chapter 1 an introduction to auditing auditing and assurance services: understanding the integrated...
TRANSCRIPT
Chapter 1
An Introduction to Auditing
Auditing and Assurance Services: Understanding the Integrated Audit
First EditionKaren L. Hooks
Prepared by Richard J. Campbell
Copyright 2011, Wiley and Sons
Chapter 2
Overview of an Integrated Audit
Learning Objectives
1. Understand the legal and regulatory requirements for integrated audits.
2. Identify the basic requirements for an audit to be possible.
3. Recognize the basic stages of the audit
4. Explain the meaning of fundamental terms related to auditing.
5. Describe the activities that comprise the general stages of an integrated audit.
6. Learn the basic differences between the audit of a public and nonpublic company.
7. Explain the generally accepted auditing standards.
Review of Important Abbreviations
GAAP PCAOB – AS AICPA – SAS IAASB – ISA COSO – IC Framework IFRS ICFR SEC - SAB
Review: Integrated Audits
Integrated audit: examines both a company’s financial statements and internal control over financial reporting
Financial statement audit: examines just the company’s financial statements
PCAOB: has jurisdiction over audits of public companies and firms that perform those audits
Preliminary Requirements for an Audit
Standards must exist to provide the benchmarks against which the auditor compares information GAAP or IFRS inform the auditor how financial
statements should be prepared COSO IC Framework is a guide for how ICFR should
be structured and function Auditing standards must exist so auditor knows how
to perform an audit (AS, SAS, ISA) Entity must have records sufficient for audit
evidence Auditor must have reasonable confidence in
management’s integrity
Overview of An Integrated Audit
Exhibit 2-1
Existence or OccurrenceCompletenessRights and ObligationsValuation or allocationPresentation and disclosureAn additional “assertion” that is the topic
of management’s ICFR report is that ICFR is effective
Five Management Assertions
AICPA Management Assertions
Classes of transactions and events for the period under audit occurrence, completeness, accuracy, cutoff,
classification Assertions about account balances at the
period end existence, rights and obligations,
completeness, valuation and allocation Assertions about presentations and disclosure
occurrence, rights and obligations, completeness, classification and understandability, accuracy and valuation
Fair Financial Statements
The collective result of management’s assertions in presenting financial statements is that the financial statements are “fair”
Fair means “not materially misstated” Effective ICFR allows the company to
produce financial statements that are not materially misstated Design effectiveness Operating effectiveness
Definition of ICFR
Internal control over financial reporting is a process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP and includes those policies and procedures that:
Definition of ICFR (continued)
Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company;
Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and
Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.
Note: The auditor's procedures as part of either the audit of internal control over financial reporting or the audit of the financial statements are not part of a company's internal control over financial reporting. (AS5.A5)
Fundamental Concepts Audit evidence – can be anything the
auditor uses as information Sufficient Appropriate
Reliable and Relevant
Audit procedures – used to collect evidence Control tests Substantive tests
Tests of details of balances Substantive analytical procedures
Dual purpose tests
Characteristics affecting Evidence
Source of the evidence Direct personal knowledge of the
auditor Quality of internal control under
which the evidence was produced Original documents vs. copies and
faxes Documents vs. oral evidence
Risk Concepts
The term “risk” is used in many different ways in auditing standards and literature Audit risk
Detection risk Client’s business risk Auditor’s business risk Fraud risk
Risk is Related to Materiality
Materiality definedReasonable personPrudent officialMaterially misstated financial statements
Material weakness defined
Audit Terms that Relate to Each Other Professional judgment
Professional skepticism Due professional care Economic limits Reasonable assurance vs. Absolute
assurance Persuasive vs. convincing evidence Sampling
Negligence Auditor opinion – not an absolute
More Audit Concepts
The auditor identifies management assertions that are relevant to each material account balance and class of transactions:
Based upon expected risk, the auditor uses professional judgment and decides on audit procedures
The auditor collects evidence by performing audit procedures
The auditor may use sampling Absolute assurance is not feasible, but
reasonable assurance is a high level of assurance
Phases of an Audit Client Acceptance or Continuance
Preliminary engagement procedures are a part of this process
Audit Planning and Risk Assessment Tests of ICFR Operating Effectiveness Substantive Procedures on Accounts
and Disclosures Wrap-Up, Completion, and Reporting
Client Acceptance or Continuance
Exhibit 2-3 Do we want this client? Can we effectively perform this audit? Research the client Do we still want the audit? Present proposal Did we win the engagement? Complete preliminary engagement
procedures
Preliminary Engagement Procedures
Exhibit 2-4 Auditor proposal and client acceptance, or
client continuance decision Confirm and communicate on auditor
independence For new clients this step comes at the
beginning, in writing For continuing clients this step happens yearly
Establish understanding on terms of the engagement
Audit Planning and Risk Assessment
Exhibit 2-5Preliminary audit strategyObtain an understandingAssess riskAudit planning
Preliminary audit strategy
Review client’s entity-level controls
Perform analytical proceduresDecide on staffing and timingAssess potential misstatements
Develop early plan
Understanding the Client
Auditor needs to understand Client’s business Client’s activities Transactions Financial statement accounts Information system Entity level controls
Understanding the Client
Sources of information the help auditor to obtain an understanding Client acceptance process Performing reviews of interim
financial statements before client files them with SEC
Client’s own ICFR documentation Process of assessing design
effectiveness of ICFR
Assess Risk
Auditor considers Fraud risk; includes asking management about fraud
risk Risk of material misstatement in financial statements ICFR related risk – that a material weakness exists in
ICFR Risks in the audit risk model
Overall audit risk Inherent risk and control risk – togther they are the
risk of material misstatement Auditor makes a judgment and sets planning materiality
threshold
Audit Planning
Plan Nature, Timing, Extent
Decide on Controls to test Accounts to test Sampling plan Procedures
Produce audit plan
Side-by-Side Audit Efficiency Exhibit 2-1 shows overview of an integrated
audit Tests of ICFR operating effectiveness and
Substantive procedures on accounts and disclosures are show side-by-side
When conducting an integrated audit, to the extent possible, the auditor collects and evaluates evidence useful to both financial statement and ICFR audits
This approach can be used whether the ICFR evidence is used to issue an opinion on ICFR or as input for the financial statement audit
Tests of ICFR Operating Effectiveness
Exhibit 2-6 This phase is side-by-side with
Substantive Procedures Tests of controls and dual purpose tests Evaluate results and document Consider other information Form tentative conclusion on ICFR
operating effectiveness
Tests of ICFR Operating Effectiveness Tests of controls Dual purpose tests If problems with ICFR are found in testing,
the auditor does more work and may need to revise the audit plan; can impact substantive procedures on financial statement audit
Other information considered includes knowledge gained from review engagements and management communications
Substantive Procedures
Exhibit 2-7 This phase is side-by-side with Tests of ICFR
Operating Effectiveness Dual purpose tests, tests of details of
balances and substantive analytical procedures
Evaluate results and document Consider other information Form tentative conclusions on fairness of
financial statements
Substantive Procedures
Tests of details of balancesSubstantive analytical procedures If problems with account balances are found in testing, the auditor does more work and may need to revise the audit plan; can impact ICFR procedures
Wrap-Up, Completion and Reporting
Exhibit 2-8Perform final audit stepsDecide on appropriate audit report
Communicate with audit committee and management
Issue audit report on ICFR and financial statements
Wrap-Up Steps
Reviews Communication with the client’s
attorneys Obtain written representations
from management Communication with the
company’s audit committee
Nonpublic Company AuditsExhibit 2-9
Nonpublic Company Audit Steps
A nonpublic company’s audit is based on AICPA or IAASB standards and addresses only the financial statements; no ICFR opinion is issued
The auditor must consider significant risks but does not always test the operating effectiveness of ICFR
Both public and nonpublic company audits require professional judgment on planning, risk, fraud assessment and evidence
Language in the Audit Standards Unconditional Responsibility
Must Shall Is required
Presumptively Mandatory Responsibility Should
Responsibility to Consider May Might Could Should consider means presumptive responsibility
to consider, but not to carry out the act
GAAS -10 Auditing Standards
Historically, the 10 GAAS were the underlying principles for auditing standards
3 categories: general, field work, reporting Currently in the process of changing with the
alignment of U.S. and international audit standards
For ICFR audits, the PCAOB states that AS 5 presents the field work standards
For integrated audits, AS 5 presents the reporting standards
Auditing Standards - General General Standards
1. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor
2. In all matters relating to the assignment, an independence in mental attitude is to be maintained by the auditors
3. Due professional care is to be exercised in the performance of the audit and the preparation of the report
Auditing Standards – Field Work
Standards of field work 1. The work is to be adequately planned, and
assistants, if any, are to be properly supervised 2. A sufficient understanding of internal control is
to be obtained to determine the nature, timing, and extent of tests to be performed.
3. Sufficient appropriate evidential matter is to be obtained through observation, inquires and confirmations to afford a reasonable basis for an opinion regarding the financial statements
Auditing Standards– ReportingStandards of Reporting
1. The report shall state whether the financial statements are presented in accordance with GAAP.2. The report shall identify those circumstances in which those principles have not been consistently observed.3. Informative disclosures in the financial statements are to be regarded as reasonably accurate.4. The report should contain an expression of an opinion, or an assertion to the effect that an opinion can not be expressed.
Appendix A: AICPA Generally Accepted Auditing Standards
The AICPA has modified the language in the 10 GAAS, but the substance is the same as the earlier version still used by the PCAOB that is shown in the body of the chapter.
Copyright
“Copyright © 2011 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the
information contained herein.”