AC565 Midtem 2

Chapters 6, 8, and Data Analytics

Audit Evidence

Represents the set of information the auditors gather and use to form their opinion

Audit evidence includes

Information obtained from audit procedures and other sources, information that supports and corroborates management’s assertions over financial statements or internal controls, or information that contradicts managements assertions

Where is audit evidence typically obtained from?

Risk assessment, test of controls, substantive testing, and other audit procedures

Audit evidence must be __ __and ___ to support their opinion__

Sufficient and appropriate

Sufficiency of audit evidence

The quantity of evidence gathered, measured by the sample size, materially important to the population

Appropriateness of audit evidence

Quality of the evidence gathered, measured as a function of relevance and reliability

What is Vouching

Verifies the entries in the company’s books through the examination of documentation or vouchers

What are vouchers?

Invoices, notes, statements, or receipts

What is tracing?

Follows the path of a financial document back to the financial statements to verify that the document has been properly recorded

Factors that affect reliability of evidence

Source, nature, circumstances under which the evidence is obtained

6 characteristics of reliable evidence

Independence of provider

effectiveness of client’s internal controls

auditor’s direct knowledge

qualification of individuals providing the information

degree of objectivity

Timeliness

\

Which is a more reliable source of evidence: source outside the entity or source within the entity

Outside source of evidence

Which creates stronger evidence: strong internal controls or weak internal controls

Strong internal controls

Which is more reliable: evidence gained indirectly or evidence gained directly

Evidence gained directly through physical examination, observation, recalculation, and inspection

What is meant by the timeliness of audit evidence

When is evidence accumulated or the period covered by the audit

Hierarchy of audit evidence (most to least reliable)

Auditor’s direct personal knowledge

External evidence

Internal evidence

Oral evidence

Types of Audit Evidence

Physical examination, confirmation, inspection of documentation, analytical procedures, client inquiries, recalculation, reperformance, observation

Define confirmations for audit evidence

Inquiries to external parties about events, account balances, or transactions

What types of documents can be inspected

Internal documents (invoices issued)

External Documents (bank statements, invoices from vendors)

Define Analytical Procedures for audit evidence

Understand the client’s industry and business, assess the entity’s ability to continue as a going concern, indicate the presence of possible misstatements, reduce detailed audit tests

Can client inquiries be written or oral?

Both are acceptable

What is reperformance?

Auditor’s independent tests of client accounting procedures or controls

What is recalculation?

Rechecking a sample of calculations made by the client

Is Observation sufficient by itself?

Observation is rarely sufficient by itself, need to corroborate with another form of evidence

6 types of assertions over financial statements

Completeness

Cutoff

Valuation and Accuracy

Existence and Occurrence

Rights and Obligations

Classification

Define completeness

All account balances, transactions, and disclosures have been recorded

Define cutoff

Transactions have been recorded in the right accounting period

Define Valuation and Accuracy

All account balances, transactions, and disclosures are valued fairly and accurately

Define Existence and Occurrence

Transactions, account balances, and disclosures exist and actually occurred

Define Rights and Obligations

The entity has the right to their assets and are obligated to their liabilities

Define Classification

Transactions have been recorded in the proper accounts

Which procedures does a completeness assertion require?

Analytical procedures and obervations

Which procedures does a cutoff assertion require?

Cutoff procedure (combination of others)

Which procedures does a valuation and accuracy assertion require?

Inspection and recalculation

Which procedures does an existence and occurrence assertion require?

Confirmation, observation, inspection, and examination

Which procedures does a rights and obligations assertion require?

Inspection

Which procedures does a classification assertion require?

Inspection and client’s inquiry

What does COVERU stand for?

__**C**__ompleteness, Cut__**o**__ff, __**V**__aluation and Accuracy, __**E**__xistence and Occurrence, __**R**__ights and Obligations, __**U**__nderstandability and Classification

Do auditors need to substantiate/investigate management’s estimates in the financial statements?

Yes, auditors must use independent, objective, and verifiable data to substantiate management’s expectations

Define Related party transactions

Transactions a client has with other companies or individuals related to either the client or client’s senior management

Do auditors rely on external specialists in other fields?

Sometimes an expert in a field outside of accounting may be needed for some accounts

If auditors use an external specialist, who is reliable for the audit report and opinion?

The auditor retains the ultimate responsibility for the audit opinion

Define audit documentation

The record that forms the basis for the auditor’s representations and coclusions

What does Sarbanes-Oxley require of auditors for work papers?

Auditors must prepare and maintain audit working papers for a period of no less than 7 years

Define Permanent Fles

These files are intended to contain data of a historical or continuing nature pertinent to the current audit

Current file contains

Audit program, general information, working trial balance, adjusting and reclassification entries, supporting schedules

What can data analytics be used as?

A risk assessment tool, test of controls, test of details, or help form a conclusion regarding almost any audit assertion

5 steps of audit data analytics

Plan the ADA

Access and prepare the data for the ADA

Consider the relevance and reliability of the data

Perform the ADA

Evaluate the results and conclude whether the ADA met its purpose and objectives

Things to consider when planning ADA

Relevance of the data to the assertion being tested

Overall purpose of the data in the scope of the audit

The population being analyzed

Availability of the data

What tool to use for the analysis

What does the auditor do to prepare and access the data for ADA?

Determine the completeness of the data

Verify that the data is the same data used to complete the financial statements

Check the numerical continuity of the data (missing numbers)

Ensure the data formats are consistent throughout the ADA (missing fields and/or appropriate formatting)

During ADA should we copy the data given to us during preparation?

Always make a copy, never modify the original data of the client

During ADA, should data agree with the general ledger?

When appropriate/possible, auditors should determine if the data set agrees with the general ledger

When might ADA be tough due to inconsistent formatting?

When a firm has an international branch (dates and currencies can differ) and when companies acquire other firms (transitions and IT integrations)

Key Questions to ask while evaluating the relevance and reliability of data for ADA

What is the nature of the data?

What is the source of the data?

What is the process used to produce the data?

AICPA definition of a notable item

Notable item is an item that stands out from the population being analyzed, and has one or more of the following characteristics for a relevant assertion:

Indicates a risk of a material misstatement not previously identified

Indicates a higher risk of material misstatement than anticipated by the auditor

Provides information useful in designing or tailoring procedures to address risks of material misstatement

4 techniques auditors use to identify notable items

Clustering transactions or balances based on characteristics

Matching characteristics of two populations

Statistical analysis (regression analysis)

Visualization such as plots to look for unusual characteristics

What is a risk analysis decision tree used for?

Determine whether unusual characteristics are acceptable because they are under pinned by a valid business reason that can be substantiated

Whether there is a risk of a material level of misstatement

How to use matching information as an auditor?

Use ADA to search for key characteristics that may exist in several different databases

Do we expect to find matches when using matching?

No, auditors often expect to have zero matches

What do you compare in regression analysis?

Auditors predict the regression equation using data not currently being audited (historical data), use that equation to make predictions on the current data, and compare that prediction with the actual values

When to use ADA as a substantive test?

When the auditor has performed tests of controls and concluded that the entity has:

Strong IT general controls (including access controls)

Strong IT application controls (related to the assertion being tested)

Strong controls over electronic data interchange and the exchange of electronic information about transactions between the client and its customers or suppliers

Two main tools used by auditors to efficiently gather and evaluate evidence

Sampling and Data analytics tool

What do we sample for?

Testing the effectiveness of controls (attributes sampling) and direct tests of account balances and assertions (including monetary unit sampling)

What does sampling assume?

Less than 100% of the transactions that occurred during the audit period are reviewed by the auditor

When is sampling appropriate?

During examination of documents, reperforming calculations, or sending confirmations

When is sampling not appropriate?

For inquiry, observation, and analytical procedures

Audit sampling is used to test:

The operating effectiveness of controls and transactions, and accuracy of account balances

How to determine a sample is adequate?

It has sufficient size and is selected from the appropriate underlying population

What does test of controls test for?

The operative effectiveness of the internal controls

What does substantive test of transactions test for?

Operative effectiveness of internal controls and the monetary correctness of transactions in the accounting system

What does the test of details of balances test for?

That the dollar amount of the account balances are materially misstated

Are data analytics tools qualitative or quantitative and how do they help auditors?

They are both qualitative and quantitative, and they enhance productivity and effectiveness

How much of the population do data analytics tools help auditors test?

100% of the population can be tested

When to use audit sampling over ADA?

No electronic form of evidence, small population that is easily testable using traditional methods, relevant data is unreliable and have weak controls, and relevant data is formatted improperly and not easy to use

Define population

A group of transactions or items for which the auditor wants to estimate the effectiveness of controls or estimate the extent of material misstatement

Define Sample size

Number of items that should be selected for audit testing

Define Sample selection

Items included in the sample

Define sample evaluation

The inferences that can be made about the overall population from the sample

Define non-sampling risk

Auditor makes false conclusions and fails to identify existing exceptions in the sample, but the errored conclusions are independent of sampling

Define sampling risk

Auditor may reach an incorrect conclusion because the sample was not representative of the population

How to reduce the potential for sample risk

Increase sample size

Where can sample risk arise from?

Test of controls and test of details of account balances

How can sample risk come from test of controls

Risk of assessing control risk too low or high of internal. control reliability

How can sample risk arise from test of details of account balances

Risk of incorrect acceptance or rejection of book value

Define risk of assessing control risk too low of internal control reliability

Risk that the auditor will conclude internal controls are effective (low control risk) when they are uneffective

Define the risk of over reliance

Auditor concludes internal controls are effective (low control risk) when they are not effective

Define the risk of under-reliance

Risk that the auditor will conclude that internal controls are not effective (high control risk) when they are effective

Define risk of incorrect acceptance of book value?

Risk the auditor will conclude that the account balance does not contain a material misstatement when they do contain one

Define risk of incorrect rejection of book value

Risk the auditor will conclude the account balance contains a material misstatement when it does not contain one

Define statistical sampling

Sampling using mathematical measurements to calculate formal statistical results and quantify sampling risk

Define non-statistical sampling

Selection of sample items based on auditor’s judgement, which does not permit the numerical measurement of the sampling risk

When is sampling considered non-statistical?

When the auditor uses judgment for either the sample size, items selected in the sample, and evaluation of the sample

Define attributes sampling

A statistical, probabilistic method of sample evaluation

Define attribute in attribute sampling for tests of controls

Characteristic being tested of the population of interest to the auditor

7 steps of attribute sampling

Define the attributes of interest and what constitutes failure(s)

Define the population

Determine sample size

Determine the method of selecting the sample

Select the sample items and perform the test of control

Evaluate the sample results and consider the effect on planned substantive procedures and the opinion on internal control effectiveness

Document all phases of the sampling process

Does a failure of a control mean there must be a material misstatement?

No, there is no guarantee a failure of controls means there will be a material misstatement

How is allowable risk classified for non-statistical samples?

Low, medium, or high, based on auditor’s judgement

How is allowable risk classified for statistical samples?

Risk of over reliance is typically set at 5% or 10%

What does a higher allowable risk of over reliance mean?

Auditors are willing to take more risk that the controls are effective

Define Tolerable Rate of Deviation (Tolerable Exception Rate)

Any exceptions below this level will be allowed and the controls will be deemed effective