in all material respect the financial position of ABC Company as of December 31, 20x1, and of its financial performance and its cash flows for the year then ended in accordance with Canadian GAAP.

Best of luck on your midterm!