{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

2011 A-3 Class Notes

2011 A-3 Class Notes - AUDITING 3 2011 Edition — Auditing...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 2
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 4
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Background image of page 6
Background image of page 7
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: AUDITING 3 2011 Edition — Auditing 3 Class Notes AUDITING3 class notes Auditing 3 deals with engagement acceptance, planning and the risk assessment process, including understanding the entity and its environment. A. ENGAGEMENT ACCEPTANCE 1. The audit committee is responsible for the selection and appointment of the auditor. 2. Pre-acceptance activities: a. C. Consider the firm's quality control policies and procedures related to client acceptance and continuance, including the firm's ability to meet reporting deadlines and staff the engagement, the firm's independence, and the integrity of client management. Assess the auditability of the client by considering: (1) The availability and adequacy of the client's accounting records. (2) Management's attitude towards the internal control environment. Make inquiries of the predecessor auditor. 3. The auditor must establish an understanding with the client regarding the services to be performed. a. b. An engagement letter is required in most circumstances. Know the general contents of the letter. B. PLANNING AND SUPERVISION 1. The following are required during the planning stage of the audit: a. b. Obtain knowledge of the client's industry and business. Develop the overall audit strategy. The audit strategy outlines the scope of the audit engagement, the reporting objectives, timing of the audit, and required communications, and the factors that determine the focus of the audit. (1) The audit strategy includes a preliminary assessment of materiality and tolerable misstatement. (a) Materiality is the amount of error or omission that would affect the judgment of a reasonable person. (b) Tolerable misstatement is the maximum error in a population that the auditor is willing to accept. (c) A preliminary level of materiality is typically based on historical or interim financial statements, and may be revised during the audit. (d) Materiality may be assessed in quantitative or qualitative terms. 1 © 2010 DeVry/Becker Educational Development Corp. All rights reserved. 2011 Edition — Auditing 3 Class Notes c. Develop the audit plan. The audit plan outlines the nature, timing, and extent of the procedures to be performed during the audit, including: (1) Risk assessment procedures performed to assess the risk of material misstatement. (2) Planned further audit procedures, including tests of the operating effectiveness of internal controls and substantive procedures. (a) Further audit procedures are performed at the relevant assertion level. The six main financial statement assertions are: C - Completeness O - Cut-off V - Valuation, allocation and accuracy E - Existence and occurrence R - Rights and obligations U - Understandability and classification (3) Other required procedures. 2. The auditor should consider the need to utilize other professionals. a. Internal Auditor — The auditor may choose to make use of the client's internal auditor. (1) The internal auditor must be objective and competent. (2) The auditor cannot share responsibility for the audit with the internal auditor. b. Specialist — The auditor may need to utilize a specialist. (1) The specialist must be competent and objective. (2) A specialist is not mentioned in the auditor's report unless a report modification relates to the work of the specialist. 0. Service Organization — The controls placed in operation by a service organization are part of the user organization's information system. (1) The client's auditor (user auditor) may utilize the service auditor's report in this situation. 3. Supervision Proper supervision of assistants is required; disagreements among staff should be documented. C. AUDIT RISK 1. Audit risk is the risk that the financial statements are materially misstated but the opinion is not appropriately modified. 2 © 2010 DeVry/Becker Educational Development Corp. All rights reserved. 2011 Edition — Auditing 3 Class Notes Audit risk is a function of the risk of material misstatement and detection risk. a. Risk of Material Misstatement — risk that the financial statements are materially misstated. This risk is itself composed of two risks that must be assessed by the auditor. (1) Inherent Risk — the susceptibility of a relevant assertion to a material misstatement, assuming no related controls. (2) Control Risk — risk that controls fail to prevent/detect a material misstatement in a financial statement assertion. Detection Risk — risk that the auditor does not detect a material misstatement in a financial statement assertion. (1) This is the only element that the auditor can control by varying the nature, extent, or timing of audit procedures. Audit risk must be minimized. a. If the auditor‘s assessment of the risk of material misstatement increases (through an increase in inherent risk or control risk), then the auditor must reduce detection risk to keep overall audit risk low. The auditor may: (1) Change the nature of substantive tests from a less effective to a more effective procedure. (2) Change the extent of substantive tests (i.e., use a larger sample size) (3) Change the timing of substantive tests (i.e., perform substantive tests at year-end rather than at interim) The risk of material misstatement (inherent risk and control risk) has an inverse relationship to detection risk. Remember that the auditor can change his or her assessment of the risk of material misstatement (inherent risk and control risk), but cannot change the actual risks. Audit risk and materiality. a. C. Audit risk and materiality must be considered together in designing audit procedures. Audit risk and materiality must be considered at both the financial statement level and at the individual account balance, transaction class, or disclosure item level. There is an inverse relationship between materiality and audit risk. D. FRAUD RISK 1. There are two types of fraud: a. b. Fraudulent Financial Reporting — Intentional misstatements or omission of amounts and disclosures in the financial statements. Misappropriation of Assets — theft of an entity's assets. 3 © 2010 DeVry/Becker Educational Development Corp. All rights reserved. fraud. 2011 Edition — Auditing 3 Class Notes There are three fraud risk factors — their presence indicates a greater possibility of a. Incentives/Pressures (e.g., trying to meet an EPS target to receive stock options). b. Opportunity (e.g., the ability to steal from the company due to a lack of controls). 0. Rationalization/Attitude (e.g., employees who steal from the company because they believe they are not paid enough). 3. You must understand management's responsibility with respect to fraud versus the auditor’s responsibility. a. It is management's responsibility to design and implement programs and controls to prevent, detect, and deter fraud. b. The auditor has a responsibility to obtain reasonable assurance about whether the financial statements are free of material misstatement. The auditor must: (1) Exercise professional skepticism. (2) Discuss fraud risk with engagement personnel. (3) Obtain information regarding fraud risk (inquiry, analytical procedures, etc.). (4) Assess fraud risk and develop an appropriate response. (a) Improper revenue recognition and management override are presumed to exist. (b) Both a general (overall) response and a response to specific areas of risk are required. (5) Evaluate evidence. (6) Communicate and document conclusions. (a) Discuss fraud with management one level above those involved. (b) Fraud causing material misstatement or involving senior management should be reported to the audit committee/those charged with governance. (c) Know when it is acceptable to communicate fraud to outside parties. (d) Know the specific documentation requirements for fraud. 4. Illegal Acts a. If the illegal act has a direct and material effect on the financial statements, the auditor has a reasonable responsibility to detect it. b. The auditor has no responsibility to detect indirect effect illegal acts, but cannot ignore such acts that come to his or her attention. 4 © 2010 DeVry/Becker Educational Development Corp. All rights reserved. 2011 Edition — Auditing 3 Class Notes E. UNDERSTANDING THE ENTITY AND ENVIRONMENT 1. The auditor must obtain an understanding of the entity and its environment, including its internal control, and assess the risk of material misstatement. a. Inquiry, analytical procedures, observation, inspection, and discussion among the audit team are procedures used to assess the risk of material misstatement. b. To understand the entity and environment, the auditor must obtain an understanding of industry, regulatory, and other external factors, the nature of the entity, the entity's objectives, strategies, and risks, the entity's financial performance, and the entity's internal control. F. INTERNAL CONTROL 1. As part of the auditor's risk assessment process, the auditor must obtain an understanding of the entity's internal control. The purpose of internal control is to help a company meet its objectives (reliable financial statements, effective/efficient operations, compliance). There are five components of internal control (CRIME). Know the basic definition of each, and be familiar with the factors included in each component. Control environment. Risk assessment (this is the company's assessment, not the auditor's). Information and communication systems. Monitoring. 99.0.65» Existing control activities. The auditor should obtain an understanding of an entity's internal control sufficient to assess the risk of material misstatement and to determine the nature, extent, and timing of further audit procedures. The auditor's understanding should include an evaluation of the design and implementation of the entity's controls. The understanding is obtained through the following procedures: a. Inquiry. b. Observation. c. Inspection of documents and records. d. Walkthroughs. The understanding must be documented. The inherent limitations of internal control include management override of controls, human error, and collusion. The use of information technology may impact any of the five components of internal control. a. There are both benefits (faster processing, improved consistency) and risks (unauthorized access to data or programs) associated with the use of information technology. 5 © 2010 DeVry/Becker Educational Development Corp. All rights reserved. G. 2011 Edition — Auditing 3 Class Notes RESPONDING TO ASSESSED RISKS 1. The auditor uses the understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement at the financial statement level and at the relevant assertion level, and to identify any significant risks. a. The auditor should obtain an understanding of controls and determine whether they have been implemented. (1) If the auditor's risk assessment is based on the effective operation of controls, the operating effectiveness of those controls will also need to be tested. The auditor's responses to the assessed risk of material misstatement include: a. An overall response to address financial statement level risks, such as assigning more experienced staff or increasing the level of supervision. b. A response at the relevant assertion level. The nature, extent, and timing of specific audit procedures are based on the assessed level of risk for the relevant assertions. c. A response to significant risks. The auditor may choose between two audit approaches: a. A substantive approach — only substantive procedures will be performed (controls are nonexistent or ineffective or it would be inefficient to test them). (1) Tests of controls may be required when there is extensive use of technology, even if a substantive approach would othenNise be utilized. b. A combined approach — tests of controls are performed, in the hope that effective controls will allow a reduction in substantive testing. (1) Even if controls are effective, substantive tests are always required to some extent for each material transaction class, account balance, or disclosure item. Tests of Controls a. Tests of controls are used to evaluate the operating effectiveness of controls. (1) The auditor may, purposefully or incidentally, obtain evidence regarding the operating effectiveness of controls while obtaining an understanding of the entity and its environment. b. Inquiry, inspection, observation, and reperformance are used to test the operating effectiveness of controls. (Note that inquiry alone is insufficient, and observation relates only to a specific point in time.) c. Be familiar with the factors that affect the nature, extent, and timing of tests of controls. d. Evidence from prior years about operating effectiveness may be used as long as it is still relevant. Tests should be reperformed at least once every three years. 6 © 2010 DeVry/Becker Educational Development Corp. All rights reserved. 2011 Edition — Auditing 3 Class Notes Substantive Tests Substantive tests include tests of details and analytical procedures. The financial statements should be agreed to the underlying accounting records, and material journal entries or adjustments should be examined. Be familiar with the factors that affect the nature, extent, and timing of substantive tests. (1) In particular, understand that the extent of substantive testing is affected by the risk of material misstatement (inherent risk and control risk). (2) Be familiar with the factors affecting a decision to perform substantive tests at interim instead of year-end. ln responding to the assessed level of risk, the auditor may discover that the initial risk assessment needs to be modified, and the audit plan should be revised accordingly. The auditor must use judgment to evaluate the sufficiency and appropriateness of audit evidence. Know the documentation requirements surrounding the auditor's risk assessment. a. The auditor should document the audit team's discussion, key elements of the understanding of the entity and its environment, including its internal control, the risk assessment procedures performed, the basis for the risk assessment, and the identified risks and related controls evaluated by the auditor. Flowcharts, internal control questionnaires/checklists, narratives, or decision tables may be used. (1) Occasional exam questions require knowledge of flowcharting symbols. 7 © 2010 DeVry/Becker Educational Development Corp. All rights reserved. ...
View Full Document

{[ snackBarMessage ]}