CPA Audit Notes PDF

AUD - Notes Chapter 1
http://www.cpa-cfa.org
Audited F/S – The Basics
Company’s mgmt responsible to prepare the F/S
Auditors responsible to express an opinion on the F/S and on mgmt’s assertion on internal controls (if public)
The primary assertion is whether the statements are “presented fairly” in accordance with GAAP
Professional Standards
Generally Accepted Accounting Standards – GAAS
Generally Accepted Government Auditing Standards – GAGAS
The Public Company Accounting Oversight Board – PCAOB
- Public accounting firms must register with PCAOB in order to audit public companies
- Registered firms are subject to board inspection, disciplinary proceedings, and sanctions
GAAS – TIP PIE ACDO

General standards – TIP
T – Training
I – Independence (in fact and appearance)
P – Professional Care
Standards of Field Work – PIE
P – Planning and supervision
I – Internal control, entity and environment
Strong controls imply the auditor will require less evidence
Weak controls imply the auditor will require more evidence (more work)
An exam trick; weak internal controls does not equal an adverse opinion
E – Evidence
Standards of Reporting – ACDO
A – Accounting = GAAP
Explicit; Opinion must state that the acctg used was GAAP
C – Consistency between periods
Implicit; Silence is okay cause its implied
D – Disclosure
Implicit; Silence is okay
O – Express Opinion
 Explicit; Opinion must state “In our opinion…”
 Meant to prevent misinterpretation of the degree of responsibility the auditor is assuming
when his/her name is associated with the F/S
 The auditor may express different opinions of different sections (B/S, I/S)
 The auditor may express an opinion on 1 section and not the others as long as information has
not been limited
Reports on Audited F/S

The Auditors Standard Report (Unqualified Opinion)
Title
Addressee
Introductory Paragraph – R;R
 Statement that the F/S as identified in the report were audited
 Statement that the F/S are the responsibility of mgmt and the auditors responsibility is to express an opinion
Scope Paragraph – APMEAM; APMEAM
 Statement that the audit was conducted in accordance with U.S. GAAS
1
 Statement that the audit was planned and performed to obtain reasonable assurance that the F/S are free
from material misstatement
 Statement that the audit included examining evidence on a test basis; assessing the accounting principles
used and significant estimates made by mgmt; and evaluating the overall presentation
 Statement that the audit provides a reasonable basis for an opinion
Opinion Paragraph
 Statement referring to the F/S specifically identified in the introductory paragraph
 An opinion as to the fair presentation of the F/S (ACDO)
 Statement regarding conformity with U.S. GAAP (ACDO)
Firm Name
Report Date
 The Report should be dated on or after the date on which appropriate audit evidence sufficient to support
the opinion has been obtained
Sample unqualified opinion – A1-14
GAAS in referenced to in the Scope paragraph

GAAP is referenced to in the Opinion paragraph
PCAOB Standards – for publicly traded companies

Audits of Issuers (public companies) – PCAOB auditing standard No. 1 requires the auditor’s report to include
=a reference to the standards of the PCAOB
Audits of nonissuers (private companies) – An auditor may, but is not required to, conduct the audit of a
nonissuer in accordance with both GAAS and PCAOD auditing standards
Unqualified opinion – clean; F/S presented fairly in all material respects, doesn’t mean good investment
Modified Unqualified opinion – additional explanatory language
Qualified opinion – states “except for”; material GAAP or GASS problem
Adverse opinions – very material GAAP problems
Disclaimer of opinion – significant GAAS problem
Chart on A1-17 memorize
Uncertainties – impairments, intangibles, lawsuits, warranties

Management’s responsibility
 Estimate the effect of future events on the F/S and record and present this estimate, or
 Determine that a reasonable estimate cannot be made and make the required disclosures to that effect
Remember under GAAP

Both probable and reasonably estimatable  record
Either probable or reasonably estimatable  disclose
If mgmt’s analysis is supported and properly reported or disclosed, the auditor issues and unqualified opinion
with no reference to the uncertainty in the report
Unqualified opinion: GAAP = ok; GAAS = ok
If the auditor is unable to obtain sufficient evidential matter involving an uncertainty and its presentation or
disclosure, the auditor should consider expressing a qualified (GAAS) opinion or to disclaim an opinion to
scope limitation.
Qualified or Disclaimer: GAAP = ?; GAAS = Problem
2
If the auditor concludes that the F/S are materially misstated due to a departure from GAAP related to
uncertainty, the auditor should express a qualified (GAAP) or adverse opinion. GAAP departures include
inadequate disclosures, use of inappropriate accounting principles, and use of unreasonable acctg estimates
Qualified of Adverse: GAAP = problem; GAAS = ok
Pass key chart on A1-19 memorize
Modified Unqualified opinion – still represents an unqualified opinion. The additional language (modified
wording or explanatory paragraph) used to highlight the certain circumstances
Modified wording
 Division of responsibility; auditors opinion is based in part on the report of another
Explanatory paragraph
 Justified departure from GAAP
 Going concern
 To emphasize a matter
 Lack of consistency
 Other;
- Required SEC regulation S-K quarterly financial data has been omitted or has not been reviewed
- Supplementary information required by GAAP has been omitted
- Other information (stuff in 10-K) is inconsistent with F/S
Division of Responsibility (reference in report) – The principal auditor decides to mention the work done by
other auditors, the report will express a division of responsibility. The principal auditor will mention this
division in all three paragraphs. The name of the other auditor is not mentioned unless the auditor gives express
permission and the report of the other auditor is presented. Make other CPA responsible by mentioning them in
the Intro, Scope, and Opinion paragraph.
Assumption of Responsibility (no reference to other CPA) – The principal auditor must assure on the other
auditors, reputation, independence, professional competency, program steps (RIPP). Visit the other auditor to
discuss audit procedures and review audit program, documentation, and evaluation of internal controls
performed by the other auditor
Justified departure from GAAP – The explanatory paragraph should contain a description of the departure, its
approximate effects (if possible) and the reasons why adherence to GAAP would make the F/S misleading
Going Concern – The auditor should perform the following procedures:

A – Analytical procedures
D – Debt compliance
M – Review board minutes
I – Inquiry of client’s legal counsel
T – Confirm third party arrangements/agreements
S – Subsequent events review
Conditions or events that may indicate substantial doubt:
F – Financial difficulties
I – Internal matters
N – Negative trends
E – External matters, legal proceedings, new legislation, loss or expiration of intellectual property
The auditor is not precluded from choosing to disclaim an opinion in cases involving uncertainties
The explanatory paragraph occurs after opinion paragraph

It includes the terms “substantial doubt” and “going concern”
3
Don’t limit it for a time period
If, in the auditor’s judgement, the entity’s disclosures are inadequate, a departure from GAAP exists. This may
result in either a qualified or adverse opinion
Emphasis of a matter – auditor may wish to emphasis a particular matter but still express an unqualified
opinion. Emphasis when a company is a RECC
 A related party transaction
 Significant subsequent events
 Entity is a component of a larger business
 Items that affect the comparability (except changes in accounting principles)
An explanatory paragraph is not required
Lack of consistency (justified changes) ACDO – if a change is GAAP has occurred between accounting periods
and the effect is material, the auditor should add an explanatory paragraph to the unqualified report. The
explanatory paragraph comes after the opinion paragraph
When selecting the type of opinion because of a lack of consistency, determine is the change is justified
GAAP: Acceptable/Justified = Modified Unqualified
Not GAAP: Unacceptable/Unjustified = Qualified or Adverse
Qualified “except for” Opinion and Adverse Opinion for very material GAAP problems
1. Non GAAP unjustified/unacceptable change – Issue is consistency (ACDO); an explanatory paragraph
should appear before the opinion paragraph to describe the non-GAAP acctg change and the financial impact
2. Inadequate disclosure – when the auditor believes that the omitted items cause the F/S to be deceptive
3. Departure from GAAP
GAAP: Acceptable/Justified = Modified Unqualified
Not GAAP: Unacceptable/Unjustified = “except for” or Adverse
4. Unreasonable accounting estimates
Qualified “except for” Opinion for material GAAS problems

1. Uncertainty
2. Scope limitation – time constraints, in ability to obtain sufficient competent evidential matter, refusal of
mgmt to provide mgmt letter which acknowledge their responsibility for the fair presentation of the F/S in
conformity with GAAP, refusal of clients attorney to respond to inquiry
The scope limitation should be referred to in the scope and opinion paragraph (as an explanatory
paragraph preceding before the opinion paragraph: Double “except for” whammy
Disclaimer Opinion for significant GAAS problems

1. Uncertainty
2. Scope limitation
3. Lack of independence
4. Unaudited – only an opinion paragraph. States reason of unaudited F/S and “we do not express an opinion”
Changes to the report include

Introductory paragraph
- Use the words “were engaged to audit” instead of “have audited”, and
- Deletion of the reference to the auditor’s responsibility
Scope paragraph – omitted
Explanatory paragraph – is the middle paragraph and describes the reasons for the disclaimer
Opinion paragraph – disclaimer of opinion is given on the F/S taken as a whole
4
Reports on Comparative Statements

If the prior year’s financial statements were not audited and that the current year’s financial statements are
being audited, the auditor is facing a scope limitation (because the beginning balances may not be correct) and
may require a disclaimer opinion.
When updating (changing prior) periods the explanatory should disclose the:
D – Date of the auditor’s previous report
O – Opinion type previously issued
R – Reason for prior opinion
C – Changes that have occurred
S – Statement “opinion…is different”
Only DORCS change their mind
Update or change opinion when now in conformity with GAAP (restate prior yr F/S)
Report of a predecessor auditor – presented

The prior (old) CPA should:
 Read the current period statements
 Compare the statements audited with the current period statements
 Obtain a letter of representation from the successor auditor
 Obtain a letter of representation from mgmt
 If the report is unrevised use the original report date in any reissue
 If the report is revised dual date
Report of a predecessor auditor – not presented

The current (new) CPA should:
 Not name the predecessor auditor
 The date of the predecessors auditors report
 The type of opinion expressed by the predecessor auditor
 The substantive reasons for other than an unqualified report
Subsequent Events
Type I events – conditions on or before balance sheet date, accrue, looking backward
Requires a F/S adjustment
Type II events – conditions existing after the balance sheet date, disclose in footnotes, looking forward
May require footnote disclosure
Auditors responsibility for subsequent events – PRIME is included in yr end fieldwork

P – Post balance sheet transactions
R – Representation letter should be obtained from mgmt
I – Inquiry
M – Minutes of stockholders, directors, and other committee meetings should be read
E – Examine latest available interim F/S; compare them with the F/S under audit
Auditors responsibility after the original date of the auditors report

The auditor has no active responsibility. However, if the auditor becomes aware of a subsequent event, auditor
must use professional judgement to decide whether to adjust the F/S or disclosures
If adjusts are made after the original date of the auditors report, the auditor may dual date the report
5
Ex. “Jan, 21, 2000, except for Note 2, as to which the date is Feb 3, 2000”
Facts discovered after report is issued (the auditors missed it)

Auditor action
 Advise client to issue revised F/S or make additional disclosures
 Provide notification that the F/S can not be relied upon
If the client refuses to follow procedures
 Notify the board of the directors
 Dissociate with the client
 Inform any regulatory agencies (if applicable)
 Notify parties relying on the F/S
Omitted audit procedures discovered after submission of the audit program (we forgot to do it)
 Auditor should determine whether other audit procedures tended to compensate for the omitted procedures
 Apply the omitted procedures (or alternative procedures)
Reporting on Other Information

Auditor should perform limited procedures on supplementary information and report deficiencies & omissions
1. Inquire of mgmt
2. Determine if the methods uses are consistent with mgmt’s responses, audited F/S and other knowledge
3. Consider whether the client representation letter should refer to the supplementary information
Segment information is required by GAAP

Material misstatement – GAAP problem  qualified or adverse opinion
Scope limitation – GAAS problem  qualified or disclaimer opinion
When an auditor submits a document containing audited F/S to a client or others, the auditor has a
responsibility to report on all information in the document
The auditor must indicate in the report whether the accompanying information is fairly stated in all material
respects in relation to the basic F/S taken as a whole. The report should also describe the character of the
auditor examination and the degree of responsibility the auditor is assuming.
Condensed F/S
The Auditor must indicate:
 That the auditor audited and expresses an opinion on the complete F/S
 Date of the auditors report on the complete F/S
 Type of opinion expressed
 Whether the information in the condensed statements is fairly stated, in all material respects
Selected financial data

The auditor must indicate whether the selected financial data is fairly stated, in all material respects, in relation
to the F/S from which it has been derived.
An accountants report should include

1. Brief description of the nature of the engagement
2. Statement that the engagement was performed in accordance with AICPA standards
3. Identification specific entity, descriptions of the transactions, statement about the source of the information
4. A statement describing the appropriate acctg principles (including country of origin) to be applied
5. Statement that mgmt is responsible
6. A statement that any differences in the facts, circumstances or assumptions may change the report
6
7. Restrict use of report to mgmt, board of directors, prior and current auditors
Reporting on F/S prepared for use in other countries

Distribution outside U.S. only: auditor may use either
- The report of the other country
- US style report modified to the accounting principles of another country
Distribution within the US: auditors report should be the US standard report modified as appropriate for
departures from US GAAP.
7
Quality Control Standards
The five interrelated elements of quality control are:
A – Acceptance and continuance of client’s engagement
I – Independence, integrity and objectivity
C – Continuous monitoring
P – Personnel management
A – Assurance regarding engagement performance
Acceptance and continuance of clients and engagements

 Considers the risk associated with clients (don’t accept a client whose mgmt lacks integrity)
 Undertakes only those engagements that the firm can reasonably expect to complete with professional care
Independence, integrity and objectivity

 Policies and procedures which help maintain personnel independence in fact and appearance
 Lead partner and the reviewing partner must rotate off the audit every five years
 Routine tax return preparation, tax planning and employee personal tax services are allowed under
Sarbanes-Oxley but must be approved by the audit committee in writing
Continuous monitoring
 What the title implies
Peer review
- One CPA firm reviews another CPA firms quality control system, occurs every 3 years for a CPA firm
that is a member of the AICPA.
- Purpose is to determine and report whether CPA firm being reviewed has developed adequate policies
and procedures for quality control and they are following them
- Upon completion, a report is issued with conclusions and recommendations
Personnel Management
 Criteria for hiring, assignment of the firms personnel to engagements, professional development and
advancement
Assurance regarding engagement performance

 Policies and procedures that assure that the engagement work meets professional standards, regulatory
requirements, and the firms own standards of quality
GAAS relate to the conduct of each individual engagement, whereas quality control relate to the conduct of all
professional activities of the firms practice as a whole
The quality control standards of a firm affect both the performance of each audit and the performance of the
audit practice as a whole
Deficiencies in a firm’s quality control do not necessarily mean/indicate a lack of GAAS compliance.
Other Engagements, Reports and Accounting Services

Auditing standards have restricted special reports to the following 5 areas
1. OCBOA – use of other comprehensive basis of accounting F/S (cash basis, price-level adjusted F/S)
The use of non-GAAP requires the auditor to issue either a qualified or adverse opinion unless the non-GAAP
method is an OCBOA (in which case an unqualified opinion is appropriate)
8
2. Specific elements, accounts or items of a F/S – The auditor expresses an opinion on each of the specified
elements, if the element is far-reaching or pervasive (NI, STK EQ, or any item based thereon) the auditor must
audit the complete set of financial statements.
A piecemeal opinion may be expressed if the items do not constitute a major portion of the F/S. A piecemeal
opinion cannot be issued if the auditor has expressed a disclaimer or adverse opinion.
3. Issue special report on a clients compliance with contractual agreements or regulatory requirements
Auditor must have audited the F/S and may only issue negative assurance. Cannot be issued if the auditor has
expressed a disclaimer or adverse opinion. Limitedly distributed
4. Special purpose financial presentations to comply with contractual agreements or regulatory provisions
5. Financial information presented in prescribed forms or schedules – the auditor may attest to the fairness on
financial information presented in prescribed forms such as loan applications or regulatory filings.
The auditor may make modifications to an unqualified special report by adding an explanatory paragraph after
the opinion paragraph
Compilation and Review of Financial Statements

CPA’s can perform two levels of service (compilation and review) with respect to unaudited F/S of a non-public
company.
Compilation engagement – No assurance or opinion. CPA does not perform any audit or review procedures.
A Review – Limited (negative) assurance. CPA performs inquiry and analytical procedures
When a CPA performs more than one service (such as complication and an audit) the CPA should issue a report
that is appropriate for the highest level of service rendered.
An engagement letter is recommended but not required
Statements on Standards for Accounting and Review Services – pronouncements issued by the accounting and
review services committee of the AICPA
A compilation engagement may involve compiling and reporting on only one financial statement
The compilation engagement report should include: ALARD
A – Statement that a compilation has been performed in accordance with SSARS issued by the AICPA
L – Statement that a compilation is limited to presenting, in the form of F/S, information that is the
representation of mgmt
A – Statement that the accountant has not audited the F/S
R – Statement that the accountant has not reviewed the F/S
D – Disclaimer of opinion and a statement that the accountant gives no assurance on the F/S
You’re A LARD when all you do is compile F/S
Compiled F/S that omit GAAP disclosures are acceptable if:

 Reason for omission was not to deceive user
 Compilation report warns user of missing disclosures
Compilation with limited disclosures are labeled “Selected Information – Substantially All Disclosures
Required By GAAP Are Not Included”
9
An opinion, even qualified or adverse, requires and audit. When an accountant performing a compilation or
review becomes aware of a GAAP departure, the report should be modified or the CPA with withdraw from the
engagement. An opinion would not be expressed
An accountant who submits unaudited F/S to the client that are not expected to be used by a third party may use
an engagement letter rather than a compilation report
Review of F/S – a higher level of service than compilation because it results in an expression of limited
assurance. Reviews include inquiry and analytical procedures. However, no required to obtain an understanding
of internal control or assess control risk
An auditor is required to perform these in a Review:

U – Understanding with client must be established
L – Learn and or obtain sufficient knowledge of the entity’s business
I – Inquires
A – Analytical procedures
R – Review, other procedures
C – Client representation letter required from mgmt (don’t need with a compilation)
P – Professional judgement should be used
A – Auditor should communicate results
The objective of a review of financial information is to determine whether material modifications are necessary
for the information to be in conformity with GAAP.
Not required to communicate with predecessor auditor
Make inquires of internal personnel, not external people or entities.
Client representation letter from mgmt is required which covers all F/S’s and periods covered by the review
report
Audit test work, including testing internal controls, is not performed
The accountants report in a review engagement should include:

A – the review has been performed in accordance with SSARS standards established by the AICPA
M – All F/S information is the representation of mgmt
I – a review consists principally of inquiries of company personnel
A – a review consists of analytical procedures applied to financial data
S – a review is substantially less in scope than an audit
N – no opinion is expressed
M – accountant is not aware of any material modifications that should be made to the F/S in order for
them to be in conformity with GAAP
AM I A SNM
Reporting on Comparative F/S

When the continuing auditor performs a higher level of service (service upgrade) in the current period, the
report on the prior period should be updated and issued as the last paragraph of the current period’s report
Downgrade in service (last yr we reviewed, this yr we compile). Issue a compilation report and add a paragraph
to describe prior period responsibility assumed. Or issue both a review report and compilation report
10
Whenever prior accountants are asked to reissue a prior report (audit, review or compilation) they should reas
the new F/S and obtain a representation letter from the new accountant
Reporting when one period is audited

 Reissue the prior period report, or
 Include an additional paragraph in the current report describing the responsibility assumed for the prior
period statements
Review of Interim Financial Information

In an initial review of interim financial information, the accountant should make inquires of the predecessor
auditor, and if allowed, review the predecessor’s documentation
Inquiry of clients lawyer is not required but may be appropriate in certain circumstances
Going concern is not required but may be appropriate
Likely misstatement – best estimate of the total misstatement in an account balance or class of transactions. The
accountant should:
 Accumulate all such estimates for further evaluation
 Consider that the aggregated effect of several immaterial misstatements
 Evaluate potential effect on current and future periods
A review of interim F/S of a public company is conducted in accordance with AICPA auditing standards not
SSARS
Should modify their report if, during the review, they become aware of a departure from GAAP
Going concern no modification if disclosed
Lack of Consistency no modification if disclosed
Letters for Underwriters

A comfort letter is a letter from the CPA to the named underwriter. It covers the period from the date of the last
auditors’ report to the “effective date” of the registration.
When a comfort letter is issued, the CPA is required to perform a review of interim financial information in
accordance with auditing standards
To obtain a comfort letter, parties other than the names underwriter must provide the CPA with an attorney’s
opinion or representation letter, confirming that such a party has a “due diligence defense”
Comments in a comfort letter a limited to:

 Financial info expressed in dollars, and
 Financial info derived from accounting records
A comfort letter is solely to assist the underwriters in conducting and documenting their investigation of the
company in connection with the offering
Provide positive assurance on:
11
 CPA’s independence
 Compliance of the F/S with the SEC Act, assuming the F/S are audited
Provide negative assurance on:

 Unaudited F/S – if a review has not been performed, procedures performed and findings obtained should be
listed
 Changes in selected financial information during subsequent period
 Whether non-financial data in the registration statement complies with regulation S-K
Attest Engagements
Attest engagements – CPA is engaged to issue or does issue an examination, a review, or an agreed-upon
procedures report on subject matter, or an assertion that is the responsibility of another party (usually mgmt).
Major attest services:
 Agreed-upon procedures
 Financial forecasts and projections
 Pro forma F/S
 Internal control over financial reporting
The following standards apply to services a CPA may offer:

Audit engagements – SAS (Statements on Auditing Standards)
Compilation and review engagements – SSARS (Statements on Standards for Accounting and Review
Services)
Attest engagements – SSAE (Statements on Standards for Attest Engagements)
SSAE does not apply to:

 Providing consulting/advisory services
 Operational audits (usually performed by internal auditors)
There are 11 attestation standards: TIPPY PE ACRS

General Standards – TIPPY
T – Training and proficiency
I – Independence
P – Performance/due professional care in planning and performance
P – Professional knowledge of subject matter
Y – Your belief that the assertion and the criteria is objective, measurable and complete
Field work Standards – PE
P – Planning and supervision
E – Evidence to provide reasonable basis for the conclusion
Reporting Standards – ACRS
A – Assertion or subject matter should be identified
C – Conclusions should be expressed
R – Reservations or unresolved issues should be disclosed
S – Statement restricting use of the report to specified parties should be included (if necessary)
Agreed-upon procedures – CPA is engaged to issue a report of findings based on specific agreed upon
procedures (example is mutual fund performance). Agreed upon procedures may be performed is the following
conditions exist:
I – Independence of the practitioner
A – Agreement of the parties
M – Measurability and consistency
12
S – Sufficiency of the procedures
U – Use of the report is restricted to the specified parties
R – Responsibility for the subject matter rests with the client
E – Engagements to perform agreed upon procedures on prospective financial statements
I AM SURE you can perform these agreed upon procedures
Financial forecasts – the expected financial results of a future period, based on expected conditions (i.e.
budget)
Financial projection – financial results based on a “what if” scenario, based on hypothetical assumptions
Forecasts and projections are two types of prospective F/S. Pro forma F/S are different, because it shows what
past financial results of an expired period would have been if something had been different.
Only a financial forecast is appropriate for general use. While both, forecasts and projections are appropriate
for limited use.
Compilation of prospective F/S – the proper assembling of financial data based on the party’s assumptions
 No assurance of any kind given
 The practitioner is not required to gather supporting evidence
 Significant assumptions must be disclosed otherwise cannot issue compilation
13
Planning and Supervision
TIP PIE ACDO
The audit committee is responsible for the selection and the appointment of the auditor and the reviewing the
nature and scope of the engagement
In a new client relationship, it is mandatory to make inquiries of the predecessor auditor. Client permission is
needed. If the client is unwilling it is a scope limitation.
Before accepting the client, inquiry the old CPA regarding:

 Information that may reveal mgmt integrity
 Disagreements with mgmt (accounting principles, auditing procedures)
 Reasons for change of auditor
 Communication to the audit committee regarding fraud, illegal acts, internal control matters
After acceptance, inquiry the old CPA regarding:
 Make specific inquiries about the audit
 Review predecessors audit documentation (workpapers)
Preliminary Engagement Activities

 Assess the integrity of mgmt
 Assess the availability and adequacy of the clients accounting records (lack of records = scope limitation)
 Evaluate the firm’s quality control policies and procedures
An engagement letter – a signed contract which documents the understanding with the client is required for an
audit engagement (should be signed and dated by the client)
Management’s is responsible for:

 The F/S
 Internal controls
 Compliance with laws
 Representation letter (letter to auditor at end of the engagement that confirms the representation made)
Auditor is responsible for:

 Conduct the audit in accordance with GAAS (obtain reasonable assurance about whether the F/S are free
from material misstatements
An audit is not designed to detect error or fraud that is immaterial to the F/S
An audit is not designed to provide assurance on internal control or to identify significant deficiencies
Audit is subject to inherent risks that errors and fraud will not be detected. If we discover fraud then we report
it to the audit committee
Planning the Audit

The nature, extent and timing of planning procedures will vary based on the engagement (the NET we cast over
the audit)
The auditor is required to obtain an understanding of the entity, its environment and internal controls
Obtain knowledge about the clients industry and business through:

 Audit guides, trade publications and public information
14
 Tour client facilities
 Review financial history of client
 Obtain understanding of client accounting
 Inquire of client personnel
Analytical Procedures used for:

 For planning the nature, extent, and timing of other audit procedures (required)
 Substantive tests to obtain evidential matter (optional)
 Overall review in the final stage of the audit (required)
Analytical procedures performed during planning

 Used to enhance the auditors understanding, and identify unusual transactions, events and amounts
 During planning, analytical procedures consist of a review of data aggregated at a high level, such as
comparing financial statements to budgeted amounts
 Financial data is used through relevant nonfinancial data (number of employees, square footage)
The audit plan

 Must be written
 Specific audit procedures are documented
 Description of the nature, extent, and timing of:
- Planned risk assessment procedures (assess risk of material misstatement) (required)
- Planned further audit procedures
 Timing of audit procedures should be discussed with mgmt
Materiality
Known misstatements – specific misstatements identified during the audit
Likely misstatements – misstatements the auditor considers likely to exist due to differences between auditor
and mgmt judgements or from audit evidence
Tolerable misstatements – maximum error in a specific population that the auditor is willing to accept
All misstatements must be communicated to mgmt
Because the F/S are interrelated, the auditor should use the smallest level of misstatement that could be material
to any one of the F/S
The auditor must consider the effects, both individually and in aggregate, of the uncorrected misstatements
(both known and likely)
Misstatements are more likely to be considered if they:

 Affect trends in profitability
 Affect’s entity’s compliance with loan covenants, contracts or regulatory provisions
 Increase mgmt’s compensation
 Affect significant F/S elements
 Can be objectively determined
The auditor should document:

 Planning levels of materiality and tolerable misstatement, the basis for those levels and any subsequent
changes
15
 Known and likely misstatements that were corrected by mgmt
 A summary of uncorrected misstatements (known and likely), auditors conclusions on whether those
misstatements cause the F/S to be materially misstated, and the basis for the conclusion
Documentation of uncorrected misstatements should include:
 Separate identification of known and likely misstatements
 The aggregate effect on the F/S
 Relevant qualitative factors affecting materiality judgements
Audit Risk
Audit risk is the risk that the auditor may unknowingly fail to modify appropriately the opinion on the F/S that
are materially misstated (risk that the auditor will give the wrong opinion)
AR = RMM * DR
AR = (IR * CR) * DR
Audit risk (AR) should be low

Risk of Material Misstatement (RMM) – assessed by auditor and is independent of F/S audit
Inherent risk (IR) – susceptibility of a relevant assertion to a material misstatement, assuming there are
no related controls (mistake in the clients acctg system). Auditor assesses IR but can’t change
Control risk (CR) – risk that a material misstatement could occur in a relevant assertion will not be
prevented or detected on a timely basis by the clients internal controls (clients internal control does not
catch it)
Detection risk (DR) – risk that the auditor will not detect a misstatement that exists within a relevant assertion
(auditor will miss the mistake). Detection risk is a function of the effectiveness of audit procedures. The auditor
can change the detection risk
RMM and DR have inverse relationship. When risk of material misstatement is high, detection risk should be
set low (so we have to do more work)
Substantive procedures are always required
Direct relationship between RMM and assurance required from Substantive procedures. Greater the risk
(RMM) the more persuasive evidence needed.
Audit risk and materiality must be considered at both the F/S level and the account balance (item level)
 At the F/S level, the auditor should consider risks that have pervasive effect on the F/S, potentially affecting
many relevant assertions
 The account balance level (transaction & item level) is used to determine the nature, extent, and timing of
audit procedures. Inverse relationship between audit risk and materiality
Audit Procedures:
1. Risk assessment procedures
2. Test of controls – test of internal controls (CRIME)
3. Substantive procedures – tests $ balances
F/S Assertions (made by mgmt)

Transactions and events
C – Completeness
P – Proper period cutoff
A – Accuracy
C – Classification
O – Occurrence
16
Account balances
C – Completeness
A – Allocation and valuation
R – Rights and obligations
E – Existence
Presentation and disclosure

C – Completeness
U – Understandability and classification
R – Rights and obligations
V – Valuation and accuracy
After sufficient planning information has been gathered, an audit plan should be drafted. A written audit plan is
required for every audit.
When planning the audit, the auditor should consider the extent of involvement of the client’s internal auditors
in the audit. Internal auditors are not independent, thus, the external auditor can’t share with the internal auditor
any responsibility for audit decisions.
 Auditor must obtain an understanding of the internal audit function
 If the auditor uses the work of internal audit, competence and objectivity must be assessed
 The higher the level the internal auditors report to, the more objectivity can be assumed
 The auditor remains solely responsible for the report on the F/S. The internal auditor may not be utilized to
make judgement calls
If a specialist is used must evaluate the competence and objectivity of the specialist. Treat like one of your staff.
Fraud and Illegal Acts

Errors – unintentional
Fraud – intentional; 2 types
1. Fraudulent financial reporting (lying) – designed to deceive F/S users. Usually involve
manipulation, misrepresentation, intentional misapplication of accounting principles
2. Misappropriation of assets (stealing) – theft of an entities assets
Fraud risk factors include:

 Incentives/pressures: a reason to commit fraud
 Opportunity: lack of effective controls
 Rationalization/attitude: an attempt to justify fraudulent behaviour
Its mgmt’s responsibility to design and implement programs and controls to prevent and detect fraud
The auditor has a responsibility to plan and perform (referred to as design) the audit to obtain reasonable
assurance about whether the F/S are free from material misstatement, whether caused by error or fraud.
Mgmt override of controls is a major factor in fraud.
Inquire entire personnel regarding their views of fraud risk

- Inconsistent responses indicate a need for additional evidence
Consider the results of analytical procedures (required during the planning and final stage)
17
Attributes of risk:
 Type of risk: fraudulent F/S or misappropriation of assets
 Significance of risk: can it lead to a material misstatement
 Likelihood of the risk: how likely is this to happen
 Pervasiveness of the risk: does it affect the whole F/S or only specific accounts or transactions
2 Areas of greatest fraud concern:
1. Improper revenue recognition
2. Mgmt override controls
Items are more susceptible to manipulation when they involve:

1. High degree of mgmt judgement and subjectivity
2. Highly complex accounting principles
The auditor is required to respond to the results of the risk assessment on three levels
1. Overall, general response
- assigning personnel to the engagement
- determining the appropriate level of supervision of engagement personnel
- evaluating mgmt’s selection and application of accounting principles
2. Response encompassing specific audit procedures
- change nature
- change extent
- change timing
3. Response addressing risks related to mgmt override
- examine journal entries and other adjustments
- review accounting estimates for biases
- evaluate the business purpose for significant unusual transactions
Significant fraud risk – may consider withdrawing from the engagement
Revenue recognition
- perform substantive analytical procedures relating to revenue
- confirm with customers contract terms and the absence of side agreements
Revenue recognition criteria
1. must have an arrangement (signed agreement)
2. must be a delivery
3. must be fixed or determinable price
4. collectability
Inventory quantities
- concern that there may be a failure to reconcile books to physical inventory
Mgmt estimates
- engage a specialist
- develop an independent estimate
- perform a retrospective review of prior period estimates (how good were last yr’s estimates)
Misstatements caused by fraud (even immaterial misstatements) may be indicative of an underlying problem
with mgmt integrity. The auditor may need to reevaluate the assessment of fraud risk, the assessed effectiveness
of controls, and the appropriateness of audit procedures applied.
Inform the audit committee of any fraud. Parties outside the entity that we may communicate with in certain
circumstances:
18
- to comply with certain legal and regulatory requirements
- to a successor auditor
- in response to a subpoena
- to a funding agency
Complete documentation of the auditors risk assessment and response is required
If the auditor has not identified improper revenue recognition as fraud risk, support for this conclusion
Illegal acts – violation of law
The auditors responsibility to detect illegal acts are the same for fraud and errors.
The auditor has no obligation to look for illegal acts having an indirect effect on the F/S
The auditor generally does not include procedures to specifically detect illegal acts
Effect of illegal acts on the auditors report

Departure from GAAP – “expect for” or adverse
Insufficient evidence – “except for” or disclaimer
Clients refuses to modify report – withdraw
Risk Assessment
TIP PIE ACDO (fieldwork)
Audit Steps IMACPA

I – Internal control, understand
M – Material misstatement, assess
A – Assess risk control
C – Control testing
P – Perform substantive testing
A – Audit evidence, evaluate appropriateness and sufficiency
I - Internal control – obtain an understanding of the entity and its environment

Risk assessment procedures
 Inquires
 Analytical procedures (required for planning and final stages)
 Observation and inspection
 Discussion among audit team
 Other procedures
 The auditor may choose to perform substantive procedures or tests of controls, if its efficient to do so
Factors to understand
 Industry, regulatory, and other external factors
 Nature of the entity
 Objectives, strategies and business risks
- Business risks – events or circumstances that could adversely affect the firm (ie competition)
 Financial performance
 Internal controls and accounting policies
M – Material misstatement, assessing the risks

Factors that my be indicative of significant risks
 Unusual, complex transactions
 Business risks
 Fraud risk
19
 Significant related party transactions
 Highly subjective accounting estimates and principles
Response to significant risks
 Evaluate the design of the entity’s related controls
 Determine whether the controls have been implemented
 Evaluate whether and how mgmt responds to such risks
Test of controls – test strengths to be relied upon, not weaknesses

Controls that are more directly related to an assertion are more effective in preventing, detecting and correcting
a misstatement in that assertion, than controls which only relate indirectly to an assertion.
Documentation requirements
 Discussion among the audit team
 Key elements of the understanding of the entity and its environment
 The assessment of the risks of material misstatement
 The identified risks and related controls evaluated by the auditor
Document
1. control factors that were used/helped to plan the audit engagement
2. control factors that helped ensure mgmt rules and directives were followed
Forms of documentation may include any item the auditor can FIND
F – Flowchart
I – Internal control questionnaire or checklists
N – Narrative
D – Decision table
Flowcharts – symbolic diagram representing the sequential flow of authority, processes and documents. Depicts
the auditors understanding of the system
 An adequate flowchart shows the origin of each document in the system, its subsequent processing, and its
final disposition
 IT flowcharts are initially created to document the logic and existing flow of a computer program
Internal control questionnaires – used for each item of mgmt assertions
Narratives – a narrative is a written version of a flow chart (hard to “see” weaknesses
Decision tables or trees – graphic illustrations that depict the logic of an operation or a process
A flowchart is sequential while a decision table/tree is logical
Internal Control
TIP PIE ACDO
Entity objectives
1. Reliability of financial reporting (most relevant to the audit)
2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations
20
Controls that pertain to the first objective (reliability of financial reporting) are the most relevant to the audit,
and these are the controls that the auditor must consider and understand.
Five components of internal controls – CRIME

C – Control environment: overall tone of the organization
R – Risk assessment – mgmt’s identification of risk
I – Information and communication systems
M – Monitoring: assessment of internal controls over time
E – Existing control activities: control policies and procedures
It’s a CRIME not to have strong internal controls
Control testing = internal controls (CRIME)

Substantive testing = $ balances
The auditor should obtain an understanding of CRIME as it pertains to financial reporting:

1. evaluate the design of relevant controls and determine whether then have been implemented
2. assess the risk of material misstatement
3. design the nature, extent and timing of further audit procedures (CPA tests internal controls in order to
adequately plan the NET audit)
Limitations of internal controls

 Human error
 Collusion
 Mgmt override
 Segregation of duties may be difficult to achieve in a smaller entity
IT system may make it impossible to reduce detection risk through substantive testing alone (must do control
testing as well)
IT benefits:
 Ability to process large volumes of transactions accurately
 Improved timeliness and availability of information
 Facilitation of data analysis and performance monitoring
 Reduction is the risk that controls will be circumvented
 Enhanced segregation of duties through effective security controls
IT Risks:
 Potential reliance on inaccurate systems
 Unauthorized access to data
 Unauthorized changes to data, systems and programs
 Failure to make required changes and updates to systems or programs
Auditor should document use of programs and perform tests more often during the yr
Organizational structure of the IT department

C – Control group – responsible for internal control within IT dept.
O – Program Operators – input data
P – Programmers – write and develop computer programs
A – System Analysts – design the overall program, while programmers do the detailed work
L – Librarian – maintains the storage of the data
21
Anyone doing for an 1 job or supervising another area is a weakness
CRIME
C – Control Environment – has pervasive effect on the auditors risk of assessment and preliminary judgements
about its effectiveness may influence NET of further audit procedures to be performed
 Sets the tone of an organization, influencing the control consciousness of its people
 Communication and enforcement of integrity and ethical values
 Mgmt’s philosophy and operating style
 Organizational structure
 Assignment of authority, responsibility and accountability
 Human resource policies and practices
R – Risk assessment
 CPA should obtain understanding and knowledge
I – Information and communication

 Accounting process (automated and manual), from initiation of a transaction to F/S
 Accounting records (electronic and manual) supporting information and specific accounts involved in
initiating, authorizing, recording, processing and reporting transactions
 The financial reporting process, including the development of significant accounting estimates and the
inclusion of appropriate disclosure
M – Monitoring
 Process that assesses the quality of internal control performance over time
 Establishing and maintaining internal control is a responsibility of mgmt
E – Existing control activities

Control activities in a strong internal control system have PAID TIPS
P – Prenumbering of documents
A – Authorization of transactions
I – Independent checks to maintain asset accountability
D – Documentation
T – Timely and appropriate performance reviews
I – Information processing controls – ensure that transactions are valid, authrorized, and accurate
- Application controls – controls for processing of individuals transactions
- General controls – apply to information processing throughout the company
P – Physical controls for safeguarding assets – simply security
S – Segregation of duties – client should separate: ARC
- Authorization
- Recordkeeping
- Custody of related assets
The internal control environment should be detected in the ordinary course of business by an employee, not
- Collusion
- Mgmt overrides
For internal controls the auditor should

 Obtain the necessary understanding of the user organizations internal control to plan the audit
 Assess the control risk at the user organization, and
22
 Perform substantive procedures
Report on controls placed in operation – may aid the auditor in obtaining an understanding of controls,
however, it is provided when tests of operating effectiveness were not performed, and therefore it does not
provide the user with a basis for reducing the assessment of control risk
Responding to Assessed Risks

IMACPA
Audit approach – the auditors specific approach to identified risks at the relevant assertion level may consist of
either a substantive or combined approach
Use substantive approach when:

 Controls are not strong for an assertion
 Not cost/benefit to test the effectiveness of the controls
Combined approach – both control testing and substantive procedures are used. If controls are operating
effectively, less assurance will be required from substantive procedures.
Test of controls may be required in highly electronic environments, substantive procedures alone may not be
sufficient
Audit approach
Status of internal control Risk level Perform control tests Perform substantive tests
None or weak high No (because nothing to rely on) yes-maximum
Some medium Yes
Strong low Yes minimal (but never
eliminate for material
balances, transaction classes, or disclosures)
Test of Controls - IMACPA

Test of controls are performed when the auditors risk assessment is based on the assumption that controls are
operating effectively, or when substantive procedures alone are insufficient. (test control strengths, not
weaknesses)
Obtaining an understanding of internal controls includes evaluating the design of controls and determining
whether they have been implemented
Only controls that are suitably designed to prevent or detect material misstatements are subject to tests of
operating effectiveness
Inspect client records documenting use and changes to IT programs
Nature of tests of controls

 Tests of operating effectiveness of controls include: inquiries, inspection, observation, and reperfornance
 As the planned level of assurance (about operating effectiveness) increases, the auditor should obtain more
reliable or more extensive audit evidence
Evidence hierarchy:
1. Personal observation and knowledge
2. External evidence
23
3. Internal evidence
4. Oral evidence
Timing of tests of controls

 When tests of controls are performed at one particular time, they provide evidence that controls operated
effectively only at that time. Controls tested throughout the period provide evidence of operating
effectiveness during that period
 Controls that are tested only during an interim period should be supplemented by additional evidence for
the remaining period (roll forward)
 If controls have changed since they were last tested, operating effectiveness must be retested in the current
period
 Even if controls have not changed, operating effectiveness must be tested at least one every third year
Perform substantive testing – IMACPA
 Used to detect material misstatements at the relevant assertion level
 Substantive procedures should be designed to be responsive to assessed risks, however, regardless of the
assessed risk, substantive procedures are required for each material transaction class or account balance
2 types of substantive procedures

1. Test of details – applied to transaction classes, account balances and disclosures. $ balances, ratios
2. Substantive analytical procedures – used for large volume predictable transactions
Directional testing
To test existence or occurrence assertion – Top down, start from F/S. Look for support = vouching
Test existence for overstatement of assets and revenues
To test completeness assertion – Bottom up, start from item, look to see its included/covered in F/S = tracing
Test completeness for understatement of liabilities and expenses
If substantive procedures are performed at an interim date, the auditor should perform further substantive
procedures (maybe with test of controls) to provide reasonable basis for extending audit conclusions to period
end
If risk of material misstatement is low, performing substantive procedures at interim increases the risk that the
auditor will not detect material misstatements in the F/S
In certain situations, such as those in which there is an identified fraud risk, the auditor may choose to perform
substantive procedures at or near period end.
Audit evidence, evaluate appropriateness and sufficiency – IMACPA

 Audit evidence obtained may cause the auditor to modify this or her initial risk assessment
 The auditor should not assume that an identified instance of fraud or error is an isolated occurrence
 When there is a change in the assessed level of risk, the auditor should modify planned procedures
accordingly
 The auditor uses judgement to evaluate the sufficiency and appropriateness of audit evidence
24
Transaction Cycles
TIP PIE ACDO – whole chapter 4
Revenue cycle – includes sales revenues, receivables and cash receipts

Sales (serially number documents are PAID TIP)
1. Preparation of sales order – a serially numbered sales order is prepared and sent to the credit department
for approval
2. Credit approval – valuation assertion, credit department determines (ARC)
3. Shipment – Shipping department prepares a serially numbered bill of lading (ARC)
4. Billing – Billing dept. prepares serially numbered sales invoice. Shipping documents, sales orders, and
invoices are compared to ensure that all shipments were based on customer orders and properly billed.
The invoice is then sent to the customer and A/R dept. (ARC)
5. Accounting – the sale is entered into the sales journal and a receivable is recorded (ARC)
Accounts receivable
1. Sales
2. Collection of cash receipts
3. Uncollectible receivables – an aging schedule is prepared and sent to the credit department for use in
carrying out its collection program. Auditor observes the preparation of aging schedule to support
assessing control risk below maximum
4. Sales returns – a serially numbered receiving report may be used as a sales return slip. Once the return
is approved, the related receivable is eliminated
Cash receipts
1. Collection – incoming mail must be opened by a person who does not have access to the A/R ledger.
One receipt copy should be sent to cashier (or treasury) for bank deposit. Another copy sent to A/R dept.
for entry into the A/R subsidiary ledger. A third copy should be sent to acctg dept. for entry into the
general ledger
Testing controls for Sales

 Inquire about credit procedures for new customers (valuation) (ARC)
 Compare sales journal to subsidiary ledgers
 Inspect a sample of prenumbered shipping documents and
- agree to sales order (existence)
- account for prenumbered (completeness)
 Vouch a sample of sales invoices, trace a sample of shipping documents
 Inspect customer exception file and disposition (existence, completeness, rights and valuation)
 Send confirmations – follow up on error reports (rights and obligations)
 Test cutoff
 Test adequacy of uncollectible accounts
Expenditure cycle
Purchases
1. Purchase requisition – the dept. needing an asset or services sends an approved serially numbered
requisition to the purchasing dept
2. Purchase orders – obtain competitive bids from various suppliers to make sure that the best price is
obtained. Use prenumbered purchase orders
3. Receipt of goods or services- it is preferable that the copy not indicate the quantity ordered (blind copy),
thus the receiving dept is forced to count the goods upon arrival
25
Accounts payable
1. record the payable
2. approve the bill – when the invoice arrives, the accounting department approves it by matching the
invoice, purchase order, receiving report, and (sometimes) the requisition
Cash disbursements
1. best for internal controls to pay invoices by check
2. best for internal control to segregate approving payment and writing checks
3. Treasurer pays the bills
The accounting department has three functions

1. to record the payable
2. to approve the invoice for payment
3. to record the payment after its paid by the treasurer
The auditor should review bills in January to determine is they were incurred in Nov or Dec (search for
unrecorded liabilities.
Audit procedures related to cash

 Internal controls over the handling of cash is one the most critical areas of an audit; proper segregation of
duties
 The auditor should obtain cutoff bank statements used to test for lapping and kiting
 Vouch postings to ledger accounts, reconcile bank statements, and verify cash transactions
Simultaneously verify internal and external evidence

Internal evidence – includes counting cash on hand and reconciling it with the journals
External evidence – includes confirming accounts on deposit with banks, all securities on deposit and
obtaining bank cut-off statements
Lapping – theft of cash is often concealed by failing to account for cash receipts (today’s cash receipts cover
yesterday’s theft)
 Best way to guard against lapping is to use a lock box system. Inspect checks when deposited/cashed and
compare to when accts receivable was booked
Kiting – when a check drawn on one bank is deposited in another bank and no record is made (cash is recorded
in 2 places at once (Dec 31))
 A bank transfer schedule compares the dates checks are drawn to the dates checks are deposited
A standard bank confirmation should be sent to all banks that the client has done business with during the year,
regardless of whether there is a year end balance to confirm.
Potential misstatements
 Recording fictitious sales (existence assertion)
 Holding open the sales journal to include next year’s sales (improper cutoff)
 Shipping unordered goods near year end which can be returned (bill and hold)
 Failure to record payments
 Sales adjustments may be used to conceal thefts of cash collections
Reduce risk by ARC
26
Audit Documentation
Audit documentation (workpapers) belong to the CPA (not the clients acctg records) and are meant to support
the auditors opinion and record audit procedures performed and evidence obtained
Audit documentation should:

 Indicate that the accounting records support/reconcile to the F/S
 Contain enough detail so an auditor with no prior knowledge can understand the whole audit
 Support that the audit was conducted in accordance with GAAS
Report release date – date on which the auditor grants the client permission to use the report (usually date
report is delivered to the client)
For private companies, auditing standards require audit documentation be completed 60 days from report
release date and held for 5 years from that date
For private companies, the PCAOB requires audit documentation be completed 45 days from report release
date and held for 7 years from that date
The specific quantity, type and content of audit documentation are based on the auditors judgement
Permanent (continuous) file – audit documentation that has continuing interest from year to year
- contracts, pension plans, leases, stock options, bylaws
Current file – all audit documentation applicable to the year under the audit
Audit documentation should include significant audit findings, actions taken, and conclusions reached, such as:
 Selection and application of accounting principles
 Possible material misstatements
 Need to revise the auditors previous risk assessment
 Significant difficulty in applying necessary audit procedures
 Modification to the auditors standard report
You can provide audit documentation to another party without the clients permission:
 If it’s subpoenaed in court
 To your defense team: lawyers, insurance company, expert witnesses
 AICPA for an investigation or quality review
Audit Evidence
Audit evidence – all the information an auditor uses to arrive at the opinion
The auditor should have access to all pertinent accounting data and corroborating evidential matter (otherwise
it’s a scope limit)
Types of audit evidence

 Underlying accounting records – test through analytical procedures and substantive tests, such as retracing,
recalculation and reconciliation
 Corroborating evidence – provides additional support for the acctg data; observation, inquiry and inspection
27
 Electronic evidence – consider the time during which information exists or is available in determining the
nature, extent and timing of audit procedures.
The third standard of fieldwork – “The auditor must obtain sufficient appropriate evidence by performing audit
procedures to afford a reasonable basis for an opinion regarding the F/S under audit”
Evidential matter must persuade the auditor that the ending balance in the F/S are fairly presented (persuasive
rather than conclusive)
Cost/benefit relationship may be a valid reason for performing only certain procedures, cost alone or difficulty
in obtaining evidence is not a valid basis for omitting a procedure
Evidential matter should be valid and relevant

The greater the risk of material misstatement the more evidence will be required
The higher the quality of audit evidence the less audit evidence needed
Evidence must relate to the financial statement assertion under consideration
The evaluation of evidential matter must take into consideration the achievement of audit objectives
Substantive procedures are performed to evaluate mgmt’s assertions which help detect material misstatement
Substantive procedures consist of:

1. Test of details (applied to transactions balances and disclosures)
2. Substantive analytical procedures
Analytical Procedures
 Comparison of financial data – review current and prior year’s F/S and the current years budget, industry
norms, and nonfinancial information
 Most effective and efficient for assertions in which potential misstatements are not apparent from detailed
evidence or is not available
The I/S has more predictable relationships than the B/S

Accts with mgmt discretion are less predictable\
Analytical procedures for planning phase and final review phase are required. However analytical procedures
used as substantive tests are not required.
Documentation requirements, expectation, factors, results, additional audit procedures performed and results of
those procedures
Investigate significant differences (if found): make inquires of mgmt, in necessary expand audit procedures or
alternative substantive procedures. Differences do not necessarily indicate errors or fraud, but simply indicate
the need for further investigation
Analytical procedures are applied during the overall review stage of an audit to evaluate the overall F/S
presentation and assess the conclusions reached
Test of Details
Directional testing refers to testing either forward or backward
If a test starts with items in the accounting records, the proper assertion is most likely existence
28
If a test starts with source documents, it is most likely related to the completeness assertion
Standard auditing procedures – FIVE CARROTS

F – Footing, crossfooting, recalculation – verify mathematical accuracy
I – Inquiry – both internal and external
V – Vouching – directional testing; auditor examines support for existence and occurrence assertions
E – Examination/Inspection – provides evidence about the existence assertion
C – Confirmation – Type of inquiry obtained from third party
A – Analytical procedures – evaluate financial information through the study of data relationships
R – Reperformance – auditor re-performs procedures or controls originally performed by the client
R – Reconciliation – substantiates the existence and valuation of accounts
O – Observation – auditor looks at a process or procedure performed by others
T – Tracing – directional testing; examines support for the completeness assertions
S – Subsequent events review – perform certain procedures after balance sheet date
Other procedures
 Cut-off testing
 Test related account simultaneously
 Requesting a comprehensive mgmt representation letter
 Reading pertinent information
Evidential Procedures for Selected Accounts

Inventory
The observation of beginning and ending inventory is required. May use alternative procedures to justify an
opinion (acceptable when its impractical or impossible to observe inventory.
The client counts the inventory and the auditor simply observes and test counts certain items
Consigned inventory on hand is excluded from inventory count
Related accounts – inventories, purchases, sales, sales returns and allowances, and COGS
The auditor should examine purchase invoices and receiving report around yr end for cut-off testing
The auditor should examine sales invoices and compare them to shipping documents around yr end for cut-off
Determine whether inventory adhere to lower of cost or market principles and whether inventory is pledged or
subject to liens
Examine vendor invoices, direct labor rates and test the computation of overhead rates
Accounts receivable confirmations

Positive confirmations – request response from the recipient (may be blank)
 Best type of confirmation for: large accounts, expect errors and disputes, weak internal controls
 A greater degree of assurance but may result in lower response rate
 Non-responses should be: followed up, the client may have to intervene, perform alternative procedures
 Generally provide evidence regarding existence and rights and obligations
Negative confirmations – recipient is asked to respond only if the amount stated in incorrect
 Not as good as positive confirmation
29
 Use when there is low risk, small balances, belief that the receipt would respond if there was a discrepancy
Accounts payable confirmation – not required

 Are positive confirmations and generally left blank
 Objective is to determine whether A/P is understated
 Should be sent when internal control is weak
 Typically send to vendors with small or zero balances would be selected for confirmation
However, unrecorded liabilities generally surface eventually when unpaid vendors stop delivering goods
Payroll and Personnel

There should be segregation of duties as follows
 Authorization to employ and pay – function of HR to hire new employees
 Supervision – all pay base data (hours, time-off) should be approved
 Timekeeping and costs accounting – data on which pay is based, hours worked or jobs completed
 Payroll check preparation – computes salary based on information received, later signed by the treasurer
Control procedures – PAID TIPS
PPE
 Acquisition – a special requisition form is needed. Acquisitions are ties to the capital budget and the board
of directors should also have to approve the acquisition.
 Subsidiary ledgers – detailed information on each asset is kept in the subsidiary ledger
 Physical security
 Written policies – on depreciation and capitalization
 Disposition – retirement of assets should be documented and sequentially numbered
Audit procedures
 Vouch additions
 Review retirements and recalculate any gains/losses
 Review repair and maintenance accounts in order to locate items that should have been capitalized
 Be alert for lien’s on assets (borrowed)
- Companies cannot/do not insure fixed assests they do not have
- Companies do not pay real estate taxes on property they don’t own
- Tour plant and inquire
Liabilities
 Notes payable – examine the note, comparing terms and amounts to board approval. Interest expense should
be independently computed
 Long term debt – ensure that interest expense is properly reported, valuation is fairly reported, all debt has
been recorded. Compare interest expense with the bond payable amount for reasonableness
 Contingencies – look at guarantees, purchase commitments, leases, tax returns, clients legal counsel
Owners Equity
 Treasury stock – auditor should examine all shares of treasury stock and reconcile the number of TS shares.
Compare to authorization in the minutes of the board meeting
 Stock transactions – vouch to supporting documentation
All issues relating to stock, dividends, and TS must be authorized by the board of directors
Articles of incorporation goes in the permanent audit file

30
If the client uses a stock transfer agent, use third party confirmations
If the client doesn’t use a stock transfer agent, check the stock certificate book
Consider whether any appropriations of retained earnings are necessary (due to loan covenants). The auditor
focuses on evaluating the presentation and disclosure of the F/S (mgmt assertions = classification &
understandability)
Audit Evidence: Miscellaneous Items

Related Party Transactions
 Concerned about valuation and accuracy
 A related party transaction is not considered to be an arms length transaction
 Should be adequately disclosed
Determining the existence of related party transactions

 Evaluate company’s procedures and policies for related party transactions
 Inquire mgmt and predecessor auditor
 Review entity’s filings with the SEC
 Review board minutes
 Compensating balance agreements
 Loan agreements
 Unusual, non-recurring transactions new year end
Accounting Estimates
 Assess mgmt’s written policies and practices of acctg estimates
 Verify that all material estimates have been developed
 Determine that the accounting estimates are reasonable
 Ensure that the accounting estimates are properly presented and disclosed in conformity with GAAP
 Test for reasonableness
 Are they using the same methods
 Past track record of estimates is good
 Justify any changes in approach
Auditing Fair Values

 Estimates and valuation methods may be used when market values are not available
 Changes in fair value measurements may be treated in different ways under GAAP (NI or OCI)
 Evaluate the sufficiency, competency, and consistency of evidence obtained with respect to fair value
measurements and disclosures.
 Determine whether mgmt’s significant assumptions provide a reasonable basis for fair value measurement
Litigation
 Mgmt is the primary source of information regarding litigation. An external inquiry of the entity’s attorney
is simply a means to corroborate information provided by mgmt. R
 Review minutes, invoices from lawyers, and IRS correspondence
 Its mgmt’s responsibility to identify and account for litigation, claims
Letter inquiry to clients attorneys should be signed by the client but sent to the lawyer by the auditor
31
The lawyers response to the letter should include a professional opinion on the expected outcome of any
lawsuit and the likely outcome of any liability, including court costs
If the lawyer refuses to respond  scope limitation  qualified or disclaimer opinion

Client refuses to permit inquiry  disclaimer opinion
32
Audit Sampling (statistic sampling)
Sampling risk – reach the wrong conclusion based on the sample
Although statistical sampling aids the auditor in quantitative ways, it is not a substitute for professional
judgement. Professional judgement is still needed/required to set parameters and evaluate the results.
2 main types of sampling

1. Attribute sampling (rate of occurrence) – used for testing internal controls (yes/no questions)
2. Variable sampling (probability-proportional to size PPS or estimation sampling or numerical quantity) –
used in substantive testing of account balances ($ values)
Audit risk – risk of getting the opinion wrong due to uncertainty in applying audit procedures (sampling and
other)
Risk of assessing control risk too low – risk that the assessed level of control risk based on the sample is less
than the true risk based on the actual operating effectiveness of the control (i.e. sample results indicate a lower
deviation rate than actually exists in the population)
Risk of assessing control risk too high – risk that the assessed level of control risk based on the sample is
greater than the true risk based on the actual operating effectiveness of the control. sample results indicate a
greater deviation rate than actually exists in the population
There are two sorts of mistakes an auditor can make with sampling:
1. The auditor may fail to identify an existing problem (incorrect acceptance and assessing control risk too low)
2. The auditor may falsely identify a problem where none exist (incorrect rejection and assessing control risk
too high)
The risk of incorrect acceptance and the risk of assessing control risk too low relate to the effectiveness of an
audit in (possibly not) detecting an existing material misstatement. Auditors usually accept a risk of 5% (or
10%). Inverse to the risk is the confidence level (also called reliability). The auditor is 95% confident that the
sample is representative of the population.
The risk of incorrect rejection and the risk of assessing control risk too high relate to the efficiency of the audit
(the auditor does more audit work than is necessary)
Attribute Sampling
Planning considerations
 Relationship between the sample to the objective of the test of controls
 Tolerable deviation rate – maximum rate of deviation from a prescribed procedure the auditor will tolerate
without modifying planned reliance (or changing control risk assessment) on internal control. Rate set by
the auditor
 Auditors allowable risk of assessing control risk too low
 Characteristics of the population
Deviation rate – auditors best estimate of the deviation rate in the population from which the sample was
selected. There is a direct relationship to sample size: the fewer the deviations expected, the smaller the sample
size would be needed.
Population of 1000 and sample 100 items and 7 deviations identified within the sample
7% sample deviation rate
Estimate 70 deviations in the population (7% sample deviation rate)
33
If the estimated deviation rate for the entire population is less than the tolerable rate for the population, the
auditor should consider the risk that such a result might be obtained even though the true deviation rate for the
population exceeds the tolerable rate for the population. For example assume the tolerable rate for a population
is 5% and the sample consists of 60 items:
 If no deviations are found in the sample of 60, the auditor may conclude that there is an acceptably low
sampling risk that the true deviation rate in the population exceeds the tolerable rate of 5% (this is because
the sample deviation rate is much less than the tolerable rate)
 If the sample includes two or more deviations (2 in 60 = 3.33%), the auditor may conclude that there is an
unacceptably high sampling risk that the rate of deviations in the population exceeds the tolerable rate of
5% (this is because the sample deviation rate is close to the tolerable rate)
 The auditor applies professional judgement in making such evaluations
Perform the following steps when conducting attribute sampling

 Define the objective of the test
 Define the population
 Define the sampling unit
 Define the attributes of interest
 Determine the sample size including risk of assessing control risk, tolerable deviation rate, expected
deviation rate
Sample deviation rate + allowance for sampling risk = Upper deviation rate
Allowance for sampling risk = what we found in the sample isn’t representative of the population
If the upper deviation rate is less than or equal to the auditors tolerable deviation rate, the auditor may rely on
the control (assuming results of other audit tests do not contradict such results)
If the upper deviation rate exceeds the auditors tolerable deviation rate, the auditor would not rely on the
control. Instead the auditor would either:
 Select and test compliance with some other internal accounting control, or
 Modify the nature, extent, or timing of related substantive tests to reflect the reduced reliance
Discovery sampling – used for detecting fraud

Stop-or-go sampling – allows auditor to stop and audit test before completing all the steps (to avoid over
sampling) used when few error are expected in the population
Variable sampling (estimation sampling)

Stratification – items subject to sampling are separated into relatively homogenous groups and treated as a
separate population, which usually results in a reduced sample size. Commonly used when a population has
highly variable recorded amounts
Higher the tolerable misstatement the lower the sample size
The auditor projects the misstatements found in the sample to the population using one of several methods
(MPU, ratio, difference, etc). The projected misstatement is applied to the recorded balance to obtain a “point
estimate” of the true balance.
The auditor must then add an allowance for the sampling risk (sometimes called a precision interval) to this
estimate
34
In deciding whether to accept the clients book value, the auditor determines whether the recorded book value
falls within the acceptable range (i.e. point estimate +/- the allowance for sampling risk). If so, the book value
is fairly stated
Probability-Proportional to size (PPS)

PPS – sampling unit is defined as an individual dollar in a population
Advantages
 Emphasizes larger items by stratifying the sample. The chance of an item being selected is proportionate to
its dollar amount
 If no errors are expected, PPS sampling generally requires a smaller sample than other methods
Disadvantages
 Items with zero, negative or understated balances require special design considerations
Sampling interval = tolerable misstatement ÷ reliability factor
Sample size = recorded amount of the population ÷ sampling interval
Tolerable misstatement - the maximum dollar error that may exist in the account without causing the F/S to be
materially misstated
Reliability factors correspond to the risk of incorrect acceptance and are generally obtained from a table
The Effect of Information Technology on the Audit

Test data (test deck) – technique that uses the application program to process a set of test data, the results of
which are already known. (the clients system is used to process the auditors data, off-line, and while under the
auditors control
Integrated test facility (ITF) – similar to test data approach except that the test data is commingled with live
data (the clients system is used to process the auditors data, on-line)
 Test data must be separated from the live data before the reports are created. This is usually accomplished
by processing the test data to dummy accounts (fictitious customer, branch, vendor)
 Client personnel are not informed that the test is being run
Parallel simulation (reperformance test) – auditor re-processes some or all the clients live data (using auditor
software) and then compares the results with the clients files (the auditors system is used to process client data)
Generalized audit software packages (GASPs) – allows the auditor to have little technical knowledge of the
clients system (computerized environment)
Internal Control Communication

2 types of control deficiency – deficiency in design and deficiency in operation
Significant deficiency – adversely affects the fairness of the F/S
Previously communicated significant deficiencies and material weaknesses that have not been corrected should
be communicated again
It is mgmt’s responsibility to evaluate and address control deficiencies

35
Reporting on an entity’s internal control over financial reporting (not an audit, just hired to review internal
controls)
The CPA may report on mgmt’s assertion or may report directly on the effectiveness of the entity’s internal
control
Obtain from mgmt a written assertion about the effectiveness of the entity’s internal control. The assertion may
be presented in two ways:
1. a separate report that will accompany the accountants report
2. a representation letter to the accounts
When a material weakness exists, the CPA should express an opinion directly on the effectiveness of internal
control, and not on mgmt’s assertion
In a F/S audit, use of the report on the internal control is restricted, while
In a separate examination of internal control, use of the report is generally not restricted
SOX requirements related to internal controls

PCAOB standards require:
 Issuers report (within the annual report) on mgmt’s assessment of the effectiveness of the company’s
internal control over financial reporting, and
 Auditors attest to (audit) the accuracy of mgmt’s report
The auditors report must disclose material weaknesses in internal control, but is not required to disclose
significant deficiencies that are not material weakness (different than the attestation standards)
If an auditor conducts the audit (of a nonissuer) in accordance with both GAAS and PCAOB, the auditor may
indicate in the auditors report that the audit was conducted in accordance with both standards
Government Auditing
Auditors responsibilities
 Obtaining reasonable assurance that the F/S are free of material misstatements resulting from violations of
laws and regulations that have direct and material effect on the F/S
 Obtaining an understanding of the possible effects on F/S of laws and regulations
 Assessing whether mgmt has identified laws and regulations that have direct and material effect
 Communicating to mgmt and the audit committee that an audit in accordance with GAAP may not be
sufficient if, during the audit, the auditor becomes aware that the entity is subject to additional audit
requirements that may not be encompassed in the terms of the engagement
Attestation engagements performed in conformity with Generally Accepted Government Auditing Standards
(GAGAS) (the yellow book) incorporate the AICPA’s standards for examinations, reviews, and agreed upon
procedures by reference and include expanded requirements
Audit requirements for federal financial assistance

1. Expanded internal control documentation and testing requirements
2. Expanded reporting to include formal written reports on the consideration of internal control and the
assessment of control risk
3. Expanded reporting to include whether the federal financial assistance has been administered in
accordance with applicable laws and regulations (compliance requirements)
4. Application of single audit standards to federal financial assistance
5. Auditors provide a copy of their peer review to government audit clients
36
Mgmt is responsible for the entity’s compliance with laws and regulations
Mgmt has identified and disclosed in writing to the auditor all the laws and regulations that have a direct and
material effect on its F/S
Audit reports should be distributed to the appropriate officials of the entity requiring or arranging for the audit
(including external funding sources)
GAGAS requires a written report on the auditors understanding of internal control and the assessment of
control risk in all audits. This is different from GAAS, which requires written communication only when
significant deficiencies are noted
Single audits: OMB Circular A-133

The single audit act (OMB Circular A-133) requires entities that expend total federal assistance equal to or in
excess of $500,00 in a fiscal year to have an audit performed in accordance with the Act
 Programs classified as major are those that expend $300,000 or more in federal financial assistance, but
smaller programs may be deemed major is they are classified as high risk
 Materiality evaluation in a single audit includes a separate evaluation of materiality for each major program
selected
 Single audits - audits of an entire organization that include additional audit procedures on specific programs
and include a report on the F/S of the whole organization and audit reports on the specific programs
 program-specific audits - audits of specific programs and do not include reports on the F/S of the
organization taken as a whole
Auditor communication requirements increase in government settings. Auditors often have the responsibility of
reporting significant deficiencies to specific regulatory bodies or grantor agencies
A5-47 chart memorize
Communication with the Audit Committee

Audit committee – committee of the board of directors, composed of 3-5 members of the board who are outside
directors. Outside directors are not employees of the firm and do not have a material financial interest in the
firm
 main purpose is to enhance the internal control by creating a means of direct communication between the
committee and the auditors. An audit committee is considered to be part of the internal control structure
 SOX requires the audit committee to approve the engagement of an auditor, and oversee the services
 All material communications must be made to the audit committee before the auditors report is filed with
the SEC
 Communication may be oral or written. If its oral the auditor should document the conversation
 Do not communicate with the audit committee on how we (the auditor) plan to implement the audit
Management Representations
Obtained from mgmt at the conclusion of fieldwork and should address all F/S covered by the report even if
current mgmt was not present during all such periods
Purpose:
1. To confirm representations explicitly or implicitly given to auditor
2. To indicate and document the continuing appropriateness of such representations
3. To reduce the possibility of misunderstanding concerning matter that are the subject of the
representations
37
 Letter is mandatory to issue an unqualified opinion, otherwise issue disclaimer or withdraw

 Dated same as the audit report
 Signed by the CEO and CFO
 Representations may be limited to items that mgmt and the auditor agree are material
 The auditor should obtain additional representations from mgmt for special or specific situations. Changes
in the business that may impact the F/S (new acctg principle, impairment of an asset, inventory
obsolescence)
38

CPA Audit Notes PDF

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

CPA Audit Notes PDF

Diunggah oleh

Hak Cipta:

Format Tersedia

AUD - Notes Chapter 1

GAAS – TIP PIE ACDO

Reports on Audited F/S

GAAS in referenced to in the Scope paragraph

PCAOB Standards – for publicly traded companies

Chart on A1-17 memorize

Uncertainties – impairments, intangibles, lawsuits, warranties

Remember under GAAP

Pass key chart on A1-19 memorize

Going Concern – The auditor should perform the following procedures:

The explanatory paragraph occurs after opinion paragraph

Qualified “except for” Opinion for material GAAS problems

Disclaimer Opinion for significant GAAS problems

Changes to the report include

Reports on Comparative Statements

Report of a predecessor auditor – presented

Report of a predecessor auditor – not presented

Auditors responsibility for subsequent events – PRIME is included in yr end fieldwork

Auditors responsibility after the original date of the auditors report

Facts discovered after report is issued (the auditors missed it)

Reporting on Other Information

Segment information is required by GAAP

Selected financial data

An accountants report should include

Reporting on F/S prepared for use in other countries

Acceptance and continuance of clients and engagements

Independence, integrity and objectivity

Assurance regarding engagement performance

Other Engagements, Reports and Accounting Services

Compilation and Review of Financial Statements

An engagement letter is recommended but not required

Compiled F/S that omit GAAP disclosures are acceptable if:

An auditor is required to perform these in a Review:

Not required to communicate with predecessor auditor

Make inquires of internal personnel, not external people or entities.

Audit test work, including testing internal controls, is not performed

The accountants report in a review engagement should include:

Reporting on Comparative F/S

Reporting when one period is audited

Review of Interim Financial Information

Going concern is not required but may be appropriate

Going concern no modification if disclosed

Lack of Consistency no modification if disclosed

Letters for Underwriters

Comments in a comfort letter a limited to:

Provide positive assurance on:

Provide negative assurance on:

The following standards apply to services a CPA may offer:

SSAE does not apply to:

There are 11 attestation standards: TIPPY PE ACRS

Before accepting the client, inquiry the old CPA regarding:

Preliminary Engagement Activities

Management’s is responsible for:

Auditor is responsible for:

Planning the Audit

Obtain knowledge about the clients industry and business through:

Analytical Procedures used for:

Analytical procedures performed during planning

The audit plan

All misstatements must be communicated to mgmt

Misstatements are more likely to be considered if they:

The auditor should document:

Audit risk (AR) should be low