Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Table of Contents
Seminar 1 – Introduction to Assurance & Regulations ............................................................................................................. 8
Principal-Agent Relationship ...................................................................................................................................................... 8
Information asymmetry........................................................................................................................................................... 8
Conflict of interest .................................................................................................................................................................. 8
Definitions of Auditing and Assurance ........................................................................................................................................ 9
Types of Auditors & Auditing Services ....................................................................................................................................... 9
Types of Assurance .................................................................................................................................................................. 10
Level of Assurance ................................................................................................................................................................... 10
IAASB Elements of an Assurance Engagement ....................................................................................................................... 10
Three Party-Relationship ..................................................................................................................................................... 10
Appropriate Subject Matter .................................................................................................................................................. 10
Suitable Criteria ................................................................................................................................................................... 11
Sufficient Appropriate Evidence ........................................................................................................................................... 11
Written Assurance Report .................................................................................................................................................... 11
Profession ................................................................................................................................................................................ 11
Characteristics of a profession (Sager 1995) ....................................................................................................................... 11
Regulation of public accountants in Singapore......................................................................................................................... 11
International Standards & Organisations .................................................................................................................................. 12
Seminar 2 – Corporate Governance, Misstatements, Type of Audit Opinions/EOM ............................................................. 13
Mandatory Requirements on Audit Committees ....................................................................................................................... 13
Mandatory Audit Requirement in Singapore ............................................................................................................................. 15
Audit Exemption ................................................................................................................................................................... 15
Internal Audit ............................................................................................................................................................................ 15
Objective & Scope of F/S Audit ................................................................................................................................................ 16
Overview of the Audit Process ................................................................................................................................................. 16
Major Phases of the Audit ........................................................................................................................................................ 17
New & Revised Auditor Reporting Standards ........................................................................................................................... 18
Key Audit Matters (KAM) .......................................................................................................................................................... 19
Types of Audit Opinion (SSA 700, 705, 506) ............................................................................................................................ 20
Unmodified (SSA700): ......................................................................................................................................................... 20
Qualified (“Except for”): ........................................................................................................................................................ 20
Disclaimer Opinion (“We do not express an opinion”): ......................................................................................................... 20
Adverse Opinion (“Do not present fairly”): ............................................................................................................................ 20
Material & Pervasive Misstatements ........................................................................................................................................ 21
Misstatement SSA 450......................................................................................................................................................... 21
Material Misstatements SSA 320(2) ..................................................................................................................................... 21
Pervasive Misstatements SSA 705 ...................................................................................................................................... 21
Emphasis of Matter & Other Matter Paragraph ........................................................................................................................ 21
Audit Expectation Gap .............................................................................................................................................................. 22
Seminar 3 – Assertions / Audit Evidence, Procedures & Documentation ............................................................................. 23
Management Assertions (SSA 315) ......................................................................................................................................... 23
Audit Evidence (SSA 500.5) ..................................................................................................................................................... 24
1
Sufficiency & Appropriateness of Audit Evidence ..................................................................................................................... 24
Evaluation of Audit Evidence .................................................................................................................................................... 25
Audit Procedures for Obtaining Audit Evidence........................................................................................................................ 25
1. Risk Assessment Procedures .......................................................................................................................................... 25
2. Tests of Controls .............................................................................................................................................................. 25
3. Substantive Procedures ................................................................................................................................................... 26
Analytical Procedures (SSA 520) ............................................................................................................................................. 27
Audit Documentation ................................................................................................................................................................ 28
Seminar 4 – Client Acceptance / Audit Planning / Relying on IA & Experts / Materiality ..................................................... 30
Client Acceptance & Continuance ............................................................................................................................................ 30
Prospective Client ................................................................................................................................................................ 30
Client Continuance ............................................................................................................................................................... 31
Preconditions for an Audit ........................................................................................................................................................ 31
Preliminary Engagement Activities ........................................................................................................................................... 32
Planning the Audit .................................................................................................................................................................... 32
Using the Work of Internal Auditor ............................................................................................................................................ 34
Using the Work of Auditor’s Expert ........................................................................................................................................... 36
Materiality ................................................................................................................................................................................. 37
Step 1: Determine Overall Materiality ....................................................................................................................................... 38
Step 2: Determine Performance Materiality (PM) ..................................................................................................................... 40
Step 3: Evaluate Audit Findings (Materiality of Misstatements) ................................................................................................ 40
Nature of Misstatements ...................................................................................................................................................... 40
Evaluation of uncorrected misstatements ............................................................................................................................ 41
Seminar 5 – Audit Risk Model / Risk Assessment / Fraud / Going Concern ......................................................................... 42
Audit Risk (SSA 200) ................................................................................................................................................................ 42
Audit Risk Model .................................................................................................................................................................. 43
Auditor’s Business Risk (SSA 200.A35) ................................................................................................................................... 44
Client’s Business Risk (SSA 215) ............................................................................................................................................. 44
Overview of Risk Assessment Process to determine CBR ....................................................................................................... 45
1. Understanding Entity’s Business and its Environment ..................................................................................................... 46
2. Evaluate Entity’s Reaction to the Risk .............................................................................................................................. 47
3. Responses to Assessed Risks ......................................................................................................................................... 47
Other Significant Risks ......................................................................................................................................................... 48
Misstatement due to Fraud (SSA 240) ..................................................................................................................................... 49
Auditor’s Responsibility for Fraud......................................................................................................................................... 50
Auditor’s Response to Overall Heightened Risk of Fraud (SSA 240) ................................................................................... 50
Fraud Risk Triangle – fraud risk factors ............................................................................................................................... 50
RMM due to Fraud: Risk Assessment & Reponses ............................................................................................................. 51
Auditor’s Responses to RMM due to Fraud ......................................................................................................................... 52
Auditor’s Responses to Identified/ Suspected Fraud............................................................................................................ 52
Considerations of Laws and Regulations (SSA 250) ........................................................................................................... 52
Auditor’s Responsibility to Report Fraud/non-compliance .................................................................................................... 53
Examples of Detecting Fraud, and Designing Controls to Prevent & Detect Fraud ............................................................. 53
Documentation of Auditor’s Risk Assessment & Response...................................................................................................... 54
Communication about Fraud to Mgmt & Those Charged w Governance ................................................................................. 54
2
Going Concern (SSA 570) ........................................................................................................................................................ 55
Management’s Responsibility .............................................................................................................................................. 55
Auditor’s Responsibility ........................................................................................................................................................ 55
Implications on Auditor’s Report .......................................................................................................................................... 56
Seminar 6 – Internal Control / Control Effectiveness .............................................................................................................. 57
What is Internal Control? .......................................................................................................................................................... 57
Management’s Responsibility over Entity’s Internal Control ..................................................................................................... 57
Reporting on Internal Control ................................................................................................................................................... 57
Auditors’ Responsibility over Entity’s Internal Control .............................................................................................................. 57
The COSO Framework – Components of Internal Control (p. 188) .......................................................................................... 58
Control Environment ............................................................................................................................................................ 58
Risk Assessment Process.................................................................................................................................................... 59
Control Activities .................................................................................................................................................................. 60
Information and Communication .......................................................................................................................................... 61
Monitoring of Controls .......................................................................................................................................................... 62
Control Risk Assessment and Audit Strategy ........................................................................................................................... 63
Control risk assessed at MAXIMUM (Substantive strategy) ................................................................................................. 63
Control risk assessed at BELOW maximum (Reliance strategy).......................................................................................... 63
Testing Operating Effectiveness of Internal Control ................................................................................................................. 64
Application of COSO Framework for Reliance Strategy ........................................................................................................... 65
Documenting the understanding of internal control .................................................................................................................. 65
Effect of Entity Size on Internal Control .................................................................................................................................... 66
Limitations of Internal Control ................................................................................................................................................... 66
Steps to set control risk below maximum for Reliance Strategy ............................................................................................... 67
Timing of Audit Procedures ...................................................................................................................................................... 67
Interim Test of Controls ........................................................................................................................................................ 67
Interim Substantive Procedures ........................................................................................................................................... 68
Considerations for entities using service organisations (outsourcing) ...................................................................................... 68
Communication of Deficiencies in Internal Control (SSA 265) (p201) ...................................................................................... 69
Example of Controls ................................................................................................................................................................. 69
Seminar 7a – Auditing in a Computerised Environment ......................................................................................................... 70
Forming an Assessment of Control Risk .................................................................................................................................. 70
Issues Introduced in a Computerized Environment .................................................................................................................. 70
Implications of IT for Auditor’s Risk Assessments .................................................................................................................... 70
Effect on IT on Internal Control ................................................................................................................................................. 71
Types of IT Controls in an IT Enviroment ................................................................................................................................. 71
General Controls .................................................................................................................................................................. 72
Application Control ............................................................................................................................................................... 73
Relationship btwn General & Application Controls ................................................................................................................... 75
Impact on Audit Strategy .......................................................................................................................................................... 75
Auditing “Around” the Computer: ......................................................................................................................................... 75
Auditing “Through” the Computer: ........................................................................................................................................ 75
Computer-Assisted Audit Techniques (CAAT) ......................................................................................................................... 76
Advantages & Disadvantages of CAATs .................................................................................................................................. 78
Example of IT Control Effectiveness ........................................................................................................................................ 80
3
Seminar 7b – Audit Sampling .................................................................................................................................................... 81
Audit Sampling and Sampling Risk .......................................................................................................................................... 81
Consequences of Sampling Risk .............................................................................................................................................. 81
Non-sampling Risk: .................................................................................................................................................................. 81
Statistical vs Non-statistical Sampling ...................................................................................................................................... 82
Statistical Sampling .............................................................................................................................................................. 82
Non-statistical Sampling....................................................................................................................................................... 82
Key Steps in Audit Sampling .................................................................................................................................................... 82
Sample Selection Methods ....................................................................................................................................................... 82
Stratification ......................................................................................................................................................................... 82
Acceptable Sample Selection Methods ................................................................................................................................ 83
Unacceptable Sample Selection Methods............................................................................................................................ 83
Attribute Sampling (For Test of Controls) ................................................................................................................................. 83
Monetary-unit Sampling Technique (Substantive Testing) ....................................................................................................... 84
Conclusions on Sampling Results ............................................................................................................................................ 85
Seminar 8 – Auditing the Revenue Process ............................................................................................................................. 86
Revenue Recognition Principles ............................................................................................................................................... 86
Revenue Process: Audit Significance ....................................................................................................................................... 86
Fraud Risks relating to Revenue .............................................................................................................................................. 86
3 Types of Transactions & F/S Accounts Affected ................................................................................................................... 87
Major Revenue Functions......................................................................................................................................................... 87
Documents and Records in Sales Process .............................................................................................................................. 88
Test of Controls – Introduction ................................................................................................................................................. 89
Inherent Risks ...................................................................................................................................................................... 89
Control Risk Assessment ..................................................................................................................................................... 89
Primary Control-related Features ......................................................................................................................................... 90
Planning & Performing Test of Controls ............................................................................................................................... 90
Test of Controls for Revenue Transactions .............................................................................................................................. 90
Test of Controls for Cash Receipts Transaction ....................................................................................................................... 94
Test of Controls – Sales Returns & Allowances / Sales Discount Transactions ....................................................................... 98
Substantive Analytical Procedures ........................................................................................................................................... 98
Test of Details – Classes of Transactions (P/L)........................................................................................................................ 99
Test of Details – Account Balances (B/S) ............................................................................................................................... 100
Test of Details – Presentation & Disclosure (Pg 338) ............................................................................................................. 101
Substantive Procedures – Sending Confirmations (SSA 505) ................................................................................................ 102
Types of confirmation (SSA 505) ....................................................................................................................................... 102
Assertion that can be tested for confirmation for AR .......................................................................................................... 102
Timing ................................................................................................................................................................................ 102
Confirmation Procedures ................................................................................................................................................... 102
Alternative Procedures ....................................................................................................................................................... 103
Auditing Other Receivables .................................................................................................................................................... 104
Auditing Estimates .................................................................................................................................................................. 104
Risk Assessment................................................................................................................................................................ 104
Responses ......................................................................................................................................................................... 104
Evaluating the Audit Findings ................................................................................................................................................. 104
4
Seminar 9 – Auditing the Purchasing Process ...................................................................................................................... 105
Audit Significance: Purchasing Process ................................................................................................................................. 105
3 Types of Transactions & F/S Accounts Affected ................................................................................................................. 105
Major Purchasing Functions ................................................................................................................................................... 105
Documents and Records in Purchasing Process ................................................................................................................... 106
Test of Controls – Introduction ............................................................................................................................................... 107
Segregation of Duties......................................................................................................................................................... 107
Inherent Risk Assessment ................................................................................................................................................. 108
Control Risk Assessment ................................................................................................................................................... 108
Test of Controls for Purchasing Transactions ......................................................................................................................... 108
Test of Controls for Cash Disbursement Transactions ........................................................................................................... 112
Test of Controls for Purchase Returns ................................................................................................................................... 115
Substantive Analytical Procedures ......................................................................................................................................... 116
Test of Details – Classes of Transactions (P/L)...................................................................................................................... 116
Test of Details – Account Balances (B/S) ............................................................................................................................... 116
Test of Details - Presentation/Disclosure................................................................................................................................ 117
Accounts Payable Confirmation ............................................................................................................................................. 118
Seminar 10 – Auditing the Inventory Management Process ................................................................................................. 119
Audit Significance: Inventory Process .................................................................................................................................... 119
Overview of the Inventory Management Process ................................................................................................................... 119
Major Functions of Inventory Department............................................................................................................................... 120
Types of Documents and Records ......................................................................................................................................... 120
Physical Inventory Count (ALWAYS REQUIRED) .................................................................................................................. 121
Observing Physical Inventory (SSA 501 & AGS 4) ............................................................................................................ 121
Misconceptions .................................................................................................................................................................. 122
Stock Count Purposes & Procedures ................................................................................................................................. 122
Inventory Fraud ...................................................................................................................................................................... 122
Test of Controls – Introduction ............................................................................................................................................... 122
Segregation of Duties......................................................................................................................................................... 122
Inherent Risk Assessment ................................................................................................................................................. 123
Test of Controls for Inventory Transactions ............................................................................................................................ 123
Substantive Analytical Procedures ......................................................................................................................................... 126
Test of Details – Inventory Management Transactions (P/L) .................................................................................................. 127
Test of Details – Inventory Account (B/S) ............................................................................................................................... 127
Inventory Pricing Test / Unit Cost Test ............................................................................................................................... 128
Test of Details – Disclosure of Inventory Items (FS) .............................................................................................................. 129
Seminar 11a – Auditing the HR Management Process .......................................................................................................... 130
2 Main Types of Transaction .................................................................................................................................................. 130
Types of Documents and Records ......................................................................................................................................... 130
HR Management Process Functions ...................................................................................................................................... 131
Test of Controls – Introduction ............................................................................................................................................... 131
Segregation of Duties......................................................................................................................................................... 131
Inherent Business Risks..................................................................................................................................................... 132
Test of Controls – Payroll Transactions .................................................................................................................................. 132
Substantive Analytical Procedures ......................................................................................................................................... 134
5
Test of Details – Payroll Expenses (P/L) ................................................................................................................................ 135
Test of Details – Payroll Liability Account (B/S)...................................................................................................................... 135
Test of Details – Presentation & Disclosure ........................................................................................................................... 136
Seminar 11b – Auditing the PPE Management Process ........................................................................................................ 137
Test of Controls – Introduction ............................................................................................................................................... 137
Segregation of Duties......................................................................................................................................................... 137
Inherent BR for PPE Processes ......................................................................................................................................... 138
Test of Controls – PPE Transactions ..................................................................................................................................... 138
Substantive Analytical Procedures ......................................................................................................................................... 139
Test of Details – PPE Purchases/Depreciation (P/L) .............................................................................................................. 139
Test of Details – PPE Account (B/S) ...................................................................................................................................... 140
Disclosure of PPE .................................................................................................................................................................. 141
Seminar 11c – Auditing the Financing/Investing Process .................................................................................................... 142
Auditing Long Term Debts / Liabilities .................................................................................................................................... 142
Inherent Risks for LT liabilities ........................................................................................................................................... 142
Test of Controls – LT liabilities ........................................................................................................................................... 142
Substantive Analytical Procedures – For LT liabilities ........................................................................................................ 143
Auditing Stockholders’ Equity ................................................................................................................................................. 144
Control Risk Assessment ................................................................................................................................................... 144
Key Segregation of Duties ................................................................................................................................................. 144
Test of Controls – For SE................................................................................................................................................... 145
Test of Details – Equity Capital Accounts .......................................................................................................................... 145
Auditing Dividends .................................................................................................................................................................. 146
Auditing Retained Earnings .................................................................................................................................................... 146
Auditing Income Statement Accounts ..................................................................................................................................... 147
Auditing the Cash Account ..................................................................................................................................................... 147
Control Risk – Cash account.............................................................................................................................................. 148
Substantive Analytical Procedures – For Cash .................................................................................................................. 148
Test of Details – For Cash ................................................................................................................................................. 148
Test of Bank Reconciliation................................................................................................................................................ 149
Fraud-Related Audit Procedures ........................................................................................................................................ 149
Auditing on other Cash accounts ....................................................................................................................................... 150
Disclosure Issues for Cash ................................................................................................................................................ 150
Auditing Investment Accounts ................................................................................................................................................ 151
Inherent Risk ...................................................................................................................................................................... 151
Segregation of Duties......................................................................................................................................................... 151
Tests of Controls – For Investment .................................................................................................................................... 151
Substantive Analytical Procedures – For Investment ......................................................................................................... 152
Test of Details – For Investment ........................................................................................................................................ 152
Seminar 12 – Audit Completion ............................................................................................................................................... 154
Events after the balance sheet date (FRS 10)........................................................................................................................ 154
Subsequent Events (SSA 560) ............................................................................................................................................... 154
Contingent Liabilities (FRS 37) ............................................................................................................................................... 155
Audit Procedures for Identifying Contingencies (SSA 501) ................................................................................................ 156
Other Matters to be Addressed in Completing the Audit ........................................................................................................ 157
6
Comparative Information (SSA 710) ....................................................................................................................................... 157
Other Information (OI) in Documents Containing Audited F/S (SSA 720(revised)) ................................................................ 158
Written Representations (SSA 580) ....................................................................................................................................... 158
Communications with TCWG (SSA 260) ................................................................................................................................ 159
Seminar 13 – Other Types of Assurance / Professional Ethics & Judgement .................................................................... 160
Assurance Engagement & Related Services .......................................................................................................................... 160
Level of Assurance ................................................................................................................................................................. 160
Need for Professional Judgement & Skepticism ..................................................................................................................... 161
Conceptual Framework for Code of Ethics ............................................................................................................................. 162
Fundamental Principles S100.5 ......................................................................................................................................... 162
Threats ............................................................................................................................................................................... 162
Safeguards ............................................................................................................................................................................. 163
Independence (S290.6 ACRA Code) ..................................................................................................................................... 164
Ethical Conflict Resolution Process (ACRA Code 100.19-25) ................................................................................................ 164
Financial Ratios ........................................................................................................................................................................ 165
7
Seminar 1 – Introduction to Assurance & Regulations
Factors giving rise to demand for assurance
Conflict of interest
Information asymmetry arising from
- Remoteness of information eg manager generally has more information about the ‘true’ financial
position and results of the entity than the absentee owner need to solve information
asymmetry
- Complexity: eg average users may not have the ability to verify financial statement information
need for competent auditors
Consequence eg importance of the credibility of financial statements to users need for
lower risks to make better decisions
Principal-Agent Relationship
Information asymmetry
Manager generally has more information about the “true” financial position and results of
operations than the owner
Adverse selection (one party has more information than the other)
Moral hazard (the actions of one party is unobservable to the other – eg manager can shirk
responsibility as owner cannot see his actions/impact of his actions)
Therefore, auditing helps to add reliability, relevance and credibility to the report, thus reducing
information risk – risk that information circulated by a company’s management will be false or
misleading. It helps to monitor the contractual relationship between the entity and its stakeholders.
8
Definitions of Auditing and Assurance
Auditing Assurance
American Accounting Association: SSA Framework on Assurance Engagements:
A systematic process of objectively obtaining and Engagement in which a practitioner expresses a
evaluating evidence regarding assertions about conclusion designed to enhance the degree of
economic actions and events to ascertain the confidence of the intended users (other than
degree of correspondence between those responsible party) about the outcome of the
assertions and established criteria, communicating evaluation/ measurement of a subject matter
the results to interested users againt criteria
Subset of assurance Broader than auditing
Expresses a conclusion to enhance degree Systematic process
of confidence of intended users abt outcome o Well-planned and thorough
of evaluation/measurement of subject matter Compare evidence gathered to assertions
vs. criteria. about economic entity to assess ‘degree of
Subject matter can take many forms, i.e. correspondence between those assertions &
financial & non-financial. established criteria’.
Role to auditing similar - determine o Criteria used for F/S audit will be a
correspondence of subject matter info to financial reporting framework
criteria. o In F/S audits, very specific reports are
o Gathers sufficient appropriate info to prescribed by auditing standards to
provide reasonable basis for expressing communicate auditor’s findings.
a conclusion on subject matter info in an
assurance report.
Exhibits 5 elements:
Three party-relationship (practitioner,
responsible party and intended user)
Appropriate subject matter
Suitable criteria (FRS)
Sufficient appropriate evidence
Written assurance report
9
Forensic Auditor: Trained in detecting, Forensic Audit: Detect and deter fraudulent
investigating and deterring fraud and white-collar activities
crime; Reconstruct incomplete accounting Financial Statement Audit: Determine the
records, identifying and investigating transactions accuracy and reliability of financial statement, and
and related assets in business, embezzlement the extent to which it is prepared in accordance
and probe money-laundering with FRS standards
Level of Assurance
Factors to consider: Cost, timing, needs
Reasonable Assurance Engagement
Practitioner gathers sufficient appropriate evidence to enable him to express his conclusion in the
positive form
e.g., “In our opinion, management’s assertions are fairly presented.”
Limited Assurance Engagement
Practitioner gathers sufficient appropriate evidence to enable him to express his conclusion in the
negative form
e.g., “in our opinion, nothing has come to our attention that causes us to believe that
management’s assertions are not fairly presented.”
10
o E.g.: effectiveness of internal control, performance around human rights (part of
sustainability performance), entity’s financial performance
Subject Matter Information: Outcome of measurement using criteria
o E.g.: financial statements (result of applying IFRS), assertions in sustainability report
(result of applying Global Reporting Initiative)
Appropriate:
o Identifiable and capable of consistent evaluation/measurement against identified criteria
o Can be subjected to procedures for gathering sufficient appropriate evidence to support a
reasonable assurance or limited assurance conclusion
Suitable Criteria
Benchmarks used to evaluate or measure the subject matter. E.g. IFRS, GRI
Suitable: relevant, complete, reliable, neutral, understandable (if on basis of practitioner’s own
expectations, judgments or individual experience à not suitable criteria)
Sufficient Appropriate Evidence
Written Assurance Report
Profession
A disciplined group of individuals who adhere to high ethical standards and uphold themselves to, and are
accepted by, the public as possessing special knowledge and skills in a widely recognised, organised body
of learning derived from education and training at a high level, and who are prepared to exercise this
knowledge and these skills in the interest of others.
Characteristics of a profession (Sager 1995)
Skill based on theoretical knowledge (to apply skills in practice to further interests of clients)
Extensive period of education (formal education)
Testing competency (pass a prescribed examination based on theoretical knowledge)
Institutionalized training or period of internship
Licensed practitioners
Work autonomy environment (independent decision-making)
Professional associations
Code of ethics
ACRA undertakes oversight of issuance of auditing standards. The Auditing and Assurance Standards
Committee (AASC) of ISCA manages the due process. SSAs are based on ISAs.
11
International Standards & Organisations
International Federation of Accountants
IFAC is the global organization for the accountancy profession. It establishes international standards on
ethics, auditing and assurance, accounting education, and public sector accounting through its
independent standard-setting board
Independent Board Description
International Auditing Issues international standards for quality control, auditing, review, other
and Assurance assurance and related services
Standards Board Promotion of the International Standards on Auditing
(IAASB) Offer guidance and support tools to facilitate the adoption and
implementation of its standards
International Ethics Develops and issues ethical standards and guidance for use by
Standards Board for professional accountants (i.e. Code of Ethics for Professional
Accountants (IESBA) Accountants)
International Accounting Develop and publicize International Financial Reporting Standards
Education Standards Approve the interpretation of IFRS
Board (IAESB)
12
Seminar 2 – Corporate Governance, Misstatements, Type of Audit Opinions/EOM
Corporate Governance is the system by which companies are directed and controlled. Board of
directors are responsible for the governance of their companies.
Key players:
Internal External
Board of Directors (executive/non-executive) External auditors
Sub committees: Audit, remuneration, Regulators
nominating Shareholders and advocates
Internal auditors Analysts, lenders, rating agencies
AC Composition
12.1 The AC should comprise at least 3 directors
Majority of whom, including the AC chairman should be independent
All members should be non-executive directors
Board should disclose in Annual Report names of the members of AC and the key terms of
references
12.2 Board should ensure that members are appropriately qualified to discharge their responsibilities
At least 2 members, including AC chairman should have recent and relevant accounting
or related financial management expertise or experience
As the board interprets such qualification in its business judgement
2.3 An “independent” director is one who has no relationship with
The company
Its related corporations
10% shareholders or its officers
That could interfere, or to be reasonably perceived to interfere, with the exercise of the director’s
independent business judgement with a view to the best interests of the company
AC Duties
12.4 (a) Reviewing the significant financial reporting issues and judgements so as to ensure
integrity of FS and any announcements relating to the company’s financial performance
(b) Reviewing and reporting to the board at least annually adequacy and effectiveness of the
company’s internal controls, including financial, operational, compliance and information
technology controls (such review can be carried out internally or with the assistance of any
competent third parties)
(c) Reviewing the effectiveness of the company’s internal audit function
(d) Reviewing scope & results of the external audits + independence & objectivity of ex.auditors
(e) Making recommendations to the Board on proposals to the shareholders on the appointment,
re-appointment and removal of external auditors, and approving the remuneration and terms
of engagement of the external auditors
12.5 AC should meet with external and internal auditors in each case without the presence of
Management, at least annually
12.6 AC should review the independence of the external auditors annually and should state
(a) Aggregate amount of fees paid to external auditors for that financial year
(b) Breakdown of the fees paid in total for audit and non-audit services respectively or an
appropriate negative statement in the company’s Annual Report
Where the external auditors also supply a substantial volume of non-audit services to the company
AC should keep nature and extent of such services under review, seeking to maintain objectivity
14
Mandatory Audit Requirement in Singapore
Companies Act, S201:
Directors of every company to present at AGM audited profit and loss account and balance sheet
that comply with the requirements of the Accounting Standards AND give a true and fair view
of the profit and loss and state of affairs of the company respectively
Holding companies to present audited balance sheet of the holding company and consolidated
accounts (profit or loss account and balance sheet)
S201:14A – True and Fair override “need not comply with that requirement (of Accounting Standards)
to the extent that this is necessary for them to give a true and fair view of the matter”
Audit Exemption
Companies Act, Section 205B&C, 13th Schedule:
Company is exempt from audit requirement if it is:
Dormant at time of formation or since previous financial year OR
Company that qualifies as a ‘small company’
o Private company in FY in question AND
o Meets at least 2 of the following criteria in the immediate past 2 FYs:
Total annual revenue ≤ $10 million
Total assets ≤ $10 million
Number of employees ≤ 50
o For company which is part of a group:
Company must qualify as a small company AND
Entire group must be “small group” to qualify
Internal Audit
(Currently no requirements recommends only)
Principle 13: Company should establish an effective internal audit function that is adequately resourced
and independent of the activities it audits
Guidelines:
13.1 The IA’s primary line of reporting should be to the AC chairman although the IA would also
report administratively to the CEO
The AC approves the hiring, removal, evaluation and compensation of the head of the IA
function or the accounting/auditing firm or corporation to which the IA function is outsourced
IA should unfettered access to all the company’s documents, records, properties and personnel,
including access to the AC
13.2 AC should ensure the IA function is adequately resourced and has appropriate standing within
the company.
For the avoidance of doubt, the IA function can be in-house, outsourced to a reputable
accounting/auditing firm or corporation, or performed by a major shareholder, holding company or
controlling enterprise with an internal audit staff
13.3 IA function should be staffed with persons with the relevant qualifications and experience
13.4 IA should carry out its function according to the standards set by nationally or internationally
recognised professional bodies
13.5 AC should, at least annually, review the adequacy and effectiveness of IA function
SSA 700.35 Requires the auditor to express an opinion as to whether the financial report ‘gives a true
and fair view’ or ‘presents fairly, in all material respects’ in accordance w the applicable financial
reporting framework
To enhance the degree of confidence of intended users in the F/S
Through the expression of an opinion by the auditor on whether the financial statements are
o Presented fairly
o In all material respects, (or give a true and fair view)
o In accordance with an applicable financial reporting framework
By obtaining reasonable assurance about whether the F/S as a whole are free from material
misstatement, whether due to fraud or error
16
Major Phases of the Audit
Phases are quite iterative and interrelated in nature (They do not always happen in sequence)
Client Acceptance/ Continuance & Establishing an Understanding w Client (S3-5)
Professional standards require audit firms to establish policies & procedures for choosing
whether to accept new clients/ keep current ones
Purpose: Minimize chance that auditor will be linked to clients lacking integrity If client lacks
integrity, higher RMM, that goes undetected
New clients:
o Confer w predecessor auditor
o Do background checks on top management
o This would give auditor valuable understanding of entity & environment, helps in risk
assessment and audit planning
Preliminary Engagement Activities (S3-5)
1. Determine audit engagement team requirements
Auditors updating their understanding of entity & its environment
o Nature of entity, industry, performance measures, internal control
o Knowledge of entity & environment helps in assessing RMM & in setting scope of
audit
Partner forms team w members having suitable audit & industry experience for
engagement, determines if experts are needed
2. Ensure audit firm & engagement team complies with ethical requirements, including being
independent of entity being audited
Free from prohibited relationships that might threaten objectivity
3. Establish understanding with client regarding services to be performed and terms of engagement
Timing of audit and expected audit fees
Plan the Audit (S3-5)
Proper planning ensures audit is done effectively & efficiently
Make a preliminary assessment of client’s biz risks & determine materiality
Audit team relies on the above judgements to assess risk relating to likelihood of material
misstatements in F/S
Should consider auditor’s knowledge of entity’s internal control system
Planning results in written plan that sets forth overall audit strategy, & NET of audit work
Consider Internal Controls (S6-7)
To achieve reliable financial reporting, effective & efficient operations, compliance with laws and
regulation
Quality of internal controls over financial reporting is relevant to auditors
o Helps to assess risk & identify areas where high RMM
Opinion on effectiveness of internal control over financial reporting is not needed
Audit Business Processes & Related Accounts (e.g. revenue generation) (S8-11)
Organize audits by grouping F/S accounts according to biz processes that primarily affect those
accounts
Complete the Audit & Evaluate Results (S12)
Obtain sufficient appropriate evidence to reach & justify a conclusion on fairness of F/S
Assess sufficiency of evidence and seek additional evidence when needed
Auditor also assess some issues, including possibility of undisclosed contingencies, and look for
any post balance sheet events that affect F/S
17
Issue Audit Report (S2&12)
Evaluate results & choose suitable audit report (audit opinion) to issue
Determines if preliminary assessments of risks are suitable in light of evidence collected &
whether sufficient evidence was obtained
Auditor aggregates total uncorrected misstatements that are detected & determines if they cause
F/S to be materially misstated
o If material, auditor can get client to correct misstatements
o If client refuses, auditor issues opinion that indicates F/S are materially misstated, &
explain nature of misstatement
o If uncorrected misstatements are insignificant enough or if client corrects them, then
unmodified opinion
18
Key Audit Matters (KAM)
KAM are those that the auditor views as most significant, with an explanation of how they were
addressed in the audit
Description of KAM
Why the matter was considered to be a KAM
How the matter was addressed in the audit
Reference to the related disclosures (if any)
Should be entity-specific, avoid standardized/ overly technical language
Description may include SSA 791.A46
o Aspects of the auditor’s response/ approach
o Brief overview of audit procedures performed
o Indication of outcome of auditor’s procedures
o Key observations with respect to the matter
Description should not
o Imply that the matter has not be appropriately resolved by auditor in forming the opinion
on the F/S
o Contain or imply discrete opinion or separate elements of the F/S
19
Types of Audit Opinion (SSA 700, 705, 506)
20
Material & Pervasive Misstatements
Misstatement SSA 450
Difference between the
Amount, classification, presentation, or disclosure of a reported F/S item and
Amount, classification, presentation, or disclosure that is required for the item to be in
accordance with the applicable financial reporting framework.
Misstatements can arise from error or fraud.
21
Examples of situations in which it is used:
An uncertainty relating to future outcome of
exceptional litigation or regulatory action
Early application (where permitted) of a
new accounting standard that has a
pervasive effect on the financial statements
in advance of its effective date
A major catastrophe that has had, or
continues to have, a significant effect on
the entity’s financial position (e.g. fire)
A material uncertainty that may cast
significant doubt about the company’s
ability to continue as a going concern which
has been adequately disclosed (SSA 570)
Unusually important subsequent events
Significant transactions with related parties
Difference between the actual and expected performance of an auditor from the society
Both will never meet because of unreasonable expectations
Solutions – from auditor: more training, revise standards; from society: educate public, outreach,
seminars
(Refer to Sem 2 last slide for more information)
22
Seminar 3 – Assertions / Audit Evidence, Procedures & Documentation
IAASB is expected to revise ISA 315 to integrate relevant assertions relating to disclosure rather than
keeping them as separate assertions
Assertions about classes of transactions and events for the period under audit:
Occurrence - transactions and events that have been recorded have occurred & pertain to entity.
Completeness - all transactions and events that should have been recorded have been recorded.
Accuracy - amounts and other data relating to recorded transactions and events have been
recorded appropriately.
Cut-off - transactions and events have been recorded in the correct accounting period.
Classification - transactions and events have been recorded in the proper accounts.
Assertions about account balances at the period end:
Existence - assets, liabilities, and equity interests exist.
Rights and obligations - the entity holds or controls the rights to assets, and liabilities are the
obligations of the entity.
Completeness - all assets, liabilities and equity interests that should have been recorded have
been recorded.
Valuation and allocation - assets, liabilities, and equity interests are included in the financial
statements at appropriate amounts and any resulting valuation or allocation adjustments are
appropriately recorded.
Assertions about presentation and disclosure:
Occurrence and rights and obligations - disclosed events, transactions, and other matters have
occurred and pertain to the entity.
Completeness - all disclosures that should have been included in the financial statements have
been included.
Classification and understandability - financial information is appropriately presented and
described, and disclosures are clearly expressed.
Accuracy & valuation - financial and other information are disclosed fairly & at appropriate amts
23
Audit Evidence (SSA 500.5)
Info used by auditor in arriving at conclusions on which audit opinion is based
Includes info contained in accounting records underlying the F/S and other info
Nature/ sufficiency & appropriateness/ evaluation
SSA 200(A48): The matter of difficulty, time or cost is not in itself a valid basis for the auditor to omit an
audit procedure for which there is no alternative or to be satisfied with audit evidence that is less than
persuasive
24
Evaluation of Audit Evidence
Proper evaluation of evidence requires an understanding of the:
Type of evidence available
Relative reliability of available evidence
Evidence Triangulation SSA 500 (A8) More assurance is ordinarily obtained from consistent audit
evidence from different sources or of a different nature than from items of audit evidence considered
individually
Auditor must be able to assess when a sufficient amount of appropriate evidence has been obtained in
order to determine fairness of management’s assertions.
Must be thorough in searching for evidence and unbiased in evaluation
E.g. If no response to confirmation, check through subsequent cash receipts, shipping
documents, etc.
In evaluation of evidence, auditor must be objective and not allow evaluation to be biased by
other
2. Tests of Controls
Test operating effectiveness of controls in preventing/ detecting and correcting material
misstatements in relevant assertion level
E.g. Inspection of documents, observation of application of specific controls/ walk-throughs/
reperformance of application of control by auditor
25
3. Substantive Procedures
Detect material misstatements at relevant assertion level. (Monetary errors)
Test Of Details
Of classes of transaction, account balances, disclosure
Detailed transactions are verified
E.g. Inspecting invoices, tracing them to various accounts, tracing cash received & paid form the
cash book to the proper account
Substantive Analytical Procedures
Evaluation of financial info via analysis of plausible relationships among both financial & non-
financial data, i.e. compare previous year’s figures with current year, adjusted for economic
conditions
Make comparisons to identify accounts that may have material misstatements and need more
investigation, or as a reasonableness test of account balance. Effective and efficient form of
evidence. Used to accomplish 3 purposes:
o Risk assessment procedures to help auditor better understand biz and plan nature,
extend, timing of audit procedures (NET).
o Substantive analytical procedures as substantive procedure to get evidence about
particular assertions related to account balances/classes of transactions.
o Final analytical procedures: overall review of financial info in the final review stage of
audit.
More reliable: external, effective internal control, obtained directly by the auditor, original, in writing
Key points to take note:
Procedure must match to what you want to do (objective)
Inspection (of asset) can confirm existence, but not ownership. For R&O, inspect document.
Observation typically for internal control
Observation usually low but absolute assurance if only done once a year (e.g. stock take)
External confirmation: don’t always assume collusion
26
External confirmation cannot test completeness (e.g. owe $200 instead of the confirmed $100)
Analytical procedures help to address completeness
Inquiry good for understanding and fast but may not be reliable
Scanning efficient for large data and can check for completeness (missing sequence) and
existence (e.g. double counting)
Recalculation and reperformance depend on the accuracy of underlying data
27
Usefulness of Analytical procedures as substantive procedures depends on
Assessed risk of material misstatement
o Higher risk greater reliance on tests of details
Precision of expectation. Which is affected by
o Degree of disaggregation (eg by period, product line)
o Predictability of relationships (eg recurring vs non-recurring expenses)
Availability of relevant & reliable data
o Eg. industry results, non-financial information
Audit Documentation
Record of the audit procedures performed, relevant audit evidence obtained and conclusions the auditor
reached
Purpose of documentation
Provide evidence in relation to
o The auditor’s basis for a conclusion about the achievement of the overall objectives of the
auditor
o How the audit was planned and performed in accordance with SSA and applicable legal
and regulatory requirements
Helps the engagement team plan and perform the audit
Helps members of the engagement team responsible for supervision to direct and supervise the
audit work, and to discharge their review responsibilities
Enable the engagement team to be accountable for its work
Retain a record of matters of continuing significance to future audits
Enable the conduct of external inspections in accordance with applicable legal, regulatory or
other requirements
Enable the conduct of quality control reviews and inspections in accordance with Singapore
Standard on Quality Control (SSQC) or equally demanding national requirements
28
For information that is inconsistent with the auditor’s final conclusion regarding a significant
matter
o The auditor shall document how the auditor addressed the inconsistency
Departure from a relevant requirement
o The auditor shall document how the alternative audit procedures performed achieve the
aim of that requirement, and the reasons for the departure.
Matters arising after the date of auditor’s report
o If the auditor performs new or additional audit procedures or draws new conclusion after
the date of the auditor reports, the auditor shall document
The circumstances encountered
The new or additional audit procedures performed, audit evidence obtained,
conclusion reach and the effect on auditor’s report
When and by whom the resulting changes to audit documentation were made and
reviewed
Audit File
One or more folders or other storage media, in physical or electronic form, containing the records that
comprise the audit documentation for a specific documentation.
29
Seminar 4 – Client Acceptance / Audit Planning / Relying on IA & Experts / Materiality
Client acceptance & continuance Preliminary engagement activities Plan the audit
Prospective Client
Perform procedures to evaluate prospective client before accepting. Documented in memo or by
completion of an entity acceptance questionnaire/checklist.
Procedure Explanation
1. Obtain & review available financial info Financial info - Annual reports, interim F/S, income
tax returns
2. Inquire of 3rd parties abt integrity of entity & 3rd parties - Lawyers, credit agencies
mgmt
3. Communicate with predecessor auditor Info about integrity of management
(Prospective client must authorize Disagreements w mgmt abt accounting policies, audit
predecessor auditor to respond to successor’s procedures, or significant matters
requests for info – Auditors are not allowed to
disclose confidential client info) Understanding about reasons for change of auditors
30
If the prospective client has been audited before (above procedures + following)
Need to check with predecessor for information or to permit a review of working paper, it must be done
with the predecesor’s authorization
Information that might bear on the integrity of management
Disagreement with management about accounting policies, auditing procedures or other similarly
significant matters
Communication to those charged with governance regrading fraud and non-compliance with law
and regulations and significant deficiencies in internal control
Predcessor’s understanding about the reasons for the change in auditors
Client Continuance
Evaluate periodically whether to continue the relationship with current clients
May take place at or near the completion of an audit or when significant event occur
Consider: Any conflicts over accounting/auditing issues? Or dispute over fees?
SSA 210.8 If the preconditions for audit are NOT present auditor shall discuss the matter with
management
Unless required by law or regulation to do so, the auditor shall not accept the proposed audit
engagement
SSA 210.7 If management or TCWG impose a limitation on the scope of the auditor’s work in terms of
a proposed audit engagement such that the auditor believes the limitation will result in the auditor
disclaiming an opinion on FS auditor shall not accept such as limited engagement as an audit
engagement
Unless required by law or regulation to do so, the auditor shall not accept the proposed audit
engagement
31
Preliminary Engagement Activities
1. Determine the Audit Engagement Team Requirements
Ensure auditors’ have a proper degree of technical training & proficiency, given the situation
of entity
Factors to consider: Engagement size/ level of risk/ complexity/ special expertise/ personnel
availability/ timing of work to be performed.
2. Ensure that the Audit Team and Audit Firm are in Compliance with Ethical and Independence
Requirements
Auditor must comply with profession’s ethical requirements, including independence.
Quality control standards require firm to establish policies & procedures to ensure all meet
ethical requirements & maintain independence.
Overdue client fee affects independence
3. Establish an Understanding with the Entity
Engagement letter: Establishes objectives/ management’s responsibilities/ auditor’s
responsibilities/ limitations of the engagement
Using the work of internal auditors – Must determine reliability or IAF
o Objectivity, competence, systematic and disciplined approach
Discuss the role of those charged with governance
o Board of directors and audit committee
When preparing the audit plan, the auditor should be guided by the results of the risk assessment
procedures performed to gain an understanding of entity.
Additional steps:
Steps Description
1. Assess Business Identify the business risk that may result in material misstatements
Risk Evaluate how the entity respond to the business risks and ensure that
control have been implemented plan audit procedures
Use risk audit model restrict risk at account balance level and achieve
acceptable low level of risk
2. Establish Materiality Overall materiality (evaluate FS as a whole)
o Based on user information needs, but not how risky a particular
account balance might be
Performance materiality (evaluate as account, transaction level)
o Plan and perform audit procedures at the account or disclosure
level
3. Consider Multi- Determine the locations or business units to be audited, and the extent
location or business of audit procedures
units Assess the risk of material misstatement to the conslidated financial
statement assoicated with the location or business unit
32
Correlates the amount of audit attention devoted to the location or
business unit with the level of risk involved
4. Assess the needs for Auditor is still responsible for the work performance by key experts
experts Need to evaluate on the competence and objectivity of the expert, audit
(elaborated below) the inputs used by the experts and reconcile the output, review the
export work for reasonableness
Eg. Experts in finance, tax, valuation (environmental liabilities, jewelry,
oil) IT experts in presence of complex IT
5. Consider additional Provide recommendations on improvement on business processes after
value-added services analyzing business risk
6. Identify related Transactions may not be at arm’s length
parties Need to understand the entity’s control for identifying related parties,
authorizing and approving related party transactions and accounting for
and disclosing related party transaction
Need to inquire management the names of related parties, the nature of
the relationship, types of transactions and reasons for entering into the
transacations with related parties
7. Consider non- Non-compliance as acts of omission or commission by the entity, either
compliance with law intentional or unintentional, which are contrary to the prevailing laws or
and regulations regulations
Two forms of effect on material amount
o Direct (i.e. tax law, pension laws, government regulation):
Auditor’s responsibility is the same as fraud
o Indirect (i.e. environmental law, equal employment): Auditor’s
responsibility is limited to performing specified audit
procedures (i.e. inquiry of management whether entity is
following such law and regulations)
Consider the implication for other aspects of the audit, especially the
reliability of management representation when there is non-compliance
issue
o Inform Those Charged with Governance
o Notify parties outside the entities (i.e. legal bodies)
8. Conduct preliminary To understand client business and identify FS likely to obtain errors
analytical procedures
9. Document the overall Document the decisions about the nature, timing and extent of audit
audit strategy and audit tests
plan Establish linkage from the entity business objectives and strategy to
audit plans
33
Using the Work of Internal Auditor
Methods in which external auditors can use internal auditor’s work
Using the work of the internal audit function in obtaining audit evidence
Obtain information (work done by IAF) that is relevant to external auditor in assessing the risk of
material misstatement
May decide to use that information in partial substitution for audit evidence to be obtained directly
by external auditor
Using internal audit to provide direct assistance under the direction, supervision and review of the
external audit
34
Determine the nature and extent of work of the IA function that can be used
Consider the nature and scope of the work that has been performed, or is planned to be
performed by the internal audit, and whether is it relevance to the external auditor’s overall audit
strategy and audit plan
Extent of judgement involved to planning and perform audit procedueres and evaluating the audit
evidence gathered
o External auditor will need to perform more procedures and rely less on IAF’s work when
more judgment is needed
Assessed risk of material misstatement at the assertion level
o Higher assessed risk of material misstatement means more judgment will be involved for
planning and performing audit procedures, and therefore external auditor will be more
directly invovled
Whether the IAF organization status and relevant policies and procedures support the objectivity
of internal auditors
o The less objective the IAF, the more direct work the external auditor should engage in
during the work
Level of competence of internal audit function
Determine whether external auditor will be sufficiently involved in the audit after involving the IAF
Determine the nature and extent of work that can be assigned to internal auditors providing direct
assistance – (SSA610 A36 – A38 give examples of what can be assigned and not)
Extent of judgement involved in planning and performing audit procedures and evaluating the
audit evidence gathered
Assessed risk of material misstatement
Objectivity and competence of IAF who will be providing direct assistance
35
Using the Work of Auditor’s Expert
Determine the need for an Auditor’s expert
Nature, timing and extent of audit procedures (SSA620 A10 for examples)
Nature of the matter to which that expert’s work relates
o If the work relates to significant matter that involves subjective and complex judgment, the
auditor would need an extensive audit procedures before using te work of auditor’s expert
o Risk of material misstatement in the matter to which expert’s work relates
Significance of that expert’s work in the context of audit
o If the expert’s work is integral to audit, the auditor would need an extensive audit
procedures before using the work of auditor’s expert
Auditor’s knowledge of and experience with previous work performed by that expert
o If the auditor has not previously used the work of the auditor’s expert, and has no prior
knowledge of that’s expert capabilities and objectivity, the auditor would need an
extensive audit procedures before using the work of auditor’s expert
Whether that expert is subject to the auditor’s firm quality control policies and procedures
o If the expert is an externa expert and therefore, is not subject to the firm’s quality control
policies and procedures, then the auditor would need an extensive audit procedures
before using the work of auditor’s expert
Obtain an understanding of the field of expertise of the auditor’s expert (a.k.a check the quality of the
work performed by the expert)
The assumptions and methods used by the auditor’s expert, and whether they are generally
accepted within that expert’s field and appropriate for financial reporting purposes
The nature of internal and external data or information the auditor’s expert uses
36
Materiality
SSA 320.2 Misstatements, including omissions, are considered to be material if they, individually or in
the aggregate, could reasonably be expected to influence the economic decisions of users taken on the
basis of FS
Judgements about materiality are made in light of surrounding circumstances, and are affected
by the size or nature of a misstatement, or a combination of both
SSA 320.8 The objective of the auditor is to apply the concept of materiality appropriately in planning &
performing the audit (Risk assessment & Risk response)
SSA 450.11 The auditor shall determine whether uncorrected misstatements are material, individually or
in aggregate (Reporting)
37
Determining Materiality at the Planning Stage
SSA 320.10 When establishing the overall audit strategy, the auditor shall determine materiality:
(iv) For the financial statements as a whole
(v) Performance materiality for purposes of assessing RMM & determining NET of further audit
procedures
SSA 320.A10 Factors that may indicate the existence of particular classes of transactions/ account
balances/ disclosures where misstatements of lesser amounts than materiality for F/S as a whole could
reasonably be expected to influence economic decisions of users include:
Law, regulation, applicable FRF affecting users’ expectations (e.g. Related party transaction,
director’s remuneration)
Key disclosures in relation to industry in which entity operates (e.g. R&D costs for a
pharmaceutical co.)
Attention focused on particular aspect of entity’s biz that is separately disclosed in the F/S (e.g.
newly-acquired business)
SSA 320 (A3-4, A13): Typically use a percentage applied to a chosen benchmark as a starting point in
determining materiality for the F/S as a whole (a matter of professional judgment)
38
Factors affecting choice of benchmark
Focus of users Financial performance/ profit
Assets (creditors)
Revenue (Growth, market share)
Nature of entity Industry
Source of finance
Assets for manufacturing
Volatility or Revenue & assets typically more stable
Stability of Use averages of prior 3 years’ values if firm performance is volatile
benchmark
Examples: Profit before tax from continuing operations is often used for profit-oriented
entities (e.g. public-listed)
Net asset value or total equity (for asset-based entities like investment funds)
Profit before owner’s remuneration and tax (for small owner-managed entities)
Total revenue or total expenses (for not-for-profit entity)
39
Step 2: Determine Performance Materiality (PM)
SSA 320 (9 & A12): Amount(s) set by auditor at less than materiality for F/S as whole (& classes of
transactions/ account balances/ disclosures) to reduce to an appropriately low level the P (aggregate of
uncorrected & undetected misstatements exceeds materiality)
Requires exercise of professional judgement
Purpose: to establish scope for the audit procedures for the individual account balance / disclosure
Once exceeds materiality, auditor need to consider extending the scope of the work and revising
the audit plan
PM should be lowered if RMM is assessed as high inverse relationship between risk and materiality
Evaluate the nature and cases of identified misstatements and consider the need to revise overall
audit strategy and audit plan
Communicate identified misstatements with appropriate level of management on a timely basis
and request for correction of misstatements
Nature of Misstatements
SSA 450.A6 In evaluating the effect of misstatements & communicating misstatment w mgmt & TCWG,
it may be useful to distinguish between:
Factual Correct first!
misstatements About which there is no doubt (eg sales cut-off error)
Judgemental Related to management’s selection / application of accounting policies or
misstatements judgements concerning accounting estimates that auditor considers
inappropriate / unreasonable e.g. bad debts, impairment
Margin of error Increase sample size
Projected Related to auditor’s best estimate of misstatements based on projection of
misstatements identified misstatements from audit samples to entire populations
Margin of error Increase sample size
40
Examples that Render a Misstatement Material (SSA 450.A21)
Extent to which the misstatement:
Affects compliance with regulatory requirements, debt covenants or other contractual
requirements
Masks a change in earnings or other trends e.g. loss to profit
Affects ratios used to evaluate the entity’s financial position, results of operations or cash flows
Affects significant segment information presented in the financial statements
Increases management compensation (e.g. by meeting bonus criteria)
41
Seminar 5 – Audit Risk Model / Risk Assessment / Fraud / Going Concern
Audit Risk (SSA 200)
Is the risk that the auditor expresses an inappropriate audit opinion when the financial statements
are materially misstated
As the basis of the auditor’s opinion, SSAs require the auditor to obtain reasonable assurance
about whether the FS as a whole are free from MM, whether due to fraud or error
Reasonable assurance is a high level of assurance obtained when auditor has sufficient
appropriate audit evidence to reduce audit risk to an acceptably low level
SSA 320 (A1): Materiality and audit risk are related. They are considered throughout the audit, in
particular when:
Identifying & assessing the RMM (SSA 315)
Determining the NET of further audit procedures (SSA 330)
Evaluating the effect of uncorrected misstatements, if any, on the F/S and in forming the opinion
in the auditor’s report (SSA 700)
42
Reasons for detection risk
Non-sampling Risk: Inappropriate audit procedure/ Fail to detect when
using appropriate audit procedure/ Misinterpreting audit results
Sampling Risk: Not enough samples/ Wrong sample
Misstatements likely to occur in client’s financial report misstatements that bypass controls not
detected by controls caught by auditor undetected by auditor
AR RMM DR Explanation
Very low High Low Conduct more thorough investigation of accounts
Low Moderate Moderate
Low Low High Low risk of MM hence gather less evidence
43
Auditor’s Business Risk (SSA 200.A35)
Also called engagement risk
Risk that the auditor is exposed to loss/injury to professional practice from litigation, adverse
publicity or other events arising in connection with F/S audited and reported on
Examples
o Client’s reputation affects firm’s reputation (Association)
o Quote fees that are too low
44
Overview of Risk Assessment Process to determine CBR
45
1. Understanding Entity’s Business and its Environment
SSA 315(11) Auditor is required to obtain an understanding of the entity and its environment, including
the entity’s internal control:
Relevant industry, regulatory and other external factors
Nature of entity, ownership & governance, operating, investing & financing activities
Selection and application of accounting policies
Objectives & strategies, related business risks that may result in risks of misstatement
Measurement and review of entity’s financial performance
46
2. Evaluate Entity’s Reaction to the Risk
Business risk itself does not necessarily = RMM need to consider management response to
BR to decide RMM
If the entity’s response to the identified risk is adequate, the risk of material misstatement may be
reduced (and vice versa)
Need to look at internal controls with regards to test of controls to determine adequacy of controls
SSA 315(25) The auditor shall identify & assess the risk of material misstatement:
At the F/S level
At the assertion level for classes of transactions, account balances, and disclosures, taking into
account relevant controls the auditor intends to test
To provide a basis for designing and performing further audit procedures
47
Incorporating additional elements of Timing Low risk interim date
unpredictability in the selection of further audit High risk period end
procedures to be performed
o Change sample size (5 warehouses Extent Sample size
instead of top 3) Frequency of observation
Making general changes to the nature, timing,
or extent of audit procedures
o Eg Performing substantive procedures
at the period end instead of at an
interim date; modifying the nature of
audit procedures to obtain more
persuasive audit evidence
Example:
RMM at Overall F/S level RMM at Individual Assertion Level
Management has close relationship with Royalty fee complexity (both an expense and
partner fraud risk an income accuracy, cutoff, completeness
New audit client/industry might result in Capitalization of cost of development
wrong risk assessment since don’t know completeness of expense
account & industry well Emergence of technology (obsolescence)
Major lawsuit going concern risk valuation of PPE
Managing director is majority S/H: pressure Collect $$ in packages affect revenue
to succeed fraud risk/ override controls recognition
Wants to get bank loan to finance might o Overstatement: occurrence, cutoff
manipulate F/S to satisfy covenants o Unearned Revenue: completeness
Lawsuit completeness of provision
Intangible assets (capitalize cost of
patent/copyright) valuation
48
Misstatement due to Fraud (SSA 240)
Misstatements in FS can arise from:
Error (unintentional)
Fraud (harder to detect): Intentional act by one or more individuals among management,
TCWG, employees or third parties, involving use of deception to obtain an unjust or illegal
advantage
o Fraudulent financial reporting (usually committed by management)
Manipulation/falsification/alteration of records/documents
Misrepresentation/omission of effects of transactions from records/documents
Intentional misapplication of accounting policies
o Misappropriation of assets (“defalcation”) (usually committed by employee)
Embezzling cash
Stealing physical assets or IP
Causing an entity to pay for goods not received
Using entity’s assets for personal use
49
Auditor’s Responsibility for Fraud
The primary responsibility for the prevention and detection of fraud rests with mgmt and TCWG
Not the responsibility of the auditor
An auditor conducting an audit in accordance with SSAs is responsible for obtaining reasonable
assurance that the F/S taken as a whole are free from material misstatement, whether caused by
fraud or error Responsibility of the auditor
In relation to RMM due to fraud, auditor should
o Identify & assess RMM due to fraud
o Design & implement appropriate responses
o Respond appropriately to identified or suspected fraud
The greater the incentive or pressure, the more likely an individual will be able to rationalise the
acceptability of committing fraud.
Refer to page 121 – 123 for factors leading to fraudulent reporting and misappropriation of assets
50
RMM due to Fraud: Risk Assessment & Reponses
Identify & assess RMM due to fraud at FS and assertion level
Presumed risks of fraud in:
Fraud in revenue recognition (assertion level)
Management override of override of controls (FS level)
FS level SSA 240(A33-36)
(overall Increased sensitivity in selection of nature & extent of documentation to be
response) examined in support of material transactions
Increased recognition of need to corroborate (confirm) mgmt. explanations
concerning material matters
Assigning additional individuals w specialized skill & knowledge (forensic & IT
experts)
Assigning more experienced individuals to the engagement
Extent of supervision reflects the auditor’s assessment of RMM due to fraud &
competencies of the engagement team members performing the work
Incorporate unpredictability element in the selection of NET of audit procedures to
be performed, as individuals within the entity who are familiar w the audit
procedures normally perf. on engagements may be more able to conceal fraudulent
financial reporting
Timing: Perform substantive testing at or near the period end to better assess RMM due to
fraud
Extent: Increase sample size, more detailed analytical procedures. Computer assisted
audit techniques may enable more extensive testing of electronic transactions and account
files.
51
RMM due to fraud affecting many accounts & assertions
Asset valuation
Estimates relating to specific transactions (such as acquisitions, restructurings, or
disposals of a segment of the business)
Other significant accrued liabilities (such as pension and other postemployment
benefit obligations, or environmental remediation liabilities).
The RMM due to fraud may also relate to significant changes in assumptions relating to
recurring estimates
52
o (e.g., inquiry of mgmt and TCWG, inspection of correspondences with relevant
authorities)
Examples of Detecting Fraud, and Designing Controls to Prevent & Detect Fraud
Fraud How auditor detects fraud Control to prevent/detect fraud
Accountant manages co.’s invt Analytical Procedure Check Segregation of Duty: Person who
activities. Most of co.’s funds if amt of income recorded in does recording cannot have
invtd in bonds & FDs. I/S corresponds to expected authorization to use investment funds.
Accountant diverted substantial income as per investment
amts of investment earnings. policy. Bonds and FDs Analytical Procedure on your own:
To cover up, systematically usually should have a fixed Ask co.to do analytical procedure on
under-recorded income stream of income. its own, check and tally investment
earned. statement & policies on regular basis.
The purchasing clerk sets up Send Confirmation Segregation of Duty: Set up 2 clerks
a fictitious vendor & If fictitious, there won’t be a - 1 for approval of purchasing, 1 for
periodically prepared PO to the reply, address might be preparing & sending PO.
fictitious vendor. He then funny
created bogus receiving Separate list of vendors & list of
reports, vendor invoices, and Stock Take approved vendors (remove control frm
PO to the AP for processing. Perpetual, check if inventory single purchasing clerk)
tallies w inventory records
Periodic, missing items will be considered sold. Fraud Segregation of Duty: Add another
purchase missing items à higher expenses. Do analytical clerk to perform receiving function
procedure for gross margin fluctuations
Purchasing clerk systematically Review Procurement Competitive Bidding:
paid higherthan-market prices Approval Process: Check implement this once in a while to
for goods received frm an impt that vendors are from check if vendor quotes are
vendor. Purchasing clerk approved list. competitive (ask for multiple
received perks from vendor & quotations)
kickbacks amounted to more Rotation: rotate the duties of the
than half of the purchasing purchasing clerk to break off the chain
clerk’s regular annual salary. of kickbacks.
53
Documentation of Auditor’s Risk Assessment & Response
Audit standards require extensive documentation of auditor’s risk assessment procedures (including
fraud risk assessment), & audit responses to identified risks.
54
Going Concern (SSA 570)
Definition
Going concern (GC) assumption: entity will continue in business for the foreseeable future
Audit implications if GC assumption not appropriate:
o Assets may not be realized at book value
o Assets/liabilities to be reclassified as short-term
o Need to provide for costs of business closure
Management’s Responsibility Assess the entity’s ability to continue as a going concern
If such events or conditions exist, auditor should evaluate mitigating factors (e.g., availability of
alternative funding), including feasibility and effectiveness of management’s action plans, to
determine whether a material uncertainty exists
o Obtain a confirmation of the existence, legality & enforceability of arrangements made w
3rd parties to provide additional financial support to the entity
o Auditor also needs to be satisfied w the capacity & intention of 3rd party to provide
necessary level of support
o Formal agreements may not exist/ may be legally unenforceable, and there may be
insufficient evidence available to the auditor to assess the financial standing of the
provider
GC Considerations
Financial Distress
55
Other Conditions & Events
Other Financial Internal Matters External Matters
Difficulties
• Default on loans • Net worth/total liabilities • Work stoppages
• Dividends in arrears • Working capital from • Uneconomic LT commitments
• Restructuring of debt operations/total liabilities • Dependence on the success
• Denial of trade credit by • Current assets/current of 1 project
suppliers liabilities • Legal proceedings
• No additional sources • Total LT liabilities/ total • Loss a major customer/
of financing assets supplier
• Total liabilities/total assets • Loss of a key franchise/
• Profit before tax/net sales license/ patent
If FS prepared using GC basis of accounting but auditor finds it inappropriate, then express
adverse opinion, and no GC section in report.
Effect of GC disclosure: self-fulfilling prophecy by interfering with company ability to get capital from bank
56
Seminar 6 – Internal Control / Control Effectiveness
What is Internal Control?
COSO Internal Control Integrated Framework (p.187)
Internal control is a process designed and effected by an entity’s BOD, management, and other
personnel to provide reasonable assurance that the organization’s objectives are being met:
o Reliability, timeliness, transparency of internal & external, non-financial & financial
reporting
o Effectiveness & efficiency of operations (including safeguarding of assets)
o Compliance with applicable laws & regulations
o Help management better control the organization
An effective system of IC allows mgmt. to focus on operations & financial performance goals
whilst maintaining compliance w relevant laws & minimizing surprises
SSA 315(12): Most controls relevant to audit are likely to relate to financial reporting
57
The COSO Framework – Components of Internal Control (p. 188)
Control Environment
Set of standards, processes and structures that provide the basis for carrying out internal control
across the organization
Board of director and senior management establish the tone at the top regarding the importance
internal control and expected standard of conduct (i.e. their attitude, awareness and action
reflects the importance of control)
Principles Description
#1: The organization Management attitude (i.e. integrity, ethical values, philosophy, operating
demonstrates a style) set the tone
commitment to integrity Tone must be committed to employee, reinforced by day-to-day practice
and ethical values Tone is best communicated within an entity through the use of policy
statement, code of conduct and training
Deviation from standards of conduct must be promptly addressed
Management’s approach to taking and monitoring business risks and
financial reporting may signal information regarding commitment to
these values
Remove incentives and opportunity that might lead to personnel to
engage in dishonest, illegal or unethical acts
#2: TCWG demonstrate Those charged with governance significantly influence the control
independence from consciousness of the entity
management and o Must take their fiduciary responsibilities seriously and actively
exercise oversight of oversee the entity
the development and Factors that affect the effectiveness of TCWG
performance of internal o Experience of members and independence from management
control o Extent of involvement with and scrutiny of the entity’s activities
o Information availability and willingness/ ability to act on info
o Extent to which difficult questions are both raised and pursued
with management
o Nature and extent of interactions with internal & external auditors
58
#3: Management Organizational structure defines how authority and responsibility are
establishes, with TCWG delegated and monitored
oversight, structures, Focus on the assignment of authority and responsibility, establishment
reporting lines, and of reporting relationships and authorization hierarchies, setting of
appropriate authorities policies and providing resources for carrying out duties
and responsibilities in Ensure that all personnel understand the objectives, know how
the pursuit of objectives individuals’ action contribute to the firm, their control-related
responsibilities, recognize how and for what they will be held
accountable
Eg. Well specified organisational chart that indicates line of authority
and responsibility
#4: The organization Quality of internal control relates to the quality of personnel operating
demonstrates a the system
commitment to attract, Need to have sound personnel policies to hire and train competent and
develop and retain trustworthy people
competent individuals in o Competent have the knowledge and skills necessary to
alignment with accomplish the task that define an individual’s job
objectives Related controls could be
o Establish standards that emphasize seeking the most qualified
individual, with emphasis on educational background, prior
working experience
o Specify the competence level for a job and translate into detailed
job description
#5: The organization Establish performance measures, incentives and rewards appropriate
holds individuals for responsibilities at all levels of the entity, reflecting reasonable
accountable for their expectations and standards of conduct for both short and long term
internal control objectives
responsibilities in the o Should be in-line with internal control consideration
pursuit of objectives Evaluate performance of internal control responsibilities, including
adherence, and provide rewards or exercise disciplinary action when
necessary
#9: The organization Consideration of possible changes and its impact in internal or
identifies and assess external environment (regulatory, economic, physical)
changes that could o External: Changing reliance on foreign geographic,
significantly impact the Business/regulatory landscape, new technologies,
system of internal control o Internal: Changes in attitudes and philosophies from the
change in management
#12: Organization Policy is a rule or guideline that calls for certain activities to take place in
deploys control certain circumstances
activities through o Example: Manager to review purchase over $1,500
policies that Procedures is the review itself, performed in a timely manner and with
establish what is attention given to factors set forth in the policy, such as nature and volume,
expected and and their relation to furthering the entity’s objectives
procedures that put
policies into action
Monitoring of Controls
Assess the quality of internal control performance over time and monitor to determine if they are
operating effective To provide reasonable assurance
Monitor to determine whether controls needs to be redesigned when risks change
Principles Description
#16: The organization selects, Can be done via ongoing activities or separate evaluations
develops, and performs Can use internal auditors or personnel performing similar
ongoing and/or separate functions in other areas to monitor the operating effectiveness of
evaluations to ascertain internal control
whether the compounds of o Example: Review whether bank reconciliations are being
internal control are present and prepared on a timely basis and are reviewed by internal
functioning auditors
#17: The organization Check for errors and to communicate control deficiencies
evaluates and communicates If management assumes data used for monitoring are accurate,
internal control deficiencies in errors may exist in the information
a timely manner to those o Potentially leading mgmt. to incorrect conclusions
parties responsible for taking Monitoring ineffective if identified control deficiencies are not
corrective action (TCWG, communicated in a timely way to TCWG
senior management)
62
Control Risk Assessment and Audit Strategy
63
Testing Operating Effectiveness of Internal Control
SSA 330(8): Auditor shall test the operating effectiveness of relevant controls if:
Auditor’s assessment of RMM at the assertion level includes an expectation that the controls are
operating effectively (i.e. auditor intends to rely on operating effectiveness of controls in
determining NET of substantive procedures); OR
Substantive procedures alone cannot provide sufficient appropriate audit evidence at the
assertion level (e.g., for highly automated systems like bank cannot do substantive testing)
64
Application of COSO Framework for Reliance Strategy
Components of Description
Internal Controls
Understanding the Understand the TCWG and management’s attitude, awareness and
Control Environment actions concerning to the control environment
Includes knowledge of the COSO Framework
Use flowchart to document the auditor’s understanding of an entity’s
internal control over financial reporting
Understand the Entity’s Understand how management considers risks relevant to financial
Risk Assessment reporting objectives and decides what to do to address those risks
Process Eg. Oil industry: how entity manage environmental risk
Understanding Control Understanding of control activities will affect the type of audit strategy
Activities adopted
Substantive strategy Little work is done on understanding control
activities
Reliance strategy Have to understand the control activities that relate
to assertions for which a lower level of control risk is expected
Use walk-throughs to gain a better understanding
Understand the Understand how each business process affects significant account
Information System and balances in the FS, including how transactions are initiated and
Communications (pg authorized, how documents and records are generated, and how the
203 for more) documents and records flow to the GL and FS
Need to understand how IT is used for data processing
To provide assurances that FS are properly prepared and presented
Understanding Understand the major types of activities that the entity uses to monitor
Monitoring of Controls internal control + source of information relating to those activities + how
those activities are used to initiate corrective actions to its controls
65
Effect of Entity Size on Internal Control
Large entity may adopt a written code of ethics, while small or mid-size entity may develop a culture that
emphasize integrity and ethical behavior
Firms may adopt different methods to achieve effective internal control
Basic concepts of COSO (5 components) should be presented in entities
May be less formal for small or mid-size entity
66
Steps to set control risk below maximum for Reliance Strategy
Step 1: Identify specific controls that will be relied upon (likely to prevent, detect or correct MM)
Step 2: Perform test of controls
Step 3: Conclude on achieved level of control risk given result of testing
Achieved control risk HIGHER than planned:
Revise the nature, timing and extent of planned substantive procedures and document the
revised control risk assessment
If the risk of material misstatement is high, need to have low level of detection risk
o Nature: Obtain more reliable types of substantive evidence (i.e. confirmation,
reperformance)
o Timing: Conduct most of the substantive procedures at year-end
o Extent: Have a larger sample size (i.e. make test more intensive)
Achieved control risk LOWER or SUPPORT the planned level of control risk:
No revision of the planned substantive procedures required, and document the level of CR
If the risk of material misstatement is low, need to have high level of detection risk
o Nature: Obtain less reliable types of substantive evidence (i.e. analytical procedures)
o Timing: Can be conducted at an interim date
o Extent: Have a smaller sample size (i.e. make test less intensive)
Step 4: Document achieved level of control risk
Can be documented using a structured working paper, an internal control questionnaire or a
memorandum
67
Interim Substantive Procedures
Conducting substantive procedures at an interim date may increase the risk that material
misstatement are present in the financial statements
Factors to consider when deciding if substantive procedures are to be performed at interim date
o Control environment and other relevant controls
o Availability of information at a later date that is necessary for the auditor’s procedures
o Purpose of the substantive procedures
o Assessed risk of material misstatement
o Nature of the class of transactions or account balance and relevant assertions
o Ability of the auditor to perform appropriate substantive procedures or substantive
procedures combined with tests of controls to cover the remaining period in order to
reduce the risk that misstatement that may exist at the period end will not be detected
Example: High control deficiencies unlikely to perform substantive procedures at interim date
as auditor have little assurance that accurate information will be generated in the remaining
period
Even if substantive procedures are conducted at interim date, additional substantive procedures
are ordinarily conducted in the remaining period before year-end
o Includes comparing year-end balance with the interim account balance, conduct analytical
procedures or review for large/unusual transactions during the remaining period
If misstatements are detected during interim testing Have to revise planned substantive
procedures for the remaining period or perform additional substantive procedures at year-end
68
Communication of Deficiencies in Internal Control (SSA 265) (p201)
Deficiency (Orally)
A control designed, implemented or operated in such a way that it is unable to prevent, or detect
and correct, misstatements in the financial statements on a timely basis; or
A control necessary to prevent, or detect and correct, misstatements in the financial statements
on a timely basis is missing.
Example of Controls
Control Financial Statement Assertion Audit Procedure to test
Prints daily cash receipts Ensures that cash receipts are: Inspect all cash receipt report.
report that details all daily Complete, accurate, have Match against deposit slip for that
inputs into system. occurred day.
69
Seminar 7a – Auditing in a Computerised Environment
SSA 315 (Appendix 2) Examples of events and conditions that may indicate RMM:
Inconsistencies between the entity’s IT strategy and its business strategies (e.g. things are done
manually but accounting is in IT or vice versa)
Changes in the IT environment (involves system development life cycle)
Installation of significant new IT systems related to financial reporting
SSA 315(18) Requires the auditor to have an understanding of the information system, including the
related business processes
SSA 315 (A62-63) IT can improve an entity’s internal control (e.g., by enhancing consistency, timeliness
of information processing, segregation of duties via access rights)
However, IT can also pose specific risks to internal control (e.g., reliance of system that is
inaccurately processing data, risks of unauthorized access or change to data and programs)
SSA 315(21) In understanding the entity‘s control activities, the auditor shall obtain an understanding of
how the entity has responded to risks arising from IT.
70
Effect on IT on Internal Control
Combination of interdependent automated and manual controls (i.e. use manual control to use
information provided by IT, use to monitor the functioning of, and errors and exceptions identified by,
automated controls)
Benefits Risks
Consistent application of predefined business Reliance on systems or programs that,
rules, and performance of complex unknown to management, inaccurately
calculations in processing large volumes of process data, process inaccurate data, or both
transactions or data Unauthorized access to data that may result in
Greater timeliness, availability and accuracy destruction of data or improper changes to
of information data, including the recording of unauthorized
Facilitation of additional analysis of or non-existent transactions or inaccurate
information for enhanced internal decision recording of transactions
making Unauthorized changes to data in master files
Greater ability to monitor the entity’s activities, Unauthorized changes to systems or
policies and procedures on a timely basis programs
Greater ability to prevent or detect Failure to make necessary changes to
circumvention of controls systems or programs
Enhanced segregation of duties through Inappropriate manual intervention
security controls in applications, databases Potential loss of data
and operation systems
71
General Controls
Deal with controls over computer and network operations, data preparation, work flow
control and library functions
Implement controls to prevent unauthorized access to network programs, files and systems
Data centre and network operations
System software: Computer programs that control the computer functions and allow the
System software acquisition,
change and maintenance
Concern with (1) physical protection of computer equipment, software and data and (2) loss
Access and Security Controls
72
Application system acquisition, development and Ability to audit accounting systems improved if
o Entity follows common policies and procedures to acquire or develop systems
o Internal/external auditors are involved in the acquisition or development process
o Proper user, system operators and program documentation is provided for each
application
Establish written policies and procedures for planning, acquiring or developing and
maintenance
Application Control
Concern with occurrence, completeness and accuracy assertion
Ensure that (1) all transaction are recorded in the application system; (2) transactions are
recorded only once; (3) rejected transactions are identified, controlled, corrected and re-
entered into the system
Three ways of capturing data
Data Capture Control
o Source documentation – via batching processing (i.e. process similar transaction for
data entry
Each batch will have an unique number and recorded under batch register
Batch register should capture the date, signature of various person who
processed the batch and information on error (i.e. accountability)
Batch total will be used to ensure completeness
o Direct data entry – Online processing of data with no source documents
Create transaction log, containing detailed record of each transaction (i.e.
date, time, operator identification and unique number)
o Combination of source document and direct data entry
Create transaction log, containing detailed record of each transaction
73
Mainly concerned with the accuracy assertion
Following are examples of common data validation control
Description
Limit Test Ensure that a numerical value does not exceed some predetermined value
Range Test Ensure that the value in a field falls within an allowable range of values
Sequence Test Determine if input data are in proper numerical or alphabetical sequence
Existence Test Test of an ID number of code by comparison to a file or take containing
valid ID number of code
Data Validation Control
Field Test Ensure that the field contains either all numerical or alphabetic characters
Sign Test Ensure that data in a field have the proper arithmetic sign
Check-digit Numerical value computed to provide assurance that the original value
verification was not created
Use turnaround document to improve data accuracy (i.e. output document from the
application that are used as source document in later processing)
o Example: Monthly statement to customer may consist of two parts; one part is kept
by the customer, while the other part is returned with the payment
o Pros: Just use input devices to retrieve the encoded information from turnaround
document; No need to re-enter data, thus avoiding data capture and data validation
error
Special validation routines (request desired input data, prompt data entry personnel)
o Validation routine can include completeness test to ensure that all data items are
completed before processing
Controls that ensure processing of transactions
o Include some data validation control
Processing Control
o Use of transmittal sheet, to indicate intended party, and release form, to be signed by
intended party upon receiving the report
o Review the output for reasonableness, reconcile control or batch totals to output
o Page-numbering of reports
o Automatic dating of reports
o End-of-report messages
User department to review outputs for completeness and accuracy
74
Identified mainly by data capture and data validation control, but may also be identified by
processing or output controls
Helps to ensure that errors are handled appropriately
Error Control
75
“Around” the computer “Through” the computer
Complexity of Computer used for relatively Computer applications are more complex
processing simple calculations in nature
Advantages Disadvantages
Easy to use Involves auditing after entity processed
Limited IT expertise or programming skills data rather than while data are being
required processed
Time required to develop application usually Limited ability to verify programming logic
short because application usually directed to
Entire population can be examined, testing entity’s files or databases
eliminates need for sampling Limited to audit procedures that can be
conducted on data available in electronic
form
Increases efficiency and effectiveness
a
76
Generally written by auditors for specific audit tasks
Necessary when computer system is not compatible with auditor’s GAS or when auditor wants
to conduct some testing that may not be possible with GAS
More efficient to prepare if they will be used in future audits or similar engagements
Custom Audit Software
Test using simulated transactions & dummy master records within a client’s master file so that
Integrated Test Facility
77
Parallel Simulation Auditor develops an application that is designed to replicate the results of the client’s application
using client-supplied data
Comparison of the results of the two applications enables the auditor to make inferences about
the quality of the process performed by the client’s application
Involves the auditor inserting an audit module in the client’s application that will identify
Embedded Audit Module
transactions that meet some pre-specified criteria as they are being processed
Transactions that are identified in this way can be reviewed by an auditor in real-time or in batch
Particularly effective in identifying large transactions for substantive testing or for testing
controls by identifying transactions processed in a manner inconsistent with policies and
procedures
Designed in such a way that they can be turned on and off, reducing costs but also reducing
coverage
Test data, integrated test facility and parallel simulation directly examine the internal logic of the
application while embedded audit module and generalised audit software examine the application’s
logic indirectly.
78
application/ GAS can be used
executed at to simulate many
intervals using processes
accumulated
client data
Embedded Dynamic. High All transactions Some level of Revisions to app. in
audit module disruption factors subj. to module's programming which module is
(EAM) as auditor may screening expertise is needed resident can affect
turn module on/ algorithm. Sig. to design & processing.
off at intervals, affect speed of implement the Considerable client
reducing online processing. module interaction is necessary
effectiveness Therefore, module to maintain functionality
may be turned of module
on/off
Generalised Static. Typically, Minimal. All Relatively easy to Minimal reliance on the
audit the client's processing occurs use. Very little client
software period-end data within the auditor's technical
(GAS) are accessed system background is
required to
effectively use
many features of
GAS. Accessing
complex client data
structures often
requires assistance
of IT specialists
79
Example of IT Control Effectiveness
Patient Revenue System Type of Auditor Finding about Control Effectiveness
Control Control
Billing system General IT File backup occurs Backup must be timely.
Produces invoices to charge control automatically each Sunday Backup should be done daily.
patients for services at 10pm so as not to Because of volume of
provided. Software includes disrupt any billing activities. transactions.
a complex formula to If only 10 transactions per
compute government week, then weekly backup is
subsidies, MediShield and okay.
private medical insurance.
Patient database Manual Exception reports are Important to know changes.
A master file containing application produced to show changes Who made the changes?
personal details about each control to patient address details & Not effective because in
patient as well as the period insurance company. patient database, other
of stay, services provided information such as services,
and medical insurance period of stay etc should also
details. be included.
Billing system IT Admin officer who creates Effective because the person
application patient invoice complains who does billing should not be
control that she can't override the allowed to change database.
room charge rate when Prevents the person from
she thinks a mistake has doing unauthorised changes
been made by the system to billing function.
when it calculates the bill
All Systems General IT All software changes are System admin (end user)
control tested by programmer and should do testing w
test results are separately programmer
reviewed & approved by Reviewing & approval of test
the system administrator result should include end-
user. Programmer cannot
review himself self review
threat.
Rates database IT Data entry operator can Ineffective as data entry
A master file of all application change all data operator shouldn’t be allowed
accommodation billing rates, control fields provided they have a to change all data fields.
rebate discounts and data change Ineffective as authorisation is
government assistance request form signed by the useless (if it’s on paper).
benefits Greener Pasture Effective if
general manager
80
Seminar 7b – Audit Sampling
SSA 530.5(c) Sampling Risk: Risk that the auditor’s conclusion based on a sample may be different
from the conclusion if the entire population were subjected to the same audit procedure.
Test of Controls: Auditor wrongly concludes Test of Controls: Auditor wrongly concludes that
that a control is not effective when it is a control is effective when it is not
Assess control risk to be too high do Assess control risk to be too low do too
too much substantive testing little substantive testing increases audit
decreases audit efficiency risk (via increased detection risk)
Test of Details: Auditor wrongly concludes that Test of Details: Auditor wrongly concludes that an
an account balance or class of transaction is account balance or class of transactions is not
materially misstated when it is not materially misstated when it actually is
Auditor will do further testing Auditor wrongly issues an unmodified audit
decreases audit efficiency opinion when the F/S is materially
misstated audit failure
Non-sampling Risk:
Detection Risk = Sampling risk & Non-sampling Risk
Risk that auditor reaches a wrong conclusion due to reasons other than sampling risk, such as
Use of inappropriate audit procedures
Misinterpretation of audit evidence
Failure to recognize a misstatement or deviation
Non-sampling risk can be controlled by measures such as:
Adequate training
Proper planning
Effective supervision
81
Statistical vs Non-statistical Sampling
SSA 530 permits both types of sampling. Both require professional judgement to plan, perform and
evaluate sample evidence
Statistical Sampling
Involves random selection of sample items & use of probability theory to evaluate sample results,
including measurement of sampling risk
o Key advantage: Ability to measure of sampling risk
o Able to find most efficient sample size
Specific applications include attributing sampling (used for test of controls) and monetary unit
sampling (used for substantive testing)
Non-statistical Sampling
Any sampling approach that does not meet the definition of statistical sampling
82
Acceptable Sample Selection Methods
Random Selection Statistical
Using random number table/ generator
Systematic Selection (with random start point) statistical
Sample interval = population / sample size = 50
For 1st sampling interval, select a random start point (e.g. 21)
From that random start point, add the sampling interval systematically (21, 71, 121…)
Haphazard (avoid conscious bias/ predictability) non-statistical
Inherent bias
Can be used to sample items randomly stored in a warehouse
Key Steps:
1. Determine test objective
E.g. Whether control over credit approval of sales are effective
2. Define population
E.g. All recorded sales and supporting sales orders from January to September 2013
3. Define sampling unit
E.g. Sales order supporting each recorded sale
4. Define control deviation conditions
E.g. Sale is not properly approved by credit department
5. Determine sample size, which is a function of: *Refer to lecture notes*
Planned risk of incorrect acceptance (Type II error)
o Higher planned risk = smaller sample
Tolerable deviation rate (maximum deviation that auditor is willing to accept and still consider
control effective)
o Higher tolerable deviation rate = smaller sample
Expected population deviation rate (should be less than tolerable deviation rate)
o Higher expected = larger sample size
6. Select sample from population
Using random or systematic selection methods (Statistical)
7. Perform audit procedure on sample
Examine sales order for evidence of credit approval
Investigate nature, cause and consequence of deviations
83
o Anomalous, intentional, result in material misstatement, careless?
o How does it impact other phases of audit?
o E.g. Credit control deviation increased risk for valuation of AR increase substantive
test for allowance of bad debts
If cannot examine or cannot use alternative procedure to test, then sample is a deviation
8. Evaluate & draw conclusion
Compute sample deviation rate and computed upper deviation rate
Sample deviation rate = number of deviations/number of items in sample
o Represents auditor’s best estimate of population deviation rate, but must consider
allowance for sampling risk upper deviation
CUDR (maximum rate of deviation auditor is willing to accept before deciding not to rely on
control)
o CUDR = sample deviation rate + allowance for sampling risk
If CUDR < Tolerable Deviation Rate (TDR)
o Evidence supports planned level of control risk, conclude that control is effective and
reduce substantive testing
If CUDR > TDR
o Evidence does not support planned level of control risk, conclude that control is not
effective and increase substantive testing (or increase sample size or test a compensating
control)
Key Steps
1. Determine test objectives
To test existence, completeness and accuracy of AR through debtors’ confirmation
To test the assertion that no material misstatements exist in an account balance/class of
transactions
2. Define population
Monetary value of AR at YE
3. Define sampling unit
Each dollar in AR (once a $ is selected, the entire customer account balance containing the $ is
selected)
4. Define misstatement
Difference between recorded amount and confirmed amount other than timing differences
84
5. Determine sample size: a function of:
Planned risk of incorrect acceptance (Type II error)
o Higher planned risk = smaller sample
Tolerable deviation (maximum deviation that auditor is willing to accept and still consider
account not materially misstated)
o Higher tolerable deviation rate = smaller sample
o May be same amount or an amount lower than performance materiality
Expected population deviation (should be less than tolerable deviation rate)
o Higher expected = larger sample size
Population size
o Used in the conversion of tolerable and expected misstatements to % [(ate]
6. Select sample from population
Using systematic selection method (sampling interval = population book value / sample size)
7. Perform audit procedure on sample:
Confirm AR balances (misstatement if no supporting documents)
Investigate nature and causes of differences
8. Evaluate results and draw conclusions
Compute projected misstatement and upper misstatement limit (Refer to lecture slides)
UML < TM: conclude that AR is not materially misstated
UML > TM: conclude that AR is materially misstated
o Options: Increase sample size, other substantive procedures, request management to
adjust AR to tolerable misstatement. If refuse to adjust, then qualify or adverse opinion
SSA 530.13 In the extremely rare circumstances when the auditor considers a misstatement or deviation
discovered in a sample to be an anomaly, the auditor shall obtain a high degree of certainty that such
misstatement or deviation is not representative of the population. The auditor shall obtain this degree of
certainty by performing additional audit procedures to obtain sufficient appropriate audit evidence that
the misstatement or deviation does not affect the remainder of the population
Error due to anomalies
o Carelessness NOT an anomaly
o Anomalies are: system problem, power shortages
85
Seminar 8 – Auditing the Revenue Process
86
3 Types of Transactions & F/S Accounts Affected
Type of Transaction Account Affected
Sale transaction Trade accounts receivable
Sale of goods/ rendering of a Sales
service for cash/credit Allowance for uncollectible accounts
Bad-debt expense
DR AR
CR Allowance for uncollectible accounts
(Recovery of AR)
Cash receipts transaction Cash
Receipt of cash from customer in Trade accounts receivable
payment for goods/ services Cash discounts
DR Cash 4,312
DR Sales Discounts 88
CR AR 4,400
Sales return & allowance transactions Trade accounts receivable
Return of goods by customer for Sales returns & allowances
credit/cash
DR Sales return & allowances
CR AR
DR Inventory
CR COGS
87
Shipping Shipping goods & completing shipping doc
Shipping of goods/provision of services should be authorized by credit dept
Shipping must ensure correct quantities and product
Once done, forward to billing
Billing Issuance of sales invoices to cust. for goods shipped/services provided
Processing of billing adjustments for allowances, discounts, returns
Must ensure all goods shipped are billed at authorized price and terms
Account for all pre-numbered shipping docs and match to sales invoice
No issuing credit memo unless goods are returned (must take receiving doc from
receiving dept. to acknowledge receipt of returned goods)
Cash Processing of receipt of cash from customers (Receive customer’s remittance)
Receipts Ensure all cash collections are properly identified & promptly deposited
Deposit cheques daily
88
Customer Statement Details of all sales, cash receipts and credit memorandum transactions
processed through the customer’s account
Accounts receivable Details of transactions (i.e. from sales, cash receipts) with each customer
subsidiary ledger
Remittance advice Document forwarded with the customer’s bill and returned with the
customer’s payment for goods and service
Contain information regarding invoices being paid by the customer
Aged trial balance of Summarize all customer balances in the accounts receivable subsidiary
accounts receivable ledger, reported in different categories
(Pg 334 to assure Monitor the collection of receivables
aged trial balance is Ensure details of AR subsidiary ledger agree with GL control
correct)
Cash Receipts Record the entity’s cash receipts received from customers
journal
Credit memorandum Record credits for the return of goods in a customer’s account or record
allowances that will be issued to customer
Write-off Authorizes the write-off of an uncollectible account
authorization Initiated in the credit department, with final approval from the treasurer
89
Primary Control-related Features
Segregation of duties, control over sources documents and inputs, checks, approvals and
reconciliations
Spilt into three categories: Custody, Authorization and Recording
Individuals involved in the order entry, credit, shipping or billing functions should not have access
to the accounts receivable records, general ledger or cash receipts activities
Segregation of Duties Possible Errors or Frauds
Credit function / Billing Possible for sales to be made to customers who are not creditworthy,
function resulting in bad debts
Shipping function / Billing Possible for unauthorized shipments to be made and usual billing
function procedures to be circumvented, resulting in unrecorded transactions
and theft of goods
Account Receivable function / Possible for individual to conceal unauthorized shipments, resulting in
General Ledger function unrecorded sales transactions and theft of goods
Cash Receipts function / Possible for cash to be diverted and the shortage of cash in the
Accounts Receivable function accounting records to be covered, resulting in theft of cash (a.k.a
lapping: ability to steal cash and manipulate accounting records)
Credit function / Cash Possible for cash receipts to overstate the cash received from
Receipts function customer, resulting in unauthorized sales to customer
Billing function / Accounts Possible for cash to be diverted to customer by initiating fictitious
Receivable function credit memorandum
90
Recording revenue Sales is recorded only with Existence:
when goods not approved customer order & Test a sample of sales invoices for presence of
shipped / services shipping document approved customer order & shipping document
not performed
If IT, examine application controls, make sure
control exists
Effectiveness:
Reperform by doing sales entry
Accounting for numerical Existence:
sequences of sales invoices to Inspect sales invoices for sequential
make sure numbers don’t numbering;
appear 2 times Observe checking process of numerical
sequences
Effectiveness:
Review and testing of entity procedures for
accounting for numerical sequence of sales
invoices;
Completeness of Revenue
Possible Control Activity Test of Controls
Misstatements
Goods are Accounting for Existence:
shipped/ numerical sequences Inspect sales invoices for sequential numbering
services of shipping Observe checking process of numerical sequences
performed but documents and sales
no revenue is invoices to make sure Effectiveness:
recognized all shipping documents Review and testing of entity controls for accounting for
and sales invoices are numerical sequence of sales invoices
recorded
If IT, examine application controls
Match shipping Existence:
documents to sales Trace a sample of shipping document to their respective
invoices before sales invoices and sales journal to make sure that
recording
91
matching has been done. (usually if matched then put
together)
Accuracy of Revenue
The presence of an authorised price list and terms of trade reduces risk of inaccuracies
Sales invoice should also be verified for mathematical accuracy before sending to customer
Possible Control Activity Test of Control
Misstatements
Revenue Authorized price list & Existence:
transaction specified items of trade Comparison of prices/terms on sales invoice to
recorded at an authorized price list and terms of trade (FOB
incorrect etc.)
monetary
amount If IT, examine application controls
for authorized prices and terms
Effectiveness:
Reperform the recording function and test
whether control is effective
Make sure sales invoice are Existence:
agreed to shipping document Examination of sales invoice for evidence that
& customer order to client personnel verified mathematical accuracy
Check product type and Recompute the info on a sample of sales
quantity invoices.
Verify mathematical
accuracy of sales invoice If IT, examine application controls & consider
(customer billed for goods the use of CAAT
shipped)
Effectiveness:
Check samples of the agreed batch
92
Transactions not Reconcile sales invoice to Existence:
posted correctly daily sales report to make sure Examine a sample of sales invoices to see if
to the sales that the recording of sales is there is evidence to show that they have been
journal or accurate reconciled to the daily sales report
customer’s Use of a data validation test
accounts in AR (control total)
subsidiary ledger
Reconcile daily postings to Examine reconciliation of entries to sales
sales journal with posting to journal with entries to subsidiary ledger
subsidiary ledger
93
Cut-off of Revenue
Sales may be recorded in the wrong accounting period unless proper controls are in place
All shipping documents should be forwarded to the billing department daily
Record sales after goods have been shipped (customer order, shipping document, bill of lading)
Possible Control Activity Test of Control
Misstatements
Revenue Shipping documents Existence:
transactions recorded should be forwarded to Observe the process
in the wrong period recording functions on a
timely basis. Effectiveness:
Compare the date of shipping with the date of
sales invoice and date of recording
Daily billing of goods Effectiveness:
shipped Compare the date of sales invoice with the dates
they were recorded in the sales journal
Classification of Revenue
Use of a chart of accounts & proper codes for recording transactions should provide adequate
assurance about the proper classification of revenue transactions
Possible Control Activity Test of Control
Misstatements
Revenue transaction Chart of accounts Existence:
not properly classified Review of sales journal and general ledger for
proper classification
Proper codes for Existence:
different types of Inspect sales invoices for existence of code and
products/ services proper classification
Effectiveness:
Test application controls for proper codes
94
Prepare bank reconciliations Existence:
daily and review them Inspect bank reconciliations for indication of
independently independent review
Issue cash invoice on the Existence:
spot for payments by cash or Observe this process since it’s a daily control
credit cards. Prevents theft of
cash, ensures timely updating Effectiveness:
of system Reconcile daily invoice with cash and credit receipt
for the day
Completeness of Cash
Strong controls include proper segregation of duties and lockbox system
Bank-operated mailing address that company directs customer to send their payments
o Bank opens incoming mail, deposits received funds into co.’s account, scans payments
and remittance information
Possible Control Activity Test of Control
Misstatement
Cash receipts Segregation of Duties between Existence:
received or custody (cash receipts) and Observe and evaluate that there is proper
deposited, but recording segregation of duties
not recorded Prevents lapping (theft of
(cash stolen cash, shift cash from 1
before it is customer to another forever)
recorded) Use electronic cash receipts Effectiveness:
transfer to eliminate the need to Examine application controls for electronic cash
deposit cash. (Prevent access receipts transfer
to cash) Bank can forward
remittance advice
Prepare bank reconciliations Existence:
daily and review them Inspect bank reconciliations for indication of
independently independent review
Daily cash receipts reconciled Test reconciliation of daily cash receipts with
with posting to posting to AR subsidiary ledger
AR subsidiary ledger
Prepare customer Existence:
statements on a regular basis Inquire client personnel about handling of
customer statements
Handle complaints Examine resolution of complaints
independently
Effectiveness:
Review and testing of entity procedures for
mailing and handling complaints
Salesman passes cash collected Existence:
to Cashier, then both counter- Check daily receipt book and presence of
sign receipt book signatures
Effectiveness:
Observe daily process
95
Cash is kept in safety deposit Existence:
box, banked in at end of each Observe process
day
Effectiveness:
Daily bank deposit slip
For payments to be collected by Existence:
cheque cheques need to be Examination of cheque listing for collection of
restrictively endorsed and cheque of payments
cheque listing needs to be Verify that there are 2 signatories
prepared by 2 persons
Effectiveness:
Observe the process
Accuracy of Cash
The wrong amount of cash could be recorded from the remittance advice or receipt could be
incorrectly processed during data entry
To minimize such errors
o Daily remittance reports reconciled
o All bank statements should be reconciled monthly
Possible Control Activity Test of
Misstatement Control
Cash receipts Reconcile daily remittance report Existence:
recorded at to a control listing of Observe the process
incorrect amt / remittance advices Review reconciliation
incorrectly
processed Effectiveness:
during data Examine and test the various reconciliations
entry Reconcile bank statements with Effectiveness:
cash journal Examination of bank reconciliation for
independent review
Prepare customer Existence:
statements on a regular basis Inquire client personnel about handling of
customer statements
Handle complaints independently Examine resolution of complaints
Effectiveness:
Review and testing of entity procedures for
mailing and handling complaints
Cash receipts Daily remittance report reconciled Existence:
not properly daily with postings to cash receipts Review and testing of reconciliation.
posted journal and AR Subsidiary Ledger.
Monthly Cash Receipts journal Review of posting from Cash Receipts
agreed to General Ledger posting journal to the General Ledger
AR Subsidiary Ledger reconciled to Examination of reconciliation of Accounts
General Ledger control account. Receivable Subsidiary Ledger to General
Ledger control account.
96
Cash discounts Entity’s procedures specifying Existence:
not properly policies and controls for cash Inquire entity regarding procedures
taken discounts Review procedures to control proper
(“Authorisation”) discounts
Effectiveness:
Test entity’s procedures
Classification of Cash
Possible Control Activity Test of Control
Misstatement
Cash receipts Chart of accounts Existence:
recorded in Tracing of cash receipts from listing to
wrong FS journal for proper classification
account
Effectiveness:
Review of cash receipts journal for unusual
items
Cut-off of Cash
Possible Control Activity Test of Control
Misstatement
Cash receipts Reconcile cash receipts at, before Existence:
recorded in & after an accounting period to Review and testing of reconciliation
wrong period ensure recording in appropriate period
97
Test of Controls – Sales Returns & Allowances / Sales Discount Transactions
Occurrence
Not usually a material amount in the F/S
Credit memoranda that are used to process sales returns can be used to cover an unauthorized
shipment of goods/ conceal misappropriation of cash
o As a result, all credit memoranda should be properly authorized
Assertion & Control Activity Test of Control
Misstatement
Credit Segregation of Duties Existence:
memorandum between access to Observe and evaluate that there is proper
might not exist customers’ record segregation of duties
(due to factors (initiating) and authorization Examine a sample of credit memo for proper
mentioned above) for issuing credit memo. approval
98
Comparison of the number of weeks of inventory in
distribution channels with prior periods for unusual
increases that may indicate channel stuffing
Comparison of percentages and trends of sales in the
distributor channel with industry and competitors’ sales
trends, if known.
Comparison of Receivables Turnover and days outstanding Understatement /
in Accounts Receivable to previous years’ and/or industry
Accounts Receivable, Allowance for
Overstatement of
uncollectible accounts, bad debt
return
Comparison of Sales Discounts as a % of Revenue to Understatement /
previous years’ and /or industry data Overstatement of sales
discounts
Estimation of Sales Commission expense by multiplying Understatement /
Net Revenue by average commission rate and comparison Overstatement of sales
of recorded sales commission expense. commission expenses
and related accrual
99
Check the date of occurrence of source document
Alternative procedures:
Understand & test key controls in inventory cycle
If stock records are reliable, cut-off can be performed based on
checking the dates that goods are dispatched from warehouse
Rights and Obligations of AR Review of bank confirmations for any liens on receivables
Liens are a legal doc that is filed by creditor to record
claim on debtors property
Gives protection until debtor pays creditor amt owed
100
Completeness of AR Obtain aged trial balance of AR and agree total with GL
Primary concern is whether all AR control accounts
has been included in AR subsidiary
ledger & GL AR account Manual: Vouch cust. balance to subsid. ledger
Reconciliation of the aged trial IT: Use CAAT to determine accuracy of aged trial balance
balance to the GL should detect an
omission of a receivable from Review results of testing the completeness assertion for
subsidiary or GL assessing control risk; tracing of shipping documents into
sales journal and AR subsidiary ledger. If such testing was
not performed as a test of control
101
Accuracy and Read notes and other information to ensure that information is accurate and
Valuation properly presented at the appropriate amounts
Timing
AR may be confirmed at an interim date/ YE
Confirmation request should be sent soon after YE to maximize response rate (before YE,
company may be very busy)
Confirmation Procedures
Can involve internal auditors, but their work should be supervised, reviewed, evaluated and
tested by external auditor
Auditor must maintain control over the confirmation process so as to minimize the possibility that
direct communication between the customers and the entity (i.e. confirmation responses may be
altered)
o Mail the confirmation outside the entity’s facilities (i.e. direct mailing from the audit firm’s
office)
o Mail in envelopes with the audit firm’s address listed as the return address when
confirmations are undeliverable ( provide some assurance that fictitious customers are
identified)
102
o Maintain a record of confirmations received and returned
Second request may be necessary in some cases (if done electronically)
o Verify the source and contents of communication sent by electronic media by telephone
call or written representation
For each exception received, auditor should examine reasons between balance on client’s books
& balance indicated by customers (Could be due to timing differences) (SSA 505(14))
o SSA 505(A21-22) Must evaluate whether misstatement is indicative of fraud (SSA 240)
o SSA 530(14) For test of details, auditor shall project misstatements found in the sample to
the population
SSA 505(7) Auditor should maintain control over external confirmation requests; including
(a) Determining the info to be confirmed/ requested
(b) Selecting appropriate confirming party
(c) Designing confirmation requests, including determining that requests are properly addressed
& contain return info for responses to be sent directly to auditor
(d) Sending requests, including follow-up requests, when applicable, to confirming party
SSA 505(12) In the case of non-response, the auditor shall perform alternative audit procedures to
obtain relevant & reliable audit evidence
For AR balances – examining specific subsequent cash receipts, shipping documentation, and
sales near the period-end.
For AP balances – examining subsequent cash disbursements or correspondence from third
parties, and other records, such as goods received notes.
Authenticate validity of confirmations over electronic
Further audit evidence where doubts exist, phone call
Alternative Procedures (when auditor does not receive responses to positive confirmation)
Examination of subsequent cash receipts
Check the accounts receivable subsidiary ledger for payments of the specific sales invoices
included in the customer’s account receivable balances that were outstanding at the date of the
confirmation
If entity’s control for recording cash receipt is strong auditor will stop
Else the auditor may extent the testing by tracing the payment in the subsidiary ledger to cash
receipts journal and to the bank statement auditor can stop if customer has paid for goods and
has strong evidence concerning the existence and valuation
Examination of shipping documents
Look for original customer order and shipping document
Examination of other client documentation
Whether customer exist
103
Auditing Other Receivables
Other receivables that are reported on the B/S may include
Receivables from officer & employees
Receivables from related parties
Notes receivables
Similar to trade AR, each of these types of receivables is confirmed & evaluated for collectability. The
transactions arising from related parties receivables are examined fo repayment terms & whether
interest income has been properly recognized
Auditing Estimates
F/S estimates that cannot be precisely measures
o E.g. allowance for uncollectible accounts, FV of goodwill, provision for warranty, inventory
obsolescence, revenue recognition of LT contracts
Nature & reliability of info avail affects degree of estimation uncertainty à affects RMM of
accounting estimates, including susceptibility to unintentional & intentional management bias
Risk Assessment
Obtain an understanding of data, assumptions, methods used by management and relevant
controls
Review outcome of prior period accounting estimates
Responses
Consideration of events up to date of auditors’ report
o If events happened, showed that estimates were either accurate/ inaccurate
Testing estimation process, data, method & assumptions used by management
Testing operating effectiveness of controls over estimation process
Developing an independent point estimate or range to evaluate management’s point estimate
Considering use of experts
Evaluating adequacy of disclosure of estimation uncertainty (for significant risks)
104
Seminar 9 – Auditing the Purchasing Process
105
Receiving Responsible for receiving, counting and inspecting goods received from
vendors
Received PO (without qty) forces them to refer to check qty and increase
accuracy
Compare description of goods received with PO to ensure type, qty and
condition (DO, PO and Shipping document)
Invoice Processing Process invoices and ensure all goods and services received are recorded as
expenses/assets, and corresponding liability is recorded
Involves matching purchase orders to receiving report to vendor invoices to
verify compare terms, quantities, prices and extension
Responsible for purchased goods returned to vendors
Processing of adjustments for allowances, discounts and returns
Disbursements Responsible for authorizing EFTs and preparing, signing and mailing
cheques (i.e. the person who prepare the cheque, sign the cheque and mail
the cheque must be different)
Verify that there is sufficient supporting documents that the disbursement is a
legitimate business purpose (i.e. authorized and account distribution is
appropriate)
Mark the status of each documentation as “CANCELLED” or “PAID”
Accounts Payable Responsible for ensuring that all vendor invoices, cash disbursements and
adjustments are recorded in the accounts payable
Match documents and prepare voucher package
o PO, RR, Invoice
o Check mathematical accuracy of supplier invoice (freights, discounts)
Enter vouchers into voucher register
General Ledger Ensure that all purchases, cash disbursements and payables are properly
accumulated, classified and summarized in the accounts
For each major class of transactions in the purchasing process, the auditor must obtain the following
information:
How purchase, cash disbursements and purchase return transactions are initiated
The accounting records, supporting documents and accounts involved in processing purchases,
cash disbursements and purchase returns
The flow of each type of transaction from initiation to inclusion in the F/S, including computer
processing
The process to estimate accrued liabilities
108
Purchase is recorded Existence:
Fictitious or only with approved PO & Test a sample of vouchers for the presence of an
non-existent receiving report authorized PO and receiving report
purchases
recorded If IT application, examine application controls to make
overstate sure this control exists
assets and
expenses Effectiveness:
Reperform by doing sales entry
Accounting for numerical Existence:
sequences of receiving Inspect sales invoices for sequential numbering
reports and vouchers
Observe checking process of numerical sequences, see
Fictitious purchases: if there are any markings to indicate that client has
RR or vouchers will be checked the numerical sequence
numbered outside
sequence) Effectiveness:
Review and test entity controls for accounting for
numerical sequence of sales invoices
Completeness of Purchase
A strong control can reduce the scope of search for unrecorded liabilities at YE
Possible Control Activity Test of Control
Misstatement
Purchases Accounting for numerical Existence:
made, but not sequences of PO, receiving Inspect sales invoices for sequential
recorded report and vouchers numbering
understate (contains invoice)
assets & Observe checking process of numerical
expenses sequences, see if there are any markings to
indicate that client has checked the numerical
sequence
Effectiveness:
Review and test entity controls for accounting for
numerical sequence of documents
109
Receiving reports matched Existence:
to vendor invoices and Observe process
entered in purchases journal
Effectiveness:
Trace a sample of receiving reports to respective
vendor invoices and vouchers (which will then be
traced to voucher register).
This can either be manual or automated
Accuracy of Purchase
Possible Control Activity Test of Control
Misstatement
Vendor invoice Verify mathematical accuracy of Existence:
improperly vendor invoice Observe process
priced or
calculated Effectiveness:
Recompute the mathematical accuracy of
vendor invoice
110
Agree PO to receiving report and Existence:
vendors’ invoice for product, qty, Observation
price (3-way match) Agree information on a sample of voucher
PO should contain expected packets (3 docs) for product, qty and price.
price for goods purchased based
on price quotes Effectiveness: Reperform
If purchased w contract,
stipulated prices should be in
contract
Purchase Voucher reconciled to daily AP Existence:
transactions listing (or daily postings to Examine reconciliation of vouchers to daily
not posted to purchases journals) AP report (or reconciliation of entries in
the purchase Then reconciled with postings to journal with entries to AP sub records)
journal or the AP sub records
AP subsidiary If IT application, examine application
records or GL controls
Reconcile voucher register or AP Existence:
sub records to GL control account Review reconciliation of sub records to GL
control account
Cut-off of Purchase
Possible Control Activity Test of Control
Misstatement
Purchase Forward all receiving reports to Existence:
transactions AP department daily Observe
recorded in
wrong period Effectiveness:
Compare the dates of receiving reports with the
dates on relevant vouchers (created by AP) to
know the lag time (there shouldn’t be a long period
between them)
Should record purchase when you receive them
Existence of procedures that Existence/Effectiveness:
ensure prompt recording of Compare dates of vouchers to date of recording
purchases after goods/ purchase journals
services are received
111
Classification of Purchase
Possible Control Activity Test of Control
Misstatement
Purchase Chart of accounts Effectiveness:
transactions not Review purchases journal and general ledger for
properly reasonableness
classified
misstatement
for asset and Independent approval and Existence:
expenses review of general ledger Examine a sample of vouchers for proper
accounts charged for classification
acquisition
Dept that orders goods to Effectiveness:
indicate which general Review general ledger for reasonableness
ledger account to charge.
AP personnel to then
review account distribution
for reasonableness
112
Completeness of Cash Disbursement
Possible Control Activity Test of Control
Misstatement
Cash Segregation of duties between Existence:
disbursement disbursement and AP Observe and evaluate that there is proper
made but not segregation of duties
recorded Review vendor statements Effectiveness:
independently and reconcile to AP Review procedures for reconciling vendor
statements
Prepare and review bank Effectiveness:
reconciliations regularly Review bank reconciliation for indication of
independent review
Effectiveness:
Review client’s procedures for reconciling daily
cash disbursements with postings to AP
subsidiary records
113
Accuracy of Cash Disbursement
One of the major audit concerns is the payment amount is recorded incorrectly
To detect such an error, client personnel should reconcile the total of electronic cash
disbursements transfer and the cheques issued each day with the daily cash disbursements
report
Possible Control Activity Test of
Misstatement Control
Cash disbursement Reconcile daily cash disbursement Effectiveness:
recorded at report to EFTs and cheques issued Review reconciliation
incorrect amount
Reconcile vendor statements to AP Effectiveness:
records and ensure they are Review reconciliation
independently reviewed
Regularly reconcile and Effectiveness:
independently review bank Review bank reconciliation
statements
Cash disbursement Vendor statements reconciled and Effectiveness:
posted to the wrong independently reviewed Review reconciliation
vendor account
Cash disbursements Cash disbursement report Effectiveness:
journal not properly reconciled with postings to cash Review and testing of reconciliation
posted to disbursement journals and AP sub
Cash disbursement records
journal,
AP subsidiary Monthly cash disbursements journal Effectiveness:
records, or agreed to general ledger postings Review postings from cash
GL disbursements journal to general ledger
AP subsidiary records reconciled to Effectiveness:
general ledger control account Review reconciliation
114
Reconcile cash disbursement at, Effectiveness:
before and after accounting period Review reconciliations
Ensure recording in appropriate
period
Procedures that ensure prompt Effectiveness: Reperform
recording of cash disbursement.
E.g: simultaneous recording when
cash disbursement is prepared.
115
Substantive Analytical Procedures
Example of Substantive Analytical Procedures Possible Misstatement
Compare Accounts Payable Turnover/ Days Understatement /
AP and Accrued
116
Existence of AP Vouch a sample of items on listing of AP and schedules for accruals
Auditor’s major concern is to voucher packets / other supporting documents (G/L to source)
whether the liabilities are Obtain selected vendors’ statements and reconcile to vendor
valid obligations of the entity accounts
Send confirmation to vendors on AP balance
Rights & Obligations of AP Review voucher packets for adequate supporting documents
There is little risk related to (presence of purchase requisition, PO, receiving report and invoice)
this assertion as clients
seldom have the incentive to
report liabilities that aren’t
obligation of the entity
Valuatn & Allocation of AP Obtain listing of AP and account analysis schedules for accruals;
AP is recorded at gross amt foot listing and schedules agree totals to GL
of invoice OR net of cash Trace selected items from AP listing to subsidiary records and
discounts amt voucher packets
Review results of confirmations of selected AP
Valuation of accruals Obtain selected vendors’ statements and reconcile to vendor
depends upon type & nature accounts
of accrued expense Examine adequacy of allowance for bad debts
Examine underlying source document
Most accruals are easy to SSA 540 Is guide to audit client estimates (warranties, accrual for
value (E.g. Taxes, interest) bonus expense)
117
Accounts Payable Confirmation
Used less frequently than AR because the auditor can test accounts payable by examining vendor
invoices and monthly vendor statements
Vendor invoices and statement are more reliable, as it originates from sources external to the
entity
118
Seminar 10 – Auditing the Inventory Management Process
Inventory are valued at the lower of cost and NRV
119
Major Functions of Inventory Department
Functions Description
Inventory Authorization of production activity and maintenance of inventory at
Management appropriate levels, issuance of purchase requisition to the purchasing
(a.k.a production departments
management) Manage inventory through planning and scheduling manufacturing activities
Raw materials Responsible for the receipt, custody and issuance of raw materials
stores Only issue raw materials upon the receipt of material requisition from the
respective department
Manufacturing Responsible for producing the product
Adequate control over physical flow of goods
Finished Goods Responsible for storage and control over finished goods
Stores Issue finished goods upon receipt of shipping order and sent to shipping
department
Cost Accounting Responsible for ensuring cost are properly attached to inventory as goods are
processed through the manufacturing
Review the cost accumulation and variance reports
General Ledger Ensure that all inventory, cost of production are properly accumulated,
classified and summarized
120
Physical Inventory Count (ALWAYS REQUIRED)
Auditor NOT required to attend ALL inventory counts but only when inventory is MATERIAL.
Assertion: Existence*, Accuracy, Rights and Obligations, Valuation
SSA 501(4) If inventory is material, auditor shall obtain sufficient appropriate audit evidence regarding
the existence & condition of inventory by:
Attending the physical inventory counting unless impracticable to
o Evaluate mgmts. instructions and procedures for recording & controlling the result of the
entity’s physical inventory counting
o Observe perf. of mgmt’s count procedures
o Inspect inventory
o Perform test counts (from count record to physical inventory and vice versa
o Perform audit procedures over the entity’s inventory records to determine whether they
accurately reflect actual inventory count results
SSA 501(5) If physical inventory counting is conducted at a date other than date of F/S, auditor shall, in
addition to procedures required by paragraph 4, perform audit procedures to obtain audit evidence about
whether changes in inventory between the count date & date of F/S are properly recorded
I.e If count dates is before YE, test transactions between count date and YE
SSA 501(6) If auditor is unable to attend physical inventory counting due to unforeseen circumstances,
auditor shall make/ observe some physical counts on alternative date, & perform audit procedures on
intervening transactions
SSA 501(7) If attendance at physical inventory counting is impracticable, auditor shall perform
alternative audit procedures to obtain sufficient appropriate audit evidence regarding existence &
condition of inventory. If not possible, the auditor shall modify the opinion in the auditor’s report.
SSA 501(8) When inventory under the custody and control of a third party is material to the financial
statements, the auditor shall obtain sufficient appropriate audit evidence regarding the existence and
condition of that inventory by performing one or both of the following:
(a) Request confirmation from the third party (qty & condition of inventory held on behalf of entity)
(b) Perform inspection or other audit procedures appropriate in the circumstances
121
AGS 4 Existence & Valuation of Inventories
Consider the adequacy and effectiveness of client’s physical count procedures
Slow-moving, obsolete and damaged inventory
Goods held for and by 3rd parties
Misconceptions (People usually think they’re wrong, but they are CORRECT)
The client’s taking of the physical inventory is a control activity
The auditor uses a combination of observation, inquiry and physical examination
The auditor’s goal is to obtain reasonable assurance that the client’s method of counting
inventory results in an accurate count, which is therefore a test of controls
There are no satisfactory alternative procedures to making or observing some counts of items in
inventory for verifying the ending inventory
Inventory Fraud
Obtaining advance notice of the timing and location of the count, which can permit the entity to
conceal fictitious inventory at location not visited
Stack empty containers in warehouse where its contents are not checked during the count
Falsifying shipping documents to show that inventory is in transit from one location to another
Falsifying document to show that inventory is located at a public warehouse or other location not
controlled by the entity
If the auditor does not maintain control of the copy of the entity’s final count sheets, the entity can:
Follow the auditor during the count and adding fictitious inventory to items not tested by auditor
Entering additional quantities on manual and/or electronic inventory sheets that do not exist or
adding a digit in front of the actual count
122
Inventory stores function (eg. FG) // Unauthorized shipments / theft of goods can be covered
Cost-accounting function up
Can pretend that it requires $10 of RM to produce goods,
when actual cost of RM is $5. Then you steal the $5 worth of
inventory
Cost-accounting function // General Conceal unauthorized shipments of goods
ledger function Theft of goods
Overstatement of inventory
Supervising physical inventory // Inventory shortages (due to thefts) can be covered up
Inventory management and Inventory through adjustment of inventory records to physical inventory
stores functions (RM or FG) Overstatement of inventory
123
Prevents fictitious recording of
inventory, manipulation of
inventory cost, theft of inventory
Use an approved pre-numbered Existence:
Receiving Report to receive and transfer Observe process
Inventory to Inventory department
Effectiveness:
Review and test procedures for the
transfer of inventory
Use pre-numbered, numerical Materials Existence:
Requisitions to receive and transfer Observe process
Inventory to Manufacturing department
Effectiveness:
Review and test procedures for issuing
materials to manufacturing departments.
Completeness of Inventory
Primary control activity relates to recording inventory that has been received
Controls are closely related to the purchasing process (Refer to Seminar 9)
Possible Control Activity Test of Control
Misstatement
Inventory Accounting for numerical sequence Existence:
received but not of POs, RRs and Vouchers Observe process
recorded
Effectiveness:
Review entity’s procedures for accounting
for numerical sequence
RRs matched to vendor invoices and Effectiveness:
entered in the purchases journals Trace a sample of RR to their respective
vendor invoices and vendors
124
*Accuracy of Inventory
Inventory transactions that are not properly recorded results in misstatements that directly affect
the amounts reported in the F/S
Inventory purchases must be recorded at the correct price & quantity received
Inventory shipped must be properly recorded in COGS and the related revenue recognized
Possible Control Activity Test of Control
Misstatement
Inventory quantities Periodic or annual comparison of Effectiveness:
recorded incorrectly goods on hand with amounts Review and test procedures for taking
shown in perpetual inventory physical inventory
125
Cut-off of Inventory
Could affect number of accounts – COGS, Inventory, Purchases
Possible Control Activity Test of Controls
Misstatement
Inventory Process all receiving reports daily to Existence:
transactions record receipt of inventory Observe
recorded in Compare date receiving report with
wrong period payment voucher Effectiveness:
Review and test procedures for processing
inventory included on receiving report into
the perpetual records
Process all shipping documents daily Effectiveness:
to record shipment of finished Review and test procedures for removing
goods inventory from perpetual records based on
Compare date of shipping doc with shipments of goods
sales journal
Classification of Inventory
Must have proper procedures to classify inventory RM, WIP, FG
By knowing which manufacturing department holds inventory, auditor will be able to classify it by
type
Possible Control Activity Test of Controls
Misstatement
Inventory transactions Materials requisitions and Review the procedures and forms used to
not properly classified production data forms are used classify inventory.
among raw materials, to process goods through
work-in-process and manufacturing.
finished goods
126
Test of Details – Inventory Management Transactions (P/L)
Assertion Substantive Test of Detail
Occurrence Vouch a sample of inventory addition transaction (purchases) to receiving report
and purchasing requisition
Completeness Trace a sample of receiving reports to inventory records (ie master file, status
report)
*Accuracy Recompute the mathematical accuracy of a sample of inventory transactions
(PxQ)
Audit standard costs/ other methods to price inventory
Trace costs used to price goods in inventor compilation to standard costs or
vendors’ invoices
Test a sample of physical inventory and trace to management inventory records
Cut-off Trace a sample of time cards before and after period end to the appropriate
weekly inventory report
Trace weekly inventory report to GL to verify inventory transactions are recorded
in the proper period
Classification Examine a sample of inventory checks for proper classification into expense
accounts
127
Review entity’s procedures for identifying obsolete, slow-moving or excess
inventory, and if there is such inventory, determine whether inventory has been
properly written down
Review book-to-physical adjustment for possible misstatements (perpetual)
o Book value – inventory on transit – inventory on consignment – estimated
sales return should tally if not:
o Perpetual records not updated accurately, stolen, lost or theft
Check for capitalization of inward freight cost if purchased from overseas suppliers (e.g. inventory
turnover = 2 months, so if inventory is bought in Nov and not sold by year end, need to capitalize)
Weighted average
Request for detailed movement of inventories, verify to supporting docs, and test the accuracy of
weighted average costing
Request client to do print-out check computation of WA (see if calculation is correct) WA cannot
be done manually
But if cannot generate detailed movement of inventories, auditor can assess inventory turnover
o If fast, can vouch to most recent supplier invoice to test weighted average costing, assuming
sales and purchases have been verified
o If slow, test individual inventory movements, which is okay since slow à minimal movement
128
Test of Details – Disclosure of Inventory Items (FS)
Assertions Substantive Tests
Occurrence, Rights Inquire of management and review any loan agreements and Board
& Obligations Minutes for any indication that inventory has been pledged or assigned
Inquire of management about issues related to warranty obligations.
Completeness Complete financial reporting checklist to ensure that all financial
statement disclosures related to inventory are made^
Classification, and Review inventory compilation for proper classification among raw
Understandability materials
Accuracy and Read notes and other information to ensure that the information is
Valuation accurate and properly presented at the appropriate amounts.
129
Seminar 11a – Auditing the HR Management Process
Overview
HR process starts with the establishment of sound policies for hiring, training, evaluation
counselling, promoting, compensation, and taking remedial actions for employees
Main concern involves payroll transactions once an employee has been hired
130
HR Management Process Functions
Functions Description
Human Authorisation of hiring, firing, wage-rate, salary adjustments, salaries and
Resources payroll deductions
Responsible for managing personnel needs of the organization
o Hiring and terminating employees
o Setting wage rates and salaries
o Establish and monitoring employee benefits programmes
Maintain employees’ personnel records
Responsible for defining job requirements and descriptions, administering
union contacts, development performance criteria and employee evaluation
procedures
Supervision Responsible for reviewing and approving employees’ attendance and time
information
Approve timesheet/documents that record an employee’s time worked
Responsible to submit a periodic attendance and job classification on the
employees to the payroll function
Monitor labour cost and labour productivity variances
Timekeeping Prepare and review employee’s time information for payroll processing
Payroll Responsible for computing gross pay, deduction and net pay
processing Responsible for recording and summarizing payments, and verify account
distribution
Disbursement Responsible for paying employees for services and benefits
Oversee the preparation (IT department) and distribution of the cheque
General Ledger Responsible for properly accumulating, classifying and summarizing payroll
and benefit transactions in the general ledger
131
Inherent Business Risks
High turnover rate of employees (may affect assertion such as valuation)
Risk that pay will be inappropriately dispersed to terminated or fictitious employees due to the
volatility of movement of employees
Executive Compensation
Inherent risk is not set as low due to (1) motives and opportunity from the officers; (2) degree of
judgment and estimation for share based compensation
Other factors
Presence of labour contracts and labour legislation
Economic conditions on payroll
Supply of skilled workers
132
Completeness of Payroll Transaction
Possible Control Activity Test of Control
Misstatement
Employee Pre-numbered time sheet accounted for Existence:
services by client personnel Check numerical sequence of time sheets
provided but not Verification that all employees in the Existence:
recorded master payroll file submitted a time sheet Review and test entity’s verification
for pay period procedures
Review of payroll register for unusual If IT, use computer assisted auditing
amounts techniques (CAATs) to test program
logic for computation
133
All time sheets forwarded to payroll Existence:
department weekly Review and test procedures for
processing time sheets
Procedures that require recording payroll Existence:
liabilities as soon as possible after they Review and test procedures for recording
are incurred payroll liabilities
134
Test of Details – Payroll Expenses (P/L)
Payroll Expense Account
Affects many expense accounts
o Direct/ indirect manufacturing expense, general & administrative salaries, sales salaries,
commissions and payroll tax expenses
If entity’s internal control is reliable, auditor does not need to conduct detailed test of all these
payroll expense accounts
o Just need to understand controls
o Additional testing is necessary only when control deficiencies exist
o However, for certain accounts, still need to examine even if control risk is low
Compensation paid to officers (They are in a position to override controls)
Compare payroll records & amt authorized in BOD minutes & employment
contracts
Assertion Substantive Test of Detail
Occurrence Vouch sample of payroll direct deposits to master employee list to verify validity
135
Valuation and Obtain an account analysis schedule for accrued payroll liabilities
Allocation Foot schedules for accrued payroll liabilities
Compare amounts accrued to supporting documentation (e.g. payroll tax
returns)
Recalculate figures to determine accuracy
Cut-off Examine supporting documentation
Provides evidence on proper period for recording
136
Seminar 11b – Auditing the PPE Management Process
Audit Significance
Usually represents a material amount in the F/S
Recurring Engagement
o Focus on additions & retirements, beginning balances have been audited in prior years
New Engagement
o Must verify assets that make up beginning balance Small number of PPE
transactions
o Take a substantive strategy as co. probably doesn’t have a formal control management
strategy
Large number of PPE transactions
o Take a reliance strategy as co. probably has a formal control management strategy
Auditors usually focus on tests of transactions
o Additions/ disposals/ write-offs/ impairment/ depreciation (Analytical procedures)
137
Inherent BR for PPE Processes
Complex Accounting Issues (may affect assertion such as valuation)
Example: Lease accounting (i.e. can be classification, rights and obligations, valuation),
construction contracts, capitalized interest
Complexity in the decision and subjectivity involved in the accounting issue, making it not
uncommon for such transaction to be accounted for incorrectly
Judgement and complexity associated with valuation of long-lived assets (set higher IR)
Easy and Difficult transactions to audit
Majority of additions to PPE are relatively easy to audit because purchase directly to audit just
look at source document
PPE (i.e. donated assets, non-monetary exchanges, self-constructed assets) are difficult to audit
as it is difficult to verify the value
o Non-monetary exchanges (hard to determine trade-in-value)
o Self-constructed assets (hard to determine cost-accumulation)
Misstatements detected in prior audits
Presence of misstatement in previous audit is a good indicator that misstatements are likely to be
present during the current audit, unless the entity has established new control activities
If misstatements in prior periods are detected set IR higher
138
Depreciation methods for book &
tax purposes, salvage value,
estimated useful life
Periodic reconciliation of PPE sub ledger Review reconciliation
to GL control account
Periodic comparison of detailed records Observe periodic comparison if possible
in sub ledger with existing capital assets Review documentations that such
make complete physical examination comparison actually happen
on PPE & compare to PPE sub ledger
139
Test of Details – PPE Account (B/S)
Assertion Substantive Test of Detail
Existence Verify the existence of major additions by physically inspecting the capital
asset
Obtain a listing of major additions and vouches them to supporting documents
such as vendor invoices (i.e. if its sales, obtain a listing of major disposal and
vouches them to sales receipt)
*Completeness Obtain a lead schedule of PPE; foot schedule and agree totals to the General
Ledger
Obtain detailed schedules for additions and disposals of PPE; foot schedule
and agree totals to the General Ledger
Physically examine a sample of capital assets and trace them to the PPE
Subsidiary Ledger.
*Valuation and Examine vendor’s invoices and other supporting documents to established the
Allocation recorded value of the assets
Obtain an understanding of the entity’s process for fair value measurement
and test the fair value measurement of PPE
Evaluate fixed assets for significant write-offs or impairments by performing
procedures
o Identify the events/ change in circumstances indicating that the carrying
value of the asset may not be recoverable
o Verify impairment loss by determining recoverable amount and
comparing it to the carrying value
o Examine client documentation supporting impairment of write-off.
Test the recorded cost of major new additions
o Valued at acquisition cost + costs to make asset operational Look at
vendor invoices
o For material self-constructed assets, must conduct detailed audit work
on construction-in-progress accounts to ensure that i/r is properly
capitalized
Test for permanent impairment of long-lived asset
o FRS 36: Long-lived assets be reviewed for impairment when changes
in events indicate CA may not be recoverable
o RA = higher of (FV – cost to sell) and value in use
FV determined by looking at price in binding sales agreement
(arms’ length)
Value in use determined by discounting estimated future CF and
dispositions
Test depreciation calculations for a sample of capital assets Using CAAT or
manually
o Consider the reasonableness of useful life, SV etc
Rights and Examine or confirm deeds or title documents for proof of ownership
Obligations Examine vendor’s invoices and other supporting documents
140
Disclosure of PPE
Classes of capital assets and valuation bases
Depreciation methods & useful lives for financial reporting & tax purposes
Non-operating assets
Construction/ purchase commitments
Liens & mortgages
Acquisition or disposal of major operating facilities
Capitalised and other lease arrangements
141
Seminar 11c – Auditing the Financing/Investing Process
Note: For entities that engage in frequent financing activities, the auditor follows a reliance strategy. But
for vast majority, it is more efficient that the auditor follows a substantive strategy and perform a detailed
audit of long-term debt and related interest accounts.
Completeness
Possible Control Activity Test of Control
Misstatement
Long-term debts Maintain a subsidiary ledger that contains Existence:
incurred but not all the long-term debt owed by the entity, Review reconciliation
recorded
Debt amount recorded in the subsidiary
ledger should be reconciled to the general
ledger control account regularly
Valuation
Possible Control Activity Test of Control
Misstatement
Note and bond Amortization table to reflect the Existence:
are not properly outstanding value of the note and bond Review the existence of amortization
valued table, Re-compute amortization table
142
Disclosure / Classification
Possible Control Activity Test of Control
Misstatement
Note / Bond not Proper procedures for classifying as a Existence:
properly short-term debt the portion of long-term Review the entity’s procedures for
classified debt that is due within next year reclassifying
Account Balances
Assertion Substantive Test of Detail
Existence Confirm notes or bonds directly with Creditors (i.e. banks, insurance
companies, trustees representing Creditors)
Rights and Examine copies of note and bond agreements
Obligations
Completeness^ Obtain an analysis of notes payable, bonds payable and accrued interest
payable; foot schedule and agree totals to the General Ledger
143
Obtain a bank confirmation that requests specific information on notes from
banks
Confirm notes or bonds with Creditors
Inquire of management regarding the existence of off-balance-sheet activities
Review Board of Directors Minutes for debt-related activity.
Valuation and Examine new debt agreements (e.g. bond indentures) to ensure they were
Allocation recorded at the proper value
Confirm the outstanding balance for notes/bonds and the last date on which
interest has been paid
Re-compute accrued interest payable
Verify computation of the amortization of premium or discount.
^For completeness of disclosure, the auditor may want to examine the debt agreement for restrictive
covenants that requires disclosure in the notes
144
Test of Controls – For SE
Occurrence
Possible Control Activity Test of Control
Misstatement
Stock and dividend Maintain stockholders’ ledger, which Existence:
transaction does not contains the name of each Review the stockholder’s ledger
comply with stockholders and the number of
corporate charter shares held by that shareholder
Stock and dividend Board of directors or stockholders Existence:
transaction are not can approve stock and dividend Review minutes of the board of
authorized transactions directors or shareholder’s meeting
minutes for proper authorization
Accuracy
Possible Control Activity Test of Control
Misstatement
Stock and dividend Reconciliation of the stockholders’ records Existence:
transactions are not with the number of shares outstanding Review reconciliation
properly posted to Reconciliation of dividends paid with the total
the right accounts shares outstanding on dividend record date
Valuation
Possible Control Activity Test of Control
Misstatement
Stock issuance, Amount must be in accordance Existence:
repurchases and dividends with the applicable financial Re-compute the recording of the stock
not properly valued reporting framework and dividend transactions
145
Account balances (B/S)
Assertion Substantive Test of Detail
Existence Send confirmation to external agent (i.e. agent is used by the entity to maintain
equity transaction) *Reason refer to confirmation for AR*
Valuation and Re-compute values assigned to each transaction
Allocation Trace proceeds from the sale of stock to cash receipt records
Auditing Dividends
When the entity uses an outside agent for dividend-disbursing, the auditor can confirm the
amount disbursed to the agent by the entity
Amount is agreed with the amount authorized by board of directors or approved by shareholders
o Concern about accuracy: Re-compute the dividend amount by multiplying the number of
share outstanding on the record date by the amount of the per share dividend approved
by board of director
Ensure that control over dividend disbursement is strong
o Compare the payee names and amounts paid with the stock register or stock certificate
book
o Review compliance with any agreements that restrict the payment of dividends
146
Auditing Income Statement Accounts
Direct Tests of Balance Sheet Accounts
Examples of Income Statement Accounts audited in conjunction with B/S Account
B/S Account audited Related Income Statement Account audited
AR / Allowance for uncollectible accounts Bad-debt expense
Notes receivables / investment / accrued interest Interest income
receivable
PPE / Accumulated depreciation Depreciation expense, gain/loss on sales or
retirement of assets
Prepaid insurance Insurance expense
Long-term debt / accrued interest payable Interest expense
Types of Bank Accounts (Extent of testing differs for each account, despite it will be the same)
General Cash Account
o Main cash account for most entities
o Source of cash receipts is revenue process, and major sources of cash disbursement is
the purchasing and human resource management
Imprest Cash Account
o To be used for a specific purpose (i.e. disbursing payroll, payroll taxes and dividends)
o Funds are usually transferred from the general cash account, then used the imprest cash
account to make payment for its respective purpose
Branch Account
o Companies that operate branches in multiple locations may maintain separate branch
accounts
o Similar to imprest accounts, but specifically for branch. Act as a general cash account for
their respective branches
147
To audit a cash account, the auditor needs to have the following documents
A copy of the bank reconciliation
Confirmation of account balance information
A cut-off bank statement
For a sample of weeks, foot the cash For a sample of weeks, foot the cash
receipts journal and agree posting to disbursements journal and agree posting to
the General Ledger the General Ledger
Cut-off Test a sample of cash receipts at, Test a sample of cash disbursements at,
before and after an accounting period before and after an accounting period for
for recording in appropriate period recording in appropriate period
148
Classification Examine a sample of remittance Examine a sample of electronic cash
advices for proper account disbursements transfers for proper account
classification classification
Account Balances
Assertion Substantive Test of Detail
***Existence Confirm bank account balance with financial institution
Completeness Test bank reconciliation for each account
Valuation and Foot the reconciliation
Allocation Trace balances per book to the General Ledger
Obtain bank confirmation and trace balance per bank to the bank reconciliation
Obtain cut-off bank statement
Trace deposits in transit and other reconciling items to cut-off bank statement
149
Proof of Cash
Reconcile the cash receipts and disbursement recorded on the entity’s books with the cash
deposited into and disbursed from the entity’s bank account for a specific time period
Purpose is to
o Ensure that all cash receipts recorded in the entity’s cash receipts journal were deposited
in the entity’s bank account
o Ensure that all cash disbursement recorded in the entity’s cash disbursement journal have
cleared the entity’s bank account
o Ensure that no bank transactions have been omitted from the entity’s accounting records
Will not detect theft of cash when the cash is stolen before it was recorded in the entity’s book
150
Auditing Investment Accounts
Inherent Risk
Vary with the amount of activity, complexity and valuation considerations
An investment in stock in a listed company is relatively easy to account for and audit
Derivatives is harder, as it requires substantial judgements by management
For an entity that has a large investment portfolio, the auditor is likely to follow a reliance strategy.
However for majority, it is more efficient for the auditor to follow a substantive strategy.
Segregation of Duties
Segregation of Duties Possible Errors or Frauds
Initiation / Final Approval Fictitious transactions can be made or securities can be stolen
Valuation-Monitoring / Acquisition Securities values can be improperly recorded or not reported to
management
Maintaining Securities Ledger / Ability to conceal any defalcation that would normally be
General Ledger detected by reconciliation of Subsidiary Records with General
Ledger control accounts.
Custody of Securities / Accounting Theft of securities can be concealed
Completeness
Possible Control Activity Test of Control
Misstatement
Securities transactions (i.e. Amount must be in accordance with the Review reconciliation
dividend, interest, sales, applicable financial reporting framework
purchase) are not Maintenance of securities file (i.e. Review and test securities file
recorded Periodically review the securities owned
the entity to check if any transactions
left out)
151
Accuracy and Classification
Possible Control Activity Test of Control
Misstatement
Securities may not be Chart of Accounts Review of Accounts
properly classified Independent review and impose Review and test procedures for
procedures to classify securities classifying securities
Securities may not be Establish procedures and guidelines for Review and test procedures
priced properly pricing securities; used to price securities pricing
Securities pricing are reviewed by
management
153
Seminar 12 – Audit Completion
Adjusting Events
Provide evidence of condition that existed at B/S date ADJUST amt recognized in F/S
Subsequent collection of a material AR that has been treated as uncollectible at B/S date
Legal determination, subsequent to B/S that establishes that a claim was in existence, but of an
uncertain amount at B/S date
Legislation after B/S date that retrospectively changes income tax rate applying to fiscal period
ended prior to B/S date
Ascertainment subsequent to B/S date of selling prices for inventory items, where those prices
were previously uncertain
Bankrupt conditions à financial non-prudence, likely to exist for LT
Sale of inventory after YE that indicates NRV < cost
Settlement of lawsuit/ estimated liability at amount different from recorded
Corporate scandal after YE, resulting in share price of investment drop (Unless FV)
Non-adjusting Events
Indicative of conditions that arose after B/S date DISCLOSE nature and estimated financial effect (or
that estimate cannot be made), if material
Fire/ flood after B/S not fully covered by insurance
Major currency realignment subsequent to B/S
Raising of additional shares/ loan capital after B/S date
Mergers & acquisitions after B/S date
Expropriation after B/S date, of a significant overseas investment/ asset
o Government now uses a privately owned thing for the benefit of the public
Purchase or disposal of business
Litigation arising from events that occurred after B/S date
154
Reviewing minutes of meetings held after YE
Reviewing latest interim F/S, budgets, forecasts, mgmt reports (e.g. write-down suddenly at
interim maybe should have written down at YE)
News reporting about changes in business nature
Public Announcement to Exchange (If listed)
Significant changes in shareholdings red flag
If mgmt doesn’t adjust or disclose, qualify
Contingent liability
A possible obligation – yet to be confirmed OR
A present obligation but outflow of resources not probable OR amount cannot be reliably
measured
155
Disclosure of Contingent Liabilities: Disclosure required unless outflow is remote.
Probable = future event more likely to occur
Remote = Chance of future event occurring is slight
Examples:
o Pending/ threatened litigation
o Actual/ possible claims & assessments
o Income tax disputes
o Product warranties/ defect
o Guarantees of obligations to others
o Agreements to repurchase AR that have been sold
156
Other Matters to be Addressed in Completing the Audit
Review audit working papers and evaluate audit results (including identified misstatements) to
ensure sufficient appropriate evidence is obtained to support audit opinion (S2,3,4)
o Auditor should continuously review audit working papers and evaluate result of audit tests
as the audit progresses
o Planning & supervision continue throughout the engagement
o Final review (by a senior) undertaken at the end of the engagement as a final check to
ensure that all significant matter & problems have been identified, considered and
satisfactorily resolved
Perform final analytical procedures (S3)
o SSA 520.6 Auditor to perform analytical procedures at or near completion of audit to
Form overall conclusion as to whether FS are consistent with auditor’s
understanding of entity
Corroborate conclusions formed during audit of individual components or elements
of the FS
Help identify any previously unrecognised risk of material misstatement
Evaluate entity’s ability to continue as a going concern (S5)
Evaluate overall FS presentation and disclosure (S3, SSA 710, 720)
o Review F/S to ensure compliance w applicable financial reporting framework, proper
presentation of accounts, and inclusion of necessary disclosures (usually will have a
checklist)
Obtain management representation letter (SSA 580)
Communicate with TCWG (S4,6, SSA 260-265)
Obtain engagement quality control review (not in syllabus)
Issue auditor’s report (S2)
Comparative F/S
Comparative financial statements are considered separate financial statements and are included for
comparison with the financial statements of the current period
157
Other Information (OI) in Documents Containing Audited F/S (SSA 720(revised))
In line with the new and revised Auditor Reporting standards, the reporting on OI has been revised
Other Information (OI) is defined as financial or non-financial information (other than FS and the auditor’s
report) included in an entity’s annual report
SSA 580.9 Auditor to request written representations from management with appropriate responsibilities
for the FS and knowledge of the matters concerned
Eg. from AC chairman, CFO, CEO (people with knowledge)
SSA 580.14 Date of written representations should be as near as practicable to, but not after the date of
auditor’s report on FS date that auditor is responsible up till
SSA 580.4 Although written representations provide necessary audit evidence, they do not provide
sufficient appropriate audit evidence on their own about any of the matters which they deal
Evidence will be bias exercise professional scepticism
Due diligent of auditors to obtain corroborating evidence critically evaluating its reliability
(management’s integrity and competence) and consistency with other evidence
158
Communications with TCWG (SSA 260)
During Audit Planning
Auditor’s responsibilities and compliance with independence requirements
Planned scope and timing of audit
159
Seminar 13 – Other Types of Assurance / Professional Ethics & Judgement
Level of Assurance
Reasonable assurance engagement
Practitioner gathers sufficient appropriate evidence to enable him to express his conclusion in the
POSITIVE form
“In our opinion, management’s assertions are fairly presented”
160
Need for Professional Judgement & Skepticism
Auditor needs to exercise judgement through the audit, such as:
Client acceptance and continuance
Determining materiality level
Assessing AR
Designing audit strategy and plan
Evaluating audit evidence
Determining audit opinion
Professional Judgement
SSA 200.16 Auditor shall exercise professional judgement in planning & performing an audit
A24: Relevant training, knowledge, experience
A25: Consultation on difficult/ contentious matters
A27: Appropriately documented… SSA 230.8 sufficient to enable an experienced auditor having
no previous connection w audit, to understand the sig. professional judgements made in reaching
conclusions
o Not justification for decisions that aren’t supported by facts & circumstances of
engagement/ sufficient appropriate audit evidence
Professional Skepticism
SSA 200.15 Auditor shall plan & Perform an audit w professional skepticism
A18: Being alert to
o Audit evidence that contradicts other audit evidence obtained
o Reliability of documents & responses to inquiries
o The need for additional audit procedures
A21: May accept records & documents as genuine… the auditor is required to consider reliability
of info (SSA 500:7-9)
A22: Belief that mgmt. & those charged w governance are honest & have integrity does not
relieve that auditor of the need to maintain professional skepticism
161
Conceptual Framework for Code of Ethics
(a) Identify threats (circumstances or relationships) that may compromise one’s ability to comply with
fundamental principles
(b) Evaluate the significance of the threats identified
(c) Apply safeguards (actions or measures), where necessary, to eliminate/ reduce threats to an
acceptable level (based on what a reasonable and informed third party would likely conclude)
(d) If no appropriate safeguards are available, eliminate the circumstance or relationship creating the
threats, or decline or terminate the audit engagement
162
Intimidation Threat that a professional accountant will be deterred from acting objectively because of
actual or perceived pressures, including attempts to exercise undue influence over the
professional accountant
Business relationships
Family and personal relationships
Employment with audit client
Safeguards
Safeguards are actions or other measures that may eliminate threats or reduce them to an acceptable
level. They fall into two broad categories:
2. Work environment
Firm-wide safeguards
Leadership (tone at the top)
Quality control policies and procedures, such as
o Independence policies
o Segregation between assurance & non-assurance teams
Engagement-specific safeguards such as
Reviews
Consultation
Rotation of senior team members
Disclosure to TCWG of client the nature of services provided and extent of fees charged
Client-based (corporate governance, controls)
Typical Safeguards
Having a professional accountant review the work of the member of the audit team
Removing the individual from the audit team
Excluding the member of the audit team from any significant decision-making concerning the
audit engagement
Structuring the responsibilities of the audit team so that the professional does not deal with
matters that are within the responsibility of the immediate/close family member
Rotating the senior personnel off the audit team
Regular independent internal or external quality reviews of the engagement
Arranging for such services to be performed by an individual who is not a member of the audit
team
Having a professional who was not involved in providing the service review the audit or service
work performed
Obtaining advice on the service from an external professional
163
Independence (S290.6 ACRA Code)
Independence of Mind
The state of mind that permits the expression of a conclusion without being affected by influences that
compromise professional judgment, thereby allowing an individual to act with integrity and exercise
objectivity and professional skepticism.
Independence in Appearance
The avoidance of facts and circumstances that are so significant that a reasonable and informed third
party would be likely to conclude, weighing all the specific facts and circumstances, that a firm’s, or a
member of the audit team’s, integrity, objectivity or professional skepticism has been compromised. E.g.
Cannot own shares of client
164
Financial Ratios
Short-term liquidity ratio look at the entity’s ability to meet its current obligation
𝐶𝑢𝑟𝑟𝑒𝑛𝑡 𝐴𝑠𝑠𝑒𝑡𝑠
Current Ratio = 𝐶𝑢𝑟𝑟𝑒𝑛𝑡 𝐿𝑖𝑎𝑏𝑖𝑙𝑖𝑡𝑖𝑒𝑠
o Considered acceptable if the ratio is between 1 to 2
o High current ratio indicates an entity’s ability to pay current obligations
Short-term liquidity ratios
165
𝐺𝑟𝑜𝑠𝑠 𝑃𝑟𝑜𝑓𝑖𝑡
Gross Profit Percentage = 𝑁𝑒𝑡 𝑆𝑎𝑙𝑒𝑠
o
Profitability Ratio
Ratio should be fairly consistent. If it varies significantly from previous years or
industry data, the entity’s financial data may contain errors
𝑃𝑟𝑜𝑓𝑖𝑡 𝑓𝑜𝑟 𝑡ℎ𝑒 𝑦𝑒𝑎𝑟
Profit Margin Percentage =
𝑁𝑒𝑡 𝑆𝑎𝑙𝑒𝑠
o Significant fluctuations may indicate that misstatement exist in the selling, general
and administrative expenses
𝑃𝑟𝑜𝑓𝑖𝑡 𝑓𝑜𝑟 𝑡ℎ𝑒 𝑦𝑒𝑎𝑟 𝑃𝑟𝑜𝑓𝑖𝑡 𝑓𝑜𝑟 𝑡ℎ𝑒 𝑦𝑒𝑎𝑟
Return on Asset = Return on Equity =
𝑇𝑜𝑡𝑎𝑙 𝐴𝑠𝑠𝑒𝑡𝑠 𝑇𝑜𝑡𝑎𝑙 𝐸𝑞𝑢𝑖𝑡𝑦
Provides information on the long-term solvency of the entity, giving important information about
an entity’s going concern issue
𝑆𝑇 𝐷𝑒𝑏𝑡+𝐿𝑇 𝐷𝑒𝑏𝑡
Debt to equity =
Coverage Ratio
𝑇𝑜𝑡𝑎𝑙 𝐸𝑞𝑢𝑖𝑡𝑦
o Indicate the portion of the equity’s capital that comes from debt
o Lower the ratio, the less debt pressure on the entity. If it is too high, it may indicate
that the entity is too highly leveraged and may not be able to meet its debt obligation
𝑃𝑟𝑜𝑓𝑖𝑡 𝑓𝑜𝑟 𝑡ℎ𝑒 𝑦𝑒𝑎𝑟+𝐼𝑛𝑡𝑒𝑟𝑒𝑠𝑡 𝐸𝑥𝑝𝑒𝑛𝑠𝑒𝑠
Times interest earned = 𝐼𝑛𝑡𝑒𝑟𝑒𝑠𝑡 𝐸𝑥𝑝𝑒𝑛𝑠𝑒𝑠
o Indicates the ability of current operations to pay the interest that is due on the
entity’s debt obligation
166