-
before acceptance of a client, firm should consider
- firms ability to audit
- independence
- integrity of client mngt
- auditability of client (possible scope limitation?)
-
disagreements with assistants
- consult with partner...if disagreement persists
- assistant can disassociate, must document
-
gain knowledge of client industry
- *AICPA account and audit guide*
- trade publications
- government publications
- AICPA accting trends and techniques
-
gain knowledge of client business
- tour facilities
- review financial history
- understand client accounting
- inquire of client personnel
-
materiality
- affect judgement of reasonable person
- professional judgement
- smallest level of misstatement
- can be revised as audit progresses
-
3 audit procedure categories
- Risk assessment procedures
- further audit procedures
- substantive procedures
-
assertions made by management
- Completeness
- cut-Off
- Valuation, allocation, accuracy
- Existence and occurrence
- Rights and obligations
- Understandability and classification
-
items of a financial statement
- Transactions and events
- Account balances
- Presentation and disclosure
-
Relevent assertions for transactions and events
- Completeness
- cut-Off
- Valuation, allocation and accuracy
- Existence and occurrence
- Understandability and classification
-
Relevant assertions for account balances
- Completeness
- Valuation, allocation and accuracy
- Existence and occurrence
- Rights and allocations
-
Relevent assertions for presentation and disclosure
- Completeness
- Valuation, allocation and accuracy
- Rights and obligations
- Understandability and classification
-
audit risk
- risk that auditor will give wrong opinion
- AR=RMMxDR
-
risk of material misstatement (RMM)
- RMM=IRxCR
- auditor cannot change risk, but can assess
- IR=risk that client's system has error, susceptibility to misstatement assuming no controls
- CR=clients IC will not catch misstatement
-
Detection risk (DR)
- risk that auditor will miss errors
- revise NET to adjust DR up or down
-
relationship between audit risk and materiality
- inversly related
- risk of big misstatement is low
- risk of small misstatement is high
- more material=less likely to be missed
- decrease materiality=increase audit risk
-
reasonable assurance
- not absolute
- sufficient appropriate evidence limits audit risk to low level
-
auditors responsibility concerning fraud
- plan and perform (Design) audit to provide reasonable assurance that f/s are free from matertial misstatement from error or fraud
- ongoing fraud risk assessment
-
analytical procedures
- during planning and final review
- identify and investigate unusual or unexpected relationships
-
EVERY audit presumes 2 risks
- improper revenue recognition
- management override of controls
-
3 fraud risk factors
- Pressure
- Opportunity
- Rationalization
-
2 factors increasing risk of manipulation
- high degree of management judgement
- very complex accounting principles
-
3 levels of response to fraud risk assessment
- 1. overall, general response=adequate supervision, personnel assignment
- 2. specific audit procedures=adjust NET
- 3. address risk of management override=examine journal entries, review estimates
-
conditions that might indicate fraud
- discrepancies in accounting records
- conflicting or missing evidential matter
- problems between mngt and auditors
-
Communication of fraud
- any indication of fraud (even immaterial) brought to mngt attention
- fraud causing material misstatements or done by senior management brought to those charged with governance
-
2nd fieldwork standard of GAAS
- Internal control
- understand entity, environment and i/c
- assess risk of material misstatement
-
assessing risk of material misstatement
- I/C, entity and environment understanding
- Material misstatement-assess the risk
- Assessed level of risk-response
- Controls testing
- Perform substantive procedures
- Appropriateness and sufficiency of audit evidence-evaluate
-
Risk assessment procedures
- Inquiries
- Analytical procedures
- Observation and inspection
- Discussion with audit team
-
analytical procedures
- evaluate financial info
- study relationships and ratios of financial and non fin. data
- required during planning and final review
- optional to obtain audit evidence
-
internal control
- process designed to provide reasonable assurance about the achievement of the entity's objectives
- objectives include-reliability of financial reporting, efficiency and effectiveness of operations, compliance
-
COSO's 5 components of internal control
- Control environment-tone at the top
- Risk assessment-mngt's identification of risk
- Info and communication
- Monitoring
- Existing control activities=policies and procedures
-
Control environment factors
- Philosophy and operating style of mngt-risk, attitudes
- HR
- Reporting competency
- Assignment of authority, responsibility, accountability
- Structure of the organization
- Ethical values and integrity
- Director/those charged with governance
- Commitment to competency
-
Strong existing control activities
- Prenumbered documents
- Authorization of transactions
- Independent checks
- Documentation
- Timely and appropriate performance reviews
- Info processing controls
- Physical controls to safeguard assets
- Segregation of duties
-
Segregate of duties separates
- Authorization
- Record keeping
- Custody
-
specific IT controls
- General controls=policies and procedures related to many applications. ex. passwords
- Application controls=individual transactions. ex. accuracy checks
-
Service orgs effects on users i/c
- services part of users info system
- service orgs controls are part of users info sys
-
2 types of service auditor reports
- Type 1=report on design and implementation of service orgs controls. no basis to reduce assessed level of control risk
- Type 2=report on design, implementation and operating effectiveness of service orgs control. gives basis to reduce assessed level of control risk
-
significant risk
- require special audit consideration
- use professional judgement
- exists when inherent risk is exceptionally high
-
substantive approach to the audit
- only substantive procedures are performed
- no relevent controls
- controls are assessed as ineffective
- inefficient to test operating effectiveness of controls
-
combined approach to audit
- substantive procedures and tests of operating effectiveness of controls
- more reliance on controls=less substantive testing required
-
when tests of controls are required
- risk assessment is based on assumption that controls are operating effectively
- substantive procedures are insufficient-extensive use of IT
-
control testing evidence from PY
- can be used if controls haven't changed
- if changed controls must be retested
- if not changed, controls must be tested once every third year
-
control testing evidence includes
- Were controls applied at relevent times
- how were controls applied
- consistency of application
- who applied controls
-
performing substantive tests
- dollar balances
- analytical procedures
- ratios/comparisons
- used to detect material misstatements at relevant assertion levels
- required for each material transaction class, account balance and presentation or disclosure
-
2 types of substantive testing
- tests of details-existence and valuation of acct balances. ineffective controls, no controls tested
- substantive analytical procedures-lots of predictable transactions. effectively operating controls
-
substantive test evidence from PY
- usuallly can't be used in CY
- not like control test evidence
|
|
