Auditing Flashcards
1
Q
Accounting
A
Accounting is the recording, classifying, and summarizing of economic events
for the purpose of providing financial information used in decision making.
2
Q
Purpose of financial reporting
A
3
Q
Nature of Auditing
A
Auditing is the accumulation and evaluation
of evidence about information to determine
and report on the degree of correspondence between the information and established criteria.
Auditing should be done by a competent, independent person.
4
Q
Information and Established Criteria
A
To do an audit, there must be information in a verifiable form and some standards (criteria) by which the auditor can evaluate the information.
5
Q
Accumulating Evidence and Evaluating Evidence
A
Evidence is any information used by the auditor to determine whether the information being audited is stated in accordance with the established critera.
6
Q
Competent, Independent Person
A
The auditor must be qualified to understand the criteria used and must be competent to know the types and amount of evidence to accumulate to reach the proper conclusion after the evidence has been examined.
The competence of the individual performing the audit is of little value if he or she is biased in the accumulation and evaluation of evidence.
7
Q
Audit Report
A
The final stage in the auditing process is preparing the Audit Report, which is the communication of theauditor’s findings to users.
8
Q
Distinguish Between Auditing and Accounting
A
Accounting is the recording, classifying, and summarizing of economic events
for the purpose of providing financial information used in decision making.
Auditing is determining whether recorded information properly reflects the economic events that occurred during the accounting period.
9
Q
Economic Demand for Auditing
-Explain the importance of auditing in reducing information risk.
A
Information risk reflects the possibility that the information upon which the business risk decision was made was inaccurate.
Auditing can have a significant effect on information risk.
10
Q
Causes of Information Risk
A
Remoteness of information
Biases and motives of the provider
Voluminous data
Complex exchange transactions
11
Q
Reducing Information Risk
A
User verifies information
User shares information risk with management
Audited financial statements are provided
12
Q
Describe assurance services and distinguish audit services from other assurance and nonassurance services provided by auditors.
A
13
Q
Definitions
A
Attestation
Audit
Review
Agreed-upon procedures
Compilations
Assurance
14
Q
Assurance and Assurance Services
A
The overall need of individuals and organizations for credible information, combined with changes currently taking place in information technology, is leading to rapid changes in the role of the public accounting profession
Auditor firms are already embracing a broader concept of the attest function that is being referred to as the assurance function , which includes providing assurance on a broad variety of types of financial or non-financial information
Trust Services (SysTrust and WebTrust)
PrimePlus/Elder Care Services
XBRL Services
An assurance service is an independent professional service that improves the quality of information for decision makers.
Assurance services can be performed by auditors or by a variety of other professionals.
15
Q
Attestation Services
A
An attestation service is a type of Assurance service in which the audit firm issues a report about the reliability of an Assertion that is the responsibility of another party.
In an attest engagement a Auditor is engaged to issue or does issue an examination (audit), a review, or an agree-upon procedures report on subject matter, or an assertion about subject matter, that is the responsibility of another party
The attest function adds value to information by having a third party (the Auditor) provide assurance over subject matter prepared by a party responsible for that information
Example: Compliance Report, Due Diligence Report, Valuation Report,
16
Q
Attestation Services
A
Five Categories:
- Audit of historical financial statements
- Attestation of internal control over financial reporting
- Review of historical financial statements
- Attestation services on information technology
- Other attestation services
17
Q
Other Attestation
A
Examination (Audit)
Review
Agree-upon procedures
18
Q
Audit
A
An examination, referred to as an audit when it involves financial statements, normally results in a positive opinion, the highest form of assurance provided
– Positive assurance: the auditor confirms that the subjects matter follows in all material respects the appropriate criteria
When performing an examination, the Auditors select from all available evidence a combination that limits to a low level of risk the chance of material misstatement
19
Q
Review
A
Is substantially less in scope than an audit and consists primarily of
(1) Application of analytical procedures
(2) Making inquiries of management
(3) Obtaining representations from management relating to the financial statements
Results in a report with limited assurance (or negative assurance)
– Negative assurance the reviewer concludes that he or she is not aware of any material misstatements
20
Q
Agreed-upon Procedures
A
An Auditor and a specified party that wishes to use the information may mutually decide on specific agreed upon procedures that the Auditor will perform
Result in a report that describes the procedures performed and related findings.
21
Q
Compilation
A
- Accountants may also provide services to clients in the form of compilation.
- The objective of a compilation of financial statements is to present, in the form of financial statements, information that is the representation of management without expressing any assurance on the statements
22
Q
Relationships Among Auditors, Client, and External Users
A
23
Q
Other Assurance Services
A
- Most of the other assurance services that auditors provide do not meet the formal definition
- of attestation services.
- The auditor is not required to issue a written report.
- The assurance does not have to be about thereliability of another party’s assertion aboutcompliance with specified criteria.
24
Q
Nonassurance Services Provided by auditors
A
- Accounting and bookkeeping services
- Tax services
- Management consulting services
25
Other Assurance Services Examples
26
Types of Audits
Operational
Compliance
Financial Statement
27
Operational Audit
28
Compliance Audit
29
Audit of Historical Financial Statements
30
Terms
31
1.3 Legal Requirements
European Union
Germany
United States Of America
32
European Union
33
European Law Audit Requirements
34
German Law Audit Requirements
35
Ch-2 Objective of Conducting an Audit of Financial Statements
The objective of the ordinary audit of financial statements is the expression of an opinion of the fairness with which they present fairly, in all respects, financial position, result of operations, and its cash flows in conformity with GAAP.
36
Steps to Develop Audit Objectives
1. Understand objectives and responsibilities for the audit
2. Divide financial statements into cycles
3. Know management assertions about financial statements
4. Know general audit objectives for classes of transactions and accounts.
5. Know specific audit objectives for classes of transactions, accounts and disclosures.
37
Management’s Responsibilities
* Management is responsible for the financial statements and for internal control.
* he German Law states management’sresponsibility for the financial statements.
* The German Commercial Code requires the Board of Directors of public companies to certify the annual financial statements submitted to the Stock Exchange.
38
Auditor’s Responsibilities
* Material versus immaterial misstatements
* Reasonable assurance
* Error versus fraud
* Professional skepticism
* Fraud resulting from fraudulent financial reporting versus misappropriation of assets
39
Auditor’s Responsibilities for Discovering Illegal Acts
40
2.2 Financial Statements Cycles
Audits are performed by dividing the financial statements into smaller segments or components.
41
Business Processes
42
Transaction Processing Cycles
43
Financial Statement Assertions
In preparing financial statements management implicitly or explicitly makes assertions to
* Classes of transactions and events (transaction classes)
* Year-end (account balances)
* Presentations and disclosures(disclosures)
44
General Transactions-related Audit Objectives
45
General Balance-related Audit Objectives
46
How Audit Objectives Are Met
The auditor must obtain sufficient appropriate audit evidence to support all management assertions in the financial statements.
An audit process has specific phases
47
Diagram of an Audit
48
Audit Risk
49
Inherent Risk
* Refers to the likelihood of material misstatement of an assertion, assuming no related internal control
* Differs by account and assertion
50
Control Risk
* Is the likelihood that a material misstatement will not be prevented or detected on a timely basis by internal control
* Is assessed using the results of tests of control
51
Detection Risk
* Is the likelihood that an auditor‘sprocedures leads to an improper conclusion that no material misstatement exists in an assertion when in fact such a misstatement does exist
* The auditor‘s substantial procedures areprimarily relied upon to restrict detection risk.
52
Risk Relationship
53
2.3 Objective
The objective of the auditor is to accept or continue an audit engagement only when the basis upon which it is to be performed has been agreed, through:
a. Establishingwhetherthepreconditionsforanaudit are present; and
b. Confirmingthatthereisacommonunderstanding between the auditor and management and, where appropriate, those charged with governance of the terms of the audit engagement.
54
Engagement
55
IFAC Ethical Requirements
56
Rules of Conduct-Independence
* A member in public practice shall be independent in the performance of professional services as required by standards and national requirements.
The value of auditing depends heavilyon the public’s perception of theindependence of auditors.
* Independence in fact
* Independence in appearance
57
Prohibited Services
1. Financial Interest
2. Bookkeeping and other accounting services
3. Financial information systems design and
implementation
4. Appraisal or valuation services
5. Actuarial services
6. Internal audit outsourcing
7. Management of human resource functions
8. Broker, dealer, or investment adviser
or investment banker services
9. Legal and expert services unrelated to the audit
10. Any other service that is impermissible by
law or regulation
58
Ownership Interests
* rules on financial relationships take an engagement perspective.
* rules prohibit ownership in audit clients by those persons who can influence the audit.
59
Financial Interests
Rules prohibit covered members from owning any direct investments in audit clients.
* Covered members
* Direct versus indirect financial interest
* Material or immaterial
60
Related Financial Interests Issues
* Former practitioners
* Normal lending procedures
* Financial interests and employment of immediate and close family members
* Joint investor or investee relationship with client
* Director, officer, management, or employee of a company
61
Bookkeeping and Other Services
* Client must accept full responsibility for the financial statements.
* The auditor must not assume the role of employee or of management.
* The audit must conform to use of auditing standards.
The rules do not allow audit firms to provide bookkeeping services to public company audit clients.
* Consulting and other nonaudit services
* Unpaid fees
62
Litigation Between Audit Firm and Client
* A lawsuit or intent to start a lawsuit between an audit firm and its client, the ability of the audit firm and client to remain objective is questionable.
* The interpretations regard such litigation as a violation independence.
63
Audit Committees
* An audit committee is a selected number of members of a company’s board of directorswhose responsibilities include helping auditors remain independent of management.
* Most audit committees are made up of three to five or sometimes as many as seven directors who are not a part of company management.
64
Partner Rotation
The rules requires that the lead and concurring audit partner rotate off the audit engagement after a period of seven years.
65
Audit Committees
The law requires that all members of the audit committee be independent.
Companies must disclose whether or not the audit committee includes at least one financial expert.
66
Other Issues
* Shopping for accounting principles
* Engagement and payment of audit fees by management
67
Agreement on Audit Engagement Terms
The written agreement shall include:
(a) The objective and scope of the audit of the financial statements;
(b) The responsibilities of the auditor;
(c) The responsibilities of management;
(d) Identification of the applicable financial reporting framework for the preparation of the financial statements; and
(e) Reference to the expected form and content of any reports to be issued by the auditor and a statement that there may be circumstances in which a report may differ from its expected form and content.
68
2.4 Fraud - Definition
An intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage
69
Characteristics of Fraud
* Misstatements in the financial statements can arise from either fraud or error.
* The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional.
70
Error
* Error is unintentional misstatement (mistake)
* E.g. wrong calculation
71
Types of Fraud
* Fraudulent financial reporting
* Misappropriation of assets
72
The Fraud Triangle
73
Examples of Risk Factors for Fraudulent Reporting
74
Examples of Risk Factors for Misappropriation of Assets
75
Assessing the Risk of Fraud
* ISA 240 provides guidance to auditors in assessing the risk of fraud.
* In exercising professional skepticism,an auditor “neither assumes that management is dishonest nor assumes unquestioned honesty.”
76
Sources of Information Gathered to Assess Fraud Risks
77
Documenting Fraud Assessment
* Discussion
* Procedures
* Specific risks
* Reasons
* Other conditions and analytical relationships
* Nature of communications
78
Corporate Governance Oversight to Reduce Fraud Risks
* Culture of honesty and high ethics
* Management's responsibility to evaluate risks of fraud
* Audit committee oversight
79
80
Example Elements for a Code of Conduct
* Organizational code of conduct
* General employee conduct
* Conflicts of interest
* Outside activities, employment, and directorships
* Relationships with clients and suppliers
* Gifts, entertainment, and favors
* Kickbacks and secret commissions
* Organization funds and other assets
* Organization records and communications
* Dealing with outside people and organizations
* Prompt communicationsPrivacy and confidentiality
81
Responding to the Risk of Fraud
Change the overall conduct of the audit to respond to identified fraud risks.
Design and perform audit procedures to address identified risks.
Design and perform procedures to address the risk of management override of controls.
82
Specific Fraud Risk Areas
* Revenue and accounts receivable fraud risks
* Inventory fraud risks
* Purchases and accounts payable fraud risks
* Other areas of fraud risk
83
Responding to Misstatements That May Be the Result of Fraud
When fraud is suspected, the auditor gathers additional information to determine whether fraud actually exists.
84
Types of Inquiry Techniques
* Informational inquiry
* Assessment inquiry
* Interrogative inquiry
* Evaluating responses
* Listening techniques
* Observing behavioral cues
85
Ch-3. Three Main Reasons for Planning
* To obtain sufficient appropriate evidence for the circumstances
* To help keep audit costs reasonable
* To avoid misunderstanding with the client
86
Planning an Audit and Designing an Audit Approach
1. Accept client and perform initial audit planning.
2. Understand the client’s business and industry.
3. Assess client business risk.
4. Perform preliminary analytical procedures.
5. Set materiality and assess acceptable audit risk and inherent risk.
6. Understand internal control and assess control risk.
7. Gather information to assess fraud risks.
8. Develop overall audit plan and audit program.
87
Initial Audit Planning
* Client acceptance and continuance
* Identify client’s reasons for audit
* Obtain an understanding with the client
* Develop overall audit strategy
88
Key Parts of Planning
**Accept client and perform initial planning**
* New client acceptance and continuance
* Identify client’s reasons for audit
* Obtain an understanding with client
* Staff the engagement
**Understand the client’s business and industry**
* Understand client’s industry and external environment
* Understand client’s operations, strategies,and performance system
* Assess client business risk
* Evaluate management controls affecting business risk
* Assess risk of material misstatements
89
Understanding of the Client’s Business
and Industry
Factors that have increased the importance of understanding theclient’s business and industry:
* Information technology
* Global operations
* Human capital
90
Industry and External Environment
Reasons for obtaining an understandingof the client’s industry and external environment:
* Risks associated with specific industries
* Inherent risks common to all clients in certain industries
* Unique accounting requirements
91
Business Operations and Processes
Factors the auditor should understand:
* Major sources of revenue
* Key customers and suppliers
* Sources of financing
* Information about related parties
92
Identify Related Parties
A related party is defined as an affiliated company, a principal owner of the client company, or any other party with which the client deals, where one of the parties can influence the management or policies of the other.
93
Tour the Plant and Offices
By viewing the physical facilities,
the auditor can asses physical safeguards over assets and interpret accounting data related to assets.
94
Management and Governance
Management establishes the strategies andprocesses followed by the client’s business.
Governance includes the client’s organizationalstructure, as well as the activities of the board of directors and the audit committee.
* Corporate charter and bylaws
* Code of ethics
* Meeting minutes
95
Code of Ethics
The German commercial code
now requires each public company to disclose whether is has adopted a code of ethics that applies to senior management.
96
Client Objectives and Strategies
Strategies are approaches followed by the entity to achieve organizational objectives.
Auditors should understand client objectives.
* Financial reporting reliability
* Effectiveness and efficiency of operations
* Compliance with laws and regulations
97
Measurement and Performance
98
Assess Client Business Risk
Client business risk is the risk that the client will fail to achieve its objectives.
* What is the auditor’s primary concern?
* Material misstatements in the financial statements due to client business risk
99
Client’s Business, Risk, and Risk of Material Misstatement
100
Factors Affecting Inherent Risk
101
Internal Control Objectives
* Reliability of financial reporting
* Efficiency and effectiveness of operations
* Compliance with laws and regulations
102
Management and Auditor
Responsibilities Related to Internal Control
1. Management’s responsibility forestablishing internal control
2. Reasonable assurance
3. Inherent limitations
4. Management’s reporting responsibilities
5. Design of internal control
6. Operating effectiveness of controls
7. Auditor responsibilities for understanding internal control
8. Controls over the reliability of financial reporting
9. Control over classes of transactions
10. Auditor responsibilities for testing internal control
103
Sales Transaction-related Audit Objectives
104
Five Components of Internal Control
105
The Control Environment
* Integrity and ethical values
* Commitment to competence
* Board of directors or audit committee participation
* Management’s philosophy andoperating style
* Organizational structure
* Human resource policies and practices
106
Risk Assessment
* Identify factors that may increase risk
* Estimate the significance of the risk
* Assess the likelihood of the risk occurring
* Determine actions necessary to manage the risk
107
Control Activities
* Adequate separation of duties
* Proper authorization of transactions and activities
* Adequate documents and records
* Physical control over assets and records
* Independent checks on performance
108
Adequate Separation of Duties
109
Proper Authorization of Transactions and Activities
General authorization
Specific authorization
110
Adequate Documents and Records
111
Physical Control Over Assets and Records
The most important type of protective measure for safeguarding assets and records is the use of physical precautions.
112
Independent Checks on Performance
The need for independent checks arises because internal control tends to change over time unless there is a mechanism for frequent review.
113
Information and Communication
114
Monitoring
115
Absence of internal control
Three levels of absence of internal control
* Control deficiency
* Significant deficiency
* Material weakness
116
Control deficiency
**If the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis**
* Design deficiency: if a necessary control is missing or not properly designed
* Operation deficiency: if a well-designed control does not operate as designed or if the person performing the control is insufficiently qualified or authorized
117
Significant deficiency
If one or more control deficiencies exist that is less severe than a material weakness, but important enough to merit attention by those responsible foroversight of the company’s financialreporting
118
Material weakness
Is a significant deficiency by itself or in combination with other significant deficiencies, result in a reasonable possibility that internal control will not prevent or detect material financial statements on a timely bases
119
Evaluating Significant Control Deficiencies
120
Identify Deficiencies and Weakness
121
Assess Control Risk
122
Control Risk Matrix
**Many auditors use the control risk matrixto assist in the control risk assessment process.**
* Identify audit objectives
* Identify existing controls
* Associate controls with related audit objectives
* Identify and evaluate control deficiencies,
* significant deficiencies, and material weaknesses
123
Communications
* Communications to those charged with governance
* Management letters
124
Materiality
125
Steps in Applying Materiality
126
Set Preliminary Judgment About Materiality
127
Factors Affecting Judgment
128
Guidelines
129
Allocate Preliminary Judgment About Materiality to Segments
130
Estimated Total Misstatement and Preliminary Judgment
131
4. Audit Evidence
Relationships
132
Appropriateness of Types of Evidence
133
Audit Evidence Decisions
134
Audit Program
135
Persuasiveness of Evidence
Two determinants:
* Appropriateness
* Sufficiency
136
Six Characteristics of Reliable Evidence
1. Independence of provider
2. Effectiveness of client’sinternal controls
3. Auditor’s direct knowledge
4. Qualification of individuals providing the information
5. Degree of objectivity
6. Timeliness
137
Relationships Among Audit Evidence and Persuasiveness
138
Persuasiveness and Cost
139
Types of Audit Evidence
1. Physical examination
2. Confirmation
3. Documentation
4. Analytical procedures
5. Inquiries of the client
6. Recalculation
7. Reperformance
8. Observation
140
Physical Examination
141
Confirmation
142
Documentation
143
Analytical Procedures
144
Inquiries of the Client
145
Recalculation
It involves rechecking a sample of Calculations made by the client.
146
Reperformance
It is the auditor’s independent tests of client accounting procedures or controls that were originally done.
147
Observation
148
Types of Evidence and Four Evidence Decisions for a Balance-Related
Audit Objective for Inventory\*
149
Terms and Types of Evidence
150
Audit Procedures
151
Combination of audit procedures
152
Process for Understanding Internal Control and Assessing Control Risk
153
Obtain and Document Understanding of Internal Control
154
Methods Used
155
Narrative
1. The origin of every document and record in the system
2. All processing that takes place
3. The disposition of every document and record in the system
4. An indication of the controls relevant to the assessment of control risk
156
Evaluating Internal Control Operation
157
Tests of Controls
The procedures to test effectiveness of Controls in support of a reduced assessed control risk are called
## Footnote
**tests of controls.**
158
Procedures for Tests of Controls
1. Make inquiries of client personnel
2. Examine documents, records, and reports
3. Observe control-related activities
4. Reperform client procedures
159
Extent of Procedures
160
Relationship of Assessed Control Risk and Extent of Procedures
161
Decide Planned Detection Risk and Design Substantive Tests
162
Analytics
Perform preliminary analytical procedures
163
Preliminary Analytical Procedures
164
Examples of Planning Analytical Procedures
165
Analytical Procedures
166
Timing and Purposes of Analytical Procedures
167
Five Types of Analytical Procedures
Compare client data with:
1. Industry data
2. Similar prior-period data
3. Client-determined expected results
4. Auditor-determined expected results
5. Expected results using nonfinancial data.
168
Compare Client and Industry Data
Compare Client Data with Similar Prior Period Data
169
Common Financial Ratios
170
Short-term Debt-paying Ability
171
Liquidity Activity Ratios
172
Ability to Meet Long-term Debt Obligation
173
Profitability Ratios
174
Summary of Analytical Procedures
175
Audit Documentation
176
Legal Requirements
177
Audit File Contents and Organization
178
Permanent Files
These files are intended to contain data of a historical or continuing nature pertinent to the current audit.
179
Current Files
180
Relationship of Audit Documentation to Financial Statements
181
Types of Supporting Schedules
182
Preparation of Audit Documentation
183
Effect of Technology
184
Parts of standard unmodified opinion audit report
1. Report title
2. Audit report address
3. Introductory paragraph
4. Management’s responsibility
5. Auditor’s responsibility
6. Opinion paragraph
7. Signature and address of CPA firm
8. Audit report date
185
Conditions for standard unmodified opinion audit report
186
Standard audit report and report on internal control over financial reporting
187
Unmodified opinion audit report with emphasis-of-matter explanatory paragraph
188
Most important causes of the addition of an emphasis-of-matter / modification of wording
1. Lack of consistent application of general accepted accounting principles
2. Substantial doubt about going concern
189
Substantial Doubt About Going Concern
1. Lack of consistent application of general accepted accounting principles
2. Substantial doubt about going concern
2. 1. Significant recurring operating losses or working capital deficiencies.
2. 2. Inability of the company to pay its obligations as they come due.
2. 3. Loss of major customers, the occurrence of uninsured catastrophes.
2. 4. Legal proceedings, legislation that might jeopardize theentity’s ability to operate.
190
Most important causes of the addition of an emphasis-of-matter / modification of wording
191
Auditor Agrees with a Departure from a Promulgated Principle
192
Emphasis of a Matter
193
Reports Involving Other Auditors
1. Make no reference in the audit report
2. Make reference in the report (modified wording report)
3. Qualify the opinion
194
Categories of Audit Reports
1. Standard unqualified
2. Unmodified with explanatory paragraph or modified wording
3. Qualified
4. Adverse or disclaimer
195
Modifications to the opinion in the audit report
Three conditions requiring a modification to the audit opinion:
1. The scope of the audit has been restricted
(scope limitation).
2. The financial statements have not been
prepared in accordance with generally accepted
accounting principles (GAAP departure).
3. The auditor is not independent.
196
Qualified Opinion
197
Adverse Opinion
198
Disclaimer of Opinion
199
Materiality
A misstatement in the financial statements can be considered material if knowledge of the misstatement will affect a decision of a reasonable user of the statements.
200
Three levels materiality with respect to opinions
201
Materiality and Judgement of the auditor in audit situations
202
Drafting Audit Opinions – discuss modifications
203
Auditors Decision Process on Audit Reports
204
International Accounting and
Auditing Standards
205
Internal Control System (ICS)
206
Who is responsible for the ICS?
207
