Audit

Question 1

rChapter 2 - Fundamental Concepts

1. What is the purpose of an audit?
2. What is the expectation gap?
3. What are some common misconceptions of auditing? (atleast 6)
4. What is an engagement letter and what does it entail?
5. What is an audit report? and what is an audit opinion and how it determined?

Answer 1

Purpose of an Audit
reduce agency risk (risk that managers are not acting in the interest of shareholders) and

information risk (risk that the information presented to shareholder’s is not reliable)

Expectation Gap
Difference between public perception of auditor’s responsbility VS actual defined responsiblities

• Common Areas of mistake (atleast 6 - G-CFC-PE)

• (1) NO GUARANTEE, (2) NOT RESPONSIBLE FOR CONTROLS/FRAUD/COMPLIANCE, DOES NOT PRODUCE F/S OR ASSESS EFFECTIVENESS OF MANAGEMENT/OPERATIONS

FINANCIAL STATEMENTS
o The auditor does not guarantee that the financial statements are 100% accurate. The auditor expresses an opinion on the financial statements that provides reasonable assurance. Auditing standards permit the auditor to undertake an audit on a sample basis. Therefore, there is always a risk that misstatements in the financial statements will not be identified by the auditor

o The auditor does not prepare and produce the financial statements. Management is responsible for preparing financial statements that show a fair view of the entity. The auditor provides an opinion on those statements.

INTERNAL CONTROLS AND COMPLIANCE
o The auditor is not responsible for the internal controls of the company. Management is responsible for implementing a sound system of internal controls. The auditors are responsible for gaining an understanding of the controls put in place by management as they relate to the financial statement process in order to effectively carry out their audit.

o The auditor is not responsible for the detection of all instances of fraud. Management, with the oversight of those charged with governance, is responsible for safeguarding the assets of the company and maintaining proper accounting records. Therefore, it is their responsibility to prevent and detect fraud through the implementation of sound internal control systems. The auditor is responsible for detecting material misstatements in the financial statements due to fraud or error. Consequently, the auditor may detect instances of fraudulent activity, but this is not their primary responsibility.

o The auditor is not responsible for checking compliance with all laws and regulations. Again, this is management’s responsibility, not the auditor’s. The auditor is responsible for identifying material misstatements in the financial statements due to breaches of laws and regulations.

OPERATIONS

o The auditor does not assesses the effectiveness and adequacy of the client’s operations and management. The auditor is only required to provide such an assessment where these affect the quality of the financial statements.

o The auditor purpose does not entail providing aid and advice to management; Although this can be a by-product of the audit, it is not the primary responsibility of the auditor to provide advice. If management requests that the auditor provide aid and advice, the auditor would undertake the work in a separate engagement, providing a consultancy function for the client. The auditor will not be able to provide both consultancy and audit services due to the importance of auditor independence; acting in the capacity of a consultant would impair independence.

ENGAGEMENT LETTER

• The Engagement letter: The auditor clarifies their responsibilities with management of the audited company at the start of engagement by issuing an engagement letter, which SPECIFIES THE TERMS of the engagement.

including the following:
 the objective and scope of the audit (Objective and Scope)
 the responsibilities of the auditor & management (RESPONSIBILITIES)
 identification of the applicable financial reporting framework (FRAMEWORK)
 Indicates that there is a risk that material misstatements may go undetected (DETECTION RISK)
 reference to the expected form and content of any reports to be issued by the practitioner and a statement that there may be circumstances in which a report may differ from its expected form and content (CONTENTS OF THE REPORT)
 the basis on which fees are computed and any billing arrangements (FEES & BILLING ARRANGEMENTS)

AUDITOR REPORT
Auditor Report: The auditor’s report COMMUNICIATES the practitioner’s OPINION on the fair presentation of the financial statements, in all material respects, in accordance with the applicable financial reporting framework.

The auditor’s report will be dated no earlier than the date on which the practitioner has gained sufficient and appropriate audit evidence to support his or her opinion.

Question 2

Chapter 3 - Client Acceptance

What are the 4 basic things to address in a client acceptance?

What is the criteria for accepting a new engagement?

Answer 2

.What are the basic things to address in a client acceptance?

• The integrity of KEY people; principal owners, key management and those charged with governance of the entity;
• Whether the engagement team is competent** to perform the audit engagement and has the **necessary capabilities, including time and resources;
• Whether the firm and the engagement team can comply with relevant ethical requirements; and (independence, threats, conflicts)
• Significant matters that have arisen during the current or previous audit engagement, and their implications for continuing the relationship

Criteria for accepting a new engagement?

• Are there any independence prohibitions, threats, or conflicts of interest between the practitioner and the client? (INDEPENDENCE)
• Is the practitioner able to mitigate or accept engagement risk factors? (RISK MANAGEMENT)
• Does the practitioner have a clear understanding of the user’s requirements for this engagement? (REQUIREMENTS)
• prepare the financial statements in accordance with the appropriate financial reporting framework (FRAMEWORK)
• have operating internal controls (CONTROLS)
• provide unrestricted access to information and people. (FREE ACCESS)
• Are there any known scope limitations that may restrict the practitioner’s ability to provide an opinion? (RESTRICTIVE SCOPE LIMITATIONS)

Question 3

Chapter 4 - Rules Against Professional Conduct

What are the key principles of professional conduct?
What are the threats (5) to Professional Conduct?

Answer 3

What are the Key principles of the rules

1. Objectivity: CPA Canada members must maintain an independent and objective state of mind when providing assurance services.
2. Integrity and due care: CPA Canada members must act with integrity and due care in the performance of their professional activities.
3. Professional competence: CPA Canada members must maintain their knowledge and skill at a level required by the professional bodies and must not undertake work for which they lack the necessary competence
4. Confidentiality: CPA Canada members must maintain confidentiality with respect to the affairs and the business of the client
5. Professional behaviour: CPA Canada members must behave in a professional way that maintains the good reputation of the profession and serves the public interest. Members are expected to avoid actions that would discredit the profession.

What are the threats to a practitioner’s independence 5 TYPES (SSAFI)

1. SELF INTEREST - occur where the practitioner (or his or her firm) has a financial interest in the client, as in the following examples:
2. SELF-REVIEW - occur where the practitioner is in the position of having to form an opinion on his or her own work
3. ADVOCACY - occur where the practitioner (or his or her firm) is perceived to promote, or actually promotes, the position of the client
4. FAMILIARITY - occur where a close relationship exists between the practitioner and the client, creating an environment where it is difficult for the practitioner to behave with professional skepticism
5. INTIMIDATION - occur where the client intimidates the practitioner (or his or her firm),

Question 4

Chapter 6 - Risk

1. Explain the audit risk model and its components

Answer 4

1. Explain the audit risk model and its components

Audit risk model

Audit risk is the risk that an inappropriate opinion is provided on the financial statements. This can be presented in a mathematical model that demonstrates the relationship among its components. The model states that audit risk is equal to risk of material misstatement (RMM) multiplied by detection risk:

AR = RMM × DR

AR = audit risk

RMM = IR × CR

IR = inherent risk: general and fraud risks at the overall financial statement level (OFSL) and the assertion (account) level

CR = control risk: control risks at the OFSL and the assertion level

DR = detection risk (set based on the reliance on substantive procedures)

The purpose of the audit risk model is to help the practitioner understand how inherent and control risk drive the level of detection risk and the reliance on substantive procedures (DR).

Detection risk

Once the auditor understands the RMM, they then design their audit program.

Detection risk is the risk that the procedures performed by the auditor will not detect a material misstatement. The auditor’s objective is to design procedures that will bring the detection risk to an acceptably low level to compensate for any RMM and thus bring the overall audit risk to low.

There is an inverse relationship between the assessed levels of RMM and the acceptable level of detection risk. For example, if inherent and control risks are both assessed as high, detection risk will need to be low in order to achieve a low audit risk.
To achieve a low detection risk, more assurance is needed from audit evidence. In order to gain more assurance from audit evidence, the practitioner can increase their reliance on substantive procedures. The auditor can also assign more experienced staff to the audit and incorporate additional independent review of working papers.

If inherent and control risk are both assessed as low, detection risk can be high and a low audit risk can still be maintained. If a higher detection is acceptable, the practitioner may reduce their reliance on detailed substantive procedures. Note that the practitioner will still test account balances and transactions throughout the year, but in this scenario, the testing will not be as extensive as it would be if detection risk were required to be reduced to low.

Inherent risk factors

Inherent risk represents the risk that, in the absence of controls, the financial statements could be materially misstated (individually or when aggregated).

Control risk factors

Control risk is the risk that a material financial statement misstatement, either individually or when aggregated with other misstatements, will not be prevented, detected, or corrected on a timely basis by the entity’s internal control. Further, controls may be direct or indirect. Direct controls are controls that are precise enough to address risks of material misstatement at the assertion level. Indirect controls are controls that support direct controls. The auditor is also required to obtain an understanding of each of the five components of internal control even when the approach to the audit is primarily substantive:

• control environment
• the entity’s risk assessment process
• the entity’s process to monitor the system of internal control
• the information system and communication
• control activities

Question 5

Chapter 7 - Fraud

1. Explain the audit risk model and its components

Answer 5

Types of Fraud

There are two types of fraud: fraudulent financial reporting and misappropriation of assets.

Fraudulent financial reporting usually occurs at the management level through intentional omissions or manipulation of amounts or disclosures with the intention of deceiving users and stakeholders. This is often done to manage earnings and influence user perceptions of the company’s financial performance. Management may have incentives, such as stock options and bonuses, to show a positive performance for the company. They may also be significantly pressured to show a positive financial performance because of the expectations of investors, creditors, or regulators. These incentives and pressures, coupled with the opportunity for management to override controls, can increase the risk of fraudulent financial reporting.

Fraud through misappropriation of assets usually occurs at the employee level in relatively small amounts. This could include embezzlement, theft of small assets, theft of intellectual property, unauthorized personal purchases, and the use of company assets for personal use.

Question 6

Chapter 8 - Going Concern

1. What kinds of conclusions can an audit make on a companies going-concern and its implication to the auditor report?

Answer 6

1. What kinds of conclusions can an audit make on a companies going-concern and its implication to the auditor report?

Audit Conclusions and Reporting

Based on the evidence obtained, the auditor must make one of the following conclusions:

• The going-concern assumption is appropriate.
• The going-concern assumption is appropriate but a material uncertainty exists.
• The going-concern assumption is not appropriate.

A material uncertainty exists when there is uncertainty surrounding the entity’s ability to continue as a going concern, and the magnitude of its potential impact and likelihood of occurrence is such that appropriate disclosure of the nature and implications of the uncertainty is necessary for the fair presentation of the financial statements.

Going-concern assumption is appropriate
If the going-concern assumption is appropriate without a material uncertainty, no modification to the financial statements is necessary for this issue.

Going-concern assumption is appropriate but a material uncertainty exists
If the auditor determines that the use of the going-concern assumption is appropriate, but that a material uncertainty exists, the auditor must determine whether the financial statements adequately disclose the events or conditions that have led to the material uncertainty and that a material uncertainty exists.

If the disclosure is adequate, the auditor will issue an unqualified opinion and include a section under the heading “Material Uncertainty Related to Going Concern” in the audit report to:
• highlight the existence of a material uncertainty relating to the going-concern assumption
• draw attention to the note in the financial statements that sets out the going-concern disclosure

If the disclosure is inadequate, the auditor will issue a qualified or adverse opinion.

Going-concern assumption is not appropriate
If the auditor determines that the use of the going-concern assumption is not appropriate, the auditor must determine whether the financial statements are presented on a liquidation basis and whether there is adequate disclosure for the users of the financial statements.

If the statements are presented appropriately, the auditor will issue an unqualified opinion and include a section under the heading “Material Uncertainty Related to Going Concern” in the audit report to:

• highlight the lack of the going-concern assumption
• highlight that the financial statements are prepared on a liquidation basis

If the disclosure is inadequate, the auditor will issue an adverse opinion

Question 7

Chapter 9 - Approach

1. Explan Substantive Procedure and Test of Control
2. How is an audit approach determined?
3. What is In Inherent and Control Risks?
4. What are the audit approaches? Explain both.

Answer 7

1. Explan Substantive Procedure and Test of Control

• Substantive - audit procedure designed to detect material misstatements at assertion level
• Test of Controls - audit procedure to test operating controls in the prevention / detection / correction of material misstatements at the assertion level.

1. How is an audit approach determined?

• Inherent risk – likelihood or material mistatement due to the particular characteristics of the relevant class or transactions, account balances or disclosure.
• Control risk – the risk that relevant controls are not operating effective and will not prevent or detect a material misstatement

1. What are the audit approaches? Explain both.

• Substantive Approach - Substantive only
  
  • Applied when control risk HIGH
• Combined Approach -
  
  • Tests of controls should be performed to obtain sufficient appropriate audit evidence if:

(a) The auditor’s assessment of risks of material misstatement at the assertion level includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the date, timing and extent of substantive procedures); or

Control risk is determined to be lower at the assertion level for the relevant account and assertions, thereby reducing the overall RMM at the assertion level. Given the lower RMM, the amount of substantive work required is reduced, which can lead to a more efficient audit approach.

(b) Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.

situation where substantive procedures alone simply do not provide sufficient appropriate audit evidence and therefore tests of controls are needed to obtain the required level of audit evidence.

Question 8

Chapter 13 - Assertions

1. What are the assertations for balance sheet items? (PACC - ER)
2. What are the assertations for income statement items? (PACC - CO)

Answer 8

1. What are the assertations for balance sheet items? (PACC - ER)
2. What are the assertations for income statement items? (PACC - CO)

Assertions for Account Balances (Balance Sheet)

The relevant assertions for account balances are:

• Existence - Do the assets, liabilities, and equity of the entity exist? (OVERSTATEMENT)
• Rights and obligations - Does the entity have legal claim or control the rights to the assets? Are the liabilities the obligations of the entity?
• Completeness - Have all the entity’s assets, liabilities, and equity been recorded? (UNDERSTATEMENT)
• Accuracy, valuation, and allocation (Valuation) - Have the assets, liabilities, and equity of the entity been included in the financial statements at the correct amount?
• Classification - Have the assets, liabilities, and equity of the entity been recorded in the proper accounts?
• Presentation - Have the assets, liabilities, and equity been appropriately aggregated or disaggregated, and have disclosures been made that are relevant, understandable, and in accordance with the applicable financial reporting framework?

Assertions for Classes of Transactions (Income Statement)

The relevant assertions for classes of transactions are:

• Occurrence - Have the revenues and expenses occurred? (OVERSTATEMENT)
• Completeness - Have all the entity’s revenues and expenses been recorded? (UNDERSTATEMENT)
• Accuracy - Have the entity’s revenues and expenses been recorded accurately?
• Cut-off - Have the entity’s revenues and expenses been recorded in the correct reporting period?
• Classification - Have the entity’s revenues and expenses been classified to the appropriate accounts?
• Presentation - Have the entity’s revenues and expenses been appropriately aggregated or disaggregated, and have disclosures been made that are relevant, understandable, and in accordance with the applicable financial reporting framework?

Question 9

Chapter 14 - Audit Evidence

What are the sources of evidence?
What are the types of audit evidence?

Answer 9

1. Sources of Evidence
   Evidence is often persuasive, rather than conclusive, because the evidence gathered is not always 100% reliable. As noted earlier, the reliability of audit evidence may be affected by its sources, which can be divided into three main categories:
   • internally generated
   • externally generated, but held by the client
   • externally generated (Highest level of persuasiveness)

2 Names of Types of Audit Evidence

Types of Audit Evidence
Audit evidence is the result of applying the planned audit procedures. It can be in the form of:

• physical evidence (such as the result of physically examining a tangible asset)
• confirmation evidence (such as from obtaining written communication from a third party)
• documentary evidence (such as from inspecting the client’s internal or external documents and records)
• analytical evidence (such as the result of performing ratio analysis on the client’s balance sheet)

There may also be other forms, depending on the procedures performed.

Question 10

Chapter 15 - Materiality

1. What are the 8-steps of deterrmining materiality?
2. Explain the different stages when materiality is important and why?

Answer 10

1. What are the 8-steps of deterrmining materiality?
2. Explain the different stages when materiality is important and why?

Materiality is an important concept and it is used in the various stages of the audit:

• During the planning stage, materiality is used to determine which balances and transactions the practitioner will focus procedures on, and also to assist the practitioner in deciding which audit procedures to perform.
• During the execution stage, materiality is used to evaluate errors discovered and determine the extent of any additional audit procedures required.
• During the reporting stage, materiality is used to evaluate the aggregate of the uncorrected errors that have been identified throughout the audit. If the errors exceed overall materiality or a specific materiality amount (as applicable) and the client will not correct them, the practitioner’s opinion may be affected.

1. Step 1: Identify the user(s)
2. Step 2: Identify the user’s objective
   a. Understand the objectives and sensitivities of all the significant users
   i. Lenders – leverage, liquidity, convenants, asset values and debt coverage ratios
   ii. Investors – financial stewardship, free cash flow generation and earnings growth
   iii. Executives – incentive compensation plan
3. Step 3: Determine basis for materiality
   a. For Profit - Always use net income before tax unless loss position or earnings are volatile, then use Total revenue.
   b. Non-profit – total expenses
   c. Foundation – Total Assets
4. Step 4: Identify the % threshold for materiality
   a. Lower percentage = more sensitive

For-profit entities

• 3-7% of normalized income before tax
• 1-3% of revenues or expenses
• 1-3% of total assets
• 3-5% of equity

Not-for-profit entities

• 1-3% of revenue or expenses
• 1-3% of total assets

5. Step 5: Determine Overall Materiality
   a. Normalize and apply threshold (round down)
6. Step 6: Determine Performance Materiality
   a. 60 to 80% - lower if risk of misstatement is higher
7. Step 7: Determine Specific Materiality
   a. Determine key accounts that are particularly sensitive. Give any percentage you want but result must be less than overall materiality
   i. Alternatively use a reasonable % of overall materiality
8. Step 8: Determine Specific Performance Materiality
   a. 60 to 80% - lower if risk of misstatement is higher
   b. Should be lower than overall materiality and Specific Materiality

Question 11

Chapter 15: Substantive Procedure

1. What are substantive procedures?
2. Name the types of substantive procedures? RRIIOEA
3. What is a valid procedure?

Answer 11

1. What are substantive procedures?
2. Name the types of substantive procedures? RRIIOEA

Substantive Procedures

Audit programs provide detailed instructions on the procedures to perform in each audit area during the risk assessment, risk response, and reporting stages. The audit programs will detail not only the nature of the procedures, but also the timing and extent of work to be performed.

The practitioner plans procedures that will test management’s assertions related to the financial statement accounts. The application of these procedures provides the practitioner with evidence to support whether management’s assertions are appropriate, and allows them to assess whether the financial statements are materially misstated.

Substantive procedures are designed to detect material misstatements at the assertion level, and they include both substantive analytical procedures and tests of details. Substantive analytical procedures are audit procedures designed to evaluate financial information through the analysis of reasonable relationships among both financial and non-financial data. Tests of details are any substantive procedures that are not substantive analytical procedures.

Types of substantive procedures (RR- II - OE)

Inspection
Examining records, documents, and physical assets
Example: Inspecting an investment certificate to provide evidence that the investment exists

Observation
Watching a procedure being performed by another individual
Example: Observing the client’s employees performing the inventory count

Inquiry
Asking questions of another knowledgeable party
Example: Asking management whether all related-party transactions have been recorded and/or disclosed in the financial statements

External confirmation
Requesting information from a third party
Example: Obtaining a written communication from the bank stating the year-end bank balance

Recalculation
Checking the mathematical accuracy of documents or records
Example: Adding up the total of the accounts receivable sub-ledger

Reperformance
Reperforming activities that are performed by the client
Example: Reperforming the allowance for doubtful accounts calculation

Analytical procedures
Evaluating financial information through the analysis of plausible relationships involving both financial and non-financial data
Example: Comparing the current-year sales amount to the prior-year amount and noting any significant variances

What is a valid procedure

Identify the Risk
Account and Assertion
Procedure:

Example below
Risk: ABC Co. has a new transaction this year, the government grant. The bookkeeper was unsure how to record it and recognized the full amount when received. The risk is that the criteria for recognizing the grant revenue have not been met.

Account and assertion: Grant revenue — occurrence

Procedure: Obtain the grant agreement and inspect the document for restrictions that may affect ABC’s ability to recognize the grant. Recalculate the amount that should be recorded in the general ledger and compare this amount to what ABC has recorded. Ensure the amount recorded is reasonable.

Question 12

Chapter 21 - Compilation and Review Engagements

What is an Assurance Report

What is an Audit Engagement?
what is an Review Engagement?
What is a Compilation Engagement?

Answer 12

1. What are assurance reports and why do they exist?
2. What is an audit engagements?
3. What is an review engagement?
4. What is a compilation engagement?

Assurance Reports
• Discuss with the banker the level of assurance that is required.
• Since the banker is demanding assurance, her needs are the determining factor in deciding whether an audit or review engagement will be performed.
• Assurance reports involve an independent party providing an opinion on financial information. The opinion provided will lend comfort to the banker that she can rely on the financial statements to make resource allocation decisions

Audit Engagement
• An audit provides a higher (reasonable) level of assurance than a review.
o Substantive testing of account balances through analysis, inquiry, inspection, observation, confirmation and recalculation. Focuses on independent evidence to substantiate the audit opinion.
• An audit opinion communicates that the financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. In this case, the financial reporting framework is ASPE.
• Because an audit involves more work on the part of the auditor, it takes more time to complete and costs more for the auditee compared to a review engagement.
• When sufficient and appropriate audit evidence cannot be obtained, we must modify the audit report to reflect this lack of evidence. Again, the banker’s needs must be considered. If the banker is willing to accept a modified audit report, this will not be an issue.

Review Engagement
• The review opinion does not provide reasonable assurance that the financial statements are in accordance with the financial reporting framework. Rather, the opinion provides what is referred to as limited assurance.
• The review report communicates that nothing has come to the reviewer’s attention that makes them believe that the financial statements are not in accordance with the financial reporting framework.
• A lower level of assurance is provided because less-detailed procedures are performed as part of the engagement.
• Inquiry, analytical procedures and discussion plus additional procedures may be required to determine if information is “plausible”. Focuses on internal evidence.

Compilation
• An Compilation engagement provides no assurance.
o None specified. Performance consists of preparing the compiled financial statements, including a note in the compiled financial information that describes the basis of accounting applied.
• Assist management in the preparation of the compiled financial information in accordance with a basis of accounting selected by management, based on information provided by management
• Compilations require the least amount of work and are the least time consuming, therefore the least costly.
• If compiled financial statements are known to be false or misleading and management does not correct them, resign from engagement.