Chapter 1

An Introduction to Auditing

Auditing and Assurance Services: Understanding the Integrated Audit

First EditionKaren L. Hooks

Prepared by Richard J. Campbell

Copyright 2011, Wiley and Sons

Chapter 2

Overview of an Integrated Audit

Learning Objectives

1. Understand the legal and regulatory requirements for integrated audits.

2. Identify the basic requirements for an audit to be possible.

3. Recognize the basic stages of the audit

4. Explain the meaning of fundamental terms related to auditing.

5. Describe the activities that comprise the general stages of an integrated audit.

6. Learn the basic differences between the audit of a public and nonpublic company.

7. Explain the generally accepted auditing standards.

Review of Important Abbreviations

GAAP PCAOB – AS AICPA – SAS IAASB – ISA COSO – IC Framework IFRS ICFR SEC - SAB

Review: Integrated Audits

Integrated audit: examines both a company’s financial statements and internal control over financial reporting

Financial statement audit: examines just the company’s financial statements

PCAOB: has jurisdiction over audits of public companies and firms that perform those audits

Preliminary Requirements for an Audit

Standards must exist to provide the benchmarks against which the auditor compares information GAAP or IFRS inform the auditor how financial

statements should be prepared COSO IC Framework is a guide for how ICFR should

be structured and function Auditing standards must exist so auditor knows how

to perform an audit (AS, SAS, ISA) Entity must have records sufficient for audit

evidence Auditor must have reasonable confidence in

management’s integrity

Overview of An Integrated Audit

Exhibit 2-1

Existence or OccurrenceCompletenessRights and ObligationsValuation or allocationPresentation and disclosureAn additional “assertion” that is the topic

of management’s ICFR report is that ICFR is effective

Five Management Assertions

AICPA Management Assertions

Classes of transactions and events for the period under audit occurrence, completeness, accuracy, cutoff,

classification Assertions about account balances at the

period end existence, rights and obligations,

completeness, valuation and allocation Assertions about presentations and disclosure

occurrence, rights and obligations, completeness, classification and understandability, accuracy and valuation

Fair Financial Statements

The collective result of management’s assertions in presenting financial statements is that the financial statements are “fair”

Fair means “not materially misstated” Effective ICFR allows the company to

produce financial statements that are not materially misstated Design effectiveness Operating effectiveness

Definition of ICFR

Internal control over financial reporting is a process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP and includes those policies and procedures that:

Definition of ICFR (continued)

Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company;

Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and

Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.

Note: The auditor's procedures as part of either the audit of internal control over financial reporting or the audit of the financial statements are not part of a company's internal control over financial reporting. (AS5.A5)

Fundamental Concepts Audit evidence – can be anything the

auditor uses as information Sufficient Appropriate

Reliable and Relevant

Audit procedures – used to collect evidence Control tests Substantive tests

Tests of details of balances Substantive analytical procedures

Dual purpose tests

Characteristics affecting Evidence

Source of the evidence Direct personal knowledge of the

auditor Quality of internal control under

which the evidence was produced Original documents vs. copies and

faxes Documents vs. oral evidence

Risk Concepts

The term “risk” is used in many different ways in auditing standards and literature Audit risk

Detection risk Client’s business risk Auditor’s business risk Fraud risk

Risk is Related to Materiality

Materiality definedReasonable personPrudent officialMaterially misstated financial statements

Material weakness defined

Audit Terms that Relate to Each Other Professional judgment

Professional skepticism Due professional care Economic limits Reasonable assurance vs. Absolute

assurance Persuasive vs. convincing evidence Sampling

Negligence Auditor opinion – not an absolute

More Audit Concepts

The auditor identifies management assertions that are relevant to each material account balance and class of transactions:

Based upon expected risk, the auditor uses professional judgment and decides on audit procedures

The auditor collects evidence by performing audit procedures

The auditor may use sampling Absolute assurance is not feasible, but

reasonable assurance is a high level of assurance

Phases of an Audit Client Acceptance or Continuance

Preliminary engagement procedures are a part of this process

Audit Planning and Risk Assessment Tests of ICFR Operating Effectiveness Substantive Procedures on Accounts

and Disclosures Wrap-Up, Completion, and Reporting

Client Acceptance or Continuance

Exhibit 2-3 Do we want this client? Can we effectively perform this audit? Research the client Do we still want the audit? Present proposal Did we win the engagement? Complete preliminary engagement

procedures

Preliminary Engagement Procedures

Exhibit 2-4 Auditor proposal and client acceptance, or

client continuance decision Confirm and communicate on auditor

independence For new clients this step comes at the

beginning, in writing For continuing clients this step happens yearly

Establish understanding on terms of the engagement

Audit Planning and Risk Assessment

Exhibit 2-5Preliminary audit strategyObtain an understandingAssess riskAudit planning

Preliminary audit strategy

Review client’s entity-level controls

Perform analytical proceduresDecide on staffing and timingAssess potential misstatements

Develop early plan

Understanding the Client

Auditor needs to understand Client’s business Client’s activities Transactions Financial statement accounts Information system Entity level controls

Understanding the Client

Sources of information the help auditor to obtain an understanding Client acceptance process Performing reviews of interim

financial statements before client files them with SEC

Client’s own ICFR documentation Process of assessing design

effectiveness of ICFR

Assess Risk

Auditor considers Fraud risk; includes asking management about fraud

risk Risk of material misstatement in financial statements ICFR related risk – that a material weakness exists in

ICFR Risks in the audit risk model

Overall audit risk Inherent risk and control risk – togther they are the

risk of material misstatement Auditor makes a judgment and sets planning materiality

threshold

Audit Planning

Plan Nature, Timing, Extent

Decide on Controls to test Accounts to test Sampling plan Procedures

Produce audit plan

Side-by-Side Audit Efficiency Exhibit 2-1 shows overview of an integrated

audit Tests of ICFR operating effectiveness and

Substantive procedures on accounts and disclosures are show side-by-side

When conducting an integrated audit, to the extent possible, the auditor collects and evaluates evidence useful to both financial statement and ICFR audits

This approach can be used whether the ICFR evidence is used to issue an opinion on ICFR or as input for the financial statement audit

Tests of ICFR Operating Effectiveness

Exhibit 2-6 This phase is side-by-side with

Substantive Procedures Tests of controls and dual purpose tests Evaluate results and document Consider other information Form tentative conclusion on ICFR

operating effectiveness

Tests of ICFR Operating Effectiveness Tests of controls Dual purpose tests If problems with ICFR are found in testing,

the auditor does more work and may need to revise the audit plan; can impact substantive procedures on financial statement audit

Other information considered includes knowledge gained from review engagements and management communications

Substantive Procedures

Exhibit 2-7 This phase is side-by-side with Tests of ICFR

Operating Effectiveness Dual purpose tests, tests of details of

balances and substantive analytical procedures

Evaluate results and document Consider other information Form tentative conclusions on fairness of

financial statements

Substantive Procedures

Tests of details of balancesSubstantive analytical procedures If problems with account balances are found in testing, the auditor does more work and may need to revise the audit plan; can impact ICFR procedures

Wrap-Up, Completion and Reporting

Exhibit 2-8Perform final audit stepsDecide on appropriate audit report

Communicate with audit committee and management

Issue audit report on ICFR and financial statements

Wrap-Up Steps

Reviews Communication with the client’s

attorneys Obtain written representations

from management Communication with the

company’s audit committee

Nonpublic Company AuditsExhibit 2-9

Nonpublic Company Audit Steps

A nonpublic company’s audit is based on AICPA or IAASB standards and addresses only the financial statements; no ICFR opinion is issued

The auditor must consider significant risks but does not always test the operating effectiveness of ICFR

Both public and nonpublic company audits require professional judgment on planning, risk, fraud assessment and evidence

Language in the Audit Standards Unconditional Responsibility

Must Shall Is required

Presumptively Mandatory Responsibility Should

Responsibility to Consider May Might Could Should consider means presumptive responsibility

to consider, but not to carry out the act

GAAS -10 Auditing Standards

Historically, the 10 GAAS were the underlying principles for auditing standards

3 categories: general, field work, reporting Currently in the process of changing with the

alignment of U.S. and international audit standards

For ICFR audits, the PCAOB states that AS 5 presents the field work standards

For integrated audits, AS 5 presents the reporting standards

Auditing Standards - General General Standards

1. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor

2. In all matters relating to the assignment, an independence in mental attitude is to be maintained by the auditors

3. Due professional care is to be exercised in the performance of the audit and the preparation of the report

Auditing Standards – Field Work

Standards of field work 1. The work is to be adequately planned, and

assistants, if any, are to be properly supervised 2. A sufficient understanding of internal control is

to be obtained to determine the nature, timing, and extent of tests to be performed.

3. Sufficient appropriate evidential matter is to be obtained through observation, inquires and confirmations to afford a reasonable basis for an opinion regarding the financial statements

Auditing Standards– ReportingStandards of Reporting

1. The report shall state whether the financial statements are presented in accordance with GAAP.2. The report shall identify those circumstances in which those principles have not been consistently observed.3. Informative disclosures in the financial statements are to be regarded as reasonably accurate.4. The report should contain an expression of an opinion, or an assertion to the effect that an opinion can not be expressed.

Appendix A: AICPA Generally Accepted Auditing Standards

The AICPA has modified the language in the 10 GAAS, but the substance is the same as the earlier version still used by the PCAOB that is shown in the body of the chapter.

Copyright

“Copyright © 2011 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the

information contained herein.”