Accounting 493/593
Review of Introduction to Auditing
Lynn Kingston, CPA
Adjunct Faculty
Portland State University
Accounting 493/593
Definition of Auditing
Auditing is a systematic process of
1) obtaining and evaluating evidence regarding assertions about economic actions and events
2) ascertaining the degree of correspondence between assertions and established criteria
3) Communicating the results to interested users
Accounting 493/593
Audit Evidence
“Audit evidence is all the information used by the auditor in arriving at the conclusions on which the audit opinion is based.”
Accounting 493/593
Why are assertions important?
Accounting 493/593
Overview of Three Classes of Assertions
Class of Transactions
Account BalancesPresentation &
Disclosure
Occurrence Existence Occurrence/Rights
Completeness Completeness Completeness
Cutoff
Accuracy Valuation/Allocation Accuracy/Valuation
ClassificationClassification/
Understandability
Rights/Obligations
Accounting 493/593
Being Alert for Misstatements
● Misstatements can result from either errors or fraud and may consist of any misstatement of an assertion
● What is the difference between known misstatements and likely misstatements?
● What is the auditor’s responsibility for immaterial misstatements?
● What is the auditor’s responsibility to communicate misstatements to management?
Accounting 493/593
Understanding the Entity and Its Environment
Accounting 493/593
Goal: Assessing the Risk of Material Misstatement
1. Develop a knowledgeable perspective about the entity
2. Relate risks to what can go wrong and the F/S level of assertion level
3. Consider the magnitude of risks that could result (Material?)
4. Consider the likelihood of risks that could result
Accounting 493/593
Inherent Risk at the Financial Statement Level(Pervasive Risks)
● Examples:
– Management turnover, reputation, or accounting skills
– Liquidity and going concern problems
– Pressure to meet debt covenants
– Changing industry conditions, etc.
● Responses
– Increased knowledge, skill, and ability of personnel assigned significant engagement responsibilities
– Involvement of a specialist
– Appropriate level of supervision of assistants
Accounting 493/593
Inherent Risk at the Assertion Level
● Examples:
– Difficult to audit accounts or transactions
– Contentious or difficult accounting issues
– Susceptibility to misappropriation
– Complexity of calculations
– Significant volume of transactions
● Responses
– Choices about nature, timing and extent of substantive tests depends on internal controls
Accounting 493/593
Fraud Defined
● Acts Resulting in Material Misstatements
– Intentional or Unintentional
● 2 Types of Misstatements Relevant to Fraud
– Fraudulent Financial Reporting
– Misappropriation of Assets
Accounting 493/593
The Fraud Triangle
Accounting 493/593
Significant risks that require special audit consideration
● Significant risks are often derived from business risks that may result in a material misstatement.
– Whether the risk is a risk of fraud
– Whether the risk is related to recent significant economic, accounting, or other developments and, therefore, requires specific attention
– The complexity of transactions
– Whether the risk involves significant transactions with related parties
– The degree of subjectivity in measurement
– Whether the risk involves significant nonroutine transactions
Accounting 493/593
Significant risks
● Understand whether the entity has developed internal controls
● Communicate significant deficiency or material weakness
● Analytical procedures should not be the primary substantive test
Accounting 493/593
Internal Control
● The auditor should obtain an understanding of the five components of internal control
● The auditor should obtain a sufficient understanding by performing risk assessment procedures to evaluate the design of controls relevant to an audit of financial statements and to determine whether they have been implemented
Accounting 493/593
Internal Control
● The auditor should know enough to:
– Identify types of potential misstatements.
– Consider factors that affect the risks of material misstatement.
– Design tests of controls, when applicable, and substantive procedures.
Accounting 493/593
Components of Internal Control
● Control Environment
● Risk Assessment
● Information and Communication
● Monitoring
● Control Activities
Understand in Every Audit
Depth of UnderstandingDepends on Audit strategy
Accounting 493/593
Control Environment
Tone at the top that influences control consciousness
● Integrity and Ethical Values
● Commitment to Competence
● Board of Directors and Audit Committee
● Management’s Philosophy and Operating Style
● Organizational Structure
● Assignment of Authority and Responsibility
● Human Resource Policies and Practices
Accounting 493/593
Risk Assessment Process
Accounting 493/593
Information and Communication
● Information– Transactions
– Audit Trail or Transaction Trail
– Documents
– Records
● Communication
Accounting 493/593
Authorize
Execute
Record
Consideration
Risk of Misstatement
Risk when you change the contentof information about at transaction or you change the form of information
Report
Risk of Misstatement
Information and Communication
Accounting 493/593
Monitoring
● Ongoing monitoring programs
● Separate evaluations
● Element of reporting deficiencies to the management / governance
Accounting 493/593
Control Activities
● Authorization
● Segregation of Duties
● Information Processing Controls
– Computer General Controls
– Computer Application Controls
– Controls over the Financial Reporting Process
● Physical Controls
● Performance Reviews
● Controls over Mgmt. Discretion in Financial Reporting
Accounting 493/593
Segregation of Duties
Accounting 493/593
Overview of Computer ControlsAnd Strategies for Test of Controls
Accounting 493/593
Computer General Controls
● Organizational and operational controls
● System development and documentation controls
● Hardware and system controls
● Access Controls
● Data and Procedural Controls
Accounting 493/593
Application Controls
● Programmed controls that identify and report possible misstatements in assertions
Accounting 493/593
How to identify key controls
Authorize / Initiate
Execute
Record
Consideration
CompletenessStart Here
Start Here For Occurrence,Accuracy, and Classification
Accounting 493/593
Controls over the Financial Reporting Process
AccountingDatabase
FinancialStatements
Spreadsheets
SQL
Strong Controls
Weak or No Controls
Weak or NoControls
Accounting 493/593
Control Activities
● Authorization
● Segregation of Duties
● Information Processing Controls
– Computer General Controls
– Computer Application Controls
– Controls over the Financial Reporting Process
● Physical Controls
● Performance Reviews
● Controls over Mgmt. Discretion in Financial Reporting
Accounting 493/593
Overall Conclusion about Internal Controls
What is the cumulative effect of all five components of internal control for each assertion?
Accounting 493/593
PCAOB Auditing Standard #5
● A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis.
● Note: There is a reasonable possibility of an event, as used in this standard, when the likelihood of the event is either "reasonably possible" or "probable," as those terms are used in Financial Accounting Standards Board Statement No. 5, Accounting for Contingencies ("FAS 5").3/
Accounting 493/593
PCAOB Auditing Standard #5
● A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.
Accounting 493/593
Factors that influence judgments about likelihood
● The nature of the financial statement accounts, disclosures, and assertions involved. For example, suspense accounts and related party transactions involve greater risk.
● The susceptibility of the related assets or liabilities to loss or fraud.
● The subjectivity and complexity of the amount involved, and the extent of judgment needed to determine that amount.
● The cause and frequency of any known or detected exceptions related to the operating effectiveness of a control.
● The interaction or relationship of the control with other controls.
● The interaction of the control deficiency with other control deficiencies.
● The possible future consequences of the deficiency.
Accounting 493/593
Factors that influence judgments about magnitude
● The financial statement amounts or total of transactions exposed to the deficiency.
● The volume of activity in the account balance or class of transactions exposed to the deficiency in the current period or expected in future periods.
Accounting 493/593
Analytical Procedures
Accounting 493/593
Effective Analytical Procedures
Accounting 493/593
Responses to risk at the assertion level
● Nature– The nature of the audit procedures is of most
importance in responding to the assessed risks.
● Timing– Good internal controls are required to modify the
timing of audit procedures
● Extent– Directly related to test of details risk in the audit risk
model– The auditor also needs to consider other factors
related to sample size
Accounting 493/593
Nature and Timing of Test of Controls
Accounting 493/593
General Categories of Substantive Tests
● Initial Procedures
● Analytical Procedures
● Tests of Details of Transactions
● Tests of Details of Balances
● Tests of Details of Accounting Estimates
● Tests of Details of Disclosures
Accounting 493/593
Factors that influence performing substantive tests at an interim date
● The control environment and other relevant controls ● The availability of information at a later date that is
necessary for the auditor’s procedures ● The objective of the substantive procedure ● The assessed risk of material misstatement ● The nature of the class of transactions or account balance
and relevant assertions ● The ability of the auditor to reduce the risk that
misstatements that exist at the period end are not detected by performing appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatements that exist at period end are not detected
Accounting 493/593
Evaluating the sufficiency and appropriateness of evidence
● At the end of the audit the auditor should cycle back through risk assessments made and evidence obtained to evaluate the effectiveness of the audit.
● Significance of the potential misstatement in the relevant assertion and the likelihood of its having a material effect, individually or aggregated with other potential misstatements, on the financial statements.
● Effectiveness of management’s responses and controls to address the risks.
● Experience gained during previous audits with respect to similar potential misstatements.
● Results of audit procedures performed, including whether such audit procedures identified specific instances of fraud or error.
● Source and reliability of available information. ● Persuasiveness of the audit evidence. ● Understanding of the entity and its environment, including its internal
control.
Accounting 493/593
Final Consideration
● Evaluate known and likely misstatements
● Consider material overstatement and understatements
● The effect of misstatements in prior periods
Accounting 493/593
The Assurance Bucket
Accounting 493/593 – Spring 2009
Accounting 493/593
Filling the Assurance Bucket
Risk Assessment Procedures
Risk Assessment Procedures
Accounting 493/593
Filling the Assurance Bucket
Tests of Controls
Risk Assessment Procedures
Test of Controls
Accounting 493/593
Filling the Assurance Bucket
Substantive Analytical Procedures
Tests of Controls
Risk Assessment Procedures
Substantive Analytical Procedures
Accounting 493/593
Filling the Assurance Bucket
Substantive Tests of Details
Substantive Analytical Procedures
Tests of Controls
Risk Assessment Procedures
Substantive Test of Details
Accounting 493/593
Filling the Financial Statement Assertion “Buckets”
Tests of Controls
Completeness Cut-Off Existence Valuation
Substantive Analytical Procedures
Substantive Tests of Details
Risk Assessment Procedures
Accounting 493/593
Questions?