caea 2218 lecture 1 - introduction-anytopdf

DEPARTMENT FO FINANCIAL ACCOUNTING AND AUDITINGCAEA 2218 AUDITING PRINCIPLESDR HASLIDA ABU HASAN

LECTURE 1

Logistics & Introduction to Auditing and Assurance

Engagements

Logistic

Refer to course information distribution during lecture 1

Adhere to the course information closely Some lecture notes and/or other reading

materials will be uploaded to e-learning site Tutorial arrangements Assignment arrangements

CAEA 2218 :LECTURE 1 Slide 2

CAEA 2218LECTURE 1 Slide 3

Lecture Program1. Introduction to Auditing2. Overview of financial statement audits3. Materiality and audit risks4. Audit evidence procedures5. Audit planning and tests6. Internal control review7. Auditing the revenue cycle8. Auditing the purchasing cycle9. Auditing the inventory cycle10. Auditing cash11. Auditing property plant and equipment12. Auditing long term liabilities, shareholder’s equity & income

statement items13. Auditing payroll cycle

CAEA 2218 LECTURE 1 Slide 4

Definition of an auditA systematic process of objectively gathering and evaluating evidence in order to ascertainwhether assertions about economic actionsand events made by individuals or organizations correspond with establish criteria and communicating the results of the examination to users of the reports in which assertions are made (American Accounting Association, the association of US accounting academics)


Distinction between accounting and auditing

Accounting: identifies, organises, classifies, summarises and communicates information about economic events – a creative process

Auditing: gathers and evaluates evidence with respect to the accounting /economic events – an evaluative process


Classification of audit by their beneficiaries

External audits: undertaken by professionally qualified and externally accredited auditors who are external to the audited business – Big 4 and many other smaller audit firms. External audit are primarily for the benefit of shareholders and market efficiency.

Internal audits: traditionally undertaken by company’s own staff or auditing firms different from main auditor. Principally for the benefit of management, though the external auditor may draw upon the results of internal audits.

Classification of audit by their objectives :


(1) Certification audits: involve the examination of an entity’s financial statement which have been prepared by the entity’s management and directors for the benefit of shareholders and other interested parties

(2) Compliance audits: aim to determine whether an individual or an entity has acted in accordance with procedures/regulations set by an autority (eg. tax authority; parent company )

(3) Operational audits: involve the systematic examination and evaluation of an entity’s operations for the purpose of improving the efficiency and/or effectiveness of the entity. This has become known in the public sector as ‘value for money’ or VFM audits –NKRA – national key results area

Assurance, Attestation, and Nonassurance Services

Other Assurance Services

CertainManagement

ConsultingOther Attestation Services(e.g., WebTrust, SysTrust)

ATTESTATION SERVICES

Audits Reviews

Internal Controlover Financial Reporting

ASSURANCE SERVICES


Assurance, Attestation, and Nonassurance Services

CertainManagement

Consulting

NONASSURANCE SERVICES

Other ManagementConsulting

TaxServices

Accounting andBookkeeping


Types of Auditors

Internal auditors

Independent certified public accounting firms

Internal Revenue agents

Governmental general accounting office auditors



“The Audit Society” Michael Power Certification audits or financial statement audit has always

been regarded as a low-profile activity In the public sector, this activity sat alongside “regularity”

(spent according to the authorisation) and “propriety” (proper standards, relevant to the use of public money have been met).

From 1980s, growth of Value for Money or “performance auditing”.

From 1990s, massive extension of breadth and coverage of the notion of audit. Some connection to the withdrawal of government from production – eg. denationalization of utilities and substitution of regulation for ownership. Controversy about whether too many people watching rather than doing, particularly affects public sector but is much more general than that


The Role of Auditing


Audit objectives : Lending credibility to financial and non-financial

information provided by management in annual reports

Provision of management advisory services Increased responsibility for detecting fraud and

reporting doubts about “going concern” Helping to secure responsible corporate governance Reporting to regulatory authorities on (i) fraud

detected during audit; and (ii) doubts about auditees’ solvency


Audit techniques: Emergence of audit methodologies focusing on clients’

business risk (risk of auditees not meeting their objectives)

Audit based on : - A thorough understanding of the client, its

business, its industry and especially its’ risks; and- Identification of audit risk through analytical

review Adaptation of auditing to the e-commerce, e-business

environment

Relationships Among Auditors, Client, and External Users

Auditor

Client ExternalUsers

Client or auditcommittee hires

auditor

Auditor issuesreport relied

upon by users to reduce information risk

Client provides financial statements to users

Provides capital



Overview of the Financial Statement Audit Process


A need for theory:

A practical subject, ‘wholly utilitarian’ Practice has developed without theory Public conception has evolved without

theory


Can theory explain the existence of financial statement audit:

(1) AGENCY THEORY - Agency relationship : a contract under which one or more

persons (principal) engage another person (agent) to perform some service on their behalf which involves delegating some decision making authority to the agent

- assumptions : (a) rational utility maximisers; (b) information asymmetry

- therefore auditors act as watchdog over the agents (directors) (2) INFORMATION HYPOTHESIS

- an audit improves the quality of financial information(3) INSURANCE HYPHOTHESIS

- audit serve as an insurance for managers (agents), managers shift responsibility for reported data to auditors and thus they lower the expected loss from litigation- politicians also demand audits for similar reasons, eg. to escape criticism in cases of failures


Audit Expectations Gap• A gap between what the public expects or needs

and what the auditors can and should reasonably expect to accomplish

• Consider both perception of roles and ignorance gap

• Sources of expectation gap- Audit assurance: guarantee of accuracy

versus a probabilistic statement, changing nature of auditor’s responsibility for detection of fraud

- Audit reporting: perception of unqualified (clean) audit opinion, going concern debate

- Audit independence: the centre of gap


Social Role of Auditing

• “To add credibility to financial statements” (Mautz, 1975)

• Necessary for public to understand exactly what an audit can reasonably be expected to achieve

• Necessary that all relevant findings are communicated clearly


8 postulates about auditing (Mautz & Sharaf)

1. Financial statements and financial data are verifiable2. There is no conflict of interest between the auditor and management

of the enterprise under audit3. The financial statements and other information submitted for

verification are free from collusive and other unusual irregularities4. The existence of a satisfactory system of internal control eliminates the

probability of irregularities5. Consistent application of GAAP will results in the fair presentation of

the financial position and the results of operations6. In the absence of clear evidence to the contrary, what has held true in

the past for the enterprise under examination will hold true in the future

7. When examining financial data for the purpose of expressing an independent opinion, the auditor acts exclusively in the capacity of auditor

8. The professional status of the independent auditor imposes commensurate obligations


The 8 postulates led to 5 primary concepts of auditing

1. Evidence2. Due audit care3. Fair presentation4. Independence5. Ethical conduct

CAEA 2218 2010/2011,LECTURE 2 Slide 1

LECTURE 2

Overview of Financial Statement Audit

DEPARTMENT FO FINANCIAL ACCOUNTING AND AUDITINGCAEA 2218 AUDITING PRINCIPLES DR HASLIDA ABU HASAN

2-2

Auditing Standards serve as guidelines and measures quality of the auditors

performance GAAS – generally accepted auditing standards:

(1) General standards - adequate technical training & proficiency- independence- due professional care

(2) Fieldwork standards - adequate planning & supervised assistants- obtain sufficient understanding of internal controls- obtain sufficient appropriate evidential matter

(3) Reporting standards- GAAP- consistency- disclosure- opinion


2-3

GAAS


2-4

Management Assertions Financial statements issued by management contain explicit and

implicit assertions

(1) Transactions- Management asserts that transactions related to

inventory actually occurred (2) Account balances

- Management asserts that the entity owns the inventory represented in the inventory account

(3) Presentation and disclosures- Management asserts that the financial statements

properly classify and present the inventory


2-5

Management Assertions


2-6

Evidence Regarding Management Assertions & Sampling

Evidence that assists the auditor in evaluating management’sfinancial statement assertions consists of the underlying accountingdata and any corroborating information available to the auditor:

RELEVANCE;

RELIABILITY

Sampling: inferences based on limited observations

Auditors use (1) their knowledge about the transactions and/or(2) a sampling approach to examine the transactions.

It would be too costly for the auditor to examine everytransaction.


2-7

The Auditor’s Responsibility for Errors, Fraud, and Illegal Acts

The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud

Because of the nature of audit evidence and the characteristics of fraud, the auditor is able to obtain reasonable, but not absolute, assurance that material misstatements are detected

The auditor has no responsibility to plan and perform the audit to obtain reasonable assurance that misstatements, whether caused by errors or fraud, that are not material to the financial statements will be detected


2-8

Ethics, Independence, and the Code of Professional Conduct Ethics refers to a system or code of conduct based on moral duties and

obligations that indicates how we should behave Professionalism refers to the conduct, aims, or qualities that

characterize or mark a profession or professional person. All professions operate under some type of code of ethics or code of conduct


2-9

Clients’ Evaluation & Audit Risk In conducting audit, the auditors need thorough understanding of the

entity and its environment ( clients industry, regulations, operations, relationships, business strategies etc)

Audit risk is the risk that the auditor will give an inappropriate audit opinion on financial statements: Risk of material error occuring

Inherent risk Internal control risk

Risk of failing to detect material error Sampling risk Quality control risk

The auditor’s standard report states that the audit provides only reasonable assurance that the financial statements do not contain material misstatements

Reasonable assurance implies some risk that a material misstatement could be present in the financial statements and the auditor will fail to detect it


2-10

Client’s Evaluation & Audit Risk AUDIT RISK

(the risk of expressing an unqualified opinion on materially misstated financial statements)


risk of material error occuring(non-controllable)

risk of failing to detect material error (controllable)

Inherent risk Internal control risk Sampling risk Quality control risk

Account risk

Management integrity

Business risk

Failure to collect sufficient appropriate audit evidence

and/evaluate it properly

FIGURE 3.3 The Component of audit riskBrenda Porter, Jon Simon and David Hatherly, Principles of External Auditing, 2nd Ed, 2003, John Wiley & Sons Ltd

2-11

Clients’ Evaluation & Audit Risk Inherent risk – susceptibility of account balance/class of transactions to

material misstatement

Control risk – that a misstatement could occur that could be material, either on its own or together with other misstatements, that would not be detected or prevented by accounting and internal control procedures, review the

Control environment Control procedures Managing risk and control monitoring

Detection risk – that a misstatement would not be detected which might be material either on its own, or when aggregated with other misstatements


2-12

Materiality Materiality is the magnitude of an omission or misstatement of

accounting information that, in light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement

(material if its omission would reasonably influence decisions) Not capable of general mathematical definition Has qualitative and quantitative elements


2-13

Risk-based auditing Concentrating audit procedures on the areas of the client’s

systems/records that are likely to be at most risk of error, misstatement or fraud

Needs some decision criteria to determine the acceptable level of risk


2-14

Legal and professional rights and duties

Who can be an auditor?• Appointment and remuneration of auditors

in theory in practice

• Removal and resignation of auditors May resign or be replaced Disclosure of circumstances

‘Signals’ that are given to the market, media and stakeholders, both about auditee and auditors:

What does a new appointment show? What does an unexpected ‘exit’ show?

Auditors’ rights Access to the company’s books and accounts Explanation from the company’s management


2-15

Auditors rights and responsibilities

Auditors’ rights Access to the company’s books and accounts Explanation from the company’s management

Auditors’ responsibility to detect and report fraud, which includes Misappropriation of corporate assets Manipulation of accounting information Deception of a third party


2-16

Auditors’ duties1. STATUTORY DUTIES – Companies Act

• Carry out investigation and form opinion as to whether proper accounting records have been kept, F/S are in agreement with the accounting records, auditors received all the information/explanation required, the received explanation/information is consistent with the F/S

• Under the Companies Acts, directors are required to prepare F/S which give a true and fair view of the company’s state of affairs

2. COMMON LAW – courts’ cases explain expectation from auditors such as reasonable skill, care, caution in the circumstances

3. PROFESSIONAL AUDITING STANDARDS AND G’LINES – informing/increasing the quality of audit work– protecting the reputation of auditors– shielding auditing from further government involvement– mandatory compliance: disciplinary action may be taken by the

profession (self regulation)4. REGULATORY REQUIREMENTS – requirements for listed companies,

compliance with corporate governance requirementsCAEA 2218

LECTURE 2 Slide 16

2-17

Rules of professional conduct

1. Integrity2. Objectivity3. Competence4. Skill, care, diligence5. Courtesy and consideration


2-18

9 Fundamental principles of independent auditing (Auditors’ Code –APB, 1996)

1. Accountability2. Integrity3. Objectivity and independence4. Competence5. Rigour6. Judgement7. Clear communication8. Association9. Providing value


2-19

Objectivity and independence

INDEPENDENCE: the cornerstone of auditing, an attitude of mind not a set of rules

• Auditors need to be independent (in fact)• Possess an objective unbiased attitude of mind,

evaluate evidence and express an opinion impartially without being influenced by personal bias

• And must also be seen to be independent (in appearance) not to give the impression to others that the auditor is not independent


2-20

Threats to auditors’ independence

Financial involvement with the audit client Personal or business relationship Favorable treatment from an audit client Litigation and other external pressures on

the auditor Undue dependence on the audit client Provision of non-audit services to an

audit client


2-21

Threats to objectivity and independence

Self-interest threat Self review threat Management threat Advocacy threat Familiarity threat Intimidation threatEthical standards have been issued to promote alertness and define procedures to identify and assess significance of threats


2-22

Proposal for strengthening independence

1. Mandatory rotation of auditing firm2. Mandatory rotation of audit partner3. Appointment of auditors by

shareholder/stakeholder panel4. More vigorous Audit Committees5. Appointment of auditors by the government

Other professional conduct issues – conflict of interests, advertising, publicity, remuneration,

insider dealing, money laundering, whistle-blowing


2-23

Audit phases1. Client acceptance/continuance; and establishing

an understanding with the client2. Preliminary engagement activities3. Establishing materiality and assess risks4. Plan the audit5. Consider and audit company’s internal control6. Audit business processes and related accounts7. Complete the audit8. Evaluate results and issue audit report


2-24

Audit Report The auditor’s report (audit opinion) is the culmination of

audit process

For companies, auditor is statutorily required to report tothe company’s shareholders, although he/she should beaware that other interested parties/stakeholders will usethe report

The report communicates the auditor’s conclusion about,among other things: The truth and fairness with which the statements portray the

entity’s financial position; and

Their compliance (or otherwise) with the Companies Act


2-25

Audit Report The auditor is also required to communicate with those

charged with the company’s governance. Will address: Various aspects of the audit; Various aspects of the entity’s financial affairs; Material weaknesses in entity’s financial affairs; material

weaknesses in entity’s control system uncovered by theaudit; and

Ways in which such control weaknesses may be overcome This communication is often referred to as a management

letter (ML) ML normally focused exclusively on internal control

weaknesses and how they might be rectified Current practices of ML is broader in scope, but maintain a

private communication with the management and contentsare not generally revealed to shareholders or other thirdparties


2-26

Audit ReportUnder the Companies Act 1965, the directors’ are responsible for preparingfinancial statements, and

The auditors have responsibility of examining the financial statements, and itsrequirements indicate the issues auditors must look at to determine the type ofaudit report they will give. They are required to form and express an opinion asto whether they give a true and fair view of the company’s state of affairs andits profit or loss for the period of account under consideration, and whetherthey comply with the provisions of the Act as regards form, content and notes

Audit report usually is the only channel of communication between the auditorand shareholders of the company – the financial statements of which havebeen subject to audit

The report acts as a bridge taking the large volume of information possessedby auditors and conveying it to the shareholders in a much abbreviated form

In order to convey information in a succinct form, the audit report has becomean extremely formalised group of phrases, each of which has specialsignificance. Any deviation from the standard format is regarded by auditors assignificant and may provide important extra data


2-27

Audit Report Auditors have to understand the following details:

The form of an unqualified report and the meaningof the phrases used;

The situation where a qualified audit report isneeded and how such report should be phrased;

The situation where, although the opinion isunqualified, it may be relevant to includeadditional details emphasizing one particularaspect of the financial statements

AUDITOR CANNOT ‘GUARANTEE’ OR CERTIFY THAT FINANCIAL STATEMENTS ARE CORRECT.


2-28

Audit Report If financial statements are found to meet the necessary

regulatory requirements and other requirements, andprovide a true and fair view, the auditor may not haveproblem – but if they do not meet the requirements or arein some other respect deemed by their auditors flawed orinadequate, the extent of that problem must be gauged interms of the effect it will have on their overall opinion

Auditors opinion on financial statements may be one oftwo basic types:

1. Unqualified/unmodified (i.e., ‘clean’); or

2. Qualified/modified (‘except for’ opinion; ‘adverseopinion’; and ‘disclaimer of opinion’).


2-29

The Audit Report The title line of the audit report includes the word

“Independent,” and usually, the report is addressed to thestockholders of the company.

Basic elements of the audit report include title, introductoryparagraph, statement of responsibilities of directors andauditors, a scope paragraph –or basis of opinion, an opinionparagraph, an explanatory paragraph referring to the audit ofinternal control, auditors signature, the name of the auditor oraudit firm, and the date of the audit report.

- Refer to auditors’ reports that come together with companies annualreports – you could search annual reports for listed companies inMalaysia via www.bursamalaysia.com


2-30

The Audit Report The auditor may issue a qualified opinion.

Suppose a client’s financial statements contain a misstatement thatthe auditor considers material and the client refuses to correct themisstatement. The auditor will likely qualify the report, explaining thatthe financial statements are fairly stated except for the misstatementidentified by the auditor.

The auditor may issue an adverse opinion. Suppose a client’s financial statements contain a misstatement that the

auditor considers so material that it pervasively affects theinterpretation of the financial statements. Given such a situation, theauditor will issue an adverse opinion, indicating that the financialstatements are not fairly stated and should not be relied upon.



LECTURE 3

Risk Assessment and Materiality

CAEA 2218 -LECTURE 3 Slide 1 -30

Client’s Evaluation & Audit Risk AUDIT RISK

(the risk of expressing an unqualified opinion on materially misstated financial statements)

risk of material error occuring(non-controllable)

risk of failing to detect material error (controllable)

Inherent risk Internal control risk Sampling risk Quality control risk

Account risk

Management integrity

Business risk

Failure to collect sufficient appropriate audit evidence

and/evaluate it properly

FIGURE 3.3 The Component of audit riskBrenda Porter, Jon Simon and David Hatherly, Principles of External Auditing, 2nd Ed, 2003, John Wiley & Sons Ltd

CAEA 2218 - LECTURE 3 Slide 2 -30

Engagement Risk Auditor’s exposure to financial loss and damage to professional

reputation. Client and 3rd party lawsuits Negative publicity

Audit Risk Model :Audit Risk = IR × CR × DR

Inherent risk and control risk are risks that material misstatements exist Detection risk is risk that auditor fail to detect misstatements which

include sampling risk, non-sampling risk, inappropriate audit procedures or misinterpreting audit results


Using the Audit Risk Model

AR = IR × CR × DR

Assess the client’s business risks.

Auditee risk

Assess the risk of materialmisstatement

due to error or fraud.


Using the Audit Risk Model Set a planned level of audit risk such that an opinion

can be issued on the financial statements.

Assess inherent risk and control risk.

Use the audit risk equation to solve for the appropriatelevel of detection risk:

AR = IR × CR × DR

DR = AR / (IR × CR)

Auditors will calculate measures of audit risk and use the identified level to design audit procedures that could will reduce audit risk to an acceptable level.


Limitations of the Audit Risk Model

The audit risk model is a planning tool, but it has some limitations that must be considered when the model is used to revise an audit plan or to evaluate audit results. The desired level of audit risk may not actually be achieved. It does not consider potential auditor error. There is not way of knowing what the preliminary level of risk actually

was.


The Auditor’s Risk Assessment Process- Auditors must obtain sufficient understanding of the entity to identify business

risks and comprehend the potential misstatements that may result- Business risks include any external or internal factors, pressures, and forces that

bear on the entity’s ability to survive and generate profitSTEPS Perform risk assessment to obtain understanding of the entity and its

environment, including internal control. Identify business risks that may result in material misstatements of the financial

statements. Evaluate the entity’s response to those business risks and obtain evidence of

their implementation. Assess the risk of material misstatement at the assertion level and determine the

audit procedures that are necessary based on that risk assessment.METHODS to achieve these would include inquiries of management and others,

analytical procedures, observation and inspection


Identifying Business Risks Examples of conditions or events that indicate the

existence of business risks: Significant changes in the entity (e.g., acquisitions

and reorganizations). Significant changes in the industry. Significant new products, services, or lines of

business. New locations. Significant changes in the IT environment. Operations in areas with unstable economies. High degree of complex regulation.

Examples of conditions or events that indicate the existence of business risks: Significant changes in the entity (e.g., acquisitions

and reorganizations). Significant changes in the industry. Significant new products, services, or lines of

business. New locations. Significant changes in the IT environment. Operations in areas with unstable economies. High degree of complex regulation.


Assessing the Risk of Material Misstatement Due to Error or Fraud

To assess the risk of material misstatement, the auditor:– Identifies risks by considering the entity and its environment,

including controls that relate to the risks; and by relating these risks to the classes of transactions and account balances in the financial statements.

– Relates the identified risks to what can go wrong at the assertion level.

– Considers whether the risks are of a magnitude that could result in a material misstatement.

– Considers the likelihood that the risks will result in a material misstatement.

To assess the risk of material misstatement, the auditor:– Identifies risks by considering the entity and its environment,

including controls that relate to the risks; and by relating these risks to the classes of transactions and account balances in the financial statements.

– Relates the identified risks to what can go wrong at the assertion level.

– Considers whether the risks are of a magnitude that could result in a material misstatement.

– Considers the likelihood that the risks will result in a material misstatement.


Types of misstatements include: A difference between the amount, classification, or

presentation of a reported financial statement element, account, or item and the amount, classification, or presentation that would have been reported under GAAP.

The omission of a financial statement element, account, or item.

A financial statement disclosure that is not presented in accordance with GAAP.

The omission of information required to be disclosed in accordance with GAAP.

Types of misstatements include: A difference between the amount, classification, or

presentation of a reported financial statement element, account, or item and the amount, classification, or presentation that would have been reported under GAAP.

The omission of a financial statement element, account, or item.

A financial statement disclosure that is not presented in accordance with GAAP.

The omission of information required to be disclosed in accordance with GAAP.



Errors are unintentional misstatements: Mistakes in gathering or processing financial data used to prepare

financial statements. Unreasonable accounting estimates arising from oversight or

misinterpretation of facts. Mistakes in the application of accounting principles relating to

amount, classification, manner of presentation, or disclosure.

Errors are unintentional misstatements: Mistakes in gathering or processing financial data used to prepare

financial statements. Unreasonable accounting estimates arising from oversight or

misinterpretation of facts. Mistakes in the application of accounting principles relating to

amount, classification, manner of presentation, or disclosure.



Fraud involves intentional misstatements. The fraud risk identification process includes: Sources of information about possible fraud

Communications among the audit team Inquires of management and others Fraud risk factors Analytical procedures Other information

Conditions indicative of fraud Incentives/pressures Opportunities Attitudes/rationalization

Auditor identifies risks of material misstatement due to fraud.

Fraud involves intentional misstatements. The fraud risk identification process includes: Sources of information about possible fraud

Communications among the audit team Inquires of management and others Fraud risk factors Analytical procedures Other information

Conditions indicative of fraud Incentives/pressures Opportunities Attitudes/rationalization

Auditor identifies risks of material misstatement due to fraud.



Three conditions usuallyexist when fraud occurs.

Incentive orpressure to

commit fraud

Incentive orpressure to

commit fraud

Opportunityto commit

fraud

Opportunityto commit

fraud

Attitude orrationalizationto justify fraud

Attitude orrationalizationto justify fraud



Fraud involvesintentional misstatements.

Fraudulentfinancial reporting

Fraudulentfinancial reporting

Misappropriationof assets

Misappropriationof assets



Fraudulent financial reporting includes acts such as the following: Manipulation, falsification, or alteration of accounting

records or supporting documents used to prepare financial statements.

Misrepresentation in, or intentional omission from, the financial statements of events, transactions, or significant information.

Intentional misapplication of accounting principles relating to amount, classification, manner of presentation, or disclosure.

Fraudulent financial reporting includes acts such as the following: Manipulation, falsification, or alteration of accounting

records or supporting documents used to prepare financial statements.

Misrepresentation in, or intentional omission from, the financial statements of events, transactions, or significant information.

Intentional misapplication of accounting principles relating to amount, classification, manner of presentation, or disclosure.



Financial stabilityor profitabilityis threatened

Financial stabilityor profitabilityis threatened

Excessive pressurefor management to

meet third partyexpectations


meet third partyexpectations

Management’s personalfinancial situation

is threatened

Management’s personalfinancial situation

is threatened


meet financialtargets


meet financialtargets

Fraudulent Financial ReportingRisk Factors Relating to Incentive/Pressure include:



Ineffectivemonitoring ofmanagement

Ineffectivemonitoring ofmanagement

Natureof the

industry

Natureof the

industry

Deficientinternalcontrol

Deficientinternalcontrol

Complexor unstable

organizationalstructure

Complexor unstable

organizationalstructure

Fraudulent Financial ReportingRisk Factors Relating to Opportunities include:



Risk Factors Relating to Attitudes/Rationalizations

Poor communicationchannels for reportinginappropriate behavior

Poor communicationchannels for reportinginappropriate behavior

Weak ethicalstandards forManagement

behavior

Weak ethicalstandards forManagement

behavior

Failure to correctknown reportable

conditions

Failure to correctknown reportable

conditions

Use ofinappropriate accounting

based on materiality

Use ofinappropriate accounting

based on materiality

Fraudulent Financial ReportingRisk Factors Relating to Attitudes/Rationalizations include:


Misappropriation of assets involves the theft of an entity’s assets to the extent that financial statements are misstated. Examples include:

Misappropriation of assets involves the theft of an entity’s assets to the extent that financial statements are misstated. Examples include:

Stealingassets

Embezzlingcash received

Paying forgoods and services

not received



Accessto assets

Inadequateseparationof duties

No mandatoryvacation policy

Personalfinancial

pressures

Adverseemployee management

relationships

Small, valuableinventory items

Sudden changes inemployee behavior

Lack ofinventory

control


Misappropriation of AssetsRisk Factors for Misappropriation of Assets include:

Employeedisregardof internal

controlCAEA 2218 - LECTURE 3 Slide 20 -30

Auditor’s Response tothe Risk Assessment

Financial statement level risks

Develop an overallresponse.

Determine what can go wrongat the account or assertion level.

Assess the riskof material misstatement

for the nonsignificant risks.

Assess the risk of material misstatement at the financial statement and assertion levels.

Respond to significantrisks.

Respond to thoserisks.

Do these

risks relatepervasively

to thefinancial

statements?

Is this asignificant

risk?

Assertion level risks

Yes

Yes


Evaluation of AuditTest Results

At the completion of the audit, the auditor should consider whether the accumulated results of audit procedures affect the assessments of the entity’s business risk and the risk of material misstatement. The total uncorrected misstatements that were detected should be aggregated to determine if they cause the financial statements to be materially misstated. If the auditor concludes that the total misstatements cause the financial statements to be materially misstated, the auditor should request management to eliminate the material misstatement. If the management does not do so, the auditor should issue a qualified or adverse opinion.

If the auditor determines that the misstatement is or may be the result of fraud, and either has determined that the effect could be material or has been unable to evaluate whether the effect is material, the auditor should:


Evaluation of AuditTest Results

Attempt to obtain audit evidence to determine whether, in fact, material fraud has occurred and, if so, its effect.

Consider the implications for other aspects of the audit. Discuss the matter and the approach to further investigation with an

appropriate level of management that is at least one level above those involved in committing the fraud and with senior management.

If appropriate, suggest that the client consult with legal counsel.

If the results of the audit tests indicate a significant risk of fraud, the auditor should consider withdrawing from the engagement and communicating the reasons for withdrawal to the audit committee or others with equivalent authority and responsibility.


Documentation of theAuditor’s Risk Assessment

The auditor should document:Discussions among engagement personnel. Procedures performed to identify and assess the risks of

material misstatement due to fraud. Risks of identified material misstatement due to fraud and a

description of the auditor’s response to the risks. Fraud risks or other conditions that result in additional audit

procedures. The nature of the communications about fraud made to

management, the audit committee, and others.

The auditor should document:Discussions among engagement personnel. Procedures performed to identify and assess the risks of

material misstatement due to fraud. Risks of identified material misstatement due to fraud and a

description of the auditor’s response to the risks. Fraud risks or other conditions that result in additional audit

procedures. The nature of the communications about fraud made to

management, the audit committee, and others.


Communications about Fraud

Whenever the auditor has found evidence that a fraud may exist, that matter should be brought to the attention of an appropriate level of management. Fraud involving senior management and fraud that causes a material misstatement of the financial statement should be reported directly to the audit committee of the board of directors.

The auditor should reach an understanding with the audit committee regarding the expected nature and extent of communications about misappropriations perpetrated by lower-level employees.


The disclosure of fraud to parties other than the client’s senior management and its audit committee ordinarily is not part of the auditor’s responsibility and ordinarily would be precluded by the auditor’s ethical and legal obligations of confidentiality. However, the auditor may have a duty to make disclosure to others outside the entity when the following conditions exist: To comply with certain legal and regulatory requirements To a successor auditor when the successor makes inquiries in

accordance with the standards [Communications between Predecessor and Successor Auditors]

In response to a subpoena To a funding agency or other specified agency in accordance with

requirements for the audits of entities that receive governmental financial assistance

Communications about Fraud


Materiality The magnitude of an omission or misstatement

of accounting information that makes it probablethat the judgment of a reasonable person relyingon the information would be changed orinfluenced by the omission or misstatement.

Materiality is not an absolute, its determinationrequires professional judgment.

The magnitude of an omission or misstatementof accounting information that makes it probablethat the judgment of a reasonable person relyingon the information would be changed orinfluenced by the omission or misstatement.

Materiality is not an absolute, its determinationrequires professional judgment.


Materiality The quantitative base for materiality is a percentage

(typically 3 to 5 percent) of: total assets; total revenues; income before taxes; income from continuing operations; gross profit; three-year average of income before taxes

The quantitative amounts may be adjusted lower for qualitativefactors such as:

first-year engagement; control weaknesses; management turnover; high market pressures; high fraud risk; higher than normal risk of bankruptcy

The quantitative base for materiality is a percentage (typically 3 to 5 percent) of:

total assets; total revenues; income before taxes; income from continuing operations; gross profit; three-year average of income before taxes

The quantitative amounts may be adjusted lower for qualitativefactors such as:

first-year engagement; control weaknesses; management turnover; high market pressures; high fraud risk; higher than normal risk of bankruptcy


Steps in Applying Materialityon an Audit

Step 1: Determine a material level for the overall financial statements

(planning materiality)

Step 1: Determine a material level for the overall financial statements

(planning materiality)

Step 2: Determine tolerable misstatement

(allocation of materiality at individual account/class of transactions level)

Step 2: Determine tolerable misstatement

(allocation of materiality at individual account/class of transactions level)

Step 3:Evaluate auditing findings(near the end of the audit)

Step 3:Evaluate auditing findings(near the end of the audit)


“say, ‘are those who know equal to those who do not know?’"

[The Quran, Chapter 39(Az-Zumar ), Verse 9]

“only those who have knowledge among His slaves fear Him"

[The Quran, Chapter 35(Faatir), Verse 28]

"What I fear most for you is a hypocrite with a knowledgeable tongue.“Umar bin Al-Khattab, 2nd Caliph



CAEA 2218 - LECTURE 4 Slide 1 - 24

LECTURE 4

Audit Evidence and Procedures

Relationship of Audit Evidence to the Audit Report


Management assertionsabout components offinancial statements

Financialstatements

Auditprocedures

Auditreport

Evidence on thefairness of the

financial statements

Management Assertions


1. Existence or occurrence2. Completeness3. Valuation or allocation4. Rights and obligations5. Presentation and disclosure

Transactions related audit objectives


• Existence – recorded transactions exists• Completeness –existing transactions are recorded• Accuracy –recorded transactions are stated at

correct amounts• Classification –transactions are properly classified• Timing –transactions are recorded on the correct

date• Posting and summarization –transactions are

included in the master files and are correctly summarized

Management assertions -Transactions related audit objectives


1- Existence or occurence – Existence2- Completeness – Completeness3- Valuation or allocation –Accuracy;

Classification; Timing; Posting and Summarization

4- Rights and Obligations – na5- Presentation and disclosure – na

Balance – related audit objectives


1- Existence – amount included exists2- Completeness – existing amounts are included3- Accuracy – amounts included are stated at the correct

amounts4- Classification –amounts are properly classified5- Cutoff –transactions are recorded in the proper period6- Detail tie in –account balances agree with master file

amounts, and with general ledger7- Realizable value –assets are included at estimated

realizable value8- Rights and obligations –assets must be owned9- Presentation and disclosure –account balances and

disclosures are presented in financial statements

Management assertions – Balance related audit objectives


1- Existence or occurence – Existence2- Completeness – Completeness3- Valuation or allocation –Accuracy;

Classification; Cut-off; Detail tie-in; Realizable value

4- Rights and Obligations – Rights and obligations5- Presentation and disclosure – Presentation and

disclosure

How audit objectives are met?


• Auditor must obtain sufficient competent audit evidence to support all management assertions in the financial statements

• Audit process –a methodology for organizing audit

• Audit procedures –specific acts performed by the auditor to gather evidence to determine if specific assertions are being met :

Risk assessment procedures Test of controls Substantive procedures

Audit Procedures


A set of audit procedures prepared to testassertions for a component of the financial statements is referred to as an audit program.

Example:

Management Assertions Audit ProceduresExistence Confirm receivables.Rights and Obligations Ask if receivables have been sold.Completeness Agree controlling account with total of subsidiary accounts.

Examine sales invoices immediately before and after year-endfor proper cutoff.

Valuation or allocation Trace accounts from aged trial balance to subsidiary accounts.Test the adequacy of the allowance account.

Presentation and disclosure Look for amounts due from related parties.Evaluate receivables for footnote disclosure.

Audit Program for Accounts ReceivableManagement Assertions Audit ProceduresExistence Confirm receivables.Rights and Obligations Ask if receivables have been sold.Completeness Agree controlling account with total of subsidiary accounts.

Examine sales invoices immediately before and after year-endfor proper cutoff.

Valuation or allocation Trace accounts from aged trial balance to subsidiary accounts.Test the adequacy of the allowance account.

Presentation and disclosure Look for amounts due from related parties.Evaluate receivables for footnote disclosure.

Audit Program for Accounts Receivable

Audit Evidence

CAEA 2218 -LECTURE 4 Slide 10 - 24

“Auditors should obtain sufficient appropriate audit evidence to be able to draw reasonable conclusion on which to base the audit opinion.” SAS 400.1

“the facts presented to the mind of a person for the purpose of enabling him to decide a disputed question.”

Mautz (1958)

“the information the auditors obtain in arriving at the conclusions in which their report is based- comprises of source documents and accounting records underlying the financial statement assertions and corroborative information from other sources” APB Glossary of Terms

Audit Evidence


All the information used by the auditor in arriving at the conclusions on which the audit opinion is based.

Nature of audit evidence records of initial entries and supporting records; general and subsidiary ledgers; adjustments to financial statements; invoices; worksheets; contracts; spreadsheets supporting cost allocations; other computations, reconciliations and disclosures

Audit Evidence


Usually is pervasive rather than conclusive, to be sought from different sources or of different nature to support same assertions

Comprises information and impressions accumulated during course of the audit which, taken together, allow the auditor to form an opinion

Audit evidence is influenced by:• Assessment of risk at F/S level and individual account• Nature of accounting and internal control systems• Materiality of the item• Timeliness of information provision• Relevance• Auditors’ knowledge and experience of the business• Findings from audit procedures• Source and reliability of the information (independent? third party

expert? Qualifications of provider?

Audit Evidence


Sufficiency is a measure of the quantity of audit evidence: Greater risk of misstatement requires higher quantity

of audit evidence Higher quality of audit evidence results in a lower

quantity of audit evidence

Appropriateness is a measure of the quality of audit evidence – relevance & reliability: Independence source of the evidence Effectiveness of internal control Auditors direct personal knowledge Documentary evidence Original documents

Audit Evidence


Evaluation of audit evidence requires and understanding of the types and relative reliability of available evidence

Auditor should be thorough in searching for evidence and not biased in its evaluation

Procedures in obtaining evidence includes: Inspection of records and documents Calculate and Recalculation Reconciliations Vouch; Read; Trace Examining Inquiry Scanning Confirm; Compare (analytical data) Observation Inspection of tangible assets – physical evidence Analytical procedures Re-perform (of procedures)

Audit Evidence


Reliability of evidenceHigh - inspection of tangible assets; re-performing;

recalculation; inspection of records and documentsMedium - scanning; confirmation; analytical proceduresLow – observation; inquiry

Mautz and Sharaf (1961) classified evidence into 3 classes: (i) natural evidence; (ii) created evidence; (iii) rational argumentation

Auditors have to consider the ‘relationship between the cost of obtaining audit evidence and the usefulness of the information obtained’ – because resources at the disposal of auditors are limited, not least because audits have to be competitively tendered for and audit firm is profit-seeking

Combining Evidence


Go beyond simple analysis tothe implications of what found

Analytical tasksUnderstanding the knowledge

of how things hang together

Speculate or infer what theSpeculate or infer what thedifferences and similarities

mean

Look for relationships of causeand effect among variables

How things within a topic relate to each other

Look for similarities, differenceand the implications

Audit Procedures forObtaining Audit Evidence


LedgerSource

Documents

Vouching(Occurrence)

Tracing(Completeness)

Inspectionof records and

documents

Evidence obtained fromexternal documents is more

reliable than evidence obtainedfrom internal documents.




documents

In conducting inquiry, the auditor should:• Consider the knowledge, objectivity,experience, responsibility, andqualifications of the person to bequestioned.

• Ask clear, concise, and relevantquestions.

• Use open or closed questionsappropriately.

• Listen actively and effectively.• Consider the reactions and responses,then ask follow-up questions.

• Evaluate the response.

Inquiry




documents

Inquiry

Confirmation

Information FrequentlyConfirmed by Auditors Source of ConfirmationCash balance BankAccounts receivable Individual customersInventory on consignment ConsigneeAccounts payable Individual vendorsBonds payable Bondholders/trusteeCommon stock outstanding Registrar/transfer agentInsurance coverage Insurance companyCollateral for loans Creditors



Recalculation - Determining the mathematical accuracy of documents or records.

Re-perform - The auditor’s independent execution of procedures or controls that were originally performed as part of the internal control system.

Observation - The process of watching a process or procedure being performed by others.

Inspection of Intangible Assets - Physical examination of a tangible asset.

Scanning - Review of accounting data to identify significant or unusual items.

Analytical Procedures - Evaluations of financial information made by a study of plausible relationships among both financial and non-financial data.

Audit Documentation


The auditor’s principal record of theaudit procedures performed, evidence

obtained,and conclusions reached.

Audit documentation (working papers) have two functions: To provide support for the audit report. To aid in the conduct and supervision of the audit.

Audit Documentation


Audit documentation should: Demonstrate how the audit complied with auditing and related

professional practice standards; Show that the underlying accounting records agreed with financial

statements; Include a written audit program detailing auditing procedures

necessary to accomplish audit objectives Enable knowledgeable and experienced reviewer to:

• understand the nature, timing, extent and results of audit procedures, evidence obtained and conclusions reached

• Determine who performed and reviewed the work, as well as dates of the work and reviews

Audit Documentation


Audit documentation is normally maintained in two files:• Permanent files - Corporate charter; Important contracts; Chart

of accounts; Internal control documentation; Organization chart; Terms of stock and bond issues; Accounting manual; Prior years’ analytical procedures

• Current files - Audit plan; audit report; Adjusting journal entries; Audit programs; Reclassification journal entries; Working trial balance; Current financial statements; Minutes of meetings; Working papers supporting accounts

Format:• Heading – client name, title of the working paper, client’s

year end date• Indexing and cross-referencing – notations that provide a

trail from financial statements to audit documents• Tick marks – notations made next to work paper items

indicating auditor/reviewer actions

Audit Documentation


Audit documentation should be organized so that audit team members and others can find evidence supporting financial statement accounts

All audit documentation is the property of the auditor including documents prepared by clients at auditor’s request

Regulations requires audit documentation to be retained for seven years from the completion date of the engagement

CAEA 2218 -LECTURE 4 Slide 25 - 24

Jangan berpuasa tanpa agama.

Jangan beragama tanpa Tuhan.

“Wahai orang-orang yang beriman, puasa diwajibkan ke atas kamusebagaimana ia telah diwajibkan ke atas umat sebelummu, agar

(dengan puasa itu) kamu menjadi insan yang bertaqwa”[Al-Baqarah : 185]


CAEA 2218 - LECTURE 5 Slide 1

LECTURE 5

Audit Planning and Tests

Making an important distinction


‘Audit objectives’ is the object of the auditor’s investigation – it is what the auditor is trying to find out and the purpose for which the audit procedures are performed

‘Audit procedures’ are methods used to gather audit evidence; ‘audit tests’ and ‘audit techniques’ are often used interchangeably with audit procedures

Hierarchy of audit objectives


Overall audit objectivesDo the financial statements give a true and fair view of the entity’s financial position and performance

General audit objectives

Are contingent liabilities disclosed

Are sales fairly stated

Are internal controls

complied with?

Do the financial statements comply

with applicable accounting standards

Specific audit objectives

Are sales transactions authorized?

Are recorded sales

transactions valid?

Are recorded sales

transactions complete?

Are sales transactions

recorded in the correct period

Are sales transactions

correctly classified?

Are recorded sales amount

correct?

Brenda Porter, Jon Simon and David Hatherly, Principles of External Auditing2nd Edition, 2003, John Wiley and Sons Ltd

Audit Steps

CAEA 2218 -LECTURE 5 Slide 4

2-Letter of engagement sent to client

1-Appointment of auditors at AGM

3-Gain understanding of the clients – Activities and circumstances

4-Overall analytical review

7-Test transactions and account balances

8-Completion and review

5-Gain understanding of the clients accounting systems and evaluate

internal control

6-Test internal control strength through compliance testing

9-Reporting for: (i)Shareholders and external parties;

(ii) Those charged with governance of the entity

10-Re-appointment at company’s AGM

How Audit Phases relate to Planning


Establish an understandingwith the client

Client acceptance orcontinuance

Preliminary engagements activities

Plan the auditAssess risks and establish

materiality

Accepting / Continuing a client


Accepting a client:1. Obtain and review financial information;2. Inquire of third parties;3. Communicate with the predecessor auditor;4. Consider unusual business or audit risks;5. Determine if the firm is independent;6. Determine if the firm has the necessary skills and

knowledge;7. Determine if acceptance violates any applicable regulatory

agency requirements or the Code of Professional Conduct.

Continuing a client:o Evaluate client retention periodically - near audit completion

or after a significant evento Consider conflict over accounting/auditing issues and

dispute over fees if there are

Establish Terms of the Engagement


The terms of the engagement, which are documented in the engagement letter, should include the objectives of the engagement, management’s responsibilities, the auditor’s responsibilities, and the limitations of the engagement.

In establishing the terms of the engagement, three topics must be discussed:

1. The engagement letter;2. The internal auditors;3. The audit committee.

The engagement letter formalizes the agreement reached between the auditor and client, engagement letter may also include:

1. Arrangement for use of specialists or internal auditor;2. Any limitations of ability of the auditor or client;3. Additional services to be provided and arrangements for these services.

Internal Auditors


The Audit Committee


Is a sub-committee to board of directors No specific requirements for privately held companies Section 301 of Sarbanes-Oxley Act requires the following

for audit committee members of publicly held companies:o Member of board of directors and independent.o Directly responsible for overseeing work of any o registered public accounting firm employed by the o company.o Must pre-approve all audit and non-audit services provided by its auditors.o Must establish procedures to follow for complaints.o Must have authority to engage independent counsel.

Preliminary Engagement Activities


Determine requirements of the audit engagement teams;

Assess compliance with ethical requirements, including independence

Assess risks and establish materiality: o Involve use of audit modelso Restricts risk at account balance levelo Achieve acceptable level of audit risk

Planning the Audit


“Auditor should plan the audit work so as to perform the audit in an effective manner” (SAS 200)

Ensure that ‘appropriate’ attention is devoted to the different areas of auditing Ensure that potential problems are identified Assists in the proper assignment of work to members of the audit team Coordination of audit work Ensures that audit performed in efficient and timely manner Details the audit strategy for conducting the audit Helps the auditor determine what resources needed to perform the audit work When preparing the audit plan, the auditor should be guided by the results of

the risk assessment procedures performed to gain an understanding of the entity.

Additional steps:• Assess the need for specialist.• Assess the possibility of illegal acts.• Identify related parties.• Conduct preliminary analytical procedures.• Consider additional value-added services.• Document Audit Strategy and Plan and Prepare Audit Programs

Specialists


A major consideration is planning the audit is the need for specialist (AU 336).

The use of an IT specialist is a significant aspect of most audit engagements.

The presence of complex information technology may require the use of an IT specialist.

Illegal Acts


Direct and material : Consider laws & regulations as part of audit

Material & Indirect : Be aware of its possibility of occurrence and investigate if brought to attention

Related Parties


Examples from FASB No. 57: “Related Party Disclosure” : i- Affiliates of the enterprise; ii- Entities using equity method to

account for investments; iii- Trusts for benefit of employees; iv-Principal owners of enterprise; v- Management; vi- Immediate families of the principal owners & management; vii- Other parties that can have significant influence.

How to Identify Related Partieso Review board minutes.o Review conflict-of-interest

statements.o Review transactions with major

customers, suppliers, borrowers, and lenders.

o Review large, unusual, or nonrecurring transactions especially at year end.

o Review loan agreements for guarantees.

Diagram of Planning Process


General strategy

Control risk

Consider testing strategy

Consider types of tests

Prepare audit programs

Risk assessment Inherent risk

Preliminary Analytical Procedures


To understand the client’s business and transactions To identify financial statement accounts likely to contain

errors By understanding the client’s business and identifying

where errors are likely to occur, the auditor can allocate more resources to investigate necessary accounts.

Additional Value-Added Services


Auditors who audit public companies are limited in the types of consulting services that they can offer their audit clients.

– Tax Planning– System design and integration– Internal reporting– Risk assessment– Benchmarking– Electronic commerce

Document Audit Strategy and Plan


These involves documenting the decisions about audit tests: – Nature– Timing– Extent

The auditor documents how the client is managing its risk (via internal control processes) and the effects of the risks and controls on the planned audit procedures.

Auditors ensure they have addressed the risks they identified by documenting the linkage from the client’s business, objectives, and strategy to the audit plan.

The auditor’s preliminary decision concerning control risk determines the level of control testing, which in turn affects the auditor’s substantive tests of the account balances and transactions.

Document Audit Strategy


Types of Audit Tests


Risk assessment procedures: – used to obtain an understanding of the entity and its environment,

including internal controls.

Test of controls: – directed toward the evaluation of the effectiveness of the design and

implementation of internal controls;– Involves inquiry, inspection, observation, walk through,

reperformance

Substantive procedures: – detect material misstatements in a transaction class, account

balance, and disclosure component of the financial statements;– Includes

(i) test of details- tests for errors or fraud in individual transactions(ii) analytical procedure- obtains evidential matter about particular

assertions related to account balances or classes of transactions

Tests of Controls


Analytical Procedures


Stages of analytical procedures: 1. Preliminary analytical procedures - to assist the auditor to better

understand the business and to plan the nature, timing, and extent of audit procedures.

2. Substantive analytical procedures - to obtain evidential matter about particular assertions related to account balances or classes of transactions.

3. Final analytical procedures - used as an overall review of the financial information in the final review stage of the audit.

Types of analytical procedures– Trend analysis– Ratio analysis:

Short term liquidity ratio- current ratio, quick ratio, ratios of operating cash flow Activity ratio- receivables (AR) turnover, days outstanding in AR, inventory turnover,

days of inventory on hand Profitability ratio- percentage of gross profit, profit margin, return on assets, return on

equity Coverage ratio- debt to equity, times interest earned

– Reasonableness analysis

Substantive Analytical Procedures Decision Process


Substantive Analytical Procedures Decision Process


Develop an expectation is the first step in the decision process for the amount or account balance. This is the most important step in performing analytical procedures. Auditing standards require the auditor to have an expectation whenever analytical procedures are used. An expectation can be developed using a variety of information sources such as financial and operating data, budgets and forecasts, industry publications, competitor information, management’s analyses, analyst’s reports.

Tolerable difference’s size depends on the significance of the account, the desired degree of reliance on the substantive analytical procedures, the level of disaggregation in the amount being tested, and the precision of the expectation.

Compare the expectation to the recorded amount and investigate any differences greater than the tolerable difference

Preliminary analytical procedures differences – not requires corroborating evidence

Final analytical procedures differences – requires corroborating evidence

Audit Testing Hierarchy


Filling the Assurance Bucket


Example of Filling the Assurance Buckets for Each Assertion (Accounts Payable)


4-29

End of lecture 5

Translation of Sahih Bukhari:

Volume 1, Book 3, Number 73:Narrated 'Abdullah bin Mas'ud:The Prophet said, "Do not wish to be like anyone except in two cases. (The first is) A person, whom Allah has given wealth and he spends it righteously; (the second is) the one whom Allah has given wisdom (the Holy Qur'an) and he acts according to it and teaches it to others." (Fateh-al-Bari page 177 Vol. 1)

Volume 1, Book 3, Number 85:Narrated Abu Huraira:The Prophet said, "(Religious) knowledge will be taken away (by the death of religious scholars) ignorance (in religion) and afflictions will appear; and Harj will increase." It was asked, "What is Harj, O Allah's Apostle?" He replied by beckoning with his hand indicating "killing." (Fateh-al-Bari Page 192, Vol. 1)



LECTURE 6

Internal Control Review and Assessment of Control Risk

Internal Control


Internal controls is a company's policy for conducting business in a consistent manner, protecting sensitive information relating to customers and business operations and limiting the ability of employees and managers to conduct fraud or embezzlement.

Public companies are held to a higher scrutiny regarding their internal controls since the passage of the Sarbanes-Oxley Act of 2002. This legislation was passed after the major accounting frauds found in Enron and WorldCom, two of the largest corporate bankruptcies in the history of U.S. business. Internal controls should be designed to limit the amount of internal business risk, although that is not always the case.

A major risk with internal controls is who sets up the controls and reviews how the controls work in the daily operations of business operations. Companies that use internal managers or accountants to set up their internal controls process may not take an objective look at the company prior to designing the internal controls. This results in poor internal controls because internal employees may not believe their company has that many problems; this mindset leads to few or highly ineffective internal controls.

When reviewing company processes and designing internal controls, management should consult an outside public accounting firm about designing and implementing internal controls. An outside look into company operations will usually find more areas needing internal controls, creating a stronger internal control system.

Internal Control


Once internal controls are in place, management must be responsible for reviewing the information produced by these controls to ensure the company is operating according to its internal guidelines.

Managers may not be willing to take on the extra paperwork, leaving internal control reviews at a standstill when assessing their effectiveness. Companies normally use several managers and supervisors to review the internal control process, spreading the workload around the company.

Using multiple levels of company management can also strengthen the review process, allowing several individuals to provide input for eliminating internal control risk.

Internal controls may limit a company's ability to take on new operations or expand existing operations if the controls create too many barriers for reviewing new information. Companies may set up a system that only reviews business operations as they currently exist, not planning for a possible expansion or for growth. Inflexible internal controls will require managers to completely rework the internal controls systems for new operations, creating higher operating costs and increasing the time spent on business expansion.

Once internal controls are in place and management reviews the internal controls for effectiveness, they should also review the flexibility of internal controls for gathering and reviewing new information.

Internal Control


Internal control plays an important role in how management meets its stewardship or agency responsibilities.

Management has the responsibility to maintain controls that provides reasonable assurance that adequate control exists over the entity’s assets and records.

Proper internal control not only ensures that assets and records are safeguarded but also creates an environment in which efficiency and effectiveness are encouraged and monitored. Management also needs a control system that generates reliable information for decision making.

The auditor needs assurance about the reliability of the data generated by the information system in terms of how it affects the fairness of the financial statements and how well the assets and records of the entity are safeguarded.

The auditor uses risk assessment procedures to obtain an understanding of the entity’s internal control and uses this understanding to identify the types of potential misstatements, ascertain factors that affect the risk of material misstatement, and design tests of controls and substantive procedures.

Internal Control


The auditor’s understanding of the internal control is a major factor in determining the overall audit strategy. The auditor’s responsibilities for internal control are discussed under two major topics: (1) obtaining an understanding of internal control and (2) assessing control risk.

Objectives of internal control:1. Reliability of financial reporting2. Efficiency and effectiveness of operations3. Compliance with laws and regulations

Internal controls pertaining to the preparation of financial statements for external purposes are relevant to an audit.

Controls relating to operations and compliance objectives may be relevant when they relate to data the auditor uses to apply auditing procedures.

The auditor should obtain an understanding of each of the five components of internal control in order to plan the audit. This knowledge is used to:

1. Identify types of potential misstatements2. Design tests of controls and substantive procedures3. Pinpoint the factors that affect the risk of material misstatement

Other Auditors’ responsibility


Pursuant to paragraph 15.24 of the KLSE Listing Requirements, auditors are required to review the Directors’ Statement on Internal Control with regard to the state of internal control of the listed issuer and report the results thereof to the Board of Directors of the listed issuer (MIA Recommended Practice Guide 5)

Objective of the review by auditors is to assess whether the Statement on Internal Control appropriately reflects processes the Directors (or its committees) have adopted in reviewing the sufficiency and integrity of the internal control system. Auditors will usually perform procedures to obtain appropriate evidence for this review.

The auditors are not expected to actively search for misstatements or inconsistencies; however if found/aware –discussion with Directors is necessary to seek to establish the significance of the lack of proper disclosure –auditors should consider implications on their reporting responsibilities and may need to take legal advice should the Directors cannot be persuaded to amend the disclosure to auditors’ satisfaction.

http://www.mia.org.my/handbook/guide/Default.htm

Components of Internal Control


Internal Control Environment


Factors Affecting the control environment:1. Communication and enforcement of integrity and ethical values2. A commitment to competence3. Participation of those charged with governance (board of directors or

audit committee)4. Management philosophy and operating style5. Organizational structure6. Assignment of authority and responsibility7. Human resources policy and practices

Planning an Audit Strategy


Audit Risk ModelAR = IR × CR × DR

Assertions and control activities


Occurrence –transactions and events that have been recorded have ocured and pertain to the entity

Completeness –all transactions and events that should have been recorded, have been recorded

Authorization –all transactions and events are properly classified

Accuracy –amounts and other data relating to recorded transactions and events have been recorded appropriately

Cutoff –transactions and events have been recorded in the correct accounting period

Classification –transactions and events have been recorded in the proper accounts

Assertions and control activities


Control Risk


After obtaining an understanding of internal control, an auditor may choose to follow a

(i) substantive strategy and set control risk at the maximum for some or all assertions because of one or all of the following factors: Controls do not pertain to an assertion Controls are assessed as ineffective Testing the effectiveness of controls is inefficient

(ii) reliance strategy if the auditors assess control risk below maximum and decided to rely on the internal control

The risk assessment process should consider external and internal events and circumstances that may arise and adversely affect the entity’s ability to initiate, record, process and report financial data consistent with the assertions of management in the financial statements.

Client business risk can arise or change due to the following circumstances: changes in the operating environment; changing personnel; rapid growth;

new or revamped information systems; new business models, products, or activities; new accounting pronouncements; new technology; expanded international growth; corporate restructuring

Audit Risk ModelAR = IR × CR × DR

Control Risk


Auditors should consider client accounting system when assessing control procedures/risk - an effective accounting system gives appropriate consideration to establishing methods and records that will :

1. Identify and record all valid transactions.

2. Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting.

3. Measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements.

4. Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period.

5. Properly present the transactions and related disclosures in the financial statements.

Control Risk


Control activities are the policies and procedures that help ensure that management’s directives are carried out. Those control procedures that are relevant to the audit include

1. Performance reviews2. Information processing3. Segregation of duties4. Physical controls

Monitoring of controls is a process that assesses the quality of internal control performance over time. Internal Auditors – internal auditors evaluates internal control to ensure

effective functionality of the organization. An effective internal audit function has clear lines of authority and reporting, qualified personnel, and adequate resources to enable these personnel to carry out their assigned duties.

While the basic concepts of the five components should be present in all entities, they are likely to be less formal in a small or midsize entity than in a large entity.

There are limitations to internal control, due to various factors, such as: management override of internal control; human error or mistakes; collusion

Factors contributing to fraud


Assessing Control Risk


Assessment of control risk involve a few steps: Identify specific controls that will be relied upon Perform tests controls Conclude on the achieved level of control risk

How to document the understanding of internal control?1. Procedure manuals and organizational charts2. Structured working paper3. Internal control questionnaires/memorandum4. Narrative description5. Flowcharts

Documenting the Assessed Level of Control Risk


Substantive procedures


Timing of Audit Procedures


Audit procedures are performed at interim as well as at year end, example:

Auditing Accounting Applications Processed by Service Organizations


An audit client may have some or all of its accounting transactions processed by an outside service organization;

Auditor will have to review the service provided as it involves accounting ;

Auditor may issue report (s) on the service organization’s operations: Describes the service organization’s controls and assesses whether they

are suitably designed to achieve specified internal control objectives. Goes further by testing whether the controls provide reasonable

assurance that the related control objectives were achieved during the period.

An auditor may reduce control risk below the maximum only on the basis of a service auditor’s report that includes tests of the controls.

Communication of Internal Control-Related Matters


Reportable conditions Significant deficiencies in the design or operation of internal control

that could adversely affect the organization’s ability to initiate, record, process, and report financial data consistent with management’s assertions.

Material weakness A material weakness is a significant deficiency, or combination of

significant deficiency that results in more than a remote likelihood that a material misstatement of the financial statements will not be prevented or detected.

Reportable conditions


The Effect of Information Technology on Internal Control


Types of Controls in an IT Environment


General control –data center & network operations; system software acquisition; change and maintenance; access security; application system acquisition, development, and maintenance

Application controls –data capture controls; data validation controls; processing controls; output controls; error controls

Types of Controls in an IT Environment


Flowcharting symbols


End of lecture 6


“Mankind’s Reckoning has drawn very close to them, yet they heedlessly turn away.”

(Al-Anbiyaa’ 21:1)

“Say: “Death, from which you are fleeing, will certainly catch up with you. Then you will be

returned to the Knower of the Unseen and the Visible and He will inform you about what you did.””

(Al-Jumu`ah 62:8)

Wherever you are, death will catch up with you, even if you are in impregnable fortresses.

(An-Nisaa’ 4:78)



LECTURE 7

Auditing the Revenue Cycle

Revenue Recognition


Revenue is an inflows/enhancements of assets of an entity or settlementsof its liabilities (or a combination of both) from delivery or producing goods,rendering services, or other activities that constitute the entity’s major orcentral operations.

Three types of transactions are typically processed through the revenuecycle:

1. Sale of goods or rendering of a service for cash or credit;2. Receipt of cash from the customer in payment for goods or services;3. Return of goods by the customer for credit or cash.

Numerous accounts are affected – significant ones are:– Sales transactions: trade receivables; sales; allowance for

uncollectible; bad-debt expense– Cash receipts transactions: cash; trade receivables; cash discounts– Sales return and allowance transactions: sales returns; sales

allowances; trade receivables

Overview of the Revenue Process


Purchases

Inventory

Credit sales

Accountreceivable

Cashcollection

Purchases

Inventory

Cashsales

Cash Sale Credit Sale

Revenue Process – EarthWear Clothiers


Order Entry DepartmentBy mailor fax

Customersales order

Input

ErrorCorrection

By phoneor internet

A

AIf a new customer, a credit check is run by the Credit Department. Otherwise, credit is checked by IT

To the IT Department



Inventory

Open orders

Shippingprogram

ErrorReport

Batchednightly

To shippingdepartment

From order entrydepartment

Data validationprogram

CustomerPrice

InventoryOpen orders

To order entrydepartment

IT Department



From shipping department

Approved shipping ticket

Ship goods

To customer with goods

Shipping Department

A

The shipping ticket forwarded tothe customer contains quantityand price of each item purchased.

Approved shipping ticket

Input to the billing program



IT Department

A

Open orders

InventoryShipping

transactions

A weekly open order report is preparedand reviewed by billing department.Outstanding orders are investigated.

Billing program

Sales Invoice

Customer

Accounts receivable update

For receivablesprocessing

B



Accounts receivable update

IT Department

Shippingtransactions Sales

Remittance transactions

Accounts receivable

B

Daily shipping listing

Daily sales report

Daily remittance report

To sales department C

To cash receiptsdepartment

Accounts receivable reporting

Weekly orMonthly

D



Remittance transactions

Accounts receivable

Shipping transactions General ledger

Accounts receivable reporting

Customer statements

Weekly orMonthly

Reports•Sales journal•Cash receipts journal•Aged trial balance•Sales summary•Remittance summary•Journal entry summary

D

Customer

IT Department



Cash Receipts Department IT Department

From bank

Remittance advice

transactionsAccounts receivable

Remittance advice

transactions

Cash remittance

update

From bank

Remittance advice listing

Reconciled by cash receipts clerks

Daily remittance report

C

Error correction

Error report

B

Documents and Records


Customer sales order – contains the details of the type and quantity of products or servicesordered by customer(s)

Credit approval form – for credit sales, the client must have a formal procedure forinvestigating the creditworthiness of the customer

Open order report – a report of all customer orders for which processing has not completedyet

Shipping document – a document serves as bill of lading and contains information on thetype of product shipped, quantity and other relevant information

Sales invoices – used to bill the customer, contains information on the type of product orservice, quantity, price and terms of trade

Sales journal – once sales invoice has been issued, the sales need to be recorded in theaccounting records which is the sales journal to begin with

Customer statement – is mailed to the customer and contains details of all sales, cashreceipt, and credit memorandum transactions

Accounts receivable subsidiary ledger – contains an account and the details oftransactions for each customer

Aged trial balance of accounts receivable –summarizes all customer balances in the ARsubsidiary ledger, will be classified as current of placed into one of several past duecategories

Remittance advice –usually the portion of customer’s bill that should be return with payment Cash receipts journal – to record the cash receipts of the entity Credit memorandum –to record credits for the return of goods by a customer Write off authorization –authorizes the write off of an uncollectible account receivable- final

authorization is generally received from the treasurer Order entry –initial function in the revenue process when new sales order is received

Major Functions


Credit authorization– appropriate approval of customer orders for creditworthiness,this process determines that the customer is able to pay for the goods or servicespurchased – failure in authorization could lead to extensive bad debts for the entity

Shipping – shipping of goods that has been authorized, goods should not beshipped, nor should services be provided without proper authorization –the maincontrol is payment or proper credit authorization

Billing –issuance of sales invoices to customers and processing of adjustments forallowances, discounts and returns, a proper billing system ensures that all goodsshipped/ services rendered are billed to customers

Cash receipts –processing of the receipts of cash from customers, all cash receiptsmust be properly identified and promptly deposited intact at the bank

Accounts receivable –recording of all sales invoices, collections and creditmemoranda in individual customer accounts -all billings, adjustments, and cashcollections must be properly recorded in the customers’ accounts receivable records

General ledger –proper accumulation, classification, and summarization ofrevenues, collections, and receivables in the financial statement accounts - asrelated to the revenue process, the general ledger function must ensure that allrevenues, collections, and receivables are properly recorded and classified

Order entry– acceptance of customer orders for goods and services into the systemin accordance with management criteria

Key Segregation of Duties


Revenue and Accounts ReceivableOrder Entry Credit Shipping

Accounts Receivable

Cash Receipts IT

Receiving and preparing customer order XApproving credit XShipping goods to customer XPreparing customer invoice X XUpdating accounts receivable records for sales X XReceiving customer's remittance XUpdating accounts receivable for remittance X XPreparing accounts receivable aged trial balance X X

Department

Information Systems and Communication

Auditor’sknowledge

Process by which sales, cash receipts, and credit

memoranda are initiated.

Accounting records, supporting documents, and accounts that

are involved in sales, cash receipts, and sales returns.

The flow of each transaction from initiation to inclusion in

the financial statements.

The process used to prepare estimates for bad debts and

sales returns.

Risk Assessment


Risk assessment process –the auditor must understand how management considers risksthat are relevant to the revenue process. The auditor should estimate the significance of therisk and assess the likelihood of occurrence.

Inherent risk prevalent to the revenue cycle:1. Industry related factors2. Complexity and contentiousness of revenue recognition issues3. Difficulty of auditing transactions and account balances4. Misstatements detected in prior audits

Control Environment –understanding of control environment is generally completed on anoverall entity basis; The auditor must understand how management assesses the designand operation of controls in the revenue process. This understanding should include howsupervisory personnel review the personnel who perform the controls and evaluate theperformance of the entity’s IT function.

Understanding & documenting internal control –the auditor identifies what controlsensure that the assertions for transactions and events are being met, documentation of theauditor’s understanding can be accomplished by using (i) procedures manual; (ii) narrativedescriptions; (iii) internal control q’aires; (iv) flowcharts

Control risk assessment:1. Understanding and documenting the revenue process based on a reliance approach;2. Planning and performing tests of controls on revenue transactions;3. Setting and documenting the control risk for the revenue process

Planning and Performing Tests of Controls


The auditor systematically examines the client’s revenue process to identifyrelevant controls that help to prevent, or detect and correct materialmisstatements.

In order to properly set control risk, the auditor must test controls over therevenue process, example of the tests:

Inquiry of client personnel Inspection of documents and records Observations of the operation of the control Walkthrough Reperformance of the control procedures

If the results of the tests of controls support the planned level of control risk,the auditor conducts the planned level of substantive procedures for theaccount balances.

The level of control risk for the revenue process can be set using eitherquantitative amounts or qualitative terms such as ‘low’, ‘medium’, or ‘high’

Revenue Transactions


OccurrenceAll revenue and cash receipt transactions and events that have been recorded have occurred and pertain to the entity.

Completeness All revenue and cash receipt transactions and events that should have been recorded have been recorded.

Authorization All revenue and cash receipts transactions and events are properly authorized.

AccuracyAmounts and other data relating to recorded revenue and cash receipt transactions and events have been recorded appropriately.

Cutoff All revenue and cash receipt transactions and events have been recorded in the correct accounting period.

Classification All revenue and cash receipt transactions and events have been recorded in the proper accounts.

OccurrenceAll revenue and cash receipt transactions and events that have been recorded have occurred and pertain to the entity.

Completeness All revenue and cash receipt transactions and events that should have been recorded have been recorded.

Authorization All revenue and cash receipts transactions and events are properly authorized.

AccuracyAmounts and other data relating to recorded revenue and cash receipt transactions and events have been recorded appropriately.

Cutoff All revenue and cash receipt transactions and events have been recorded in the correct accounting period.

Classification All revenue and cash receipt transactions and events have been recorded in the proper accounts.

Assertions about Classes of Transactions and Events for the Period under Audit

Control procedures and test of controls – next pages

Revenue Transactions


Occurrence of revenues – the auditor is concerned about two major types of materialmisstatements (i) sales to fictitious customer, (ii) recording revenue when goods have not beenshipped or services have not been performed. The auditor needs assurance that all recordedrevenue transactions are valid;

Completeness of revenues – the major misstatement that concerns both management andthe auditor is that goods are shipped or services are performed and no revenue is recognized.Controls concerning completeness include (i) accounting for numerical sequence of shippingdocuments and sales invoices, (ii) matching shipping documents with sales invoices; (iii)reconciling sales invoices to daily sales reports

Authorization of revenues – possible misstatements due to improper authorization includeshipping goods to or performing services for customers who are bad credit risks and makingsales at unauthorized prices or terms. Test policies and procedures relating to authorization ofrevenue transactions.

Accuracy of revenues – the presence of an authorized price list and terms of trade reducesthe risk of inaccuracies, the sales invoice should also be verified for mathematical accuracybefore being sent to the customer.

Cutoff of revenues – sales may be recorded in the wrong accounting period unless propercontrols are in place. All shipping documents should be forwarded to the billing departmentdaily

Classification of revenues – the use of chart of accounts and proper codes for recordingtransactions should provide adequate assurance about the proper classification of revenuetransactions

Cash Receipts Transactions


Occurrence of cash receipts – the possible misstatement that concerns the auditor is thatcash receipts are recorded but not deposited in the client’s bank accounts;

Completeness of cash receipts –major misstatements is that cash/checks arestolen/missing/lost before being recorded in the cash receipts records; proper segregationof duties and a lockbox system are strong control relating to completeness

Authorization of cash receipts – terms of trade generally include discounts for paymentwithin a specified period as a way of encouraging customers to pay on time/earlier

Accuracy of cash receipts –the wrong amount of cash could be recorded from theremittance advice or receipt could n accuracies, the sales invoice should also be verifiedfor mathematical accuracy before being sent to the customer.

Cutoff of cash receipts – if client uses a lockbox system or if cash is deposited daily in thebank, there is a small possibility of cash being recorded in the wrong accounting period

Classification of cash receipts – the auditor seldom has major concerns about cashreceipts being recorded in the wrong financial statement account

Control Procedures and Tests of Controls – Sales Returns and Allowances: Salesreturns and allowances is usually not a material amount in the financial statements.However, credit memoranda that are used to process sales returns can also be usedto cover an unauthorized shipment of goods or conceal a misappropriation of cash. Asa result, all credit memoranda should be properly authorized.

Relating the Assessed Level of Control Risk to Substantive Procedures


The auditor’s testing of control for revenue processing impacts the detection riskand therefore the level of substantive procedures impacted by the controls

Auditing accounts receivable and related controls:1. Substantive analytical procedures are used to examine plausible

relationships among accounts receivable and related accounts.2. Tests of details focus on transactions, account balances, or disclosures.

Tests of details concentrate on the ending balance for accounts receivableand related accounts as well as related disclosures.

Substantive Analytical Procedures: (ratios are used for comparativereasons)

1. Receivables turnover and days outstanding in accounts receivable.2. Aging categories on aged trial balance of accounts receivable.3. Bad-debts expense as a percent of revenue.4. Allowance for uncollectible accounts as a percent of accounts receivable or

credit sales.5. Large account balances compared to last period.

Relating the Assessed Level of Control Risk to Substantive Procedures


For accounts receivables, allowance for doubtful accounts and bad-debtexpense: Occurrence –a sample of transactions from sales journal should be

traced to the sales invoice, customer order and shipping document Completeness –a sample of shipping documents should be traced to

related sales invoice and customer’s account Authorization and accuracy –compare prices and terms for sample

of sales invoices with authorized price list Cutoff –from a sample, compare date of sales invoices with date of

shipment and date sale was recorded Classification –for a sample of sales invoices, determine that each is

properly classified in the revenue accounts

Relating the Assessed Level of Control Risk to Substantive Procedures – Accounts Receivables tests


Completeness –auditors primary concern is whether all AR have been included inthe AR subsidiary ledger and the general ledger (GL) AR account. Reconciliation ofthe aged trial balance to the GL account should detect an omission of receivablesfrom either the subsidiary or GL

Cutoff –attempts to determine whether all revenue transactions and related AR arerecorded in the proper period. Test a few shipping documents just prior to year end –and test another few just after the year end – determine whether all transactionstested were recorded in the proper period

Rights and obligation –the auditor must determine that all AR are owned by theentity, this is usually not a problem, however, in some cases AR may be soldwith/without recourse

Valuation and allocation –AR should be shown on the balance sheet at netrealizable value (gross minus allowance) The auditor must verify the adequacy of theallowance for uncollectible accounts. The first step is to prepare an aged trial balanceand discuss results with the credit manager. Next, a comparison with last year’sresults should be examined.

Classification & Understandability –major issues for presentation and disclosureclassification are: (i) Identifying and reclassifying any material credits contained inaccounts receivable. (ii) Segregating short-term and long-term receivables.(iii)Ensuring that different types of receivables are properly classified.


The Confirmation Process – Accounts Receivables

Confirmation is the process of obtaining information from third parties aboutthe account receivable balance. Confirmation is a good source of evidenceabout the existence of the account receivable. The confirmation processshould be controlled by the auditor.

1. Positive Confirmation –requests that customers indicate whether theyagree with the amount due to the client. A response is expected whetherthe customer agrees or disagrees with the balance indicated.

2. Negative Confirmation –requests that the customer respond only whenthey disagree with the amount due to the client. Negative confirmationsare used when the client has many small account balances and controlrisk is assessed as low.

Timing –AR may be confirmed at an interim date or year-end, theconfirmation request should be sent soon after the end of the accountingperiod in order to maximize response rate

Procedures –the auditor should mail the confirmation request outside theclient facilities – a record should be maintained of the confirmations mailedand those returned, some cases may need 2nd request. For each exceptionreceived, the auditor should examine the reasons for the difference betweenthe balance on the client’s books and the balance indicated by the customer.


Alternative Procedures When the auditor does not receive responses to positive confirmations,

alternative audit procedures are used. These alternative procedures include: Examination of subsequent cash receipts. Examination of customer orders, shipping documents, and duplicate

sales invoices. Examination of other client documentation.

Other types of receivables that are reported on the balance sheet may include (1) receivables from officers and employees, (2) receivables from related parties, and (3) notes receivables. The auditor’s concern with satisfying the assertions for these receivables is similar to that for trade accounts receivable. Each of these types of receivables is confirmed and evaluated for collectability. The transactions that result in receivables from related parties are examined to determine if they were at “arm’s length.” Notes receivable would also be confirmed and examined for repayment terms and whether interest income has been properly recognized.


Evaluating the Audit FindingsWhen the auditor has completed the planned substantive

procedures, the likely misstatement (projected misstatement plusan allowance for sampling risk) for accounts receivable isdetermined.

Likely misstatementless than tolerable

misstatement

Likely misstatementgreater than tolerable

misstatement

Accept the accountas fairly presented

Account is not fairlypresented.


A dream …‘… dan sesiapa yang taatkan Allah dan Rasulnya, akan dimasukkan nya ke dalamsyurga yang mengalir di bawahnya beberapa sungai, mereka kekal di dalamnya;dan itulah kejayaan yang amat besar.” An-Nisa’: 13

‘(dua syurga) yang ada berjenis-jenis pohon dan buah-buahan.” Ar-Rahman:48

‘pada keduanya juga terdapat buah-buahan, serta pohon-pohon kurma dandelima.’ Ar-Rahman: 68

‘sedang naungan pohon-pohon syurga itu dekat kepada mereka, dan buah-buahannya pula dapat dipetik dengan semudahnya’ Al-Insan: 14

Rasulullah pbuh have said:

‘sesungguhnya orang beriman ditempatkan di syurga dalam istana dari mutiaraberongga, panjangnya adalah 60 batu, di dalamnya terdapat pelayan-pelayan’

‘buah-buahan di syurga seperti anggur, ia lebih putih dari susu, lebih manis darimadu, lebih lembut dari tepung dan tidak berbiji. Adapun tanaman di syurga,setelah benihnya disebar, maka ia tumbuh dalam sekejap dan sedia dimakanpada waktu itu juga’

(Hadis riwayat oleh Muslim)

DEPARTMENT OF FINANCIAL ACCOUNTING AND AUDITINGCAEA 2218 AUDITING PRINCIPLESDR HASLIDA ABU HASAN


LECTURE 8

Auditing the Purchasing Cycle


Expense and Liability Recognition

Expenses are outflows or other using up of assets or incurrences of liabilities from delivering or producing goods, rendering services or carrying out other activities that constitute the entity’s ongoing major or central operations.

Liabilities are probable future sacrifices of economic benefits arising from present obligations of a particular entity to transfer assets or provide services to other entities in the future as a result of past transactions or events.


Overview of the Purchasing Process

A purchase transaction usually begins with apurchase requisition generated by the user

department. The purchasing departmentprepares a purchase order that is sent to the vendor. When the goods are received or theservices rendered, a liability is recorded.

Finally, the entity pays the vendor.

Purchase requisition

Purchase order

Receivingreport and

liability recorded

Vendor


Types of Transactions and Financial Statement Accounts Affected

Type of Transaction Account AffectedPurchase Transaction Accounts payable

InventoryPurchases or cost of goods soldVarious asset and expense accounts

Cash disbursement transaction CashAccounts payableCash discountsVarious asset and expense accounts

Purchase return transaction Purchase returnsPurchase allowancesAccounts payableVarious asset and expense accounts

Three types of transactions are processed through the purchasing process:1. Purchase of goods and services for cash or credit.2. Payment of the liabilities arising from such purchases.3. Return of goods to suppliers for cash or credit.


Flowchart of the Purchasing Process – EarthWear ClothiersRequesting Purchasing IT

Department

Purchaserequisition

Approvedpurchaserequisitionreceived

Input

Errorcorrections

Purchaseorder

program

Purchaseorder file

Accountspayable

master file

Errorreport Purchase

order(4 part)

Purchasing

VendorA/PReceiving

PO #2Filed

Numerically


Flowchart of the Purchasing Process – EarthWear Clothiers

DepartmentReceiving Accounts Payable (A/P)PO #1

Goodsreceived,

counted, andinspected

Receivingreport (RR)

Enter vendor,quantity, and

PO #

Dailyreceiving log

PO #3

Receivingreport

Vendorinvoice

Compare invoiceto PO and RR

Reviewaccount

distribution

Voucherpacket

Input

Errorcorrection

To IT

From IT



DepartmentReceiving Accounts Payable (A/P)PO #1

Goodsreceived,

counted, andinspected

Receivingreport (RR)

Enter vendor,quantity, and

PO #

Dailyreceiving log

PO #3

Receivingreport

Vendorinvoice

Compare invoiceto PO and RR

Reviewaccount

distribution

Voucherpacket

Input

Errorcorrection

To IT

From IT



DepartmentIT

Accountspayableupdate

Purchaseorder file

A/P masterfile

Generalledger file

Errorreport

Inputfrom A/P

Reportto A/P

A/P reportingWeeklyMonthly

A/P listing

Cashdisbursement

report

Daily

Daily

Monthlyreports

Generalledger

Open PO report

A/P expensedistribution report

Voucher register

Cash disbursementsjournal

WeeklyMonthly



DepartmentAccounts Payable (A/P) IT Cashier

Cashdisbursement

report

Review documentsand authorize payment

Cashdisbursement

report

Input

A/P masterfile

Cashdisbursement

program

Checks

Checks

Review checksand mail to

vendors

Checks

To Vendors


1. Purchase Requisition – request to purchase goods or services.2. Purchase Order – includes description, quality, and quantity or goods

or services being purchased.3. Receiving Report – records the receipt of goods.4. Vendor Invoice – the bill from the vendor.5. Voucher – serves as the basis for recording a vendor’s invoice.6. Voucher Register – used to record vouchers for goods and services.7. Accounts Payable Subsidiary Ledger – includes amount owed to

individual vendors.8. Vendor Statement – represents the purchase activity with vendor.9. Check – pays for goods or services.10.Check Register – contains columns to record credits to cash and

debits to accounts payable and cash discounts.

Types of Documents and Records


The Major FunctionsFunctions of the Purchasing Process

RequisitioningInitiation and approval of requests for goods and services by authorized individuals consistent with management criteria.

Purchasing Approval of purchase orders and proper execution as to price, quantity, quality, and vendor.

Receiving Receipt of properly authorized goods and services.

Invoice processingProcessing of vendor invoices for goods and services received; also, processing of adjustments for allowances, discounts, and returns.

Disbursements Processing of payment to vendors.

Accounts payable Recording of all vendor invoices, cash disbursements, and adjustments in individual vendor accounts.

General ledgerProper accumulation, classification, and summarization of purchases, cash disbursements, and payables in the general ledger.


Key Functions and DutiesSegregation of Duties Possible Errors or FraudThe purchasing function should be segregated from the requisitioning and receiving functions.

If one individual is responsible for the requisition, purchasing, and receiving functions, fictitious purchases can be made. This can result in the theft of goods and possibly payment for unauthorized purchases.

The invoice-processing function should be segregated from the accounts payable function.

If one individual is responsible for the invoice-processing and accounts payable function, purchase transactions can be processed at the wrong price or terms, or a cash disbursement can be processed for goods not received. This can result in overpayment of goods or the theft of cash.

The disbursement function should be segregated from the accounts payable function.

If one individual is responsible for the disbursement function and also has access to the accounts payable records, unauthorized checks supported by fictitious documents can be issued, and unauthorized transactions can be recorded. This can result in theft of the entity's cash.

The accounts payable function should be segregated from the general ledger function.

If one individual isresponsible for the accounts payable records and also for the general ledger, that individual can conceal any defalcation that would normally be detected by reconciling subsidiary records with the general ledger control account.


The Key Segregation of DutiesPurchasing and Accounts

Payable Purchasing ReceivingAccounts Payable Cashier's IT

Preparation and approval of purchase order XReceipt, counting, and inspection of purchased materials XReceipt of vendor invoices/matching to supporting documents XCoding of account distributions XUpdating of accounts payable records X XPreparation of vendor checks XSigning and mailing of vendor checks XPreparation of the voucher register XReconciliation of voucher register to general ledger X

Department


Inherent & Control Risk Assessment Industry-Related Factors – adequacy of the raw material supply?; how volatile are

raw material prices? Misstatements detected in prior audit Assessing control risk for purchasing process:

1. Understanding and documenting the purchasing process based on a reliancestrategy;

2. Planning and performing tests of controls of purchase transactions;3. Setting and documenting the control risk for the purchasing process;

For each major class of transactions in the purchasing process, the auditor mustobtain the following information:

1. How purchase, cash disbursements, and purchase return transactions are initiated.

2. The accounting records, supporting documents, and accounts involved in processing purchases, cash disbursements, and purchase returns.

3. The flow of each type of transaction from initiation to inclusion in the financial statements, including computer processing.

4. The process used to estimate accrued liabilities After testing controls, the auditor sets the level of control risk. When tests of controls

support the planned level of control risk, no modifications are necessary to detectionrisk. The auditor may proceed with the substantive procedures as planned.


Control Activities and Tests of Controls –Purchase Transactions

Assertions about Classes of Transactions and Events for the Period under Audit

Occurrence All purchases and cash disbursements have been recorded and have occurred and pertain to the entity.

Completeness All purchases and cash disbursements that should have been recorded have been recorded.

Authorization All purchase and cash disbursements are properly authorized.

Accuracy Amounts relating to recorded purchases and cash disbursements have been recorded properly.

Cutoff Purchases and cash disbursements have been recorded in the correct accounting period.

Classification Purchases and cash disbursements have been recorded in the proper account.

Occurrence All purchases and cash disbursements have been recorded and have occurred and pertain to the entity.

Completeness All purchases and cash disbursements that should have been recorded have been recorded.

Authorization All purchase and cash disbursements are properly authorized.

Accuracy Amounts relating to recorded purchases and cash disbursements have been recorded properly.

Cutoff Purchases and cash disbursements have been recorded in the correct accounting period.

Classification Purchases and cash disbursements have been recorded in the proper account.


Control Activities and Tests of Controls –Purchase Transactions

Assertions Substantive Tests of Controls

Occurrence

Observe and evaluate proper segregation of duties. Test a sample of vouchers for the presence of an authorized purchase order and receiving report. Examine paid vouchers and supporting documents for indication of cancellation.

Completeness

Review procedures for accounting for numerical sequence of purchase orders, receiving reports and vouchers. Trace a sample of receiving reports to their vendor invoices and vouchers. Trace a sample of vouchers to the purchases journal.

Authorization Examine purchase requisitions or purchase orders for proper approval. Review client's competitive bidding process.

Accuracy

Recompute the mathematical accuracy of vendor invoice. Agree information in the sample of vouchers for product, quantity, and price. Examine reconciliation of vouchers to daily accounts payable report.

CutoffCompare the dates on receiving reports with the dates on the relevant vouchers. Compare the dates of vouchers with the dates they were recorded in the purchases journal.

Classification Review purchases journal and general ledger for reasonableness. Examine a sample of vouchers for proper classification.

Assertions Substantive Tests of Controls

Occurrence

Observe and evaluate proper segregation of duties. Test a sample of vouchers for the presence of an authorized purchase order and receiving report. Examine paid vouchers and supporting documents for indication of cancellation.

Completeness

Review procedures for accounting for numerical sequence of purchase orders, receiving reports and vouchers. Trace a sample of receiving reports to their vendor invoices and vouchers. Trace a sample of vouchers to the purchases journal.

Authorization Examine purchase requisitions or purchase orders for proper approval. Review client's competitive bidding process.

Accuracy

Recompute the mathematical accuracy of vendor invoice. Agree information in the sample of vouchers for product, quantity, and price. Examine reconciliation of vouchers to daily accounts payable report.

CutoffCompare the dates on receiving reports with the dates on the relevant vouchers. Compare the dates of vouchers with the dates they were recorded in the purchases journal.

Classification Review purchases journal and general ledger for reasonableness. Examine a sample of vouchers for proper classification.


Control Activities and Tests of Controls –Cash Disbursement Transactions

Occurrence – the auditor is concerned with a misstatement caused bya cash disbursement being recorded in the client’s record when nopayment was made. The primary control procedures to prevent suchmisstatements include proper segregation of duties, independentreconciliation and review of vendor statements, and monthly bankreconciliations.

Completeness – the major audit concern is that a cash disbursementis made but not recorded in the records. The auditor should accountfor the numerical sequence of checks and reconcile the daily cashdisbursements with posting to the accounts payable subsidiaryrecords.

Authorization – proper segregation of duties reduces the likelihoodthat unauthorized cash disbursements are made. The individual whoapproves a purchase should not have direct access to the cashdisbursement.


Control Activities and Tests of Controls –Cash Disbursement Transactions

Accuracy – One of the major audit concerns is that the paymentamount is recorded incorrectly. To detect such an error, clientpersonnel should reconcile the total of the checks issued each daywith the daily cash disbursements report.

Cutoff – The auditor’s tests of controls include reviewing thereconciliation of checks with postings to the cash disbursementsjournal and accounts payable subsidiary records. The auditor alsotests cash disbursements before and after year-end to ensure thattransactions are recorded in the proper period.

Classification – The auditor is concerned that a cash disbursementmay be charged to the wrong general ledger account. The use of achart of accounts, as well as independent approval and review of theaccount code on the voucher should provide adequate control.


Control Activities and Tests of Controls – Purchase Return Transactions: Generally, the number

and magnitude of purchase return transactions are notmaterial. The auditor normally does not test controlsrelating to purchase returns. Substantive testing is used totest the reasonableness of the amount.

Relating the Assessed Level of Control Risk toSubstantive Procedures: If the results of the tests ofcontrols support the achieved level of control risk, theauditor conducts substantive procedures at the plannedlevel. If the results do not support the achieved level ofcontrol risk, the auditor reduces the detection risk, whichwill increase substantive procedures.


Auditing Accounts Payable & Accrued Expenses Existence – accounts payable and accrued expenses are

valid liabilities

Rights and obligation – AP and accrued expenses areobligations of the entity

Completeness – All AP and accrued expenses have beenrecorded

Valuation and allocation – AP and accrued expenses areincluded in the financial statements at appropriate amounts,and any resulting valuation or allocation adjustments areappropriately recorded


Auditing Accounts Payable & Accrued ExpensesAssertion about presentation and disclosure

Occurrence and rights and obligations. All disclosed events,transactions, and other matters relating to accounts payable andaccrued expenses have occurred and pertain to the entity.

Completeness. All disclosures relating to accounts payable andaccrued expenses that should have been included in the financialstatements have been included.

Classification and understandability. Financial information relatingto accounts payable and accrued expenses is appropriately presentedand described, and disclosures are clearly expressed.

Accuracy and valuation. Financial and other information relating toaccounts payable and accrued expenses are disclosed fairly and atappropriate amounts.


Auditing Accounts Payable & Accrued Expenses

Substantive Analytical Procedures

Substantive Analytical Procedure Possible Misstatement DetectedCompare payables turnover and days outstanding in accounts payable to previous years' and industry data.

Under- or overstatment of liabilities and expenses.

Compare current-year balances in accounts payable and accruals with prior years' balances.


Compare amounts owed to individual vendors in the current year's accounts payable listing to amounts owed in prior


Compare purchase returns and allowances as a percentage of revenue or cost of sales to prior years' and industry data.

Under- or overstatement of purchase returns.


Tests of Details of Transactions, Account Balances, and Disclosures

Completeness – Obtain a listing of accounts payable, foot the listing,and agree it to the general ledger control account. Selected vouchersor vendor accounts should be traced to the supporting documents orsubsidiary accounts payable records to verify the accuracy of thedetails.

1. Ask management about control procedures used to identify unrecorded liabilities at the end of the period.

2. Obtain copies of vendors’ monthly statements and reconcile the amounts to the client’s accounts payable records.

3. Confirm vendor accounts, including accounts with small or zero balances.4. Vouch large-dollar items from the purchases journal and cash disbursements journal for a

limited time after year-end.5. Examine the files of unmatched purchase orders, receiving reports, and vendor invoices for any

unrecorded liabilities.

Existence – The auditor’s major concern is whether the recordedliabilities are valid obligations of the entity. The auditor should vouch asample of items on the listing of accounts payable to other supportingdocuments.



Cutoff – The auditor attempts to determine if all purchase transactions arerecorded in the proper period. On most audits, the purchase cutoff iscoordinated with the client’s physical inventory count. Proper cutoff shouldalso be determined for purchase return transactions.

Rights and obligation – There is little risk related to this assertion becauseclients seldom have an incentive to record liabilities that are not obligations ofthe entity.

Valuation – Accounts payable are recorded at either the gross amount of theinvoice or net of cash discount amount. The valuation of accruals dependsupon the type and nature of the accrued expense. Most accruals are relativelyeasy to value.

Classification, Presentation, and Disclosure –Major classification issues include . . .1. Identifying and reclassifying any material debits contained in accounts

payable.2. Segregating short-term and long-term payables.3. Ensuring that different types of payables are properly classified.



Disclosure Items for the Purchasing Process:• Payables by type (trade, employees, etc.).• Purchases from and payables to related parties.• Short- and long-term payables.• Dependence on a single vendor or a small number of vendors.• Long-term purchase contracts, including any unusual purchase

commitments.• Costs by reportable segment of the business.

Other Presentation Disclosure Assertion The auditor must ensure that all related party transactions have been

identified. When the client has entered into formal long-term purchasecontracts, adequate disclosure of the terms must be made.

Accounts payable confirmations are used less often than accounts receivableconfirmations. The auditor is able to examine externally created sourcedocuments relating to accounts payable. When confirmations are used they areusually positive and referred to as blank confirmations. The vendor is asked tosupply the balance owed by the client.


Evaluating the Audit Findings

All identified misstatements should be aggregated.The likely misstatement is then compared to tolerablemisstatement.

If the likely misstatement is less than the tolerablemisstatement, the auditor has evidence that theaccount is fairly presented.

Conversely, if the likely misstatement exceeds thetolerable, the auditor should conclude that theaccount is not fairly presented.

DEPARTMENT OF FINANCIAL ACCOUNTING AND AUDITINGCAEA 2218 AUDITING PRINCIPLES –SESSION 1 2010/2011 DR HASLIDA ABU HASAN

CAEA 2218 2010/2011, LECTURE 9 Slide 1

LECTURE 9

Auditing the Inventory Cycle


Overview of the Inventory Management Process

Purchasingprocess

Inventorymanagementprocess

Revenueprocess

• Purchase ofraw materials

• Payment ofmanufacturingoverhead

Human resourcemanagementprocess

• Assignment ofdirect and indirectlabor costs

• Sale ofgoods


Type of Documents and Records

1. Production Schedule – Based on the expected demand for the entity’s products.

2. Receiving Report – Records the receipt of goods from vendors.3. Materials Requisition – Used to track materials during the production

process.4. Inventory Master File – Contains all the important information related to the

entity’s inventory, including the perpetual inventory records.5. Production Data Information – Contains information about the transfer of

goods and related cost accumulation at each stage of production.6. Cost Accumulation and Variance Report – Material, labor, and overhead

costs are charged to inventory as part of the manufacturing process. The variance report compares actual costs to standard or budgeted costs.

7. Inventory Status Report – Shows the type and amount of products on hand.8. Shipping Order – Used to remove goods from the perpetual inventory

records.

Production Schedule

Inventory Master File


The Major Functions

Inventory managementAuthorization of production activity and maintenance of inventory at appropriate levels; issuance of purchase requisitions to the purchasing department.

Raw materials stores Custody of raw materials and issuance of raw materials to manufacturing departments.

Manufacturing Production of goods.

Finished goods stores Custody of finished goods and issuance of goods to the shipping department.

Cost accounting Maintenance of the costs of manufacturing and inventory in cost records.

General ledger Proper accumulation, classification, and summarization of inventory and related costs in the general ledger.

Functions in the Inventory Management Process


Key Segregation of DutiesSegregation of Duties Possible Errors or Fraud

The inventory management function should be segregated from the cost-accounting function.

If the individual responsible for inventory management also has access to the cost-accounting records, production and inventory costs can be manipulated. This may lead to an over- or understatement of inventory and net income.

The inventory stores function should be segregated from the cost-accounting function.

If one individual is responsible for both controlling and accounting for inventory, unauthorized shipments can be made or theft of goods can be covered up.

The cost-accounting function should be segregated from the general ledger function.

If one individual is responsible for the inventory records and also for the general ledger, it is possible for that individual to conceal unauthorized shipments. This can result in the theft of goods, leading to an overstatement of inventory.

The responsibility for supervising physical inventory should be separated from the inventory management and inventory stores functions.

If the individual responsible for production management or inventory stores functions is also responsible for the physical inventory, it is possible that inventory records to the physical inventory, resulting in an overstatement of inventory.


Risk AssessmentINHERENT RISK If industry competition is intense, there may be problems with the

proper valuation of inventory. Technology changes in certainindustries may also promote material misstatement due toobsolescence.

Products that are small and of high value are more susceptible totheft. The auditor must be alert to related-party transactions foracquiring raw materials and selling finished products. Prior-yearmisstatements are good indicators of potential misstatements in thecurrent year.

CONTROL RISKSteps:

1. Understand and document the inventory management process based on a reliance strategy.

2. Plan and perform tests of controls on inventory transactions.3. Set and document the control risk for the inventory

management process.


Control Activities and Tests of Controls – Inventory Transactions

Assertion Test of Controls

Occurrence

Observe and evaluate proper segregation of duties. Review and test procedures for transfer of inventory. Review and test procedures for issuing materials to manufacturing departments. Review and test client procedures for account for numerical sequence of materials requisitions.

Completeness Observe the physical safeguards over inventory. Review and tests client's procedures for consignment goods.

Authorization Review authorized production schedules. Review and test procedures for developing inventory levels and procedures used to control them.

Accuracy

Review and test procedures for taking physical inventory. Review and test procedures used to develop standard costs. Review and test cost accumulation and variance reports. Review and test procedures for identifying obsolete, slow-moving, and excess quantities. Review the reconciliation of perpetual inventory to general ledger control account.

CutoffReview and test procedures for processing inventory included on receiving reports into the perpetual records. Review and test procedures for removing inventory from perpetual records based on shipments of goods.

Classification Review the procedures and forms used to classify inventory.


Control Activities and Tests of Controls –Inventory Transactions

Occurrence of Inventory Transactions – the auditor’s main concern is that all recorded inventory exists. The auditor should also be concerned that goods may be stolen. Review and observation are the main tests of controls used by the auditor to test the control procedures.

Completeness of Inventory Transactions – the primary control procedure for completeness relates to recording inventory that has been received. Controls are closely related to the purchasing process.

Authorization of Inventory Transactions – the auditor’s concern with authorization in the inventory system is with unauthorized purchase or production activity that may lead to excess levels of certain types of finished goods.

Accuracy of Inventory Transactions – inventory transactions that are not properly recorded result in misstatements that directly affect the amounts reported in the financial statements. Inventory purchases must be recorded at the correct price and actual quantity received. Inventory shipped must be properly recorded in cost of goods sold and the related revenue recognized.

Classification of Inventory Transactions – the client must have control procedures to ensure that inventory is properly classified as raw materials, work in process, or finished goods. By knowing which manufacturing department holds the inventory, the auditor is able to classify it by type.


Control Risk relation to Substantive ProceduresAssertions about Classes of Transactions and Events: Occurrence. Inventory transactions and events are valid. Completeness. All inventory transactions and events have been recorded. Authorization . All inventory transactions and events are properly authorized. Accuracy. Inventory transactions have been properly computed and ending inventory, and

related revenue and cost of goods sold have been properly accumulated from journals and ledgers.

Cutoff. Inventory receipts and shipments are recorded in the correct accounting period. Classification. Inventory is recorded in the proper accounts.

Assertions about Account Balances at the Period End: Existence – inventory recorded on the books and records actually exists Rights and obligations – the entity has the legal rights of the recorded inventory Completeness – all inventory is recorded Valuation and allocation – inventory is properly recorded in accordance with GAAP

Assertions about Presentation and disclosure: Occurrence & Rights and obligations –all disclosed events, transactions, and other

matters relating to inventory have occurred and pertain to the entity Completeness –all disclosures relating to inventory that should have been included in the

financial statements have been included Classification and understandability – financial information relating to inventory is

appropriately presented and described, and disclosures are clearly expressed Accuracy and valuation –financial and other information relating to inventory are disclosed

fairly and at appropriate amounts


Auditing Inventory – Substantive Analytical Procedures

Substantive Analytical Procedure Possible Misstatement DetectedCompare raw material, finished goods, and total inventory turnover to previous years' and industry averages.

Obsolete, slow-moving, or excess inventory

Compare days outstanding in inventory to previous years' and industry average.

Obsolete, slow-moving, or excess inventory

Compare gross profit percentage by product line with previous years' and industry data. Unrecorded or fictitious inventory

Compare actual cost of goods sold to budgeted amounts. Over- or understated inventoryCompare current-year standard costs with prior years' after considering current conditions. Over- or understated inventory

Compare actual manufacturing overhead costs with budgeted or standard overhead costs. Inclusion or exclusion of overhead costs


Auditing Inventory

Auditing Standard CostsMaterialTest the quantity and type of materials included in the product and the price of the materials.

LaborGather evidence about the type and amount of labor needed for production and the labor rate.

OverheadReview the client’s method of overhead allocation for reasonableness, compliance with GAAP, and consistency.


Auditing InventoryObserving Physical Inventory1. Ensure that no production is scheduled. If production is scheduled proper

controls must be established for movement between departments in order to prevent double counting.

2. Ensure that there is no movement of goods during the inventory count.3. Make sure that the client’s count teams are following the inventory count

instructions.4. Ensure that inventory tags are issued sequentially to individual departments.5. Perform test counts and record a sample of counts in the working papers.6. Obtain tag control information for testing the client’s inventory compilation.7. Obtain cutoff information, including the number of the last shipping and

receiving documents issued.8. Observe the condition of the inventory for items that may be obsolete, slow

moving, or carried in excess quantities.9. Inquire about goods held on consignment for others or held on a “bill-and-

hold” basis.


Tests of Details of Transactions, Account Balances, & Disclosures

Substantive tests of transactions: Occurrence –vouch a sample of inventory additions to receiving reports and purchase

requisition Completeness – trace a sample of receiving reports to the inventory records Authorization –test a sample of inventory shipments to ensure there is an approved

shipping ticket and customer sales Accuracy – re-compute mathematical accuracy of a sample of inventory transactions,

audit standard costs or other methods used to price inventory Cutoff – trace a sample of time cards before and after period and to the appropriate

weekly inventory report Classification –examine a sample of inventory checks for proper classification into

expense accounts

Test of details of account balances: Existence – observe count of physical inventory Rights and obligations – verify that inventory held on consignment for others or ‘bill-

and-hold’ goods are not included in inventory Completeness – trace tests counts and tag control information to inventory

compilation Valuation and allocation – obtain a copy of the inventory compilation and agree

totals to general ledger. Test mathematical accuracy of extensions and foot the inventory compilation. Inquire management on obsolete, slow-moving, excess inventory. Review book to physical adjustments for possible misstatements


Assertions about Presentation and disclosure: Occurrence & Rights and obligations – Inquire of management and review any loan

agreements and board of directors' minutes for any indication that inventory has been pledged or assigned. Inquire of management about issues related to warranty obligations.

Completeness –Complete financial reporting checklist to ensure that all financial statement disclosures related to inventory are made.

Classification and understandability – Review inventory compilation for proper classification among raw materials, work in process, and finished goods. Read footnotes to ensure that required disclosures are understandable.

Accuracy and valuation –Determine if the cost method is accurately disclosed. Inquire of management abut issues related to LIFO liquidations. Read footnotes and other information to ensure that the information is accurate and properly presented at the appropriate amounts.

Possible causes of book-to-physical differences:(1) Inventory cutoff errors. (2) Unreported scrap or spoilage. (3) Pilferage or theft.

Examples of Disclosure Items:(i) Cost method (FIFO, LIFO, retail method); (ii) Components of inventory; (iii) Long-term purchase contracts.; (iv) Consigned inventory; (v) Purchases from related parties; (vi) LIFO liquidations; (vii) Pledged or assigned inventory (viii) Disclosure of unusual losses from write-downs (ix) Warranty obligations.

Tests of Details of Transactions, Account Balances, & Disclosures


At the conclusion of testing, the auditor should aggregate all identifiedmisstatements. The likely misstatement is compared to the tolerablemisstatement allocated to the inventory account.

Evaluating the Audit Findings - Inventory

Likely misstatement < Tolerable misstatementThe auditor may accept the inventory account as fairly presented.

Likely misstatement > Tolerable misstatementThe auditor may conclude the inventory is not fairly presented.

"Let there be no compulsion in religion; verily, the right path has become distinct from the wrong path; whoever rejects taghut (evil) and believes in Allah has grasped the most trust worthy hand-hold that never breaks; and Allah hear and know all things". (Qur'an, 2:256)

End of lEcturE 9



LECTURE 10

Auditing Cash and Investment

Cash and Other Business Processes


“Cash” reported in the financial statements represents currency on handand cash on deposit in bank accounts, including certificates of deposit,time deposits, and savings accounts.

“Cash equivalents” are frequently combined with cash for presentation inthe financial statements. Definition: Short-term, highly liquid investmentsthat are readily convertible to cash or so near their maturity that there islittle risk of change in their value. Examples: Treasury bills; commercialpaper; and money market funds.

Types of banking accounts : (i) General cash accounts; (ii) Imprest cashaccounts; (iii) Branch Accounts

In order to maximize its cash position, an entity implements proceduresfor accelerating the collection of cash receipts and properly delaying thepayment of cash disbursements.

Cash and Other Business Processes


Substantive Analytical Procedures—Cash


Because of the residual nature of the cash account, the auditor’s use ofsubstantive analytical procedures for auditing cash is limited to: comparisons with prior years’ cash balances. comparisons with budgeted amounts.

This limited use of substantive analytical procedures is normally offset by(1) extensive tests of controls and/or substantive tests of transactions forcash receipts and disbursements or (2) extensive tests of the entity’s bankreconciliations.

The reliability of the client’s controls over cash (controls over cash receiptsand control over cash disbursements as well as bank reconciliations) affectsthe nature and extent of the auditor’s tests of details.

Substantive Tests of Details of Transactions & Account Balances


Balance-Related Assertions


Auditing the General Cash Account


The auditor should first obtain (i) copies of bank reconciliation; (ii) standardbank confirmation and (iii) cutoff bank statement



Date of Last Bank Reconciliation

7 to 10 Days

A cutoff bank statement normally covers the 7- to 10-dayperiod after the date on which the bank account is

reconciled.

Any reconciling item should have cleared the client’s bank account during the 7- to 10-day period.



The auditor uses the following audit procedures to test the bankreconciliation:1. Test the mathematical accuracy and agree the balance per the books to

the general ledger.2. Agree the bank balance on the reconciliation with the balance shown on

the standard bank confirmation.3. Trace the deposits in transit on the bank reconciliation to the cutoff bank

statement.4. Compare the outstanding checks on the bank reconciliation with the

canceled checks in the cutoff bank statement for proper payee, amount and endorsement.

5. Agree any charges included on the bank statement to the bank reconciliation.

6. Agree the adjusted book balance to the cash account lead schedule. The audit of any imprest cash account such as payroll or a branch account

follows the same basic audit steps for general cash accounts Petty cash are seldom material in organisation, however it has potential for

defalcation – substantive tests are rarely performed for petty cash, auditingthe controlling documents surrounding petty cash should be sufficient



Some disclosure issues over cash are:1. Accounting policies for defining cash and cash equivalents;2. Any restrictions on cash such as a sinking fund requirement for funds

allocated by the entity’s board of directors for special purposes;3. Contractual obligations to maintain compensation balances;4. Cash balances restricted by foreign exchange controls;5. Letters of credit

A letter might be sent to banks to confirm the compensating balancedisclosures

Audit procedures related to fraud includes: Extended bank reconciliation; Tests for kiting; Proof of cash

In some instances, the year-end bank reconciliation can be used to covercash defalcations. This is usually accomplished by manipulating thereconciling items in the bank reconciliation. For example, suppose a clientemployee was able to steal $5,000 from the client. The client’s cash balanceat the bank would then be $5,000 less than reported on the client’s books.The employee could “hide” the $5,000 shortage in the bank reconciliation byincluding a fictitious deposit in transit.

Auditing the General Cash Account – Test for Kiting


Auditing for Investments


Investments items includes – common stock, preferred stock; debt securitiesand hybrid securities

Control risk assessments for investments focuses on assertion in terms of(i) occurrence and authorization; (ii) completeness; and (iii) accuracy andclassification

Key segregation of duties and possible errors avoided:

Auditing for Investments - Substantive Procedures


Auditing for Investments - Tests of Details


Existence: Auditing Standards state that the auditor should perform one of thefollowing procedures when gathering evidence for existence: (i) Physicalexamination; (ii) Confirmation with the issuer; (iii) Confirmation with the custodian;(iv) Confirmation of unsettled transactions with the broker-dealer; (v) Confirmationwith the counterparty; (vi) Reading executed agreements;

Valuation and Allocation: The auditor must also determine if there has been anypermanent decline in the value of an investment security. Auditing and accountingstandards provide guidance for determining whether a decline in value belowamortized cost is other than temporary;Here are some factors that may indicate a non-temporary impairment of investmentvalue:

• Fair value is significantly below cost ;• Decline in fair value is attributable to specific adverse conditions;• Management does not possess both the intent and ability to hold the investment

long enough to allow for recovery in fair value;• A debt security has been downgraded by a rating agency;• The financial condition of the issuer has deteriorated

Permanently Impaired = Write down to new carrying amount Disclosure Assertions : Marketable securities need to be properly classified as

held-to-maturity, trading, and available-for-sale. Held-to-maturity securities andindividual available-for-sale securities should be classified as current or non-currentassets based on whether management expects to convert them to cash within 12months. All trading securities should be classified as current assets

4-1



LECTURE 11Auditing for Prepaid Expenses,

Intangible Assets and Tangible Assets of Property, Plant and Equipment

4-2

Auditing Prepaid Expenses


Other assets that provide economic benefit for less than a year are classified as current assets and are called prepaid expenses. Examples include: (i) Prepaid insurance; (ii) Prepaid rent; (iii) Prepaid interest.

The inherent risk associated with prepaid expenses is generally assessed as low because the accounts do not involve any complex or contentious accounting issues.

Because prepaid expenses are normally processed through the purchasing process, control procedures in purchasing should ensure that each item is properly authorized and recorded.

Tests of Details of the Prepaid Insurance Account – audit testing begins by obtaining a detail schedule of the prepaid insurance account. Existence and Completeness –confirm policy with insurance broker, examine

supporting source documents; Rights and Obligations – confirm policy beneficiary with the insurance broker; Valuation – determine unexpired portion of policy and insurance expense. Classification –determine propriety of distribution between

manufacturing overhead and SG&A expense.

4-3

Auditing Intangible Assets


Intangible assets are assets that provide economic benefit for longer than a year, butlack physical substance. Examples of five general categories of intangible assets:1. Marketing – trademark, brand name, and Internet domain names.2. Customer – customer lists, order backlogs, and customer relationships.3. Artistic – items protected by copyright.4. Contract – licenses, franchises and broadcast rights.5. Technology – patented and unpatented technology.

The inherent risk associated with intangible assets raises serious risk considerations. The accounting rules are complex and the transactions are difficult to audit. Accounting standards require different asset impairment tests for different classes of intangible assets (FAS 142). With the judgment and complexity association with valuation and estimation of intangible assets, the auditor would likely assess the inherent risk as high.

Factors considered in Control Risks assessments:1. The expertise and experience of those determining the fair value of the assets.2. Controls over the process used to determine fair value measurements, including

controls over data and segregation of duties between those committing the client to the purchase and those undertaking the valuation.

3. The extent to which the entity engages or employs valuation specialists.4. The significant management assumptions used in determining fair value.5. The integrity of change controls and security procedures for valuation models and

relevant information systems, including approval processes (AU 328).

4-4

Auditing Intangible Assets


Tests of Details – associated with valuation and impairment of intangible assets areoften necessary because the complexity and degree of judgment increase the risk ofmaterial misstatement. Some substantive evidence is required for all significantaccounts, and, as noted above, substantive analytical procedures are not likely toprovide sufficient, appropriate evidence for significant transactions involving intangibleassets. Four assertions are normally considered for tests of details of intangible assets:

1. Existence and completeness.2. Valuation.3. Rights and obligations.4. Classification.

4-5

Auditing the Property Management Process


Property, plant and equipment usually represents a material amount in the financialstatements. Recurring Engagement – the auditor is able to focus on additions andretirements in the current period because amounts from prior periods have been subjectto audit procedures. New Engagement – the auditor has to verify the assets that makeup the beginning balance in property, plant, and equipment.

Four types of PP&E transactions may occur:1. Acquisition of capital assets for cash or other nonmonetary considerations.2. Disposition of capital assets through sale, exchange, retirement, or abandonment.3. Depreciation of capital assets over their useful economic life.4. Leasing of capital assets.

There are three inherent risk factors that must be considered by the auditor:1. Complex accounting issues;2. Difficult-to-audit transactions (donated assets, non-monetary exchange, self-

constructed assets);3. Misstatements detected in prior audit.

Control procedures for the occurrence and authorization of property, plant, and equipment are normally part of the purchasing process. However, large capital asset transactions may be subject to additional controls. Companies should have an authorization table for approving capital asset transactions. Completeness – detailed PPE subsidiary ledgers usually includes information about (i) description, location and ID number; (ii) date of acquisition and installed costs; (iii) depreciation methods for book and tax purpose – salvage value, estimated useful life etc

4-6



Physical Plant IT Department

SpecializedPP&E

transactions

Review forproper

recording

Input

Frompurchasing

process

PP&Etransaction

file

PP&Emaster

file

PP&Eprogram

Generalledger

master file

Generalledger

program

Generalledgerreport

PP&Etransaction

report

PP&Esubledger

Reconcile togeneral ledger

Monthly

4-7



Segregation of Duties Possible Errors or Fraud

The initiation function should be segregated from the final approval function.

If one individual is responsible for initiating a capital asset transaction and also has final approval, fictitious or unauthorized purchases of assets can occur. This can result it purchases of unnecessary assets, assets that do not meet the company's quality control standards, or illegal payments to suppliers.

The PP&E records function should be segregated from the general ledger function.

If one individual is responsible for the PP&E records and also for the general ledger functions, that individual can conceal any defalcation that would normally be detected by reconciling subsidiary records with the general ledger control account.

The PP&E records function should be segregated from the custodial function.

If one individual is responsible for the PP&E records and also has custodial responsibility for the related assets, items may be stolen, and the theft can be concealed by adjustment of the accounting records.

If a periodic physical inventory of PP&E is taken, the individual responsible for the inventory should be independent of the custodial and record-keeping functions.

If one individual who is responsible for the periodic physical inventory of PP&E is also responsible for the custodial and record-keeping functions, theft or the entity's capital assets can be concealed.

4-8



Substantive Analytical Procedures:1. Compare prior-year balances in PP&E and depreciation expense with current-year

balances.2. Compute the ratio of depreciation expense to the related PP&E accounts and compare to

prior years’ ratios.3. Compute the ratio of repairs and maintenance expense to the related PP&E accounts and

compare to prior years’ ratios.4. Compute the ratio of insurance expense to related PP&E accounts and compare to prior

years’ ratio.5. Review capital budgets and compare the amounts spent with amounts budgeted.

Test of details of transactions, account balances and disclosures: Completeness – The auditor begins the process by obtaining a lead schedule and detailed

schedules of additions and dispositions of assets. These schedules are footed and agreed to the general ledger.

Cutoff – Cutoff is normally part of the accounts payable and accrued expenses work. Vendor’s invoices from a few days before and after year-end are examined to determine if the assets is recorded in the proper accounting period.

Classification – First, the auditor must determine that the capital asset is recorded in the proper account. Second, the repairs and maintenance account should be reviewed to determine if any capital assets have been incorrectly recorded in these accounts. Finally, each material lease agreement should be reviewed for proper classification as operating or capital lease.

4-9



Test of details of transactions, account balances and disclosures (continued): Existence – A list of all major additions should be obtained and each addition should

be vouched to supporting documentation. For major acquisitions, the auditor may physically examine the capital asset. This is often done during the inventory observation. Major dispositions should be vouched to supporting documentation and examined for proper authorization.

Rights and obligations – In most cases, rights or ownership can be determined by examining vendor’s invoices and other supporting documents. In some cases, the auditor may wish to confirm property deeds or title documentation.

Valuation and allocation – Capital assets are valued at acquisition cost plus any costs necessary to make the asset operational. The auditor tests the recorded cost of major new additions to PP&E. The auditor may recompute, either manually or with the aid of a computer, the proper depreciation expense for the period. The auditor must test for permanent impairment of long-lived assets. While GAAP requires the comparison of future cash inflows to the asset’s carrying amount, this process can be quite difficult. Auditors may look to other sources of information to learn about impairments.

4-10



Test of details of transactions, account balances and disclosures (continued): Examples of disclosure items:

1. Classes of capital assets and valuation bases.2. Depreciation methods and useful lives for financial reporting and tax purposes.3. Nonoperating assets.4. Construction or purchase commitments.5. Liens and mortgages.6. Acquisition or disposal of major operating facilities.7. Capitalized and other lease arrangements.

Evaluating the audit findings for PPE:

If the likely misstatement is less than the tolerable misstatement, the evidenceindicates that the PP&E accounts are fairly stated.

If the likely misstatement is greater than the tolerable misstatement, the auditor wouldeither require adjustment of the accounts or issue a qualified audit report.

4-11

1. Explain the nature and fundamental concepts of auditing with emphasis on external auditors.2. Distinguish auditor’s and management’s objectives, responsibilities on audit of financial statements. 3. Describe the relevant statutory and regulatory requirements in the Malaysian auditing environment.4. Apply relevant audit procedures and practical aspects of audit to transaction cycles and items of balance sheet and income statement.5. Apply code of ethics and professional standards (MIA By-Laws) in auditing



LECTURE 12Auditing for Long Term Liabilities, Stockholders’ Equity, and Income

Statement Accounts

Auditing Long Term Debt


The auditor must be assured that the amounts shown on the balancesheet for the various types of long-term debt are not materiallymisstated. This assurance extends to the recognition of interestexpense. For the vast majority of entities, it is more efficient to follow astrategy of conducting substantive testing.

The inherent risk for notes and bonds would normally be assessed aslow to moderate because the volume of transactions are low, theaccounting is not complex, and the client often receives third-partystatements or amortization tables. However, the amounts are usuallylarge and the financial markets have developed sophisticatedinstruments that have characteristics of both debt and equity. Theinherent risk associated with these instruments is normally high.

The control risk : when a substantive strategy is followed, the auditor still needs a sufficient understanding of the entity’s internal control system over debt.



Assertion and Related Control Ativities –1. Occurrence and authorization – (i) adequate documentation must verify that a note

or bond was properly authorized; (ii) any significant debt commitments should beapproved by the board of directors or by executives who have been delegated thisauthority. When the entity has proper controls for issuing debt transactions, it isgenerally easy for the auditor to test those transactions for occurrence andauthorization at the end of the period.

2. Completeness – The client should maintain a subsidiary ledger that containsinformation about all the long-term debt owed by the entity. The debt amount recordedin the subsidiary ledger should be reconciled to the general ledger control accountregularly.

3. Valuation – Notes and bonds are recorded at their face value less any unamortizeddiscount or plus any unamortized premium. The effective interest method should beused to amortize discounts and premiums (the straight-line method may be used if theresults are not materially different from the effective interest amounts).

4. Disclosure-Classification – Controls should ensure that notes and bonds are properlyclassified in the financial statements. The major issue is to properly classify as a short-term liability the portion of long-term debt that is due in the next year.



Substantive Procedures – the auditor should examine any new debt agreements, determine the status of prior debt agreements, and confirm balances and other relevant information with outside parties. Analytical procedures are useful because of the direct relationship between interest expense and the amount of long-term debt.

Assertions Substantive Tests of Transaction

Occurrence Examine copies of new note or bond agreements. Examine board of directors' minutes for approval of new lending agreements.

Completeness

Trace large cash receipts and payments to source documents and the general ledger. Review interest expense for payments to debt holders not listed on the debt analysis schedule. Review notes paid or renewed after the balance sheet date to determine if there are unrecorded liabilities at year-end. Evaluate lease contracts to determine if leases are properly accounted for as an operating or capital lease.

Authorization Examine board minutes for evidence of proper authorization of notes or bonds.

Accuracy Test a sample of receipts and payments.

Cutoff Review debt activity for a few days before and after year-end to determine if the transactions are included in the proper period.

Classification Examine the due dates on notes or bonds for proper classification between current and long-term debt.

Assertions Substantive Tests of Transaction

Occurrence Examine copies of new note or bond agreements. Examine board of directors' minutes for approval of new lending agreements.

Completeness

Trace large cash receipts and payments to source documents and the general ledger. Review interest expense for payments to debt holders not listed on the debt analysis schedule. Review notes paid or renewed after the balance sheet date to determine if there are unrecorded liabilities at year-end. Evaluate lease contracts to determine if leases are properly accounted for as an operating or capital lease.

Authorization Examine board minutes for evidence of proper authorization of notes or bonds.

Accuracy Test a sample of receipts and payments.

Cutoff Review debt activity for a few days before and after year-end to determine if the transactions are included in the proper period.

Classification Examine the due dates on notes or bonds for proper classification between current and long-term debt.



Year-End Balances Tests of Details of Account BalancesExistence Confirm notes or bonds directly with creditors.Rights and obligations Examine copies of note and bond agreements.

Completeness

Obtain an analysis of notes and bonds payable, and accrued interest; foot schedule and agree totals to the general ledger. Obtain a standard bank confirmation requesting specific information on notes from banks. Confirm notes or bonds with creditors. Inquire or management about "off-balance sheet" activities. Review board meeting minutes for debt-related activities.

Valuation and allocation

Examine new debt agreements to ensure that they were recorded at the proper value. Confirm the outstanding balance for notes or bonds and the last date on which interest has been paid. Recompute accrued interest. Verify computation of the amortization of premium or discount.

Auditing Stockholders’ Equity


The following three types of transactions are of importance to theauditor;(i) issuance of stock including transactions such as sale of stock for

cash; the exchange of stock for assets; and issuance of stock forstock splits;

(ii) repurchase of stock including both the reacquisition of stock andretirement of stock;

(iii) payment of dividends including cash and stock dividends.

The control risk : A substantive strategy is often used to auditstockholders’ equity because the number of transactions is usuallysmall. The auditor must still be aware of the types of controls that are inplace to prevent the misstatement of equity transactions. Large,publicly traded companies use a registrar and transfer agent to processand record equity transaction. Relevant information about equitytransactions may be confirmed with the register and transfer agent.

Auditing Stockholders’ Equity


Assertion and control activities:1. Occurrence – Verify that stock and dividend transactions comply with corporate

charter.2. Accuracy – Verify that stock and dividend transactions have been properly posted

and summarized in the accounting records.3. Authorization – Verify that stock and dividend transactions have been properly

approved.4. Valuation – Verify that stock and dividend transactions have been properly valued.

When possible, the following duties should be segregated:1. The individuals responsible for issuing, transferring, and canceling stock certificates

should not have any accounting responsibilities.2. The individual responsible for maintaining the detailed stockholders’ records should

be independent of the maintenance of the general ledger control accounts.3. The individual responsible for maintaining the detailed stockholders’ records should

not also process cash receipts or disbursements.4. Appropriate segregation of duties should be established among the preparation,

recording, signing, and mailing of dividend checks.

Auditing Capital-Stock Accounts


Assertion and control activities:1. Occurrence and completeness – when outside agents are not used the

auditor must (i) trace the transfers of shares between stockholders to thestock register and/or stock certificate book; (ii) foot the shares outstanding inthe stock register and/or stock certificate book and agree them to total sharesoutstanding in the general ledger; (iii) examine any canceled stockcertificates; (iv) account for and inspect any unissued stock certificates in thestock certificate book.

2. Valuation – (i) when stock is issued for cash the valuation is straightforward.The proceeds from the sale are normally traced to the cash receipts records.(ii) when stock is exchanged for property, goods, or services, the valuationissue is more complex. Generally, fair market value is an issue and theaccounting may involve a gain or loss. (iii) stock dividends may also createcomplex auditing issues. The auditor must recompute the dividend and tracethe entries to the general ledger.

3. Completeness of disclosure – examples of disclosure items include (i)number of shares authorized, issued, and outstanding for each class ofstock; (ii) call privileges, prices, and dates of preferred stock; (iii) preferred-stock sinking funds; (iv) stock option or purchase plans; (v) restrictions onretained earnings and dividends; (vi) any completed or pending transactionsthat may affect stockholders’ equity.

Auditing Dividends


All dividends declared and paid will be audited because of concerns ofviolations of corporate bylaws or debt covenants.

When an independent dividend-disbursing agent is used, the auditor canconfirm the amount disbursed with the agent. This amount is agreed with theamount authorized by the board of directors.

When an independent agent is not used, the auditor can recompute theamount of the dividend authorized by the board of directors and trace theamount to cash disbursements or dividends payable.

Auditing Retained Earnings


Under normal circumstances, retained earnings are affected by the currentyear’s income or loss and the dividends declared and or paid. The majorexception is the existence of prior period adjustments, valuation accounts forcertain marketable securities and foreign currency translation.

Auditing Income Statement Accounts


The audit of revenue and expense accounts depends on the extent of work conducted onthe entity’s control system and balance sheet accounts. Substantive procedures onselected income statement accounts include:

1.The results of testing controls for the various business processes;2.The results of the detailed tests of balance sheet accounts and the related income

statement accounts;3.Performance of substantive analytical procedures on income statement accounts.4.Detailed tests of selected income statement accounts.

If control risk is set at the maximum – the auditor does not rely on controls. Insteadextensive substantive procedures are used. If a reliance strategy is followed – the auditordetermines if controls may be relied upon. If controls are operating effectively – the auditormay reduce control risk below the maximum.

Income statement accounts are normally audited in the course of auditing the relatedbalance sheet accounts.

Balance sheet accounts link to income statement accounts AR / Allowance for doubtful debt – bad debt expense NR / Investments / Accrued interest receivable – Interest expense PPE / Accumulated depreciation / Depreciation expense, gain/losses on sales or

assets retirement Prepaid insurance – insurance expense Long term debt / accrued interest payable – interest expense

Auditing Income Statement Accounts


Substantive analytical procedures – extensive use of analytical procedures in theaudit of revenue and expense accounts; example – common size statementcomparing current to previous years; trend and ratio analysis.

Tests of selected account balances – The auditor may wish to examine keyrevenue and expense accounts in some detail. Usually, the auditor verifies thetransactions in the account by examining the supporting documentation. Accountsaudited in this manner may be related to income tax reporting and include legal andaudit expense, travel and entertainment, charitable contributions, and other incomeand expense.

TUTORIAL QUESTIONS

Problem 15-21, page 521Problem 15-23, page 522



LECTURE 13Auditing the Human Resource

Management Process

Auditing the HRM


The human resource process starts with the establishment of sound policiesfor hiring, training, evaluating, counseling, promoting, compensating, andtaking remedial actions for employees.

The main concern of the auditor involves payroll transactions once anemployee has been hired.

Departments involve includes (i) operating; (ii) HRM; (iii) payroll; (iv) IT

Transactions and accounts involve are the:

1. payments to employees –cash, direct/indirect labor expense account ;

2. accrual and payment of payroll-related liabilities arising from employees’services such as social securities, pension schemes, unemploymenttaxes etc – cash and various accruals .

Documents and records relevant are – personnel records, including wage-rate or salary authorizations; deduction authorization forms; time card;payroll check/direct deposit records; payroll register; payroll master file;payroll master file changes report; periodic payroll reports; various taxreports and forms.

Major HRM functions


Personnel Authorization of hiring, firing, wage-rate and salary adjustments, salaries, and payroll deductions.

SupervisionReview and approval of employees' attendance and time information; monitoring of employee scheduling, productivity, and payroll cost variances.

Timekeeping Processing of employees' attendance and time information and coding of account distribution.

Payroll processing

Computation of gross pay, deductions, and net pay; recording and summarization of payments and verification of account distribution.

Disbursement Payment of employees' compensation and benefits.

General ledger Proper accumulation, classification, and summarization of payroll in the general ledger.

Segregation of duties


Payroll Function OperatingHuman

ResourceTime-

keeping Payroll IT TreasurerInitiation of wage or salary changes XInitiation of employee hiring and firing XApproval of wage and salary changes XUpdating of personnel records XUpdating of payroll records XApproval of time cards and job classification XReview of time data and payroll distribution XPreparation of payroll X XPreparation and signing of payroll checks XDistribution of payroll checks XUndating of general ledger for payroll XComparison of payroll expense to budget XCalculation and recording of payroll taxes X

Risk assessments


In assessing inherent risk the auditor may want to consider the effect ofeconomic conditions on payroll costs, the supply of skilled workers, and thefrequency of employee turnover. The auditor should be familiar with anyexisting labor contracts and the impact of regulation on the company.

The inherent risk associated with non-officers of the company is generallyconsidered low.

The inherent risk associated with officers of the company may not beconsidered low because of the ability to take advantage of their highposition.

Control risk assessments steps follow similar procedures of understandingand document the HRM process, perform tests of control and set anddocument control risk.

Risk assessments


Control activities and test of controls:

Occurrence – the auditor want assurance that payments for payroll-relatedservices are being made to valid employees for time actually worked. Controlsmust be in place to ensure that no payments are made to fictitious employeesand payments to valid employees are stopped once the employee is terminated.

Authorization – the client must have controls for hiring and terminatingemployees, setting pay rates, making withholdings, awarding benefits, andissuing payroll checks.

Accuracy – The client must have controls for hiring and terminating employees,setting pay rates, making withholdings, awarding benefits, and issuing payrollchecks.

Classification – If payroll expense is charged to the wrong accounts, thefinancial statement may be misstated. If payroll expense is not properlyclassified between direct and indirect labor, inventory and cost of goods soldmay not be valued properly.

If the results of the tests of controls for the payroll system support the planned level ofcontrol risk, the auditor conducts substantive procedures of payroll-related accounts atthe assessed level. If the tests do not support the level of control risk, the nature andextent of substantive testing will be increased.

Auditing payroll related accounts


Substantive analytical procedures: 1. Payroll Expense Accounts:

Compare current year with prior years' payroll expense accounts Compare current and prior years' payroll costs as percent of sales and

industry data Compare labor utilization rates and statistics with industry data Compare budgeted payroll expenses with actual payroll expenses Estimate sales commissions with formula and recorded sales

2. Payroll-Related Accrual Accounts: Compare current and prior years' balances in payroll related accounts Test reasonableness of accrual balance



Assertions about Transactions Substantive Tests of Transaction

Occurrence Trace a sample of payroll checks to the master employee list to verify validity.

Completeness Trace a sample of time cards to the payroll register.

Authorization Test a sample of payroll checks for proper authorization.

Accuracy Recompute a sample of payroll checks for gross pay, deductions, and net pay.

Cutoff Trace a sample of time cards before and after period end to the appropriate payroll report.

Classification Examine a sample of payroll checks for proper classification into expense accounts.

Tests of Detail of Transactions, Account Balances, and Disclosures




Assertions about Account Balances at Period End Tests of Details of Account Balances

ExistenceVouch selected amounts from account schedules for accruals to supporting documents (payroll tax returns, corporate benefit policies, etc..

Rights and obligations Review supporting documentation to determne that the entity is legally obligated to pay the liability.

Completeness Search for unrecorded liabilities.

Valuation and Allocation

Obtain an account analysis schedule for accrued payroll liabilites; foot schedules for accrued payroll liabilities. Compare amounts accrued to supporting documentation, such as payroll tax returns.




Assertions about Presentation and

Disclosure Tests of Details of DisclosuresOccurrence, and rights and

obligationsInquire about accruals to ensure that they are properly disclosed.

CompletenessComplete financial reporting checklist to ensure that all financial statement disclosures related to payroll expense have been made.

Accuracy and valuation

Review benefit contracts for proper disclosure of pension and postretirement benefits. Read footnotes and other information to ensure that the information is accurate and properly presented at the appropriate amounts.



Payroll transactions affect many expense accounts, including direct and indirectmanufacturing expense, general and administrative salaries, sales salaries,commissions, and payroll tax expenses.If the entity’s internal control is reliable, the auditor does not need to conduct detailed

tests of all these payroll expense accounts. Additional testing is necessary only whencontrol weaknesses exist.The entity incurs a number of liabilities including payroll taxes withheld (federal and

state income, medical and life insurance premiums, pension, and other miscellaneousdeductions, accrued wages, bonuses, commissions etc.Audit objectives and procedures:

Cutoff – An examination of supporting documentation for the accruals providesevidence on the proper period for recording the expense or liability.

Existence and valuation – To verify the existence and valuation of an accruedpayroll liability, the auditor can trace the amounts included on the accountanalysis working paper to supporting documentation such as payroll tax reports.

Completeness – The auditor must be aware of the normal payroll-related taxesthat are paid by the entity and therefore should be able to determine if accrualshave been made for payroll taxes such as Social Security taxes andunemployment insurance.

TUTORIAL QUESTIONS(1) Problem 12-25 ; (2) Problem 12-26