Audit

• Standard unqualified
• Unqualified with explanatory paragraph
• Qualified
• Adverse
• Disclaimer

• Introductory
• Scope
• Opinion

• 1. All 4 required statements are included
• 2. The 3 general standards have been followed
• 3. Sufficient evidence and auditor can conclude that 3 standards have been met
• 4. Financial Statements are GAAP
• 5. No circumstances requiring an explanatory paragraph

• GAAP not consistently applied
• substantial doubt about going concern
• auditor agrees with departure from accounting principle
• emphasis of a matter
• reports involving other auditors

• 1. Scope limitation
• 2. Departure from GAAP
• 3. Auditor is not independent

• Not enough evidence to conclude if statements are in accordance with GAAP
• 2 causes= 1. caused by client (mgt refusal to cooperate) 2. circumstances that can't be controled (impossible due to timing)

• Client insists on using non-GAAP method
• consider adequacy of disclosures

• financial statements are materially misleading and don't represent financial position of company
• auditor has knowledge after adequate investigation of absence of conformity

• auditor not satisfied that financial statements are fairly presented
• severe limitation of scope or auditor not independent

• overall financial statements are fairly stated EXCEPT FOR scope limitation or GAAP departure
• can be qualification of opinion alone (only for GAAP departures) or scope and opinion

auditor maintains unbiased attitude throughout audit

Regardless of independence of fact, auditor must appear independent to others as well, or else value of audit is lost

• 1. Principles
• 2. Rules of conduct
• 3. interpretation of rules
• 4. ethical ruling

• people on the engagement team
• people who can influence the engagment (those who supervise or evaluate the partner)
• partner or manager who provides non attest services
• partner in the office of the responsible partner
• firm and employee benefits plans
• an entity controllled by a covered member

• ownership of stock or equity shares by member or immediate family
• violation of independence

• close but not direct relationship between auditor and client
• example=covered members mutual fund has investment in client
• only violates independence if material

• 101=independence
• 102=integrity and objectivity
• 201=general standards
• 203=accounting principles
• 301=confidential client information
• 302=contingent fees prohibited

members must comply with the following standards and interpretations

• A. Professional compentence
• B. Due professional care
• C. Planning and supervision
• D. Sufficient relevent data

client info can't be disclosed without client consent

exceptions= 1. obligations related to technical standards 2. subpoena or summons by law (CPA client info is not privileged) 3. peer review if authorized by AICPA 4. response to ethics division

business can't pay debts because of economic or business conditions

auditor issues incorrect audit opinion

• possibility that audit opinion is wrong, despite auditor doing everything right
• unavoidable

• 1. liability to clients
• 2. liability to third parties under common law
• 3. civil liability under federal securities laws
• 4. criminal liability

• ordinary negligence=absence of reasonable care that should be expected in that situation
• gross negligence=lack of any care.
• constructive fraud=extreme or unusual negligence, but no intent to deceive. Recklessness
• fraud=misstatement with knowledge of falsity and intent to deceive

• 1. Lack of duty
• 2. non negligent performance
• 3. contributory negligence
• 4. absence of causal connection

Use engagement letter to claim that there was no implied or express contract

• auditor is not responsible for undiscovered misstatements if the audit was conducted properly
• CPA firm is not expected to be infallible

• The event the client is sueing for is the clients own fault
• example=client lied to auditor, or failed to correct weaknesses that the auditor warned them of

• CPA firm can only be liable to third party for ordinary negligence if the third party is a primary beneficiary
• auditor can be liable to general third parties if there is worse negligence

• lack of duty to perform services
• non negligent performance
• absence of causal connection

• reporting requirements for companies issuing new securities
• only original purchasers of securities can recover from auditors
• potential recovery is original purchase prices less value of securities at time of suit

• defendent (auditor has burden of proof)
• third party users don't have burden of proof of reliance on financial statements

audited annual financial statements required to be issued by the SEC

• anti-fraud provisions applied to direct sellers, accountants, underwriters, etc.
• accountants are liable if the intentionally or recklessly misrepresent info intended for third party users

• non negligent performance
• lack of duty
• absence of causal connection

• criminal offense to defraud someone through the knowing use of false financial statements
• felony to destroy or create documents to obstruct a federal investigation

• understand objectives and responsibilities for the audit
• divide financial statements into cycles
• know management assertions about financial statements
• know general audit objectives for classes of trans, acct, and disclosures
• know specific audit objectives etc.

able to change or influence the decisions of a reasonable user of financial statements

high, but not absolute level of assurance that financial statements are free from material misstatements

• 1. use of samples carries risk of not discovering material misstatement
• 2. complex estimates involve uncertainty
• 3. fraudulent financial statements are hard to detect, expecially when management works together

• unintentional misstatement of financial statements
• can be either material or immaterial

• intentional
• misappropriation of assets=defalcation or employee fraud
• fraudulent financial reporting=management fraud

• always consider possibility of dishonesty
• accomplish reasonable assurance of detecting both material errors and fraud

• evidence accumulatioin when there is no reason to believe indirect effect illegal acts exist
• evidence accumulation and other actions when there is reason to believe direct or indirect effect illegal acts may exist
• actions when auditor knows of illegal act

divide audit into segments based on closely related classes of transactions and account balances

• sales and collections cycle
• acquisition and payment cycle
• payrol and personnel cycle
• inventory and warehousing cycle
• capital acquisition and repayment cycle

• transaction related
• balance related
• presentation and disclosure related

• 1. assertions about classes of transactions and events for the period under audit
• 2. assertions about account balances at year end
• 3. assertions about presentation and disclosures

• occurrence=did recorded transactions actually occur during accounting period in question (related to account overstatements)
• completeness=are all transactions that should be included actually included (related to account understatements)
• accuracy=were transactions recorded at correct amounts
• classification=are transactions recorded in the appropriate accounts
• cutoff=are transactions recorded in the correct accounting period

• existence=did A, L and equity included on balance sheet actually exist on balance sheet date
• completeness=are all accounts and amounts that should be included actually included
• valuation and allocation=are A, L and equity recorded at appropriate amounts i.e. valuation adjustments, net realizable value etc.
• rights and obligations=are assets owned and liabilities owed like stated on balance sheet

• occurrence, rights and obligations=have disclosed events occurred and are they the rights and obligations of the entity
• completeness=are all required disclosures included in the financial statements
• accuracy and valuation=is information disclosed fairly and at appropriate amounts
• classification and understandability=are amounts appropriately classified. are balance descriptions and disclosures understandable

• occurance=do recorded transactions actually exist
• completeness=were all transactions that should have been included actually recorded
• accuracy=were recorded transactions recorded at the correct amount
• posting and summarization=was info properly transfered from journals to general ledger/master file
• classification=are transactions included in the appropriate accounts
• timing=are transactions recorded on the correct dates

• existence=should amounts included in financial statements actually be included
• completeness=are all amounts that should be included included
• accuracy=are the amounts reported the correct amounts
• classification=are items included in the correct general ledger accounts
• cutoff=are transactions near the b/s date included in the correct period
• detail tie in=are details accurate, correct and in agreement with the general ledger
• realizable value=assets are included in the amounts estimated to be realized
• rights and obligations=are assets truly owned and liabilities truly owed

• plan and design an audit approach
• perform tests of controls and substantive tests of transactions
• perform analytical procedures and tests of details of balances
• complete the audit and issue an audit report

• 1. which audit procedure to use
• 2. what sample size to select
• 3. which items to select from the population
• 4. when to perform the procedures

detailed instruction explaining waht evidence to collect

• appropriateness
• sufficiency

• measures to quality of the evidence
• relevence of evidence=evidence must pertain to audit objective
• reliability of evidence =how believable is the evidence

• independence of provider
• effectiveness of clients internal controls
• auditor's direct knowledge
• qualifications of people providing the evidence
• degree of objectivity
• timeliness

• quantity of evidence
• varied population

• auditors expectations of misstatements
• effectiveness of clients internal controls

• physical examination
• confirmation
• documentation
• analytical procedures
• inquiries of the client
• recalculation
• reperformance
• observation

• written/oral response from independent third party
• costly buy very reliable
• US auditing standards require it for accounts receivable when practical and reasonable
• must be controlled by auditor

• inspection of documents and records
• low cost and easy to get (sometimes only reasonable evidence available)
• internal usually only acceptable if processed under good internal control
• external usually more reliable
• vouching=using documentation to support transactins/amounts

• uses comparisons to check whether data is reasonable compared to auditor's expectations
• required during planning and completion phases on all audits

• understand the client's industry and business
• assess the entity's ability to continue as a going concern
• indicate the presence of possible F/S misstatements
• reduce detailed audit tests

• Most costly=physical examination, confirmation
• moderately costly=documentation, analytical procedures, reperformance
• least costly=observation, inquiries of the client, recalculation

• principle record of auditing procedures applied, evidence obtained, and conclusions reached by auditor
• provides reasonable assurance that an adequate audit was conducted in accordance auditing standards

• property of the auditor
• no one else can examine files unless files are subpoenaed

• auditing standards require minimum retention of 5 years
• SOX requires at least 7 for public companies

• data that is either historical or continuing in natures
• important company documents such as bylaws, contracts etc.
• PY analysis that still have importance such as LT debt, fixed assets, etc.
• info to understand internal control and assess control risk
• results of PY analytical procedures

• documentation applicable to CY audit
• audit program and general info
• working trial balance
• adjusting and reclassification entries
• supporting schedules

• analysis
• trial balance/list
• reconcilation of amounts
• tests of reasonableness
• summary of procedures
• examination of supporting documents
• informational
• outside documentation

• enables auditor to obtain sufficient appropriate evidence
• keep audit costs reasonable
• avoid misunderstandings with the client

• how willing is the auditor to accept that the financial statements might be materially misstated after the audit is complete
• lower acceptable risk means the auditor wants more certainty

measure of auditor's assessment of the likelihood that there are material misstatements before considering the effectiveness of internal control

• accept client and perform initial planning
• understand clients business and industry
• assess clients business risk
• perform preliminary analytical procedure
• set materiality and assess acceptable audit and inherent risk
• understand internal control and assess control risk
• gather information to assess fraud risks
• develop overall audit plan and program

• 1. decides whether to accept client
• 2. identify why client wants or needs audit
• 3. obtain understanding with the client about terms of audit
• 4. auditor develops overall strategy including engagement staffing and any required specialists

• who are the statement users
• what are the statements used for

• industry and external environment
• business operations and processes
• management and government
• objectives and strategies
• measurement and performance

• specific industry risks may affect auditors acceptance
• clients in certain industries have common inherent risks
• some industries have unique accounting requirements

• tour client facilities and operations=helps identify inherent risk
• identify related parties=related party transactions must be disclosed

risk tht the client will fail to achieve its objectives

• compare to PY ratios or other companies as a benchmark
• unusual changes identify higher risk of misstatement

• required in the planning phase=identifies areas of focus
• often done during testing phaes=supports account balances
• required during completion phase=final objective review

• 1. industry data
• 2. similar PY data
• 3. client determined expected results
• 4. auditor determined expected results
• 5. expected results using non financial data

• fails to consider growth or decline in business activity
• relationships of data to other data are ignored

display all items of the statement as a percentage of a base

• cash ratio=(cash+marketable securities)/CL
• quick ratio=(cash+marketable securities+net a/r)/CL
• current ratio=CA/CL

• a/r turnover=netsales/average gross receivables
• days to collect a/r=365 days/accts receivable turnover
• inventory turnover=COGS/average inventory
• days to sell inventory=365 days/inventory turnover

• debt to equity=total L/total E
• times interest earned=operating income/interest expense

• EPS=NI/average common shares outstanding
• GP %=(net sales-COGS)/net sales
• PM=operating income/net sales
• ROA=income before taxes/average total assets
• ROE=(income before taxes-preferred div)/average stockholders equity

• 1. set preliminary judgement about materiality
• 2. allocate preliminary judgement to segments
• 3. estimate total misstatement in segment
• 4. estimate combined misstatement
• 5. compare combined estimate with preliminary or revised judgement

• maximum amount statements could be misstated and still not affect the decisions of reasonable users
• helps plan appropriate evidence to accumulate

• usually based on B/S instead of I/S
• allocated materiality=tolerable misstatement

• known=amount can be determined
• likely=differneces between managers and auditors judgement about account balance estimates. projections of misstatements based on auditor's tests of samples

helps decide how much and what types of evidenceto collect

Planned detection risk=acceptable audit risk/(inherent risk*control risk)

risk that audit evidence for a segment will fail to detect misstatements exceeding tolerable misstatements

measures auditor's assessment of the likelyhood that there are material misstatements before considering internal control

will misstatements exceeding a tolerable amount be prevented or detected by clients internal controls

inherent risk + control risk

• complement of acceptable audit risk
• 1-acceptable audit risk %

acceptable audit risk decreases=planned detection risk decreases=planned evidence increases

• how much will external users rely on statements
• likelyhood that client will suffer financial difficulties after the audit report is issued
• auditor's evaluation of managements integrity

• nature of the clients business
• results of previous audits
• inital vs. repeat engagement
• related parties
• nonroutine transactions
• amount of judgement required to correctly record account balances and transactions
• makeup of the population
• fraud and missappropriations of assets

• assign more experienced staff. professional skeptisism is very important
• review the engagement more carefully. including by people who were not assigned.

• assessed during planning and generally held constant for each major cycle and account
• constant for all accounts=users should have same assurance for all accounts
• lower for some accounts=users are more concerned about certain accounts

• 1. revise original assessment of risk
• 2. consider effectes of revised risk on evidence

• requires auditors to assess and report on the effectiveness of internal controls over financial reporting
• requires management to publically report on effectiveness of controls

• 1. reliability of financial reporting
• 2. efficiency and effectiveness of operations
• 3. compliance with laws and regulations

act of two or more employees who conspire together to avoid internal controls

• statement that management is responsible for establishing and maintaining adequate internal control
• assessment of effectiveness of internal controls for financial reporting as of the end of the year

COSO internal control integrated framework

• design=address risks to prevent and detect material misstatement
• operating effectiveness =test whether controls are operating as designed and disclose material weakness

• controls over classes of transactions=accuracy of outputs (balances) depends on accuracy of inputs (transactions)
• primary concern is transaction related audit objectives

• 1. control environment
• 2. risk assessment
• 3. control activities
• 4. information and communication
• 5. monitoring

• tone at the top
• ethics and values
• board assures that management implements internal control
• HR-internal control is only as strong as the people implementing it

• minimize errors and fraud
• are financial statements prepared in accordance with GAAP

• adequate separation of duties
• proper authorization of transactions and activities=general or specific
• adequate documents and records=prenumbered, prepared when transaction occurs, multiple uses, encourage correct preparation
• physical control over assets and records-protect against theft
• independent checks on performance

how are transactions

• 1. initiated
• 2. recorded
• 3. processed
• 4. reported

managements ongoing or periodic assessment of internal controlsto make sure they are working right

• 1. obtain and document understanding of design and operation
• 2. assess control risk
• 3. design, perform, and evaluate tests of control
• 4. decide planned detection risk and substantive tests

• documentations
• inquiry of entity personnel
• observation of employees doing their work
• reperformance

• narrative=written description of internal controls
• flow chart=diagram documents and flow through organization
• internal control questionaire=yes or no with no indicating potential deficiency

• integrity of management
• adequacy of accounting records

auditors expectation that internal control will prevent or detect material misstatements

• design or operation of controls does not permit detections/prevention of misstatement
• 1. design deficiency=control is missing or not properly designed
• 2. operation deficiency=well designed control does not operate as designed

one or more control deficiencies not as severe as material weakness, but severe enough to be brought to managements attention

significant deficiency results in reasonable possibilty that internal controls will not prevent/detect material misstatement

evaluate based on likelyhood and significance

• 1. identify existing controls
• 2. identify the absence of key controls
• 3. consider the possibility of compensating controls
• 4. decide whether there is a significant deficiency or material weakness
• 5. determine potential misstatements that could result

• 1. questions appropriate client personnel
• 2. examine documents records and reports
• 3. observe control related activities
• 4. reperform client procedures

• link control risk assessments to alance related audit objectives
• use audit risk model to determine correct level of detection risk for each balance related audit objective

• determine whether there is a material weakness present
• unqualified opinion if client adjusts statements to correct misstatement before issuance
• management can change internal control report to disclose that internal controls are not operating effectively
• adverse opinion of internal control if there is a material weakness

• 1. reporting requirements=no requirement for audit of internal controls. auditor must still od written report of significant deficiencies and material weaknesses
• 2. extent of required internal controls=management is responsible for internal controls. auditor can withdraw if they believe internal controls are not adequate
• 3. extent of understanding needed=only enough to assess whether statements are auditable
• 4. assessing control risk=set control risk at maximum when internal controls are non existent or ineffective
• 5. tests of controls needed=if control risk is already maximum, tests not done