http://www.cpa-cfa.org
Audited F/S – The Basics
Company’s mgmt responsible to prepare the F/S
Auditors responsible to express an opinion on the F/S and on mgmt’s assertion on internal controls (if public)
The primary assertion is whether the statements are “presented fairly” in accordance with GAAP
Professional Standards
Generally Accepted Accounting Standards – GAAS
Generally Accepted Government Auditing Standards – GAGAS
The Public Company Accounting Oversight Board – PCAOB
- Public accounting firms must register with PCAOB in order to audit public companies
- Registered firms are subject to board inspection, disciplinary proceedings, and sanctions
1
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Statement that the audit was planned and performed to obtain reasonable assurance that the F/S are free
from material misstatement
Statement that the audit included examining evidence on a test basis; assessing the accounting principles
used and significant estimates made by mgmt; and evaluating the overall presentation
Statement that the audit provides a reasonable basis for an opinion
Opinion Paragraph
Statement referring to the F/S specifically identified in the introductory paragraph
An opinion as to the fair presentation of the F/S (ACDO)
Statement regarding conformity with U.S. GAAP (ACDO)
Firm Name
Report Date
The Report should be dated on or after the date on which appropriate audit evidence sufficient to support
the opinion has been obtained
Sample unqualified opinion – A1-14
Unqualified opinion – clean; F/S presented fairly in all material respects, doesn’t mean good investment
Modified Unqualified opinion – additional explanatory language
Qualified opinion – states “except for”; material GAAP or GASS problem
Adverse opinions – very material GAAP problems
Disclaimer of opinion – significant GAAS problem
If mgmt’s analysis is supported and properly reported or disclosed, the auditor issues and unqualified opinion
with no reference to the uncertainty in the report
Unqualified opinion: GAAP = ok; GAAS = ok
If the auditor is unable to obtain sufficient evidential matter involving an uncertainty and its presentation or
disclosure, the auditor should consider expressing a qualified (GAAS) opinion or to disclaim an opinion to
scope limitation.
Qualified or Disclaimer: GAAP = ?; GAAS = Problem
2
AUD - Notes Chapter 1
http://www.cpa-cfa.org
If the auditor concludes that the F/S are materially misstated due to a departure from GAAP related to
uncertainty, the auditor should express a qualified (GAAP) or adverse opinion. GAAP departures include
inadequate disclosures, use of inappropriate accounting principles, and use of unreasonable acctg estimates
Qualified of Adverse: GAAP = problem; GAAS = ok
Modified Unqualified opinion – still represents an unqualified opinion. The additional language (modified
wording or explanatory paragraph) used to highlight the certain circumstances
Modified wording
Division of responsibility; auditors opinion is based in part on the report of another
Explanatory paragraph
Justified departure from GAAP
Going concern
To emphasize a matter
Lack of consistency
Other;
- Required SEC regulation S-K quarterly financial data has been omitted or has not been reviewed
- Supplementary information required by GAAP has been omitted
- Other information (stuff in 10-K) is inconsistent with F/S
Division of Responsibility (reference in report) – The principal auditor decides to mention the work done by
other auditors, the report will express a division of responsibility. The principal auditor will mention this
division in all three paragraphs. The name of the other auditor is not mentioned unless the auditor gives express
permission and the report of the other auditor is presented. Make other CPA responsible by mentioning them in
the Intro, Scope, and Opinion paragraph.
Assumption of Responsibility (no reference to other CPA) – The principal auditor must assure on the other
auditors, reputation, independence, professional competency, program steps (RIPP). Visit the other auditor to
discuss audit procedures and review audit program, documentation, and evaluation of internal controls
performed by the other auditor
Justified departure from GAAP – The explanatory paragraph should contain a description of the departure, its
approximate effects (if possible) and the reasons why adherence to GAAP would make the F/S misleading
If, in the auditor’s judgement, the entity’s disclosures are inadequate, a departure from GAAP exists. This may
result in either a qualified or adverse opinion
Emphasis of a matter – auditor may wish to emphasis a particular matter but still express an unqualified
opinion. Emphasis when a company is a RECC
A related party transaction
Significant subsequent events
Entity is a component of a larger business
Items that affect the comparability (except changes in accounting principles)
An explanatory paragraph is not required
Lack of consistency (justified changes) ACDO – if a change is GAAP has occurred between accounting periods
and the effect is material, the auditor should add an explanatory paragraph to the unqualified report. The
explanatory paragraph comes after the opinion paragraph
When selecting the type of opinion because of a lack of consistency, determine is the change is justified
GAAP: Acceptable/Justified = Modified Unqualified
Not GAAP: Unacceptable/Unjustified = Qualified or Adverse
Qualified “except for” Opinion and Adverse Opinion for very material GAAP problems
1. Non GAAP unjustified/unacceptable change – Issue is consistency (ACDO); an explanatory paragraph
should appear before the opinion paragraph to describe the non-GAAP acctg change and the financial impact
2. Inadequate disclosure – when the auditor believes that the omitted items cause the F/S to be deceptive
3. Departure from GAAP
GAAP: Acceptable/Justified = Modified Unqualified
Not GAAP: Unacceptable/Unjustified = “except for” or Adverse
4. Unreasonable accounting estimates
4
AUD - Notes Chapter 1
http://www.cpa-cfa.org
When updating (changing prior) periods the explanatory should disclose the:
D – Date of the auditor’s previous report
O – Opinion type previously issued
R – Reason for prior opinion
C – Changes that have occurred
S – Statement “opinion…is different”
Only DORCS change their mind
Update or change opinion when now in conformity with GAAP (restate prior yr F/S)
Subsequent Events
Type I events – conditions on or before balance sheet date, accrue, looking backward
Requires a F/S adjustment
Type II events – conditions existing after the balance sheet date, disclose in footnotes, looking forward
May require footnote disclosure
Omitted audit procedures discovered after submission of the audit program (we forgot to do it)
Auditor should determine whether other audit procedures tended to compensate for the omitted procedures
Apply the omitted procedures (or alternative procedures)
When an auditor submits a document containing audited F/S to a client or others, the auditor has a
responsibility to report on all information in the document
The auditor must indicate in the report whether the accompanying information is fairly stated in all material
respects in relation to the basic F/S taken as a whole. The report should also describe the character of the
auditor examination and the degree of responsibility the auditor is assuming.
Condensed F/S
The Auditor must indicate:
That the auditor audited and expresses an opinion on the complete F/S
Date of the auditors report on the complete F/S
Type of opinion expressed
Whether the information in the condensed statements is fairly stated, in all material respects
7
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Quality Control Standards
The five interrelated elements of quality control are:
A – Acceptance and continuance of client’s engagement
I – Independence, integrity and objectivity
C – Continuous monitoring
P – Personnel management
A – Assurance regarding engagement performance
Continuous monitoring
What the title implies
Peer review
- One CPA firm reviews another CPA firms quality control system, occurs every 3 years for a CPA firm
that is a member of the AICPA.
- Purpose is to determine and report whether CPA firm being reviewed has developed adequate policies
and procedures for quality control and they are following them
- Upon completion, a report is issued with conclusions and recommendations
Personnel Management
Criteria for hiring, assignment of the firms personnel to engagements, professional development and
advancement
GAAS relate to the conduct of each individual engagement, whereas quality control relate to the conduct of all
professional activities of the firms practice as a whole
The quality control standards of a firm affect both the performance of each audit and the performance of the
audit practice as a whole
Deficiencies in a firm’s quality control do not necessarily mean/indicate a lack of GAAS compliance.
8
AUD - Notes Chapter 1
http://www.cpa-cfa.org
2. Specific elements, accounts or items of a F/S – The auditor expresses an opinion on each of the specified
elements, if the element is far-reaching or pervasive (NI, STK EQ, or any item based thereon) the auditor must
audit the complete set of financial statements.
A piecemeal opinion may be expressed if the items do not constitute a major portion of the F/S. A piecemeal
opinion cannot be issued if the auditor has expressed a disclaimer or adverse opinion.
3. Issue special report on a clients compliance with contractual agreements or regulatory requirements
Auditor must have audited the F/S and may only issue negative assurance. Cannot be issued if the auditor has
expressed a disclaimer or adverse opinion. Limitedly distributed
4. Special purpose financial presentations to comply with contractual agreements or regulatory provisions
5. Financial information presented in prescribed forms or schedules – the auditor may attest to the fairness on
financial information presented in prescribed forms such as loan applications or regulatory filings.
The auditor may make modifications to an unqualified special report by adding an explanatory paragraph after
the opinion paragraph
Compilation engagement – No assurance or opinion. CPA does not perform any audit or review procedures.
A Review – Limited (negative) assurance. CPA performs inquiry and analytical procedures
When a CPA performs more than one service (such as complication and an audit) the CPA should issue a report
that is appropriate for the highest level of service rendered.
Statements on Standards for Accounting and Review Services – pronouncements issued by the accounting and
review services committee of the AICPA
A compilation engagement may involve compiling and reporting on only one financial statement
The compilation engagement report should include: ALARD
A – Statement that a compilation has been performed in accordance with SSARS issued by the AICPA
L – Statement that a compilation is limited to presenting, in the form of F/S, information that is the
representation of mgmt
A – Statement that the accountant has not audited the F/S
R – Statement that the accountant has not reviewed the F/S
D – Disclaimer of opinion and a statement that the accountant gives no assurance on the F/S
You’re A LARD when all you do is compile F/S
Compilation with limited disclosures are labeled “Selected Information – Substantially All Disclosures
Required By GAAP Are Not Included”
9
AUD - Notes Chapter 1
http://www.cpa-cfa.org
An opinion, even qualified or adverse, requires and audit. When an accountant performing a compilation or
review becomes aware of a GAAP departure, the report should be modified or the CPA with withdraw from the
engagement. An opinion would not be expressed
An accountant who submits unaudited F/S to the client that are not expected to be used by a third party may use
an engagement letter rather than a compilation report
Review of F/S – a higher level of service than compilation because it results in an expression of limited
assurance. Reviews include inquiry and analytical procedures. However, no required to obtain an understanding
of internal control or assess control risk
The objective of a review of financial information is to determine whether material modifications are necessary
for the information to be in conformity with GAAP.
Client representation letter from mgmt is required which covers all F/S’s and periods covered by the review
report
Downgrade in service (last yr we reviewed, this yr we compile). Issue a compilation report and add a paragraph
to describe prior period responsibility assumed. Or issue both a review report and compilation report
10
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Whenever prior accountants are asked to reissue a prior report (audit, review or compilation) they should reas
the new F/S and obtain a representation letter from the new accountant
Likely misstatement – best estimate of the total misstatement in an account balance or class of transactions. The
accountant should:
Accumulate all such estimates for further evaluation
Consider that the aggregated effect of several immaterial misstatements
Evaluate potential effect on current and future periods
A review of interim F/S of a public company is conducted in accordance with AICPA auditing standards not
SSARS
Should modify their report if, during the review, they become aware of a departure from GAAP
When a comfort letter is issued, the CPA is required to perform a review of interim financial information in
accordance with auditing standards
To obtain a comfort letter, parties other than the names underwriter must provide the CPA with an attorney’s
opinion or representation letter, confirming that such a party has a “due diligence defense”
A comfort letter is solely to assist the underwriters in conducting and documenting their investigation of the
company in connection with the offering
11
AUD - Notes Chapter 1
http://www.cpa-cfa.org
CPA’s independence
Compliance of the F/S with the SEC Act, assuming the F/S are audited
Attest Engagements
Attest engagements – CPA is engaged to issue or does issue an examination, a review, or an agreed-upon
procedures report on subject matter, or an assertion that is the responsibility of another party (usually mgmt).
Major attest services:
Agreed-upon procedures
Financial forecasts and projections
Pro forma F/S
Internal control over financial reporting
Agreed-upon procedures – CPA is engaged to issue a report of findings based on specific agreed upon
procedures (example is mutual fund performance). Agreed upon procedures may be performed is the following
conditions exist:
I – Independence of the practitioner
A – Agreement of the parties
M – Measurability and consistency
12
AUD - Notes Chapter 1
http://www.cpa-cfa.org
S – Sufficiency of the procedures
U – Use of the report is restricted to the specified parties
R – Responsibility for the subject matter rests with the client
E – Engagements to perform agreed upon procedures on prospective financial statements
I AM SURE you can perform these agreed upon procedures
Financial forecasts – the expected financial results of a future period, based on expected conditions (i.e.
budget)
Financial projection – financial results based on a “what if” scenario, based on hypothetical assumptions
Forecasts and projections are two types of prospective F/S. Pro forma F/S are different, because it shows what
past financial results of an expired period would have been if something had been different.
Only a financial forecast is appropriate for general use. While both, forecasts and projections are appropriate
for limited use.
Compilation of prospective F/S – the proper assembling of financial data based on the party’s assumptions
No assurance of any kind given
The practitioner is not required to gather supporting evidence
Significant assumptions must be disclosed otherwise cannot issue compilation
13
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Planning and Supervision
TIP PIE ACDO
The audit committee is responsible for the selection and the appointment of the auditor and the reviewing the
nature and scope of the engagement
In a new client relationship, it is mandatory to make inquiries of the predecessor auditor. Client permission is
needed. If the client is unwilling it is a scope limitation.
An engagement letter – a signed contract which documents the understanding with the client is required for an
audit engagement (should be signed and dated by the client)
An audit is not designed to detect error or fraud that is immaterial to the F/S
An audit is not designed to provide assurance on internal control or to identify significant deficiencies
Audit is subject to inherent risks that errors and fraud will not be detected. If we discover fraud then we report
it to the audit committee
The auditor is required to obtain an understanding of the entity, its environment and internal controls
Materiality
Known misstatements – specific misstatements identified during the audit
Likely misstatements – misstatements the auditor considers likely to exist due to differences between auditor
and mgmt judgements or from audit evidence
Tolerable misstatements – maximum error in a specific population that the auditor is willing to accept
Because the F/S are interrelated, the auditor should use the smallest level of misstatement that could be material
to any one of the F/S
The auditor must consider the effects, both individually and in aggregate, of the uncorrected misstatements
(both known and likely)
Audit Risk
Audit risk is the risk that the auditor may unknowingly fail to modify appropriately the opinion on the F/S that
are materially misstated (risk that the auditor will give the wrong opinion)
AR = RMM * DR
AR = (IR * CR) * DR
RMM and DR have inverse relationship. When risk of material misstatement is high, detection risk should be
set low (so we have to do more work)
Direct relationship between RMM and assurance required from Substantive procedures. Greater the risk
(RMM) the more persuasive evidence needed.
Audit risk and materiality must be considered at both the F/S level and the account balance (item level)
At the F/S level, the auditor should consider risks that have pervasive effect on the F/S, potentially affecting
many relevant assertions
The account balance level (transaction & item level) is used to determine the nature, extent, and timing of
audit procedures. Inverse relationship between audit risk and materiality
Audit Procedures:
1. Risk assessment procedures
2. Test of controls – test of internal controls (CRIME)
3. Substantive procedures – tests $ balances
Account balances
C – Completeness
A – Allocation and valuation
R – Rights and obligations
E – Existence
After sufficient planning information has been gathered, an audit plan should be drafted. A written audit plan is
required for every audit.
When planning the audit, the auditor should consider the extent of involvement of the client’s internal auditors
in the audit. Internal auditors are not independent, thus, the external auditor can’t share with the internal auditor
any responsibility for audit decisions.
Auditor must obtain an understanding of the internal audit function
If the auditor uses the work of internal audit, competence and objectivity must be assessed
The higher the level the internal auditors report to, the more objectivity can be assumed
The auditor remains solely responsible for the report on the F/S. The internal auditor may not be utilized to
make judgement calls
If a specialist is used must evaluate the competence and objectivity of the specialist. Treat like one of your staff.
Its mgmt’s responsibility to design and implement programs and controls to prevent and detect fraud
The auditor has a responsibility to plan and perform (referred to as design) the audit to obtain reasonable
assurance about whether the F/S are free from material misstatement, whether caused by error or fraud.
Consider the results of analytical procedures (required during the planning and final stage)
17
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Attributes of risk:
Type of risk: fraudulent F/S or misappropriation of assets
Significance of risk: can it lead to a material misstatement
Likelihood of the risk: how likely is this to happen
Pervasiveness of the risk: does it affect the whole F/S or only specific accounts or transactions
2 Areas of greatest fraud concern:
1. Improper revenue recognition
2. Mgmt override controls
The auditor is required to respond to the results of the risk assessment on three levels
1. Overall, general response
- assigning personnel to the engagement
- determining the appropriate level of supervision of engagement personnel
- evaluating mgmt’s selection and application of accounting principles
2. Response encompassing specific audit procedures
- change nature
- change extent
- change timing
3. Response addressing risks related to mgmt override
- examine journal entries and other adjustments
- review accounting estimates for biases
- evaluate the business purpose for significant unusual transactions
Revenue recognition
- perform substantive analytical procedures relating to revenue
- confirm with customers contract terms and the absence of side agreements
Revenue recognition criteria
1. must have an arrangement (signed agreement)
2. must be a delivery
3. must be fixed or determinable price
4. collectability
Inventory quantities
- concern that there may be a failure to reconcile books to physical inventory
Mgmt estimates
- engage a specialist
- develop an independent estimate
- perform a retrospective review of prior period estimates (how good were last yr’s estimates)
Misstatements caused by fraud (even immaterial misstatements) may be indicative of an underlying problem
with mgmt integrity. The auditor may need to reevaluate the assessment of fraud risk, the assessed effectiveness
of controls, and the appropriateness of audit procedures applied.
Inform the audit committee of any fraud. Parties outside the entity that we may communicate with in certain
circumstances:
18
AUD - Notes Chapter 1
http://www.cpa-cfa.org
- to comply with certain legal and regulatory requirements
- to a successor auditor
- in response to a subpoena
- to a funding agency
If the auditor has not identified improper revenue recognition as fraud risk, support for this conclusion
Illegal acts – violation of law
The auditors responsibility to detect illegal acts are the same for fraud and errors.
The auditor has no obligation to look for illegal acts having an indirect effect on the F/S
The auditor generally does not include procedures to specifically detect illegal acts
Risk Assessment
TIP PIE ACDO (fieldwork)
Documentation requirements
Discussion among the audit team
Key elements of the understanding of the entity and its environment
The assessment of the risks of material misstatement
The identified risks and related controls evaluated by the auditor
Document
1. control factors that were used/helped to plan the audit engagement
2. control factors that helped ensure mgmt rules and directives were followed
Forms of documentation may include any item the auditor can FIND
F – Flowchart
I – Internal control questionnaire or checklists
N – Narrative
D – Decision table
Flowcharts – symbolic diagram representing the sequential flow of authority, processes and documents. Depicts
the auditors understanding of the system
An adequate flowchart shows the origin of each document in the system, its subsequent processing, and its
final disposition
IT flowcharts are initially created to document the logic and existing flow of a computer program
Decision tables or trees – graphic illustrations that depict the logic of an operation or a process
Internal Control
TIP PIE ACDO
Entity objectives
1. Reliability of financial reporting (most relevant to the audit)
2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations
20
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Controls that pertain to the first objective (reliability of financial reporting) are the most relevant to the audit,
and these are the controls that the auditor must consider and understand.
IT system may make it impossible to reduce detection risk through substantive testing alone (must do control
testing as well)
IT benefits:
Ability to process large volumes of transactions accurately
Improved timeliness and availability of information
Facilitation of data analysis and performance monitoring
Reduction is the risk that controls will be circumvented
Enhanced segregation of duties through effective security controls
IT Risks:
Potential reliance on inaccurate systems
Unauthorized access to data
Unauthorized changes to data, systems and programs
Failure to make required changes and updates to systems or programs
Auditor should document use of programs and perform tests more often during the yr
21
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Anyone doing for an 1 job or supervising another area is a weakness
CRIME
C – Control Environment – has pervasive effect on the auditors risk of assessment and preliminary judgements
about its effectiveness may influence NET of further audit procedures to be performed
Sets the tone of an organization, influencing the control consciousness of its people
Communication and enforcement of integrity and ethical values
Mgmt’s philosophy and operating style
Organizational structure
Assignment of authority, responsibility and accountability
Human resource policies and practices
R – Risk assessment
CPA should obtain understanding and knowledge
M – Monitoring
CPA should obtain understanding and knowledge
Process that assesses the quality of internal control performance over time
Establishing and maintaining internal control is a responsibility of mgmt
The internal control environment should be detected in the ordinary course of business by an employee, not
- Collusion
- Mgmt overrides
Report on controls placed in operation – may aid the auditor in obtaining an understanding of controls,
however, it is provided when tests of operating effectiveness were not performed, and therefore it does not
provide the user with a basis for reducing the assessment of control risk
Audit approach – the auditors specific approach to identified risks at the relevant assertion level may consist of
either a substantive or combined approach
Combined approach – both control testing and substantive procedures are used. If controls are operating
effectively, less assurance will be required from substantive procedures.
Test of controls may be required in highly electronic environments, substantive procedures alone may not be
sufficient
Audit approach
Status of internal control Risk level Perform control tests Perform substantive tests
None or weak high No (because nothing to rely on) yes-maximum
Some medium Yes
Strong low Yes minimal (but never
eliminate for material
balances, transaction classes, or disclosures)
Obtaining an understanding of internal controls includes evaluating the design of controls and determining
whether they have been implemented
Only controls that are suitably designed to prevent or detect material misstatements are subject to tests of
operating effectiveness
Evidence hierarchy:
1. Personal observation and knowledge
2. External evidence
23
AUD - Notes Chapter 1
http://www.cpa-cfa.org
3. Internal evidence
4. Oral evidence
Directional testing
To test existence or occurrence assertion – Top down, start from F/S. Look for support = vouching
Test existence for overstatement of assets and revenues
To test completeness assertion – Bottom up, start from item, look to see its included/covered in F/S = tracing
Test completeness for understatement of liabilities and expenses
If substantive procedures are performed at an interim date, the auditor should perform further substantive
procedures (maybe with test of controls) to provide reasonable basis for extending audit conclusions to period
end
If risk of material misstatement is low, performing substantive procedures at interim increases the risk that the
auditor will not detect material misstatements in the F/S
In certain situations, such as those in which there is an identified fraud risk, the auditor may choose to perform
substantive procedures at or near period end.
24
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Transaction Cycles
TIP PIE ACDO – whole chapter 4
Accounts receivable
1. Sales
2. Collection of cash receipts
3. Uncollectible receivables – an aging schedule is prepared and sent to the credit department for use in
carrying out its collection program. Auditor observes the preparation of aging schedule to support
assessing control risk below maximum
4. Sales returns – a serially numbered receiving report may be used as a sales return slip. Once the return
is approved, the related receivable is eliminated
Cash receipts
1. Collection – incoming mail must be opened by a person who does not have access to the A/R ledger.
One receipt copy should be sent to cashier (or treasury) for bank deposit. Another copy sent to A/R dept.
for entry into the A/R subsidiary ledger. A third copy should be sent to acctg dept. for entry into the
general ledger
Expenditure cycle
Purchases
1. Purchase requisition – the dept. needing an asset or services sends an approved serially numbered
requisition to the purchasing dept
2. Purchase orders – obtain competitive bids from various suppliers to make sure that the best price is
obtained. Use prenumbered purchase orders
3. Receipt of goods or services- it is preferable that the copy not indicate the quantity ordered (blind copy),
thus the receiving dept is forced to count the goods upon arrival
25
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Accounts payable
1. record the payable
2. approve the bill – when the invoice arrives, the accounting department approves it by matching the
invoice, purchase order, receiving report, and (sometimes) the requisition
Cash disbursements
1. best for internal controls to pay invoices by check
2. best for internal control to segregate approving payment and writing checks
3. Treasurer pays the bills
The auditor should review bills in January to determine is they were incurred in Nov or Dec (search for
unrecorded liabilities.
Lapping – theft of cash is often concealed by failing to account for cash receipts (today’s cash receipts cover
yesterday’s theft)
Best way to guard against lapping is to use a lock box system. Inspect checks when deposited/cashed and
compare to when accts receivable was booked
Kiting – when a check drawn on one bank is deposited in another bank and no record is made (cash is recorded
in 2 places at once (Dec 31))
A bank transfer schedule compares the dates checks are drawn to the dates checks are deposited
A standard bank confirmation should be sent to all banks that the client has done business with during the year,
regardless of whether there is a year end balance to confirm.
Potential misstatements
Recording fictitious sales (existence assertion)
Holding open the sales journal to include next year’s sales (improper cutoff)
Shipping unordered goods near year end which can be returned (bill and hold)
Failure to record payments
Sales adjustments may be used to conceal thefts of cash collections
26
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Audit Documentation
Audit documentation (workpapers) belong to the CPA (not the clients acctg records) and are meant to support
the auditors opinion and record audit procedures performed and evidence obtained
Report release date – date on which the auditor grants the client permission to use the report (usually date
report is delivered to the client)
For private companies, auditing standards require audit documentation be completed 60 days from report
release date and held for 5 years from that date
For private companies, the PCAOB requires audit documentation be completed 45 days from report release
date and held for 7 years from that date
The specific quantity, type and content of audit documentation are based on the auditors judgement
Permanent (continuous) file – audit documentation that has continuing interest from year to year
- contracts, pension plans, leases, stock options, bylaws
Current file – all audit documentation applicable to the year under the audit
Audit documentation should include significant audit findings, actions taken, and conclusions reached, such as:
Selection and application of accounting principles
Possible material misstatements
Need to revise the auditors previous risk assessment
Significant difficulty in applying necessary audit procedures
Modification to the auditors standard report
You can provide audit documentation to another party without the clients permission:
If it’s subpoenaed in court
To your defense team: lawyers, insurance company, expert witnesses
AICPA for an investigation or quality review
Audit Evidence
Audit evidence – all the information an auditor uses to arrive at the opinion
The auditor should have access to all pertinent accounting data and corroborating evidential matter (otherwise
it’s a scope limit)
27
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Electronic evidence – consider the time during which information exists or is available in determining the
nature, extent and timing of audit procedures.
The third standard of fieldwork – “The auditor must obtain sufficient appropriate evidence by performing audit
procedures to afford a reasonable basis for an opinion regarding the F/S under audit”
Evidential matter must persuade the auditor that the ending balance in the F/S are fairly presented (persuasive
rather than conclusive)
Cost/benefit relationship may be a valid reason for performing only certain procedures, cost alone or difficulty
in obtaining evidence is not a valid basis for omitting a procedure
The evaluation of evidential matter must take into consideration the achievement of audit objectives
Substantive procedures are performed to evaluate mgmt’s assertions which help detect material misstatement
Analytical Procedures
Comparison of financial data – review current and prior year’s F/S and the current years budget, industry
norms, and nonfinancial information
Most effective and efficient for assertions in which potential misstatements are not apparent from detailed
evidence or is not available
Analytical procedures for planning phase and final review phase are required. However analytical procedures
used as substantive tests are not required.
Documentation requirements, expectation, factors, results, additional audit procedures performed and results of
those procedures
Investigate significant differences (if found): make inquires of mgmt, in necessary expand audit procedures or
alternative substantive procedures. Differences do not necessarily indicate errors or fraud, but simply indicate
the need for further investigation
Analytical procedures are applied during the overall review stage of an audit to evaluate the overall F/S
presentation and assess the conclusions reached
Test of Details
Directional testing refers to testing either forward or backward
If a test starts with items in the accounting records, the proper assertion is most likely existence
28
AUD - Notes Chapter 1
http://www.cpa-cfa.org
If a test starts with source documents, it is most likely related to the completeness assertion
Other procedures
Cut-off testing
Test related account simultaneously
Requesting a comprehensive mgmt representation letter
Reading pertinent information
The client counts the inventory and the auditor simply observes and test counts certain items
Related accounts – inventories, purchases, sales, sales returns and allowances, and COGS
The auditor should examine purchase invoices and receiving report around yr end for cut-off testing
The auditor should examine sales invoices and compare them to shipping documents around yr end for cut-off
Determine whether inventory adhere to lower of cost or market principles and whether inventory is pledged or
subject to liens
Examine vendor invoices, direct labor rates and test the computation of overhead rates
Negative confirmations – recipient is asked to respond only if the amount stated in incorrect
Not as good as positive confirmation
29
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Use when there is low risk, small balances, belief that the receipt would respond if there was a discrepancy
PPE
Acquisition – a special requisition form is needed. Acquisitions are ties to the capital budget and the board
of directors should also have to approve the acquisition.
Subsidiary ledgers – detailed information on each asset is kept in the subsidiary ledger
Physical security
Written policies – on depreciation and capitalization
Disposition – retirement of assets should be documented and sequentially numbered
Audit procedures
Vouch additions
Review retirements and recalculate any gains/losses
Review repair and maintenance accounts in order to locate items that should have been capitalized
Be alert for lien’s on assets (borrowed)
- Companies cannot/do not insure fixed assests they do not have
- Companies do not pay real estate taxes on property they don’t own
- Tour plant and inquire
Liabilities
Notes payable – examine the note, comparing terms and amounts to board approval. Interest expense should
be independently computed
Long term debt – ensure that interest expense is properly reported, valuation is fairly reported, all debt has
been recorded. Compare interest expense with the bond payable amount for reasonableness
Contingencies – look at guarantees, purchase commitments, leases, tax returns, clients legal counsel
Owners Equity
Treasury stock – auditor should examine all shares of treasury stock and reconcile the number of TS shares.
Compare to authorization in the minutes of the board meeting
Stock transactions – vouch to supporting documentation
All issues relating to stock, dividends, and TS must be authorized by the board of directors
If the client uses a stock transfer agent, use third party confirmations
If the client doesn’t use a stock transfer agent, check the stock certificate book
Consider whether any appropriations of retained earnings are necessary (due to loan covenants). The auditor
focuses on evaluating the presentation and disclosure of the F/S (mgmt assertions = classification &
understandability)
Accounting Estimates
Assess mgmt’s written policies and practices of acctg estimates
Verify that all material estimates have been developed
Determine that the accounting estimates are reasonable
Ensure that the accounting estimates are properly presented and disclosed in conformity with GAAP
Test for reasonableness
Are they using the same methods
Past track record of estimates is good
Justify any changes in approach
Litigation
Mgmt is the primary source of information regarding litigation. An external inquiry of the entity’s attorney
is simply a means to corroborate information provided by mgmt. R
Review minutes, invoices from lawyers, and IRS correspondence
Its mgmt’s responsibility to identify and account for litigation, claims
Letter inquiry to clients attorneys should be signed by the client but sent to the lawyer by the auditor
31
AUD - Notes Chapter 1
http://www.cpa-cfa.org
The lawyers response to the letter should include a professional opinion on the expected outcome of any
lawsuit and the likely outcome of any liability, including court costs
32
AUD - Notes Chapter 1
http://www.cpa-cfa.org
Audit Sampling (statistic sampling)
Sampling risk – reach the wrong conclusion based on the sample
Although statistical sampling aids the auditor in quantitative ways, it is not a substitute for professional
judgement. Professional judgement is still needed/required to set parameters and evaluate the results.
Audit risk – risk of getting the opinion wrong due to uncertainty in applying audit procedures (sampling and
other)
Risk of assessing control risk too low – risk that the assessed level of control risk based on the sample is less
than the true risk based on the actual operating effectiveness of the control (i.e. sample results indicate a lower
deviation rate than actually exists in the population)
Risk of assessing control risk too high – risk that the assessed level of control risk based on the sample is
greater than the true risk based on the actual operating effectiveness of the control. sample results indicate a
greater deviation rate than actually exists in the population
There are two sorts of mistakes an auditor can make with sampling:
1. The auditor may fail to identify an existing problem (incorrect acceptance and assessing control risk too low)
2. The auditor may falsely identify a problem where none exist (incorrect rejection and assessing control risk
too high)
The risk of incorrect acceptance and the risk of assessing control risk too low relate to the effectiveness of an
audit in (possibly not) detecting an existing material misstatement. Auditors usually accept a risk of 5% (or
10%). Inverse to the risk is the confidence level (also called reliability). The auditor is 95% confident that the
sample is representative of the population.
The risk of incorrect rejection and the risk of assessing control risk too high relate to the efficiency of the audit
(the auditor does more audit work than is necessary)
Attribute Sampling
Planning considerations
Relationship between the sample to the objective of the test of controls
Tolerable deviation rate – maximum rate of deviation from a prescribed procedure the auditor will tolerate
without modifying planned reliance (or changing control risk assessment) on internal control. Rate set by
the auditor
Auditors allowable risk of assessing control risk too low
Characteristics of the population
Deviation rate – auditors best estimate of the deviation rate in the population from which the sample was
selected. There is a direct relationship to sample size: the fewer the deviations expected, the smaller the sample
size would be needed.
Population of 1000 and sample 100 items and 7 deviations identified within the sample
7% sample deviation rate
Estimate 70 deviations in the population (7% sample deviation rate)
33
AUD - Notes Chapter 1
http://www.cpa-cfa.org
If the estimated deviation rate for the entire population is less than the tolerable rate for the population, the
auditor should consider the risk that such a result might be obtained even though the true deviation rate for the
population exceeds the tolerable rate for the population. For example assume the tolerable rate for a population
is 5% and the sample consists of 60 items:
If no deviations are found in the sample of 60, the auditor may conclude that there is an acceptably low
sampling risk that the true deviation rate in the population exceeds the tolerable rate of 5% (this is because
the sample deviation rate is much less than the tolerable rate)
If the sample includes two or more deviations (2 in 60 = 3.33%), the auditor may conclude that there is an
unacceptably high sampling risk that the rate of deviations in the population exceeds the tolerable rate of
5% (this is because the sample deviation rate is close to the tolerable rate)
The auditor applies professional judgement in making such evaluations
Sample deviation rate + allowance for sampling risk = Upper deviation rate
Allowance for sampling risk = what we found in the sample isn’t representative of the population
If the upper deviation rate is less than or equal to the auditors tolerable deviation rate, the auditor may rely on
the control (assuming results of other audit tests do not contradict such results)
If the upper deviation rate exceeds the auditors tolerable deviation rate, the auditor would not rely on the
control. Instead the auditor would either:
Select and test compliance with some other internal accounting control, or
Modify the nature, extent, or timing of related substantive tests to reflect the reduced reliance
The auditor projects the misstatements found in the sample to the population using one of several methods
(MPU, ratio, difference, etc). The projected misstatement is applied to the recorded balance to obtain a “point
estimate” of the true balance.
The auditor must then add an allowance for the sampling risk (sometimes called a precision interval) to this
estimate
34
AUD - Notes Chapter 1
http://www.cpa-cfa.org
In deciding whether to accept the clients book value, the auditor determines whether the recorded book value
falls within the acceptable range (i.e. point estimate +/- the allowance for sampling risk). If so, the book value
is fairly stated
Advantages
Emphasizes larger items by stratifying the sample. The chance of an item being selected is proportionate to
its dollar amount
If no errors are expected, PPS sampling generally requires a smaller sample than other methods
Disadvantages
Items with zero, negative or understated balances require special design considerations
Tolerable misstatement - the maximum dollar error that may exist in the account without causing the F/S to be
materially misstated
Reliability factors correspond to the risk of incorrect acceptance and are generally obtained from a table
Integrated test facility (ITF) – similar to test data approach except that the test data is commingled with live
data (the clients system is used to process the auditors data, on-line)
Test data must be separated from the live data before the reports are created. This is usually accomplished
by processing the test data to dummy accounts (fictitious customer, branch, vendor)
Client personnel are not informed that the test is being run
Parallel simulation (reperformance test) – auditor re-processes some or all the clients live data (using auditor
software) and then compares the results with the clients files (the auditors system is used to process client data)
Generalized audit software packages (GASPs) – allows the auditor to have little technical knowledge of the
clients system (computerized environment)
Previously communicated significant deficiencies and material weaknesses that have not been corrected should
be communicated again
The CPA may report on mgmt’s assertion or may report directly on the effectiveness of the entity’s internal
control
Obtain from mgmt a written assertion about the effectiveness of the entity’s internal control. The assertion may
be presented in two ways:
1. a separate report that will accompany the accountants report
2. a representation letter to the accounts
When a material weakness exists, the CPA should express an opinion directly on the effectiveness of internal
control, and not on mgmt’s assertion
In a F/S audit, use of the report on the internal control is restricted, while
In a separate examination of internal control, use of the report is generally not restricted
The auditors report must disclose material weaknesses in internal control, but is not required to disclose
significant deficiencies that are not material weakness (different than the attestation standards)
If an auditor conducts the audit (of a nonissuer) in accordance with both GAAS and PCAOB, the auditor may
indicate in the auditors report that the audit was conducted in accordance with both standards
Government Auditing
Auditors responsibilities
Obtaining reasonable assurance that the F/S are free of material misstatements resulting from violations of
laws and regulations that have direct and material effect on the F/S
Obtaining an understanding of the possible effects on F/S of laws and regulations
Assessing whether mgmt has identified laws and regulations that have direct and material effect
Communicating to mgmt and the audit committee that an audit in accordance with GAAP may not be
sufficient if, during the audit, the auditor becomes aware that the entity is subject to additional audit
requirements that may not be encompassed in the terms of the engagement
Attestation engagements performed in conformity with Generally Accepted Government Auditing Standards
(GAGAS) (the yellow book) incorporate the AICPA’s standards for examinations, reviews, and agreed upon
procedures by reference and include expanded requirements
Mgmt is responsible for the entity’s compliance with laws and regulations
Mgmt has identified and disclosed in writing to the auditor all the laws and regulations that have a direct and
material effect on its F/S
Audit reports should be distributed to the appropriate officials of the entity requiring or arranging for the audit
(including external funding sources)
GAGAS requires a written report on the auditors understanding of internal control and the assessment of
control risk in all audits. This is different from GAAS, which requires written communication only when
significant deficiencies are noted
Auditor communication requirements increase in government settings. Auditors often have the responsibility of
reporting significant deficiencies to specific regulatory bodies or grantor agencies
Management Representations
Obtained from mgmt at the conclusion of fieldwork and should address all F/S covered by the report even if
current mgmt was not present during all such periods
Purpose:
1. To confirm representations explicitly or implicitly given to auditor
2. To indicate and document the continuing appropriateness of such representations
3. To reduce the possibility of misunderstanding concerning matter that are the subject of the
representations
37
AUD - Notes Chapter 1
http://www.cpa-cfa.org
38