Audit
Chapter 2: The financial statement auditing environment
Types of auditors
External auditors : independent auditors that are not employees of the entity being audited, they audit financial statements for various entities, they may also conduct compliance, operational and forensic audits for such entities
To sign a audit opinion on an entity’s financial statements in Canada, an auditor must be a CPA
Internal auditors: auditors who are employees of an entity ( client) , they conduct financial, internal control, compliance, operational and forensic audits within their organization. They may assist external auditors with the annual financial statement audit.
Government auditors : auditors employed by federal, provincial, and local governments
At the federal level two agencies use auditors extensively: OAG ( the office of the auditor general and CRA ( Canada Revenue Agency)
Forensic auditors: specially trained in detecting, investigating, and deterring fraud and white-collar crime
Recognition
Measurements
Disclosure
Types of other audit, attest, and assurance services
Audit services: Internal control audits, compliance audits, operational audits, forensic audits
Assurance services: Auditing is a specialized form of assurance service
Non-audit services: Tax preparation and planning services, management advisory services, compilation (편집) and review servicesIn addition to the financial statement audit, there are 4 major types of audits:
Internal control audits : After sarbanes-oxley act of 2002, external auditors are required to provide an opinion on the effectiveness of internal control in addition to an opinion on the financial statements for public companies listed on exchange in the United States/ C-SOX doesn’t require auditors provide an opinion on the effectiveness of internal controls
Performing an audit of internal control and an audit of financial statements are closely interrelated, auditing standards for publicly accountable enterprises require an integrated audit of internal control and financial statements
Compliance Audits : a compliance audit determine the extent to which rules, policies, laws, covenants, or government regulations are followed by the entity being audited
Operational Audits : an operational audit involves a systematic review of part or all of an organization’s activities to evaluate whether resources are being used effectively and efficiently. The purpose of this audit is to provide assurance, assess performance, identify areas for improvement, and develop recommendations with respect to operational efficiency and effectiveness.
Forensic Audits: audit conducted to detect or deter fraudulent activities.
Attest (증언) services : Auditors provide attest services related to various subject matters.
Example: Verifying the nature and quantity of inventory in a warehouse for a bank loan, using the inventory as collateral.
Assurance services: Auditing, attestation, and other forms of assurance are part of the broader category of assurance services. CPAs offer assurance services that provide credibility but may not meet the criteria for auditing or attestation.
* These services are governed by attest or consulting standards.
Non audit services: Many types of non-auditing services are prohibited for external auditors from providing those services to public companies which the auditor also provides a financial statement audit
Tax Preparation and Planning Services:
Assisting clients with tax return preparation and filing.
Providing advice on tax and estate planning.
Representing clients before tax authorities, such as the Canada Revenue Agency, or in tax courts.
Management Advisory Services (MAS):
Offering advice and assistance in areas like organization, HR, finance, operations, and IT systems.
Helping public companies implement internal controls for financial reporting, especially for integrated audits by other firms.
MAS is typically provided to private entities or public companies not audited by the same firm to maintain independence.
Compilation and Bookkeeping Services:
Performing accounting-related tasks for non-public or non-audit clients, such as bookkeeping, payroll processing, and financial statement preparation.
Services where financial statements are prepared by the firm are referred to as compilations, which provide less assurance compared to audits.
LO 2-3 Public accounting firms ( omitted by me)
Audit team members:
Partner - manager - senior/in-charge - staff/associate
Two decades of challenge and change for financial statement auditors
Sarbanes-Oxley Act (SOX):
Enacted by the U.S. Congress in July 2002 to restore public confidence after major corporate scandals.
Introduced broad reforms in corporate governance, impacting:
Public companies.
Financial analysts.
External auditors.
Securities exchange markets.
Canadian Equivalent (C-SOX):
Introduced in Ontario in 2003, followed by the establishment of the Canadian Public Accountability Board (CPAB).
Key mandates:
Enforcing auditing standards for public companies.
Strengthening independence rules for auditors by prohibiting many non-audit services.
Requiring audit partner rotation every five years.
Significance of These Regulations:
Highlighted the essential role of auditing in maintaining economic stability and public trust.
Reinforced the importance of integrity and professionalism in the accounting and auditing professions.
Addressed systemic issues exposed during the late 1990s and early 2000s, bringing necessary reforms despite initial challenges.
* Society expects auditors to exercise due care in their work. Due professional care require the auditors to exercise professional skepticism, which is an attitude that includes a questioning mind and a critical assessment of audit evidence
Ethics, Independence, and the Rules of Professional Conduct
Importance of Ethics in Auditing:
Ethical behavior is essential for maintaining the integrity and value of audits.
Audits require a competent and independent individual to monitor the contractual relationships between principals and agents.
Without independence, the audit's credibility is compromised.
Definitions:
Ethics: A system or code of conduct based on moral duties and obligations that dictate appropriate behavior.
Professionalism: The qualities, aims, and conduct that characterize a profession or professional individual.
Code of Ethics:
All professions, including accounting, medicine, and law, adhere to a code of ethics or conduct.
For CPAs, each province or territory’s governing body establishes Rules of Professional Conduct:
These rules outline acceptable behavior for auditors.
They include principles, rules of conduct, and interpretations.
A significant focus is placed on identifying actions that may impair an auditor's independence.
Learning how to conduct an audit
Reasonable assurance 95% confidence level , can not exceed 95%
5% audit risk (low), there is no such thing as complete accuracy
Who is responsible for preparation and issuance of financial statements?
Management is primarily responsible for maintaining effective internal control; and for ensuring the fairness of the company’s financial statements
Why might understanding the characteristics of entity’s business model be important for auditors?
The business or entity being audited is the primary context that shapes the external auditor’s environment. How you apply auditing tools on any particular engagement will depend greatly on the nature of the entity’s business
How might auditors customize their approach between an entity in automobile manufacturing versus banking? Will it be different & do those differences affect the auditor’s work?
For banks loans receivable is their biggest assets, possess financial instruments, manufactures have a big inventories, etc etc the audit process will differ depends on the client’s business/ industry
Sarbanes-oxley act - only applies to public company
Chapter 19 Professional Conduct, Independence, and quality Control
Ethics and professional conduct
Mintz points out that accounting professionals who possess virtues such as integrity, honesty and fairness are more capable of adhering to a moral point of view.
Standards for auditor professionalism
CPA institute has established auditing standards and the rules of professional conduct, and provincial and federal courts have consistently held that all practising CPAs, where in public or private practice/ whether or not a member of the CPA, must follow professional ethical standards as laid out in the Rules of professional conduct
Integrity and independence and in appearance are corestones of the auditor’s social responsibility and are critical to public confidence and to the proper functioning of our economic system
In auditing a public held company, a CPA must follow the auditing standards of the Auditing and Assurance Standards Board (AASB), the Rules of Professional Conduct, and the professional conduct requirements established by the CSA and the CPAB
The CPA rules of professional conduct: A comprehensive framework for auditors
5 fundamental rule of professional conduct
Professional behaviour : In carrying out their responsibilities as professionals, members should conduct themselves in a manner that will maintain the good reputation of the profession
Integrity and due care: To maintain and Broaden public confidence, numbers should perform all professional responsibilities with the highest sense of integrity as well as observing the profession’s technical and ethical standard (competence and diligence)
Professional competence: A member strive continually to improve competence and the quality of services by staying current on developments in their professional services
Confidentiality: A member protects confidential information acquired in providing services and establishing business relationships
Objectivity: A member should maintain objectivity and be free of conflicts of interest in discharging professional responsibilities. A member in public practice should be independent in fact and appearance when providing auditing and other assurance services.
Rules of Conduct
Integrity, Objectivity, and Independence
7 Threats to a CPA’s integrity and objectivity
Adverse interest threats: where the CPA’s interest runs contrary to those of the client
Self-interest threats: where a CPA may be forced to choose between actions that further their own interests and actions that serve the investing public’s interest
Advocacy threats: Where a CPA might feel inclined to advocate for the client’s preferred outcomes
Familiarity threats: where CPA might have a long, close relationship with a client that it becomes difficult to maintain objectivity
Management- participation threats : Where a CPA gets involved in management decisions is unable to be completely objective
Self-review threats: Where a CPA is in a position involves evaluating their own judgements
Undue-influence ( Intimidation) threats: When a CPA’s integrity or objectivity is pressured due to another involved party’s aggressiveness or dominant personality
5 Threats to independence (on ppt)
Self Interest (usually finance nature): 1) direct : a financial interest that is owned directly by an individual or entity is under control by an individual
2) Material indirect: holding material indirect financial interests associated with an audited entity , such as investment in a mutual fund that owns the entity’s shares
Exception : certain types of personal loans from financial institutions who are audited by an engagement member
- permitted personal loans: a. Home mortgages
B. bank overdraft
C. Car loans
D. credit card balance
3) ownership interest : if a firm member, their immediate family owns more than 5% if the client’s equity or other ownership interests, independence is impaired
Unpaid fees for services provided more than on year prior to the date - self interest threats and independence impaired , however unpaid fees due to bankruptcy of audited entity is an exception (impaired independence due to unpaid fees could not be reduced to an acceptable level)
Intimidation: 1) The commencement of litigation by management alleging deficiencies in the auditor’s work for the entity is considered to impair independence.
2) if management expresses an intention to file litigation against the CPA for alleged audit deficiencies, independence is impaired if it is probable that such litigation will be filed.
3) CPA-Initiated Litigation Against Management:
Self-review: ex. an auditor should not audit his or her own work such as having provided bookkeeping services/ auditor should not function n the role management or assist in management decision making
Advocacy: ex. an auditor should not promote a client’s share so a person invests/ auditor should not assure the client’s banker that their client is thrust worthy
Familiarity: Lead and engagement review partners are limited so seven consecutive years
1. Independence is impaired if a CPA performs a managerial or other significant role for an entity during the time covered by the assurance engagement
2. If a partner or professional employee of a firm leaves and joins an entity associated with the assurance engagement in a key position, the firm’s independence is considered impaired Cooling off period: a year
3. A covered member’s immediate family (e.g., spouse, spousal equivalent, or dependent, regardless of relation) is subject to the Independence Rule and its interpretations.
Safeguards to identified threats will be highly dependent on the specific circumstances but should be adequate to bring the threat to the professional’s integrity and objectivity to an acceptable level, based on professional judgement ex) additional training, involvement of an otherwise an uninvolved third party, and the availability of hotline on ethical and other matters
Disputes in Industry:
When a CPA in industry (e.g., as an accountant in a company) encounters a disagreement with a supervisor about financial statements or transaction recording:
The CPA must avoid subordination of judgment.
If the CPA believes financial statements or records may be materially misstated, they should:
Communicate concerns to higher management.
Consider whether to continue working with the employer if appropriate actions are not taken.
Evaluate whether they are responsible for reporting the issue to external parties, such as regulatory agencies or external accountants.
Educational Services:
Educational services provided by CPAs are classified as professional services.
CPAs acting as accounting instructors must adhere to the rules of integrity and objectivity.
Rules of Professional Conduct:
Not all rules are covered here, but key topics include:
Integrity and objectivity in services.
Specific issues like offering or accepting gifts and use of third-party service providers.
Independence rule
Independence is crucial to the assurances that CPAs provide: if the auditor is not perceived as independent of the audited entity, it is unlikely that a user of financial statements will give much credence (신뢰) to the CPA’s work
* a compilation or non assurance services does not require independence if those services are only services provided to a particular entity
Engagement Team and Independence Requirements
Engagement Team Members includes:
- Individuals directly on the assurance engagement team.
- Those in positions to influence the assurance engagement.
Covered Members Providing Non-Assurance Services (A partner, partner equivalent, or manager):
A partner, partner equivalent, or manager providing more than 10 hours of non-assurance services to the assurance client in a fiscal year.
Their designation as a covered member ends:
When the firm signs the financial statements report for the fiscal year during which services were provided, or
When they no longer expect to provide 10+ hours of recurring services.
Partners, partner equivalent, managers and Firm Representatives:
Partners or partner equivalents in the same office as the lead assurance engagement partner.
The firm itself, including the trustee of the firm’s employee benefit plans.
Controlled Entities:
Entities whose operating, financial, or accounting policies are controlled by individuals or entities described above, or by multiple such individuals/entities acting together.
Detailed independence rule
In the case of direct financial interest, the independence is impaired no matter the size of the interest
1. Loans, Leases, and Guarantees (204.4 (10)-(12))
Independence is impaired if an engagement member has a loan, lease, or guarantee:
With the assurance client, its officers, directors, or significant shareholders (owning 10% or more).
Exceptions:
The client is a bank or financial institution.
The loan or guarantee is:
Immaterial to the firm and client.
Made under normal commercial terms.
In good standing.
2. Immediate Family Relationships (204.4 (14)-(15))
Immediate family includes spouses, spousal equivalents, and dependents.
Situations Where Independence Is Not Impaired:
Immediate family is employed by an assurance client but not in a key position.
Participation in a benefit plan sponsored by the client, subject to restrictive conditions.
Holding direct or material indirect financial interests through participation in a client-sponsored benefit plan, under specific conditions.
Participation in share-based compensation or deferred compensation plans, subject to restrictive condition
3. Close Relative Relationships and Independence
Independence is impaired in assurance engagements when an individual involved in the engagement or in a position to influence it has a close relative with a significant relationship to the client. Key scenarios include:
Close Relative with a Key Position:
If the close relative holds a key position with the assurance client, independence is impaired.
Close Relative with Financial Interests:
If the close relative has a financial interest in the client that:
Is material to the close relative and known to the engagement team member, or
Enables the close relative to exercise significant influence over the client.
4. Employment and Other Service Relationships (204.4 (16), (17))
Independence threats arise when a significant relationship exists between an individual on the assurance engagement team and the assurance client. Key points include:
Threat Scenarios:
If an officer, director, or influential individual of the assurance client was previously a member of the engagement team or a partner of the firm.
Situations where a self-interest, familiarity, or intimidation threat exists due to a significant connection between the individual and their former firm.
Evaluation and Safeguards:
The significance of the threat must be evaluated. If the threat is not insignificant, safeguards must be applied to reduce it to an acceptable level.
Examples of Safeguards:
Modifying the assurance engagement plan.
Assigning an engagement team with sufficient seniority and experience unrelated to the individual who joined the assurance client.
Involving another member of the firm, not previously part of the engagement team, to review the work.
Performing an additional quality control review of the assurance engagement.
Independence and Former CPA Employment with an Assurance Client
Impairment of Independence:
Independence is considered impaired when a partner or professional employee of a CPA firm leaves the firm and is employed by or associated with an assurance client in a key position.
Definition of a Key Position:
A position where the individual:
(a) Has primary responsibility for significant accounting functions that support material components of the financial statements.
(b) Has primary responsibility for the preparation of the financial statements.
(c) Can exercise influence over the contents of the financial statements, including roles such as:
Member of the board of directors.
Chief executive officer (CEO), chief financial officer (CFO), or other senior executives.
General counsel, chief accounting officer, controller, or director of internal audit.
Director of financial reporting, treasurer, or equivalent positions.
Mitigation Measures:
The CPA must be completely disassociated from the CPA firm.
The firm must ensure that the assurance engagement team:
Exercises sufficient professional skepticism.
Is not unduly influenced by the former employee now working with the assurance client.
CPA as Honorary Director or Trustee for Not-for-Profit Entities
Business Relationship:
CPAs may be asked to serve as honorary directors or trustees for charitable, religious, civic, or similar not-for-profit organizations.
Often, this is done to lend their name and prestige to the organization while providing accounting and auditing services.
Guidance Under Rule 204.4 (1) to (6):
A CPA can serve as a director or trustee for an audited not-for-profit entity as long as:
The CPA does not have control over the entity.
The CPA does not have the ability to influence decisions made by the organization.
Provision of non-assurance services
? Ppt and textbook have different provisions
Ppt
Textbook: Provision of Non-Assurance Services by CPAs
Restrictions on Non-Assurance Services:
CPA Rules of Professional Conduct limit the non-assurance services that CPAs can provide to assurance entities to protect independence.
Examples of permissible non-assurance services for nonpublic assurance entities:
Bookkeeping
Systems implementation
Internal audit outsourcing
Restrictions:
CPAs cannot design or alter financial information systems if such changes are significant.
Services like appraisal, valuation, or actuarial tasks that materially affect financial statements and involve significant subjectivity are prohibited.
General Requirements for Non-Assurance Services (Rule 204.4(35)):
The assurance client must:
Assume responsibility for all management decisions and oversight.
Oversee and evaluate the adequacy and results of non-assurance services provided.
Management Responsibilities That Impair Independence:
Setting policies or strategic direction.
Authorizing or executing transactions.
Preparing source documents.
Supervising employees in regular activities.
Accepting responsibility for financial statements.
Permissibility of Internal Audit Services:
Internal audit outsourcing is allowed for nonpublic entities if:
The CPA does not act as an employee or manager of the client.
The entity retains control and management of the internal audit function.
Special Provisions for Public Companies:
National Instruments prohibit internal audit outsourcing and other non-assurance services for public companies.
Canadian Public Accountability Board (CPAB) rules require adherence to CSQC 1 standards for audits of public companies
Other rules in the rules of professional conduct
Compliance with Bylaws, Regulations, and Rules:
Members, students, and candidates must adhere to all bylaws, regulations, and the Rules of Professional Conduct of CPA institutions and provincial bodies.
Matters to Be Reported:
Reporting obligations include illegal activities, misconduct, and criminal convictions.
Any disciplinary actions taken by regulatory or professional bodies must be disclosed to the relevant CPA institution or provincial body.
False or Misleading Applications:
Members, students, or candidates must avoid signing or associating with false or misleading documents.
Requirement to Cooperate:
Cooperation with CPA Canada or provincial regulatory processes, including timely responses and document submissions, is mandatory.
Hindrance, Inappropriate Influence, and Intimidation:
Members, students, or candidates must not exert undue influence on regulatory matters or intimidate related individuals.
Advertising and Other Forms of Solicitation:
Advertising and Promotions Rule (217.1): CPAs must not advertise in a manner that is false, misleading, or discredits the profession.
Solicitation Rule (217.2): Prohibits persistent, coercive (강압적인), or harassing solicitation practices.
Endorsements Rule (217.3): CPAs may endorse products/services if they have adequate expertise and act with integrity and due care.
Examples of Prohibited Activities:
False expectations of results.
Implying influence over regulatory bodies.
Misleading fee representations.
Misleading or deceiving representations.
Organization and Conduct of a Professional Practice:
Practice Names Rule (401): Public accounting firm names must not be misleading or self-laudatory and require provincial approval.
Use of Descriptive Styles Rule (402): Public accounting practices should use accurate descriptive terms like “chartered professional accountant(s)” or “public accountant(s)” in their names, unless part of an approved firm name.
Disciplinary Actions:
CPA Disciplinary Measures:
Violations of the Rules of Professional Conduct can lead to various disciplinary actions.
Remedial or Corrective Actions: Minor violations may result in directives for remedial or corrective action by the Professional Conduct Committee.
Tribunal Hearing: Rejection of committee recommendations can escalate the case to a tribunal hearing by the Discipline Committee.
Suspension or Termination:
Membership can be suspended or terminated without a hearing for serious criminal offenses, such as:
Crimes punishable by more than one year of imprisonment.
Filing a false income tax return on behalf of an entity.
Other violations of the Rules of Professional Conduct may also lead to suspension or expulsion.
Applicability to Students:
The Professional Rules of Conduct apply to CPA candidates.
Academic Integrity: The CPA enforces strict standards, monitoring submissions for plagiarism to uphold integrity.
9. Confidential Information:
Confidentiality of Information Rule (208.1):
CPAs are prohibited from disclosing confidential client information without the specific consent of the client.
Exceptions to Confidentiality: Confidential information may be disclosed without client consent in the following scenarios:
To meet disclosure and performance requirements under GAAP and CAS.
To comply with a valid subpoena (소환장).
To allow a review of a member’s professional practice under the authority of the CPA Institute or a provincial CPA body.
To comply with an investigative or disciplinary proceeding.
To allow a review of a CPA’s professional practice during the purchase, sale, or merger of the practice.
Precautions for Prospective Buyers:
When disclosing confidential information for a business transaction, CPAs should:
Ensure confidentiality agreements are in place.
Prevent prospective buyers from using disclosed information to their advantage or sharing it with outside parties.
9. Fees and Other Types of Remuneration" (Rule 215.1 - Contingent Fees):
Contingent Fees Restriction:
CPAs cannot charge contingent fees for professional services or receive such fees from a client in scenarios that impair judgment or objectivity.
Applies specifically to:
Assurance engagements.
Compilation engagements.
Prohibition Scope:
Includes periods covered by historical financial statements and the service engagement period.
Contingent fees dependent on findings/results impair independence.
Exceptions:
Fees fixed by courts, public authorities, or government agencies are not considered contingent.
Fees varying by service complexity are permissible if not contingent on assurance-related outcomes.
Impact on Independence:
Allowing contingent fees for assurance services compromises CPA independence and objectivity.
Only exception: if such fees are established by a court of law or a recognized legal or regulatory authority
Special reporting issues
Reports on comparative financial statements
Other information in documents containing audited financial statements
Special reports
Other information in documents containing audited financial statements
Auditor is required to read the other information and consider whether such information is consistent with the information contained in the audited financial statements.
Annual reports of entities
Other documents to which the auditor devotes attention at the entity’s request
1/22
chapter 3 Audit Planning and Basic Auditing Concepts
Audit planning, Types of audit tests, and materiality
Client Acceptance and Continuance
Prospective client acceptance
A public accounting firm has to consider the following issues accepting a new client.
The firm determines it
Has the capabilities to perform the engagement
Complies with legal and relevant ethical requirements
Has considered the integrity of the client
Evaluating a prospective client
Source of information: existing or previous providers of professional accountancy services to the client, in accordance with relevant ethical requirement ( previous auditors) / third parties such as bankers, legal counsel and industry peers / background searches of relevant databases
-> Code of conduct specifies that if you become a auditor you have to contact the predecessor auditor , but you have to get his contact from your client since his predecessor has to get a permission from your client to reveal the audit related info (integrity)
-> Have to ask questions about:
Information that might be bear on the integrity of management
Disagreements with management about accounting policies, auditing procedures, or other similarly significant matters
Communications to audit committees or others with equivalent authority and responsibility regarding fraud, illegal acts by clients, and internal-control related matters
The predecessor auditor’s understanding as to the reasons for the change of auditors
The predecessor auditor’s understanding of the nature of the company’s relationships and transactions with related parties and significant unusual transactions
Preliminary Engagement activities
Determining the audit engagement team requirements
Ensuring that the audit team and audit firm are in compliance with ethical and independence requirements
Establishing an understanding with the entity
Assess compliance with ethical and independence requirements
A public accounting firm should establish policies and procedures to ensure that persons at all organization levels within the firm meet the profession’s ethical requirements including maintaining independence in accordance with the Rules of professional conduct.
Should document compliance with this policy by having all personnel complete an annual independence questionnaire
The questionnaire requests information about the auditor’s financial or business relationships with the firm’s clients
Under certain circumstances, family member’s financial or business relationships are attributable to the auditor.
For example, if the spouse of an auditor participating in an engagement were accounting supervisor for the entity, independence would be considered impaired
At the engagement level, the partner-in-charge should ensure that all individuals assigned to the engagement are independent of the entity.
Another area of concern related to independence is unpaid client fees.
If an account receivable from an entity takes on the characteristics of a loan, the auditor’s independence may be impaired
Many public accounting firms adopt a policy of not completing the current audit until all of the prior year’s fees have been paid
The CPA firm must be concerned when it also provides consulting services for an audit client
Establish an understanding with the entity
In establishing an understanding with the client, three topics should be discussed
The engagement letter
Using the work of the internal auditors
The role of the audit committee
The engagement letter
When you sign the engagement letter, the arrangement on the letter limits the the work you perform
Engagement letter serves as a contract, outlining the responsibilities of both parties and preventing misunderstandings between the two parties.
Also identifies the framework used for financial reporting and the expected form of the report
Additional services to be provided relating to regulatory requirements
Arrangements regarding other services (ex. Assurance, tax, consulting services)
Arrangements involving the use of specialist or internal auditors
Client Continuance
Public accounting firms should periodically evaluate whether to continue their relationship with current clients.
Near the completion of an audit or when some significant event occur
Using the work of the internal auditors
The auditor may use work of internal auditors as evidence, the auditors first need to obtain an understanding of the internal audit function about activities that it performs then determine if their work is relevant to the audit of financial statements
If the external auditors determine that the work of the internal auditors can be used for purposes of the audit, the auditor must evaluate
The extent to which the internal auditors organizational status and relevant policies and procedures support the objectivity of the internal auditors
The level of competence of the internal auditors
The application by the internal auditors of a systematic and disciplined approach, including quality control
Internal audit
To Evaluate reliability of the internal audit function
Objectivity
Competence
Systematic and disciplined approach
The role of the Audit Committee
An audit committee is a subcommittee of the board of directors that is responsible for the financial reporting and disclosure process.
Planning the Audit
Audit strategy and plan
Engagement planning involves all the issues the auditor should consider in developing an overall audit strategy
The audit plan
More detailed than the audit strategy
The audit documents a description of the nature, timing, and the extent of the planned audit procedures to be used in order to comply with auditing standards
Consider how to conduct the audit in an effective and efficient manner
The auditor should modify the overall audit strategy and the audit plan as necessary if circumstances change significantly during the course of audit.
Steps that should be performed include:
Assess business risks
Establish materiality
Consider group audits
Assess the need for specialists
Consider violations of laws and regulations
Identify related parties
Consider additional value-added services
Document the overall audit strategy and audit plan, and prepare audit programs
Assess Business Risks
Audit risk was defined as the risk that auditor expresses an inappropriate audit report when the financial statements are materially misstated
To reduce audit risk
Obtain an understanding of the entity and its environment
The auditor identifies those business risks that may result in material misstatements
The auditor then evaluates how the entity responds to those business risks and ensures that those responses have been adequately implemented
Based on this, the auditor assess the level of risk of material misstatement is used to plan the auditing procedures to be performed
Establish materiality
Too costly for auditors to audit all transactions that occur within the entity
Auditors consider materiality from a reasonable user perspective and communicate to users that “the financial statements present fairly, in all material respects”
The consideration of materiality is a matter of professional judgement and will vary across entities
During the planning of the audit
The auditor establishes a level of overall materiality for evaluating the financial statements as a whole
The auditor also establishes tolerable misstatement
The amount of overall materiality used to plan and perform audit procedures at the account or disclose level
Consider Group Audits
Many entities have operations in multiple locations or operate many business units
The planning process
The auditor determines which locations or business units are to be audited and the extent of audit procedures to be performed at the selected locations or business units
Then assess the risks of material misstatement to the consolidated financial statements associated with the location or business unit and correlates the amount of audit attention devoted to the location or business unit with the level of risk present
Assess the need for specialists
An auditor’s specialist
An individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by auditor to assist the auditor in the obtaining sufficient appropriate audit evidence
examples) Include specialists in finance, tax, valuation, pension and information technology (IT)
May assist
The auditor with valuing financial instruments
Determining physical quantities
Valuing environmental liabilities
Interpreting regulations or contracts
The auditor is responsible for work performed by the specialist
The auditor should evaluate
The competence and objectivity of the specialist
Audit the inputs used by the specialist (e.g., census data for actuaries)
Reconcile the output (e.g., an estimate should be found in the financial statements or disclosures)
Review the specialists work for reasonable, including the reasonableness of assumptions
Consider violations of laws and regulations
Illegal acts
Violations of laws or government regulations are referred to as illegal acts
Fraud may also consist of illegal acts
Any illegal or potentially illegal acts including noncompliance with regulatory requirements
Two types of laws and regulations as follows
The provisions of those laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements, such as tax and pension laws and regulations
ex) tax laws and laws and regulations
That may affect the amount of revenue recognized under a government contract fail into the first category
The provision of other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the financial statements
but compliance with which may be fundamental to the operating spects of the business, fundamental to an entity’s ability to continue its business, or necessary for the entity to avoid material penalties
ex) violations of the securities acts, environmental protection, equal employment regulations, and price-fixing or other antitrust violations that may materially
Identify Related parties
Evaluate the entity’s identification of, accounting for, and disclosure of transactions with related parties
Auditors should attempt to identify all related parties during the planning phase of the audit
It is important to identify related party transactions because the transaction may not be “at arm’s length”
For example
the entity may buy or sell goods or services at prices that differ significantly from prevailing market prices, or borrow or lend on an interest-free basis
The auditor also needs to inquire of management about the names of related parties, the nature of the relationships, the types of transactions, and the reasons for entering into the transactions with the related parties.
Some other sources of information on related parties include
Minutes of the board of director’s meetings
Conflict - of interest statements from management and others
Financial and reporting information provided to creditors, investors, and regulators
Contracts or other agreements (including side agreements that may not be formally documented between customers and vendors, and management)
Contracts and other agreements representing significant unusual transactions
Once related parties have been identified, audit personnel should be provided with their names so that transactions with such parties are identified and investigated
Consider Additional value-added services
Value-added services have included tax planning, system design and integration, and internal reporting processes
Example) the assurance services, business performance measurement, electronic commerce
The auditor also can provide recommendations based on the assessment of the entity’s business risks
Supervision of the Audit
The engagement partner has the overall responsibility for the engagement and its performance an should supervise the audit engagement team so that the work is performed as directed and supports the conclusions reached
The engagement partner and other engagement team members performing supervisory activities should:
Inform engagement team members of their responsibilities, including
the objectives of the procedures that they are to perform
The nature, timing, and the extent of procedures they are to perform
Matters that could affect the procedures to be performed or the evaluation of the results of those procedures
Direct engagement team members to bring any significant accounting and auditing issues they identify to the attention of the engagement partner or other engagement team members performing supervisory activities
so they can evaluate those issues and determine appropriate actions
Review the work of engagement team members to evaluate whether
The work was performed and documented
The objectives of the procedures were achieved and
The results of the work support the conclusions reached
Proper supervision should help ensure that the audit is conducted in accordance with auditing standards
Types of Audit Tests
Three general types of audit tests:
Risk assessment procedures
Tests of controls
Substantive procedures
Risk Assessment Procedures
Obtain an understanding of the entity and its environment, including its internal control
Risk assessment procedures
Inquiries of management and others
Preliminary analytical procedures
Observation and inspection
Such procedures are used to assess the the risk of material misstatement at the financial statement and assertion levels
Test of controls
Audit procedures performed to test the operating effectiveness of controls in preventing, or detecting and correcting ,material misstatements at the relevant assertion level
Audit procedures are examples of tests of controls
Inquiries of appropriate management, supervisory, and staff personnel
Inspection of documents, reports, and electronic files
Observation of the application of specific controls
Walkthroughs, which involve tracing a transaction from its origination to its inclusion the financial statements through a combination of audit procedures, including inquiry, observation and inspection
Reperformance of the application of the control by the auditor
Substantive Procedures
Designed to detect material misstatements in a class of transactions, account balance, and disclosure component of the financial statements
Two categories of substantive procedures
Tests of details
Substantive analytical procedures
Test of Details
Substantive tests of transactions
Substantive tests of transactions tests for errors or fraud in individual transactions
For example
An auditor may examine a large purchase of inventory by testing that the cost of the goods included on the vendor’s invoice for that purchase is properly recorded in the inventory and accounts payable accounts
tests of details of account balance and disclosures
Substantive tests of transactions
For example) an auditor may examine a large purchase of inventory by testing that the cost of the goods included on the vendor’s invoice for that purchase is properly recorded in the inventory and accounts payable accounts
Tests of details of account balances and disclosures
Focus on the items that are contained in the ending financial statement account balances and disclosures
For example) the auditor may want to test accounts receivable. To test the details of the balance of accounts receivable, the auditor will likely send confirmations to a sample of customers.
Substantive Analytical Procedures
The term analytical procedures means evaluations of financial information through analysis of plausible relationships (e.g., examination of trends and ratios) among both financial and nonfinancial data.
Analytical procedures also encompass the investigation, if necessary, of identified fluctuations or relationships that are consistent with other relevant information or that differ from expected values by a significant amount.
Dual-Purpose Tests
Tests of controls check the operating effectiveness of controls, while substantive tests of transactions are concerned with monetary misstatements.
Dual purpose tests: design audit procedures to conduct both a test of controls and a substantive test of transactions simultaneously on the same document
ex) the last control procedure shown is agreement of sales invoices to shipping documents and customer orders for product type, price, and quantity.
The test of controls shown is to recalculate the information on a sample of sales invoices.
While this test primarily checks the effectiveness of the control, it also provides evidence on whether the sales invoice contains the wrong quantity, product type, or price
Dual-purpose tests can also improve the efficiency of the audit
Materiality
An important part of audit planning is to determine overall materiality for the financial statements (Also referred to as planning materiality)
To decide on the application of performance materiality with a tolerable misstatement for significant accounts or disclosures
These determinations are an important aspect of developing an overall audit strategy and a detailed audit plan
The Auditor designs the audit to provide reasonable assurance of detecting misstatements that are sufficient magnitude to affect the judgement of reasonable financial statement users.
The auditor’s consideration of materiality on audit is a matter of professional judgement.
Materiality is assessed in terms of the potential effect of a misstatement on decisions made by a reasonable user of the financial statements
Users are assumed to
Have a reasonable knowledge of business and economic activities and accounting and a willingness to study the information in the financial statements with a reasonable diligence
Understand that financial statements are prepared, presented, and audited to levels of materiality
Recognize the uncertainties inherent in the measurement of amounts based on the use of estimates, judgement, and the consideration of future events
Make reasonable economic decisions on the basis of the information in the financial statements
The determination of materiality takes into account how users with such characteristic could reasonably expected to be influenced in making economic decisions
It is important to note that the opinion paragraph of the auditor’s report states the the financial statements present fairly, “in all material respects.”
This phrase communicates to third parties that the audit report is limited to material information
Steps in applying materiality
The three major steps in the application of materiality to an audit
Step1: determine overall materiality
Auditing standards require the auditor to establish an overall materiality amount (or planning materiality) for the financial statement as a whole, using professional judgement while considering laws, regulations, and the financial needs of users and legislators
A benchmark
is used to identify a basic assumption using elements of the financial statements, areas of significance, the nature of the entity, the ownership structure, financing and the volatility of the benchmark
Once a benchmark is chosen, a percentage is determined to be applied using professional judgment
Materiality is a relative, not an absolute concept
ex) $5,000 might be considered highly material for a small sole proprietorship, but this amount would clearly be immaterial for a large multinational corporation
thus , the relative size of the company being audited affects overall materiality
Key Benchmarks:
Public Companies: Typically, 5% of income before taxes is used as a benchmark.
Non-Public Companies: Also use income before taxes for stable earnings, but alternative benchmarks may apply.
Not-for-Profit Entities: Use total revenues or total assets as benchmarks.
Asset-Based Entities (e.g., investment funds): Use net assets as a benchmark.
Considerations for Income Benchmarks:
Unstable Earnings: Use “normalized earnings” (average of the previous three years’ pretax income) or alternative benchmarks like total assets or revenues.
Entities Near Break-Even or Experiencing Losses: Benchmarks based on income can lead to inappropriate materiality levels.
Example:
Year 1: Entity with $3,000,000 pretax income → 5% = $150,000 materiality.
Year 2: Pretax income drops to $250,000 → 5% = $12,500 materiality, requiring a more extensive audit.
Solution: Use an average income benchmark or an alternative (e.g., total assets or revenues) for stability.
Lower Percentages for Certain Qualitative Factors:
Auditors may choose a lower percentage due to:
Material Misstatements: Issues identified in prior years.
High Risk of Fraud: Increased susceptibility.
Loan Covenant Risk: Entity close to violating agreements.
Small Amount Sensitivity: Small variances affecting forecasts or trends.
Complexity or Volatility: Multilocation operations, volatile industries, or high regulation.
Step2: Determine Tolerable Misstatement
A risk that the auditor may not detect misstatements that exceed materiality
Performance materiality is set at a lower amount reduce the risk
To apply the concept of performance materiality, auditors should determine a tolerable misstatement, an amount or amounts that reduce to an appropriately low level the probability that the total of uncorrected and undetected misstatements would result in material misstatement of the financial statements.
The purpose is to establish a scoop for the audit procedures for the individual account balance or disclosures
Because of the many factors involved, there is no required or optimal method for establishing materiality for an account balance or class transactions
In Practice, auditors commonly set tolerable misstatements for each account at between 50 and 80 percent of overall materiality.
(유지니가 정리한거)
Fraud risk - strategy (for external auditors)
Reliance ( combined) * test of control + substantive test)
Non- reliance ( substantive)
You have to choose an appropriate strategy for efficient$ / effective( for audit report, for avoiding audit failure) audit
The audit plan is more of details
Proper audit plan enables
1. Identify and devote appropriate attention to significant areas of the audit
2. Identify and resolve potential problems of the audit
3. Properly organize and manage the audit engagement so that it is performed in an effective/efficient manner
4. Select engagement team members with appropriate levels of capabilities and competence
Access the level of risk of material misstatement
Specialist: we also need to think about if they are objective
How to find related parties transactions( rev /exp) / balances outstanding ( ex/ account payable, related parties receivable/ what’s on the balance sheet related to rp)
Organizational chart (basis)
Unusual terms (on contracts)
Price lists
Schedule 50 of t2 tax return
Predecessor working paper
Public registry (REQ)
ISC
Ask clients
Past financials
What are the balances and transactions
Walkthrough- mandatory for public companies
Slide 27
5% benchmark for materiaity, 5% (guideline) of net income before taxes
IM identified misstatement (factual)
LAM Likely aggregate misstatement (
MAT Threshold of materiality
IM / samples size = deviation rate (error %)
Looking at dollar mistakes
Situation 3 , you can not give a clean opinion , If lam is above mat, you have to bring it below mat
Identified misstatement + likely misstatement = LAM