Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
http://www.cpa-cfa.org
Planning and Supervision
TIP PIE ACDO
The audit committee is responsible for the selection and the appointment of the auditor and the reviewing the
nature and scope of the engagement
In a new client relationship, it is mandatory to make inquiries of the predecessor auditor. Client permission is
needed. If the client is unwilling it is a scope limitation.
An engagement letter – a signed contract which documents the understanding with the client is required for an
audit engagement (should be signed and dated by the client)
An audit is not designed to detect error or fraud that is immaterial to the F/S
An audit is not designed to provide assurance on internal control or to identify significant deficiencies
Audit is subject to inherent risks that errors and fraud will not be detected. If we discover fraud then we report
it to the audit committee
The auditor is required to obtain an understanding of the entity, its environment and internal controls
1
AUD - Notes Chapter 3
http://www.cpa-cfa.org
• Tour client facilities
• Review financial history of client
• Obtain understanding of client accounting
• Inquire of client personnel
Materiality
Known misstatements – specific misstatements identified during the audit
Likely misstatements – misstatements the auditor considers likely to exist due to differences between auditor
and mgmt judgements or from audit evidence
Tolerable misstatements – maximum error in a specific population that the auditor is willing to accept
Because the F/S are interrelated, the auditor should use the smallest level of misstatement that could be material
to any one of the F/S
The auditor must consider the effects, both individually and in aggregate, of the uncorrected misstatements
(both known and likely)
Audit Risk
Audit risk is the risk that the auditor may unknowingly fail to modify appropriately the opinion on the F/S that
are materially misstated (risk that the auditor will give the wrong opinion)
AR = RMM * DR
AR = (IR * CR) * DR
RMM and DR have inverse relationship. When risk of material misstatement is high, detection risk should be
set low (so we have to do more work)
Direct relationship between RMM and assurance required from Substantive procedures. Greater the risk
(RMM) the more persuasive evidence needed.
Audit risk and materiality must be considered at both the F/S level and the account balance (item level)
• At the F/S level, the auditor should consider risks that have pervasive effect on the F/S, potentially affecting
many relevant assertions
• The account balance level (transaction & item level) is used to determine the nature, extent, and timing of
audit procedures. Inverse relationship between audit risk and materiality
Audit Procedures:
1. Risk assessment procedures
2. Test of controls – test of internal controls (CRIME)
3. Substantive procedures – tests $ balances
3
AUD - Notes Chapter 3
http://www.cpa-cfa.org
Account balances
C – Completeness
A – Allocation and valuation
R – Rights and obligations
E – Existence
After sufficient planning information has been gathered, an audit plan should be drafted. A written audit plan is
required for every audit.
When planning the audit, the auditor should consider the extent of involvement of the client’s internal auditors
in the audit. Internal auditors are not independent, thus, the external auditor can’t share with the internal auditor
any responsibility for audit decisions.
• Auditor must obtain an understanding of the internal audit function
• If the auditor uses the work of internal audit, competence and objectivity must be assessed
• The higher the level the internal auditors report to, the more objectivity can be assumed
• The auditor remains solely responsible for the report on the F/S. The internal auditor may not be utilized to
make judgement calls
If a specialist is used must evaluate the competence and objectivity of the specialist. Treat like one of your
staff.
Its mgmt’s responsibility to design and implement programs and controls to prevent and detect fraud
The auditor has a responsibility to plan and perform (referred to as design) the audit to obtain reasonable
assurance about whether the F/S are free from material misstatement, whether caused by error or fraud.
Consider the results of analytical procedures (required during the planning and final stage)
4
AUD - Notes Chapter 3
http://www.cpa-cfa.org
Attributes of risk:
• Type of risk: fraudulent F/S or misappropriation of assets
• Significance of risk: can it lead to a material misstatement
• Likelihood of the risk: how likely is this to happen
• Pervasiveness of the risk: does it affect the whole F/S or only specific accounts or transactions
2 Areas of greatest fraud concern:
1. Improper revenue recognition
2. Mgmt override controls
The auditor is required to respond to the results of the risk assessment on three levels
1. Overall, general response
- assigning personnel to the engagement
- determining the appropriate level of supervision of engagement personnel
- evaluating mgmt’s selection and application of accounting principles
2. Response encompassing specific audit procedures
- change nature
- change extent
- change timing
3. Response addressing risks related to mgmt override
- examine journal entries and other adjustments
- review accounting estimates for biases
- evaluate the business purpose for significant unusual transactions
Revenue recognition
- perform substantive analytical procedures relating to revenue
- confirm with customers contract terms and the absence of side agreements
Revenue recognition criteria
1. must have an arrangement (signed agreement)
2. must be a delivery
3. must be fixed or determinable price
4. collectability
Inventory quantities
- concern that there may be a failure to reconcile books to physical inventory
Mgmt estimates
- engage a specialist
- develop an independent estimate
- perform a retrospective review of prior period estimates (how good were last yr’s estimates)
Misstatements caused by fraud (even immaterial misstatements) may be indicative of an underlying problem
with mgmt integrity. The auditor may need to reevaluate the assessment of fraud risk, the assessed
effectiveness of controls, and the appropriateness of audit procedures applied.
Inform the audit committee of any fraud. Parties outside the entity that we may communicate with in certain
circumstances:
- to comply with certain legal and regulatory requirements
5
AUD - Notes Chapter 3
http://www.cpa-cfa.org
- to a successor auditor
- in response to a subpoena
- to a funding agency
If the auditor has not identified improper revenue recognition as fraud risk, support for this conclusion
Illegal acts – violation of law
The auditors responsibility to detect illegal acts are the same for fraud and errors.
The auditor has no obligation to look for illegal acts having an indirect effect on the F/S
The auditor generally does not include procedures to specifically detect illegal acts
Risk Assessment
TIP PIE ACDO (fieldwork)
6
AUD - Notes Chapter 3
http://www.cpa-cfa.org
• Highly subjective accounting estimates and principles
Response to significant risks
• Evaluate the design of the entity’s related controls
• Determine whether the controls have been implemented
• Evaluate whether and how mgmt responds to such risks
Documentation requirements
• Discussion among the audit team
• Key elements of the understanding of the entity and its environment
• The assessment of the risks of material misstatement
• The identified risks and related controls evaluated by the auditor
Document
1. control factors that were used/helped to plan the audit engagement
2. control factors that helped ensure mgmt rules and directives were followed
Forms of documentation may include any item the auditor can FIND
F – Flowchart
I – Internal control questionnaire or checklists
N – Narrative
D – Decision table
Flowcharts – symbolic diagram representing the sequential flow of authority, processes and documents. Depicts
the auditors understanding of the system
• An adequate flowchart shows the origin of each document in the system, its subsequent processing, and its
final disposition
• IT flowcharts are initially created to document the logic and existing flow of a computer program
Decision tables or trees – graphic illustrations that depict the logic of an operation or a process
Internal Control
TIP PIE ACDO
Entity objectives
1. Reliability of financial reporting (most relevant to the audit)
2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations
Controls that pertain to the first objective (reliability of financial reporting) are the most relevant to the audit,
and these are the controls that the auditor must consider and understand.
7
AUD - Notes Chapter 3
http://www.cpa-cfa.org
Five components of internal controls – CRIME
C – Control environment: overall tone of the organization
R – Risk assessment – mgmt’s identification of risk
I – Information and communication systems
M – Monitoring: assessment of internal controls over time
E – Existing control activities: control policies and procedures
It’s a CRIME not to have strong internal controls
IT system may make it impossible to reduce detection risk through substantive testing alone (must do control
testing as well)
IT benefits:
• Ability to process large volumes of transactions accurately
• Improved timeliness and availability of information
• Facilitation of data analysis and performance monitoring
• Reduction is the risk that controls will be circumvented
• Enhanced segregation of duties through effective security controls
IT Risks:
• Potential reliance on inaccurate systems
• Unauthorized access to data
• Unauthorized changes to data, systems and programs
• Failure to make required changes and updates to systems or programs
Auditor should document use of programs and perform tests more often during the yr
CRIME
8
AUD - Notes Chapter 3
http://www.cpa-cfa.org
C – Control Environment – has pervasive effect on the auditors risk of assessment and preliminary judgements
about its effectiveness may influence NET of further audit procedures to be performed
• Sets the tone of an organization, influencing the control consciousness of its people
• Communication and enforcement of integrity and ethical values
• Mgmt’s philosophy and operating style
• Organizational structure
• Assignment of authority, responsibility and accountability
• Human resource policies and practices
R – Risk assessment
• CPA should obtain understanding and knowledge
M – Monitoring
• CPA should obtain understanding and knowledge
• Process that assesses the quality of internal control performance over time
• Establishing and maintaining internal control is a responsibility of mgmt
The internal control environment should be detected in the ordinary course of business by an employee, not
- Collusion
- Mgmt overrides
9
AUD - Notes Chapter 3
http://www.cpa-cfa.org
Report on controls placed in operation – may aid the auditor in obtaining an understanding of controls,
however, it is provided when tests of operating effectiveness were not performed, and therefore it does not
provide the user with a basis for reducing the assessment of control risk
Audit approach – the auditors specific approach to identified risks at the relevant assertion level may consist of
either a substantive or combined approach
Combined approach – both control testing and substantive procedures are used. If controls are operating
effectively, less assurance will be required from substantive procedures.
Test of controls may be required in highly electronic environments, substantive procedures alone may not be
sufficient
Audit approach
Status of internal control Risk level Perform control tests Perform substantive tests
None or weak high No (because nothing to rely on) yes-maximum
Some medium Yes
Strong low Yes minimal (but never
eliminate for material
balances, transaction classes, or disclosures)
Obtaining an understanding of internal controls includes evaluating the design of controls and determining
whether they have been implemented
Only controls that are suitably designed to prevent or detect material misstatements are subject to tests of
operating effectiveness
Evidence hierarchy:
1. Personal observation and knowledge
2. External evidence
3. Internal evidence
4. Oral evidence
10
AUD - Notes Chapter 3
http://www.cpa-cfa.org
Directional testing
To test existence or occurrence assertion – Top down, start from F/S. Look for support = vouching
Test existence for overstatement of assets and revenues
To test completeness assertion – Bottom up, start from item, look to see its included/covered in F/S = tracing
Test completeness for understatement of liabilities and expenses
If substantive procedures are performed at an interim date, the auditor should perform further substantive
procedures (maybe with test of controls) to provide reasonable basis for extending audit conclusions to period
end
If risk of material misstatement is low, performing substantive procedures at interim increases the risk that the
auditor will not detect material misstatements in the F/S
In certain situations, such as those in which there is an identified fraud risk, the auditor may choose to perform
substantive procedures at or near period end.
11