604

  1. Objectives of Audit Planning

    604.1 The first standard of fieldwork states that
    “the auditor must adequately plan the work and must properly supervise any assistants
  2. Planning and Supervision, audit planning involves
    “developing an overall audit strategy for the expected conduct, organization, and staffing of the audit.”
  3. Audit strategy is the auditor's
    • operational approach to achieving the objectives of the audit. It is a
    • high-level description of the audit scope. It includes matters such as
    • identifying material account balances, identifying audit areas with a
    • higher risk of material misstatement, the overall responses to those
    • higher risks, and the planned audit approach by area (for example,
    • substantive procedures or a combined approach of substantive procedures
    • and tests of controls
  4. 604.2 Auditors generally establish a preliminary audit strategy before performing extensive risk assessment procedures based on
    • knowledge from past experience with
    • the client and the results of preliminary engagement activities. As
    • auditors gather additional information through the performance of risk
    • assessment procedures, they complete the overall audit strategy,
    • including overall responses at the financial statement level.
  5. 604.3 An overriding objective
    throughout the planning process is the identification of risks that
    should be considered and an assessment of whether the risks
    • could result in material misstatement of the financial statements. According to SAS No. 108 (AU 311),
    • obtaining an understanding of the CIRA and its environment, including
    • its internal control, is an essential part of planning the audit.
    • Auditors must plan the audit so that it is responsive to the assessment
    • of the risk of material misstatement based on the auditors'
    • understanding of the CIRA and its environment, including its internal
    • control.
  6. 604.4 Audit planning also includes
    developing an audit plan (also called an audit program). The audit plan
    is more detailed than the
    • audit strategy and documents the
    • nature, timing, and extent of procedures to be performed to obtain
    • sufficient appropriate audit evidence. The nature, timing and extent of
    • audit planning varies with the size and complexity of the CIRA, and with
    • the auditor's understanding of the CIRA and its environment, including
    • internal control. However, audit planning always includes a risk
    • assessment process.
  7. 604.5 If a CIRA engages a managing agent, the managing agent should be viewed as an
    extension of the CIRA client.
  8. That means that auditors should
    consider how the use of a managing agent will affect the planning and
    performance of the audit, including whether the managing agent's
    financial reporting system
    • will allow the application of audit
    • procedures sufficient to express an opinion. The CIRA's use of a
    • managing agent will have a significant effect on the auditors' approach
    • to understanding the CIRA and its environment, including the CIRA's
    • internal control, as explained beginning in sections 605 and 606.
  9. Requesting Information from the CIRA

    604.6 Before fieldwork begins, the authors recommend providing the CIRA's accounting personnel with a
    • list of documents and records
    • needed for the audit. Using a standardized list of documents and records
    • ordinarily needed for a CIRA engagement can save time and ensure that
    • important documents are not overlooked. The authors have prepared a
    • standardized list that is reproduced at HOA-CX-17.5.
  10. Risk Assessment Process

    604.7 The risk assessment process involves performing procedures, obtaining an understanding of various matters about the
    CIRA and its environment, and making decisions and judgments about assessed risks and other matters based on that understanding.
  11. 604.8 Procedures Performed Risk assessment procedures include
    • inquiry, analytical procedures,
    • inspection, and observation as well as related planning activities and
    • procedures, such as preliminary engagement activities related to client
    • acceptance and continuance, and holding a discussion among the
    • engagement team.
  12. The auditor is required
    • to perform all of these procedures
    • when planning the audit. Further, the auditor's consideration of fraud
    • required by SAS No. 99 (AU 316), Consideration of Fraud in a Financial Statement Audit,
    • is not separate from the consideration of audit risk but is integrated
    • into the overall risk assessment process. That is, the assessment of
    • risks due to error occurs simultaneously with the assessment of risks
    • due to fraud. The key requirements of SAS No. 99 are addressed at
    • relevant points throughout this chapter.
  13. 604.9 Understanding Obtained Risk assessment procedures are performed to obtain an understanding of the
    entity and its environment, including its internal control.
  14. The auditor obtains information about the following:
    a. Industry, regulatory, and other external factors.b. Nature of the entity, including—td dl { margin-top: 0px; margin-bottom: 0px; }

    • (1) Organizational structure and personnel.
    • (2) Operating characteristics
    • (3) Governing documents and similar documents.
    • (4) Related-party transactions.

    • c. Objectives and strategies
    • and the related business risks that may result in a material
    • misstatement of the financial statements.

    d. Measurement and review of the CIRA's financial performance.

    e. Internal control, which includes the selection and application of accounting policies.

    f. Fraud risk factors.
  15. 604.10 Decisions and Judgments Made
    • The information obtained by
    • applying risk assessment procedures is used to make the important
    • decisions and judgments that are part of audit planning. These decisions
    • and judgments include determining materiality levels and assessing
    • risks of material misstatement at the financial statement and relevant
    • assertion levels.
  16. The Sequence of Audit Planning

    604.12 Because an audit of
    financial statements is an iterative process, audit planning is not a
    discrete phase of the audit. Audit planning continues throughout
    • the audit even though many of the
    • planning steps and procedures necessarily are performed at the beginning
    • of the audit process. Audit planning begins with engagement acceptance
    • and continues throughout the remainder of the audit. Also, many of the
    • audit planning steps and procedures can be performed simultaneously and
    • tend to blend together. Nevertheless, having a logical sequence of steps
    • and procedures provides a useful framework. The authors' approach is
    • presented in Exhibit 6-2.
  17. Exhibit 6-2
    Steps in the Audit Process Related to Planningt
    Preliminary Engagement Activities
    • 1. Perform procedures regarding acceptance or continuance of the client relationship and the specific audit engagement.
    • 2. Evaluate compliance with ethical requirements, including independence.
    • 3. Establish an understanding with the client and communicate in an engagement letter.
  18. General Audit Planning at the Financial Statement Level
    4. Establish preliminary audit strategy.

    5. Determine the nature, timing, and extent of risk assessment procedures and perform the procedures.

    • 6.
    • Determine the materiality level for the financial statements taken as a
    • whole (preliminary planning materiality) and materiality for particular
    • items of lesser amounts.

    7. Perform preliminary analytical procedures (a risk assessment procedure).

    8. Hold a discussion among the engagement team.

    • 9.
    • Identify fraud risk factors, areas where special audit consideration
    • may be necessary, and other areas where there may be higher risks for
    • material misstatement.

    10. Assess audit risk at the overall financial statement level.

    11. Complete the overall audit strategy, including overall responses at the financial statement level.
  19. Detailed Audit Planning at the Relevant Assertion Level for Account Balances, Transaction Classes, and Disclosures
    12. Determine tolerable misstatement.

    13. Assess audit risk in relation to relevant assertions for transaction classes, account balances, and disclosures.

    14. Develop a detailed audit plan for the nature, timing, and extent of further audit procedures.
  20. 604.13 Depending on the auditor's
    knowledge and past experience with the client, as well as other factors,
    certain planning steps might
    • be performed at differing stages or
    • sequences from one engagement to the next. For example, the sixth step,
    • determine the materiality level for the financial statements taken as a
    • whole, and the twelfth step, determine tolerable misstatement, are
    • often performed concurrently. For the eighth step, the discussion among
    • the engagement team, the precise timing of this meeting can vary with
    • the circumstances, but should occur relatively early in planning, and it
    • is not required to occur in any particular sequence.
  21. 604.14 As stated previously, an overriding objective throughout the planning process is the identification of
    risks that should be assessed as to whether they could result in material misstatement of the financial statements.
  22. SAS No. 106 (AU 326.21) clearly indicates the role of the risk assessment procedures within this process as follows:
    • The auditor must perform risk assessment procedures to provide a
    • satisfactory basis for the assessment of risks at the financial
    • statement and relevant assertion levels.
  23. 604.15 Obtaining an understanding of the entity and its environment, including its internal control, is an essential aspect
    of the consideration of risk.
  24. Thus, audit procedures performed to obtain that understanding are referred to as risk assessment procedures because
    • some of the information obtained by
    • performing those procedures may be used by the auditor to support the
    • assessments of the risks of material misstatement. Auditors normally
    • consider the effectiveness of various types of risk assessment
    • procedures in identifying risks during the planning process. Standards
    • encourage this by requiring the use of a variety of risk assessment
    • procedures when obtaining an understanding of the entity and its
    • environment. For example, an auditor cannot limit his or her risk
    • assessment procedures to only inquiry.
  25. 604.16 In addition to providing
    information about the entity and its environment, including its internal
    control, performing risk assessment procedures may provide audit
    evidence about relevant assertions
    • related to account balances,
    • transaction classes, or disclosures, or about the operating
    • effectiveness of controls. Therefore, risk assessment procedures may
    • also serve as tests of controls or substantive procedures, or may be
    • performed concurrently with those procedures.
  26. Types of Risk Assessment Procedures

    604.17 The risk assessment and other planning procedures required by SAS Nos. 108 (AU 311) and 109 (AU 314)
    to obtain information about the entity and its environment, including
    its internal control, and to assess the risks of material misstatement
    include the following:
    • a. Preliminary engagement activities, including establishing an understanding with the client. (See section 601.)
    • b. Inquiries of management and others.
    • c. Preliminary analytical procedures.
    • d.
    • Observation and inspection, such as visits to the HOA development and
    • tracing transactions through the information system (that is,
    • walkthroughs).e. Discussion among the engagement team.
  27. Each of the procedures listed are explicitly required during risk
    assessment and, except for observation and inspection, are also
    explicitly enumerated in SAS No. 99 (AU 316), Consideration of Fraud in a Financial Statement Audit, as sources
    • of information that should be considered when identifying risks of material misstatement due to fraud. SAS No. 109 (AU 314)
    • requires that all of the risk assessment procedures be performed when
    • obtaining an understanding of the entity and its environment. There is
    • no requirement that each of those procedures be performed for every
    • component of the required understanding. Nevertheless, the standards are
    • explicit in indicating that inquiry alone is not sufficient to evaluate
    • the design and implementation of internal control. Therefore,
    • observation and inspection will most likely be coupled with inquiry
    • procedures when obtaining the understanding of internal control.
  28. 604.18 Nature, Timing, and Extent—General Considerations

    The nature, timing, and extent of
    some risk assessment procedures may be relatively consistent across
    audit engagements, but some procedures will require tailoring in
    response to the information gathered.
    • For example, in all audits the
    • auditor will make inquiries of management responsible for financial
    • reporting about accounting policies and other aspects of the financial
    • reporting process. However, determining others within the CIRA to whom
    • related questions may be directed will depend on the circumstances and
    • the specific information gathered about the CIRA. For example, if
    • initial inquiries reveal that the CIRA has investments in debt
    • securities, the auditor will likely make further inquiries of personnel
    • involved in the valuation of those investments. Thus, performing risk
    • assessment procedures often can begin without extended consideration of
    • their nature, timing, and extent, but other aspects of the risk
    • assessment procedures can only be determined after some information is
    • gathered about the entity and its environment.
  29. 604.19
    Gathering Other Information Needed to Identify Fraud Risks

    In connection with obtaining an
    understanding of the client's operations and the CIRA industry, auditors
    may become aware of information that is relevant to identifying fraud
    risks. In addition, auditors should perform the following procedures to
    obtain information that is used to identify fraud risks:
    • • Inquire of management
    • (including the managing agent, if applicable) and others in the CIRA
    • about the risks of fraud and how they are addressed
    • .• Consider the results of preliminary analytical procedures.
    • • Consider the existence of fraud risk factors
    • .• Consider certain other information
  30. 604.20
    Using the Results of Risk Assessment Procedures Performed in Prior Periods

    Because professional standards require the performance
    • of risk assessment procedures to
    • obtain an understanding of the CIRA and provide a basis for the
    • assessment of risks, can the auditor use information gathered from
    • procedures performed in a prior period and limit the extent of current
    • year procedures? The answer is a qualified “yes.”
  31. 604.21 The process of understanding the CIRA's operations and the CIRA industry is continual
    .For a new engagement, a basic level of knowledge is needed to begin preliminary planning. However,
    • a significant amount of knowledge
    • is gained during the audit. The auditor's previous experience with the
    • entity also contributes to the understanding of the entity and its
    • environment.
  32. Audit procedures performed in previous audits ordinarily provide useful audit evidence about the following:
    • • The CIRA's organizational structure, operations, and controls.
    • • Past misstatements and whether they were corrected on a timely basis.
  33. 604.22 Information about past
    misstatements assists the auditor in assessing risks of material
    misstatement in the current audit. Before using information obtained in
    prior periods, however
    • the auditor should determine
    • whether changes have occurred that may affect its relevance in the
    • current audit. The auditor is interested in identifying changes in
    • personnel; procedures; processes; contracts; services; contingencies;
    • facilities; nature of the operations; management; financial condition;
    • pressures to meet budgets; conditions and events or operating results
    • that are relevant to the going concern assumption; loan covenants;
    • litigation status; control environment or activities; fraud risks;
    • management attitude toward, or pressures on, the auditors; scope of the
    • engagement; and any other internal or external conditions that might be
    • of audit significance.
  34. These changes may change the CIRA's business risk or the auditor's assessment of risks of material misstatement. Therefore,
    • the auditor should perform some
    • risk assessment procedures in the current audit to determine whether
    • changes have occurred that impact the relevance of information gathered
    • in previous audits. For example, auditors might perform inquiries of key
    • client personnel, supplemented by observation and inspection (for
    • example, review of budgets and walkthroughs) to determine if changes
    • have occurred.
  35. 604.23 As a result, although the
    nature of the auditor's procedures always includes inquiries,
    observation, and inspection, the authors believe the extent of risk
    assessment procedures will often be considerably less in
    • continuing engagements than in
    • initial engagements, consisting primarily of sufficient procedures to
    • identify and evaluate changes that have occurred that may affect the
    • relevance of such information in the current year
  36. The extent of current period risk assessment procedures may need to be increased, however, in response to the following:
    • • The information relates directly to a past misstatement or risk of material misstatement identified in the prior year.
    • • Other information obtained through risk assessment procedures indicates a possible significant change in the current year.
    • • There is a greater likelihood that significant changes will occur given the nature of the information.
    • The following paragraphs address the risk assessment procedures listed in paragraph 604.17 and their role in identifying and assessing risk.
  37. Inquiries of Management and Others

    604.24 Inquiry of management and
    others is used extensively throughout the audit planning process. In
    many cases, it serves as a foundation for the performance of other risk
    assessment procedures in that the responses obtained drive the need for
    additional or corroborating procedures. Inquiry consists of several
    elements
    • —posing a question or requesting
    • information on a matter, evaluating the response, and following up to
    • obtain additional information as needed. As such, inquiry can be an
    • extremely effective procedure in identifying risks. For example, an
    • auditor might ask management about delinquent assessments. The auditor
    • would then evaluate the response obtained and determine if a potential
    • risk exists. In this case, the auditor is concerned about potential
    • inappropriate valuation of assessments receivable. If the auditor deems
    • that there is an indication of this risk, additional inquiries might be
    • posed to further identify the risk and determine whether other risk
    • assessment procedures are necessary.
  38. 604.25 Although inquiry is a critical risk assessment procedure, inquiry cannot be
    • used alone when identifying and
    • assessing risks. Auditors are required to use inquiry, analytical
    • procedures, and observation and inspection during the risk assessment
    • process. Furthermore, auditors are prohibited from only using inquiry
    • when evaluating the design and implementation of internal control.
  39. 604.26 Matters and Parties of Inquiry The auditor should inquire of management (including the managing agent, if applicable) about the following matters:
    a. The aspects of the entity and its environment as enumerated in SAS No. 109 (AU 314.21) and explained in sections 605 and 606.

    • b.
    • The information about fraud, suspected fraud, fraud-related programs
    • and controls, and risks of fraud as enumerated in SAS No. 99 (AU 316.20-.21).
  40. 604.27 The auditor might decide
    that inquiries of others within and outside the CIRA, in addition to
    management and those responsible for financial reporting, would be
    useful. Examples of other inquiries that might be made include the
    following:
    • a. Those Charged with Governance. Their involvement in the financial reporting process and how financial statements are used. [SAS No. 99 (AU 316.22)
    • requires the auditor to inquire directly of those charged with
    • governance (or the audit committee or at least its chair) about the
    • risks of fraud and their knowledge of fraud or suspected fraud.]

    • b. Internal Audit.
    • Activities concerning the design and effectiveness of internal
    • control and management's responses to any findings by the internal audit
    • function, if the CIRA has an internal audit function. [SAS No. 99 (AU 316.23)
    • requires inquiry of internal audit personnel about risks of fraud,
    • knowledge of fraud or suspected fraud, and activities concerning fraud
    • detection.]

    • c. Other Employees. Their role in
    • the financial reporting process and additional or corroborating
    • information to support management's responses. [SAS No. 99 (AU 316.24)
    • requires inquiry of others within the CIRA, determined through the
    • auditor's judgment, about the existence or suspicion of fraud.] Auditors
    • may consider obtaining the perspective of employees from different
    • functional areas and at varying levels of authority when identifying
    • risks of material misstatement.

    • d. Parties Outside the CIRA.
    • Inquiries of parties outside the CIRA are not required but are
    • procedures that might be helpful. For example, the auditor might find it
    • useful to make inquiries of external legal counsel or of valuation
    • experts that management has engaged. The auditor might also find it
    • useful to make inquiries of developers/sponsors, members, suppliers, or
    • regulators to better understand the nature of the CIRA and its
    • operations.
  41. 604.28 Fraud-related Inquiries The auditor should integrate the requirements of SAS No. 99 (AU 316)
    into the risk assessment process. As part of gathering the information
    needed to identify fraud risks, SAS No. 99 requires auditors to inquire
    of management personnel and others about:
    • Their knowledge of any actual fraud or suspicions of fraud affecting the CIRA.

    • Their awareness of any allegations of fraud or suspected fraud affecting the CIRA.

    • Their understanding of the risks of fraud within the CIRA, including
    • any specific fraud risks the CIRA has identified or account balances or
    • transaction classes that may be susceptible to fraud.

    • How they communicate to employees the importance of ethical behavior and appropriate business practices.

    • Programs and controls the CIRA has implemented to address identified
    • fraud risks or otherwise help prevent, deter, and detect fraud and how
    • those programs and controls are monitored.

    • • If
    • applicable, the nature and extent of monitoring multiple locations or
    • operating segments (for example, developer operations) and whether any
    • of them have a higher level of fraud risk.

    • • If
    • applicable, whether they have reported to those charged with governance
    • about how the CIRA's internal control serves to prevent, deter, and
    • detect material misstatements due to fraud.
  42. The objective of the inquiry includes obtaining different
    • perspectives on financial statement areas and organizational areas and
    • locations with a risk of fraud and identifying whether anyone has
    • suspicions or actual knowledge of fraud.
  43. 604.29 Management Examples of management and others that auditors may consider interviewing include:
    • The CIRA's president.

    • The treasurer or other equivalent governing individual

    .• Members of the board of directors.

    • The managing agent, if any.• The CIRA's bookkeeper.
  44. 604.34 Documentation SAS No. 109 (AU 314.122) requires documentation of risk assessment procedures performed in
    obtaining an understanding of the entity and its environment.
  45. When documenting inquiry procedures, SAS No. 103 (AU 339.21), Audit Documentation,
    requires audit documentation to include the identifying characteristics
    of the specific items tested. In conjunction with this requirement, the
    standard provide
    • an example for documenting inquiries of specific personnel indicating
    • that auditors may document the date of the inquiry, name and job
    • description of the individual queried, and the nature of the inquiry.
    • The authors recommend documenting these identifying characteristics when
    • performing risk assessment inquiry procedures.
  46. Preliminary Analytical Procedures

    604.35 SAS No. 56 (AU 329.04)
    states that analytical procedures should be applied to some extent in
    all audits of financial statements to assist the auditor in
    planning the nature, timing, and extent of other auditing procedures.
  47. To accomplish this, SAS No. 56 (AU 329.06) indicates that analytical procedures used in planning the audit should focus on—
    • a. Enhancing the auditor's understanding of the client's business
    • and the transactions and events that have occurred since the last audit
    • date.

    b. Identifying areas that may represent specific risks relevant to the audit.
  48. Knowledge of the CIRA and its environment is interrelated with the use
    of analytical procedures in audit planning. Performing effective
    preliminary analytical procedures requires the auditor to know
    • what relationships would be expected to exist, what relationships would
    • be considered unusual or unlikely, and what plausible explanations might
    • exist for observed relationships.
  49. That knowledge is also important in assessing the significance of
    differences from expected relationships. For that reason, the auditor
    generally needs an understanding of
    • the CIRA and its environment before performing preliminary analytical
    • procedures. The auditor's knowledge and understanding of the CIRA can
    • also be improved by applying preliminary analytical procedures in audit
    • planning.
  50. 604.36 SAS No. 56 (AU 329)
    does not require the use of any particular analytical procedures. It
    recognizes that the sophistication, extent, and timing of analytical
    procedures may vary widely, depending on the size and complexity of the
    client
    • In the audit of a small CIRA, simple comparisons and ratios, combined
    • with inquiries of financial and operating management, are ordinarily
    • effective, and the auditor normally need not make use of complex
    • mathematical or statistical models. Depending on the facts and
    • circumstances, analytical procedures may be limited to comparing the
    • major account balances shown in the unadjusted general ledger with the
    • financial statements for the prior year. A comparison of significant
    • account balances with prior period amounts can improve the auditor's
    • understanding of the entity and its operations. For example, are there
    • significant fluctuations in assessment revenue and receivables? Do
    • changes in laundry revenue make sense in relation to changes in water
    • and gas usage?
  51. 604.37
    SAS No. 99, Consideration of Fraud in a Financial Statement Audit (AU 316), specifically requires auditors to perform preliminary analytical procedures related to
    • revenue to identify unusual or unexpected relationships that may
    • indicate fraudulent financial reporting. Ordinarily, comparison of
    • current and prior-period account balances for revenue accounts will not
    • be sufficient to achieve that objective, and other types of analytical
    • procedures should be used.
  52. Other analytical procedures that may be useful in identifying unusual or
    unexpected relationships related to revenue include the following:
    • • Analysis of Relationships Between Financial and Nonfinancial Amounts.
    • When comparing financial and nonfinancial amounts, it may be most
    • effective to use a base that (a) would be expected to have a reasonable
    • relationship to revenue, and (b) could not easily be manipulated by
    • management. For example, auditors may compare assessments revenue, as
    • determined from recorded revenue amounts, with units in the CIRA
    • development. Assessment revenue in excess of projected estimates may
    • indicate the recording of fictitious revenue

    • .• Trend Analysis.
    • Auditors may analyze trends in the components of revenue or
    • transaction types. It may be helpful to look at several trends or
    • relationships to identify inconsistencies or unusual patterns. For
    • example, the auditor might perform a trend analysis of assessment
    • revenue by month.

    • • Ratio Analysis. Ratio
    • analysis is the analysis of relationships between financial statement
    • items by computing the ratio of one financial statement item to another.
    • The ratio may be compared to the same ratio for a prior period (or
    • several prior periods) to identify unusual or significant variations.
    • For example, receivables turnover, the allowance for uncollectible
    • accounts as a percentage of receivables, and bad debt expense as a
    • percentage of revenues are activity ratios related to assessments
    • receivable that may be useful. However, many other common ratios, such
    • as the current ratio or debt to equity ratio, are less meaningful
    • because of a CIRA's simple financial structure. Ratios that use
    • information that management generally is unable to manipulate, such as
    • clash flows, may be most effective in revealing indications of
    • fraudulent financial reporting.

    • • Budgetary Comparison.
    • Comparison of actual amounts with budgets may also indicate unusual
    • variations. For example, revenue might significantly exceed budget
    • because of improper revenue recognition.
  53. When the results of preliminary analytical procedures indicate the existence of unusual or unexpected relationships,
    • the auditor should consider those results in identifying risks of
    • material misstatement of the financial statements due to fraud.
  54. Observation and Inspection

    604.38 Observation and inspection procedures are required when obtaining an understanding
    • of the entity and its environment,
    • including its internal control. There are a number of ways to use
    • observation and inspection when assessing risk. When obtaining an
    • understanding of the CIRA and its environment, observation or inspection
    • might be the key procedure that enables the auditor to fully obtain
    • pertinent information and identify related risks. For example, to gain
    • an understanding of the CIRA's financing arrangements and underlying
    • covenants, the auditor might decide to review the CIRA's loan agreements
    • and other related documents. That procedure, coupled with a review of
    • the CIRA's financial statements, might be the key procedure that helps
    • the auditor identify risks related to potential noncompliance with loan
    • covenants.
  55. 604.39 More frequently,
    observation and inspection are used to corroborate or follow-up on the
    results of inquiries made of management and others. For example,
    • when evaluating the design and
    • implementation of the CIRA's system of internal control, members of
    • management might tell the auditor that they communicate the importance
    • of ethical values to employees through a written code of conduct and by
    • example. The auditor might wish to corroborate this response by
    • examining the written code. In addition, the auditor may determine that a
    • risk exists based on observation of management's current and past
    • interactions with employees that contradict the behavior standards in
    • the written code.
  56. 604.40 Other than the requirement
    to perform some observation and inspection procedures related to
    internal control, determining when to use observation and inspection, as
    opposed to other risk assessment procedures, is generally a matter that
    is left to the auditor's judgment. Ordinarily, the authors believe that
    observation and inspection procedures are effective in the following
    situations when obtaining an understanding of the entity:
    • To understand the design of internal controls related to the audit.

    • To verify that controls have been implemented, for example, as part of a walkthrough.

    • When responses to inquiries indicate a potential risk for a significant account.

    • When responses to inquiries are inconclusive, conflicting, or prove to be incorrect.

    • In combination with inquiry to fully understand a matter.

    • When required information can only or best be obtained through observation or inspection

    • .• When the evidence gathered through observation and inspection can also be used for a substantive procedure.
    • In recurring engagements, to determine whether changes have occurred
    • that affect the continued relevance of the information gathered in a
    • prior period. (See the discussion beginning at paragraph 604.22.)
  57. 604.41 Documentation
    SAS No. 109 requires documentation of risk assessment procedures
    performed in obtaining an understanding of the entity and its
    environment. SAS No. 103 (AU 339), Audit Documentation,
    requires documentation of the identifying characteristics of specific
    items tested and provides examples for documenting the identifying
    characteristics of observation and inspection procedures. Based on that
    guidance, the authors recommend documenting the following:
    • • For an inspection of documents, identify the item inspected, for
    • example, by indicating the title and date of the report or the document
    • name and number. (To facilitate inquiring about or requesting copies of
    • the report or document at a later time, the author's recommend referring
    • to the report or document by the same name that the client uses to
    • refer to it.)

    • • For an observation procedure, document
    • the process or subject matter observed, individuals involved and their
    • titles, and where and when the observation was carried out.
Author
Kshowalter
ID
51126
Card Set
604
Description
Audit Planning
Updated