Chapter 1
Assurance Engagements:
Level of Assurance:
- Reasonable
- Moderate
- No assurance
Audit Opinions:
- Unmodified
- Modified
Modifications:
- Qualified
- Adverse
User
- Disclaimer of opinion
Accountable
Practitioner
Party
TERM DEFINITION
Applicable financial The financial framework chosen by management to prepare a CO’s F/S. E.g.
reporting framework IFRS, ASPE
Audit evidence Information used by the auditor to support the audit opinion.
Audit file The file where the evidence and documentation of the work performed are
kept as a permanent record to support the opinion issued.
Audit risk The risk that the auditor may express an inappropriate opinion. This means the
auditor may indicate that F/S are not materially misstated when in fact they are
Financial statements A structured representation of historical financial info, including related notes.
Independent The auditor's formal expression of opinion on whether the financial statements
auditor's report are in accordance with the applicable financial reporting framework.
Internal control Processes implemented & maintained by mgmt to help entity achieve objective
Material An amount or disclosure that is significant enough to affe t the use ’s de isio .
Materiality The maximum amount of misstatement or omission the auditor can tolerate
and still issue an unmodified or lea audit opinion.
Sufficient and The quantity (sufficiency) and quality (appropriateness) of the evidence
appropriate evidence collected by the auditor.
Unmodified opinion The auditor's opinion concluding that the financial statements are fairly
(unqualified opinion) presented.
Working papers Paper or electronic documentation of the audit created by the audit team as
evidence of the work completed.
- [CAS 200] – The objective of a F/S audit is for the auditor to express an OPINION
- that the F/S comply with relevant FINANCIAL REPORTING FRAMEWORK (Canadian GAAP)
- obtained REASONABLE ASSURANCE, conduct audit in efficient and effective manner
- Reduce AUDIT RISK to acceptably low level
- about whether the F/S are RELIABLE, free from any MATERIAL MISSTATEMENTS (error/fraud)
- EVIDENCE obtained in audit is SUFFICIENT AND APPROPRIATE
- Gives a fair presentation of the business' FINANCIAL POSITION and PERFORMANCE
- Not guaranteeing the success, not expressing opinion on effectiveness of internal controls
Compliance audits
- Compliance audits – involves gathering evidence to ascertain whether the person or entity
under review has followed the applicable rules, policies, procedures, laws, and regulations.
o E.g. tax audit – filed tax return in accordance with ITA
Operational audits
- Operational audit – o e ed ith e o o , effi ie , effe ti e ess of o pa ’s a ti ities
o Economy – cost of inputs (wages, materials)
o Efficiency – relationship between inputs and outputs
o Effectiveness – achievement of goals or production of certain level of outputs
Comprehensive audits
- Comprehensive audit – may encompass elements of F/S audit, compliance audit, operation
audit; auditor may report whether entity has met efficiency targets
Internal audits
- Internal audit – concerned with evaluating and improving risk management, internal control
procedures, and elements of the governance process.
- Often conducts operational audits, compliance audits, internal control assessments, reviews
Moderate assurance - Perform procedures and gather evidence to express NEGATIVE ASSURANCE
- NO opinion; Information is plausible, nothing makes them believe otherwise
Types of engagements
CHARACTERISTIC AUDIT REVIEW COMPILATION
To reduce the assurance To reduce the assurance To compile a set of
engagement risk to an engagement risk to an financial statements
Objective acceptably low level so that a acceptable level to allow based on information
positive opinion can be the practitioner to express provided. No
provided. Reasonable a negative form of assurance provided.
assurance means a high (not expression in that nothing
absolute) level of assurance has come to their attention
Financial reporting Must be in accordance Canadian GAAP or other. GAAP not required.
framework with Canadian GAAP or other.
Most time consuming, May take less time, less Least amount of
Cost and time
highest cost o k e ui ed; lo e cost work, lowest cost
Nature of the matter giving rise Auditor’s judg e t: pervasiveness of the (possible) effects on F/S
to the modification
Material but not pervasive Material and Pervasive
Qualified opinion - e ept fo the effects of a matter that is explained in the audit report, the F/S can
be relied upon by the reader; MATERIAL, NOT pervasive
- used when the matter of concern can be identified, quantified, and explained in report
Pervasive – refers to misstatements that are not confined to individual accounts or elements of F/S
- or, if confined, the misstatements affect an extensive portion of the F/S
- or there are missing disclosures that are vital to a user's understanding of the F/S
Adverse opinion – evidence that misstatements (aggregate/individually) are MATERIAL and PERVASIVE
Disclaimer of opinion – unable to obtain sufficient appropriate evidence, possible effects on F/S could
be material and pervasive
Preparer responsibility
- Relevant: Impact on decisions made by users regarding performance
- Reliable: Free from material misstatements (error or fraud)
- Comparable: Consistently across time – trends; across entities – benchmark performance
against similar organizations
- Understandable: Impartially inform users
- Fairly presented: Consistent and faithful application of the accounting standards/framework
Auditor responsibility
Professional skepticism: Questioning, thoroughly investigates all evidence presented by the client
- Auditor: must seek independent evidence to corroborate information
o must be suspicious when evidence contradicts documents/enquiries by the client
Professional judgement: Level of expertise, knowledge, and training that an auditor uses
- Auditor: determine the reliability of an info source, sufficiency and appropriateness of evidence
o testing procedures used, an appropriate sample size
Due care: Being diligent, applying technical and statute-backed standards, and documenting each stage
Assurance Providers
- Non-assurance services: mgmt consulting, mergers & acquisitions, insolvency, tax, accounting
- Rules of Professional Conduct: some restrictions on non-audit services to audit clients
o Independence, transparency, objectivity
Legislation
- Company can be incorporated under federal or provincial jurisdiction
o Federal: follow Canada Business Corporations Act (CBCA) - Audited F/S, Canadian GAAP;
audits conducted w/ Canadian generally accepted auditing standards (CPA handbook)
Regulation
- 36 Canadian Auditing Standards (CASs) = GAAS
- Engmt comply w/ Canadian Standards for Assurance Engagements (CSAEs), comply w/ GAAS
The audit does not guarantee the future viability The auditor is guaranteeing the future viability
An unqualified opinion indicates that the auditor An unqualified (clean) audit opinion is an indicator
believes that there are no material (significant) of complete accuracy.
The auditor will assess the risk of fraud and The auditor will definitely find any fraud.
conduct tests to try to uncover any fraud, but
there is no guarantee that they will find fraud
The auditor tests a sample of transactions. The auditor has checked all transactions.
10
Professional competence– maintain knowledge and skill at level required; Continuing education, work
experience
Due care – Act diligently, complete task thoroughly, documents all work, finish on timely basis
Confidentiality – refrain from disclosing info learned from employment to people outside of workplace
- Exception: client allowed disclosure or legal requirement to disclose
Professional behavior – comply with rules, ensure reputation of profession, should not claim to provide
services, qualifications, experience, that is not true
Threats to independence
Self-interest – financial interest
- O i g shares i lie t’s usi ess
- Loan to or from client outside of normal lending terms
- Fee dependence – significant portion of total fees earned
Reporting issuer – a public company with market capitalization and book value of total assets > $10 m
- Where an engagement team member accepts employment in a financial reporting role with a
client, the firm must refrain from being the auditor of that client for min. 1 year from filing date
Safeguards to independence
- Client: establish audit committee, policies ensure F/S fairly presented, auditor has assess to docs
- Accounting firm: Continuing education, procedures for client acceptance/continuance, peer
review, partner rotation
Tort of negligence: auditor failed to take reasonable care in the performance of the audit.
- Work was below the standard that may be reasonably expected
- Injured party must prove that the auditor's carelessness, unintentional behaviour caused harm
- Lord Justice Linley noted that an auditor however is not bound to do more than exercise
reasonable care and skill in making inquiries and investigations. He is not an insurer; he does not
guarantee that the books do correctly show the true position of the company’s affairs. What is
reasonable care and skill must depend upon the circumstances of that case.
- Result: Auditor has a duty to report to S/H, not the directors
o Explanation of the extent to which an auditor could be held liable for the lie t’s a tio s
- Lord Justice Lopes noted that it is the duty of an auditor to bring to bear on the work he has to
perform that skill, care and caution, which a reasonably competent, careful and cautious auditor
would use. What is reasonable skill, care and caution must depend on the particular
circumstances of each case. An auditor is not bound to be a detective or, as was said, to
approach his work with suspicion or with a foregone conclusion that there is something wrong.
He is a watchdog, but not a bloodhound.
- Result: auditor is not to assume that the client's accounts are materially misstated.
- Standards of reasonable care & skill had changed considerably since Kingston Cotton Mill case
- Justice Moffit pronounced the following:
o Auditors have a duty to use reasonable care and skill.
o Auditors have a duty to check and see for themselves rather than rely on client
management and staff.
o Auditors must closely supervise and review the work of junior staff.
o Auditors must properly document procedures used.
o Auditors have a duty to warn and inform the appropriate level of management.
o Auditors have a duty to take further action where suspicion is aroused that a
misstatement may have occurred.
o Auditors should be guided by professional standards.
Negligence – any behaviour that is careless or unintentional and breaches the duty of care.
- Client or S/H need to prove that the auditor had not complied with auditing standards
or ethical guidelines.
- Then need to establish that they suffered a loss as a result of that negligence.
- To ascertain a causal relationship between the negligent act and the loss suffered,
reasonable foreseeability must be proven
o Auditor aware that any negligence on their part could cause a loss to the client or its S/H
- The audit firm is not negligent to issue the audit report if the audit evidence shows that the
opinion issued is supported.
Contributory negligence
- Plaintiff (the party suing) and the defendant (the auditor) can be proven to have been
negligent, each party must be held accountable in proportion to their guilt.
- E.g. management is responsible for internal controls, but does not repair deficient control.
Auditor knows and reports it to management, but fails to report it to the directors
o Management + auditor are negligent to have contributed to the loss of the plaintiff
- The Ultramares doctrine: establishes that auditors are not liable for ordinary negligence to
parties that they do not have a privity (contractual) relationship with
- Judge Cardozzo ruled that an auditor cannot have liability in an indeterminate amount for an
indeterminate time to an indeterminate class.
Hedley Byrne & Co v. Heller and Partners Ltd. (1964) A.C. 465
- Auditor knew F/S were being provided to an outside investor, duty of care (investor relied on
F/S), company went bankrupt (investor incurred loss) – TO WHAT EXTENT?
- Result: auditors did not know the name of investor, but knew F/S were being passed on to
unidentified members of a limited class for use in a transaction
- Potential S/H relied on the audited F/S, made a share investment, claim F/S negligently prepared
- Result: dismissed claim; the audited F/S were prepared to evaluate management stewardship,
not for individuals making investment decisions.
o Plaintiffs did ’t rely on F/S for purpose for which they were prepared, no duty of care
In summary, to establish that an auditor owes a duty of care to a third party, the third party must
demonstrate that a duty of care existed, the duty of care was breached, the audit report was relied
upon, and there were quantifiable damages.
The third party must also establish that the auditor was aware that the third party was going to use the
F/S and that they relied on the F/S for the purpose for which they were prepared.
Avoidance of litigation
- Hiring competent staff
- Training staff and updating their knowledge regularly
- Ensuring compliance with ethical regulations, with auditing regulations
- Implementing policies and procedures that ensure:
o appropriate procedures are followed when accepting a new client
o appropriate staff are allocated to clients
o ethical and independence issues are identified and dealt with on a timely basis
o all work is fully documented
o adequate and appropriate evidence is gathered before forming an opinion
Information relevant to the client acceptance or continuance decision can be found through:
- communication with previous auditor (client acceptance decision) before communicating any
client details to prospective auditor (if permission refused, auditor should consider declining)
- communication with client personnel
- communication with third parties such as client bankers and lawyers
- an Internet or background search
- a review of news articles about the client
- a review of prior-period financial statements
Planning an audit
- CAS 300: an auditor plan their audit to reduce audit risk to an acceptably low level
- Audit Risk: risk that auditor issues an unmodified opinion when F/S are materially misstated.
- Efficiency: amount of time spent gathering audit evidence
- Effectiveness: minimization of audit risk
- Involves:
o Understand entity, environment
o Identify factors that may impact risk of material misstatement
o Performing an audit risk and materiality assessment, significant risks
Plan where to spend more time where risks greatest
o Determine audit strategy – Nature and timing of procedures performed
Sets the scope, timing, directions of audit and provides the basis for developing
a detailed audit plan
o Adequacy of closing procedures and associated risks
Performing/executing an audit
- Execution stage: Detailed testing of controls & substantive testing of transactions and accounts
Entity Level
Interview client personnel: what client does? how it functions? ownership structure? financing sources?
Major customers: good reputation, good terms with client, pay client on timely basis
- Dissatisfied customers – may withhold payment, affects ADA, CF, discontinue, going concern
- Few customers more risk
- Consider terms of L/T contracts
- Effectiveness of any risk management policies it uses to limit exposure to currency fluctuations
(hedging policies)
Discounts given to CU
Understanding operations
Sources of financing
Ownership structure
- Amount of debt funding relative to equity, different forms of shares, differing rights of S/H
- The client's dividend policy and its ability to meet dividend payments out of operating cash flow
Industry level
Level of competition in that industry
- provided to industries that are in line with government policy (e.g. manufacture water tanks,
solar heating, reduced-flow taps – environmental policies)
- International competition? New industry and needs time to establish?
Level of demand for the products/services in that industry, the factors that affect demand
Economy Level
Economic upturn – Expect profits, risk overstate revenues, understate expense
Auditor: concerned w/ client's susceptibility to the changes & ability to withstand economic pressures
Related party: parent companies, subsidiaries, joint ventures, associates, company management, and
close family members of key management
- Not independent
- Increase susceptibility of material misstatement, impact F/S results
Required disclosure:
- purchase and sales transactions between companies under common control or when one party
has significant influence over another
- rent paid from one related party to another
- loans made to shareholders or senior management
- loan guarantees provided by a shareholder of the company
personal taxes, avoid breach of a bank covenant, shift income/expense to future periods, or con
ceal other financial statement manipulation or misappropriation of assets.
(b) Inquire of mgmt, key EEs, and any component auditors (at the request of audit team, performs
work on financial info related to a component for the audit group) about the existence of:
- Related parties not already identified and details of such transactions.
- Agreements or loan guarantees not reflected in the financial statements.
- Any payments (kickbacks), preferential terms, or side deals not disclosed.
(c) Review minutes of corporate meetings and other relevant documentation.
Fraud: intentional act to obtain an unjust or illegal advantage through use of deception (CAS 240, p11)
Detection: use of controls and procedures at uncovering fraud should one occur
Auditor: responsibility to assess risk of fraud and effecti e ess of lie t’s atte pt to p e e t/dete t
fraud through internal controls
- rapid growth
- poor cash flows combined with high earnings
- pressure to meet market expectations
- planning to list on a stock exchange
- planning to raise debt or renegotiate a loan
- about to enter into a significant new contract
- a significant proportion of remuneration tied to earnings (that is, bonuses, options)
1. The auditor should ask management and those charged with governance if they are aware of a
known fraud or suspect there has been a fraud. The results of enquiries should be documented.
2. All members of the audit team should attend a team planning meeting. Review significant fraud
risk factors and where the F/S may be particularly susceptible to fraud.
3. The auditor should perform preliminary analytics to identify any unusual relationships that
may indicate fraud and thus require further investigation
4. The auditor must consider the risk of management override. Mgmt can manipulate records or
override the controls designed to prevent such fraud. Auditor should test a sample of J/E,
review estimates for reasonableness, contemplate the risk of earnings management (particularly
revenue recognition), and examine unusual business txns to ensure that they have substance.
Find fraud?
- Bound by confidentiality, but should seek legal advice to determine if there is a requirement
to report the fraud to an outside 3rd party.
- The auditor may also consider withdrawing from the engagement.
- Must report the fraud to mgmt (level above fraud occurred), report fraud to audit committee
10
- Assets: valued that they will continue to be used for purposes of conducting a business
- Liabilities (current/non-current): will pay debts when fall due in years to come
- Management and those charged w/ governance: responsibility to assess going concern
- Auditor: obtain evidence to assess validity of going concern assumption
o If client does not make adjustments to recoverability, then express adverse opinion
11
Board Composition
- The independent directors should hold regularly scheduled meetings at which non-independent
directors and members of management are not in attendance.
Board Mandate
- Written mandate that acknowledges responsibility for the stewardship of the issuer for:
(a) satisfying itself as to the integrity of senior a age e t;
(b) adopting a strategic planning process that takes into account the opportunities and risks
(c) risk identification, risk mitigation
(d) ensuring succession planning;
(e) adopting a communication poli y;
(f) overseeing the internal control and management information systems; and
(g) developing the issuer's approach to corporate governance, including outlining a set of corporate
governance principles and guidelines to be followed.
Position Descriptions
- Board should develop job descriptions for Chair of board and Chair of each board committee.
- The board should ensure all new directors receive a comprehensive orientation so they fully
understand their role and the nature and operation of the business.
- The board should provide continuing education opportunities for all directors.
12
- to address conflicts of interest, protection and proper use of corporate assets, confidentiality of
corporate information, fair dealing with investors, customers, suppliers, competitors and EE;
compliance with la s, ules a d egulatio s; and reporting of any illegal or unethical behaviour.
- The board should monitor compliance with this code.
13
IT Risks: unauthorized access to computers, software, data; errors in p og a s; la k of a kup; lost data
- General Controls: Policies and procedures that relate to many applications and support the
effective functioning of application controls (CAS 315).
o Procedures for purchasing, changing, and maintaining new computers/software
o Use of passwords and other security measures to minimize unauthorized a ess;
o Procedures to ensure appropriate segregation of duties (e.g. amend/maintain program
v. staff who use it)
- Application controls: manual or automated procedures that typically operate at a business
process level and apply to the processing of transactions by individual applications (CAS 315).
o Ensuring all txns are recorded once, rejected transactions are identified & corrected
o Impact procedures used for data entry, data processing and output, or reporting.
o Include reconciliations between input & output data, automated checks on data
entered to ensure accuracy
14
Auditor: concerned transactions and events recorded in correct accounting period, closing procedures
o e tly applied, F/S a u ately efle t esults of lie t’s losi g p o edu es
Inquiry
15
Top management
compensation
Managers: increase
Overaccrual next reduce profit,
accruals (closing increase profit to
year, boost profit, deferring profit and
entries), reduce increase bonus
receive bonus, "shift" bonus to next year
current year profit
16