Presentation is loading. Please wait.

Presentation is loading. Please wait.

Review of Introduction to Auditing

Similar presentations

Presentation on theme: "Review of Introduction to Auditing"— Presentation transcript:

1 Review of Introduction to Auditing
Lynn Kingston, CPA Adjunct Faculty Portland State University

2 Definition of Auditing
Auditing is a systematic process of 1) obtaining and evaluating evidence regarding assertions about economic actions and events 2) ascertaining the degree of correspondence between assertions and established criteria 3) Communicating the results to interested users

3 Audit Evidence “Audit evidence is all the information used by the auditor in arriving at the conclusions on which the audit opinion is based.”

4 Why are assertions important?

5 Overview of Three Classes of Assertions
Class of Transactions Account Balances Presentation & Disclosure Occurrence Existence Occurrence/Rights Completeness Cutoff Accuracy Valuation/Allocation Accuracy/Valuation Classification Classification/ Understandability Rights/Obligations

6 Being Alert for Misstatements
Misstatements can result from either errors or fraud and may consist of any misstatement of an assertion What is the difference between known misstatements and likely misstatements? What is the auditor’s responsibility for immaterial misstatements? What is the auditor’s responsibility to communicate misstatements to management?

7 Understanding the Entity and Its Environment

8 Goal: Assessing the Risk of Material Misstatement
Develop a knowledgeable perspective about the entity Relate risks to what can go wrong and the F/S level of assertion level Consider the magnitude of risks that could result (Material?) Consider the likelihood of risks that could result

9 Inherent Risk at the Financial Statement Level (Pervasive Risks)
Examples: Management turnover, reputation, or accounting skills Liquidity and going concern problems Pressure to meet debt covenants Changing industry conditions, etc. Responses Increased knowledge, skill, and ability of personnel assigned significant engagement responsibilities Involvement of a specialist Appropriate level of supervision of assistants

10 Inherent Risk at the Assertion Level
Examples: Difficult to audit accounts or transactions Contentious or difficult accounting issues Susceptibility to misappropriation Complexity of calculations Significant volume of transactions Responses Choices about nature, timing and extent of substantive tests depends on internal controls

11 Fraud Defined Acts Resulting in Material Misstatements
Intentional or Unintentional 2 Types of Misstatements Relevant to Fraud Fraudulent Financial Reporting Misappropriation of Assets

12 The Fraud Triangle

13 Significant risks that require special audit consideration
Significant risks are often derived from business risks that may result in a material misstatement. Whether the risk is a risk of fraud Whether the risk is related to recent significant economic, accounting, or other developments and, therefore, requires specific attention The complexity of transactions Whether the risk involves significant transactions with related parties The degree of subjectivity in measurement Whether the risk involves significant nonroutine transactions

14 Significant risks Understand whether the entity has developed internal controls Communicate significant deficiency or material weakness Analytical procedures should not be the primary substantive test

15 Internal Control The auditor should obtain an understanding of the five components of internal control The auditor should obtain a sufficient understanding by performing risk assessment procedures to evaluate the design of controls relevant to an audit of financial statements and to determine whether they have been implemented

16 Internal Control The auditor should know enough to:
Identify types of potential misstatements. Consider factors that affect the risks of material misstatement. Design tests of controls, when applicable, and substantive procedures.

17 Components of Internal Control
Control Environment Risk Assessment Information and Communication Monitoring Control Activities Understand in Every Audit Depth of Understanding Depends on Audit strategy

18 Control Environment Tone at the top that influences control consciousness Integrity and Ethical Values Commitment to Competence Board of Directors and Audit Committee Management’s Philosophy and Operating Style Organizational Structure Assignment of Authority and Responsibility Human Resource Policies and Practices

19 Risk Assessment Process

20 Information and Communication
Transactions Audit Trail or Transaction Trail Documents Records Communication

21 Information and Communication
Authorize Execute Risk of Misstatement Risk of Misstatement Report Record Risk when you change the content of information about at transaction or you change the form of information Consideration

22 Monitoring Ongoing monitoring programs Separate evaluations
Element of reporting deficiencies to the management / governance

23 Control Activities Authorization Segregation of Duties
Information Processing Controls Computer General Controls Computer Application Controls Controls over the Financial Reporting Process Physical Controls Performance Reviews Controls over Mgmt. Discretion in Financial Reporting

24 Segregation of Duties

25 Overview of Computer Controls And Strategies for Test of Controls

26 Computer General Controls
Organizational and operational controls System development and documentation controls Hardware and system controls Access Controls Data and Procedural Controls

27 Application Controls Programmed controls that identify and report possible misstatements in assertions

28 How to identify key controls
Completeness Start Here Authorize / Initiate Execute Record Start Here For Occurrence, Accuracy, and Classification Consideration

29 Controls over the Financial Reporting Process
Spreadsheets Accounting Database SQL Financial Statements Strong Controls Weak or No Controls Weak or No Controls

30 Control Activities Authorization Segregation of Duties
Information Processing Controls Computer General Controls Computer Application Controls Controls over the Financial Reporting Process Physical Controls Performance Reviews Controls over Mgmt. Discretion in Financial Reporting

31 Overall Conclusion about Internal Controls
What is the cumulative effect of all five components of internal control for each assertion?

32 PCAOB Auditing Standard #5
A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis. Note: There is a reasonable possibility of an event, as used in this standard, when the likelihood of the event is either "reasonably possible" or "probable," as those terms are used in Financial Accounting Standards Board Statement No. 5, Accounting for Contingencies ("FAS 5").3/

33 PCAOB Auditing Standard #5
A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.

34 Factors that influence judgments about likelihood
The nature of the financial statement accounts, disclosures, and assertions involved. For example, suspense accounts and related party transactions involve greater risk. The susceptibility of the related assets or liabilities to loss or fraud. The subjectivity and complexity of the amount involved, and the extent of judgment needed to determine that amount. The cause and frequency of any known or detected exceptions related to the operating effectiveness of a control. The interaction or relationship of the control with other controls. The interaction of the control deficiency with other control deficiencies. The possible future consequences of the deficiency.

35 Factors that influence judgments about magnitude
The financial statement amounts or total of transactions exposed to the deficiency. The volume of activity in the account balance or class of transactions exposed to the deficiency in the current period or expected in future periods.

36 Analytical Procedures

37 Effective Analytical Procedures

38 Responses to risk at the assertion level
Nature The nature of the audit procedures is of most importance in responding to the assessed risks. Timing Good internal controls are required to modify the timing of audit procedures Extent Directly related to test of details risk in the audit risk model The auditor also needs to consider other factors related to sample size

39 Nature and Timing of Test of Controls

40 General Categories of Substantive Tests
Initial Procedures Analytical Procedures Tests of Details of Transactions Tests of Details of Balances Tests of Details of Accounting Estimates Tests of Details of Disclosures

41 Factors that influence performing substantive tests at an interim date
The control environment and other relevant controls The availability of information at a later date that is necessary for the auditor’s procedures The objective of the substantive procedure The assessed risk of material misstatement The nature of the class of transactions or account balance and relevant assertions The ability of the auditor to reduce the risk that misstatements that exist at the period end are not detected by performing appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatements that exist at period end are not detected

42 Evaluating the sufficiency and appropriateness of evidence
At the end of the audit the auditor should cycle back through risk assessments made and evidence obtained to evaluate the effectiveness of the audit. Significance of the potential misstatement in the relevant assertion and the likelihood of its having a material effect, individually or aggregated with other potential misstatements, on the financial statements. Effectiveness of management’s responses and controls to address the risks. Experience gained during previous audits with respect to similar potential misstatements. Results of audit procedures performed, including whether such audit procedures identified specific instances of fraud or error. Source and reliability of available information. Persuasiveness of the audit evidence. Understanding of the entity and its environment, including its internal control.

43 Final Consideration Evaluate known and likely misstatements
Consider material overstatement and understatements The effect of misstatements in prior periods

44 The Assurance Bucket Accounting 493/593 – Spring 2009
I’d like to introduce our “Assurance Bucket” analogy. This analogy will be expanded on during the course of the training. Essentially, the auditor’s goal is the fill the bucket with appropriate audit evidence to gain the level of desired assurance (high level of assurance for audits). Explain this over the next few slides: Risk Assessment Procedures form the base layer in the bucket – you do those first. Once you have assessed risk and planned audit responses to the risks of the entity, then you have the base of a level of assurance required (this is not enough assurance to render an opinion). Next is tests of controls (if applicable), substantial analytical procedures and finally substantive tests of details (last resort). Accounting 493/593 – Spring 2009

45 Filling the Assurance Bucket
Risk Assessment Procedures Risk Assessment Procedures

46 Filling the Assurance Bucket
Test of Controls Tests of Controls Risk Assessment Procedures 46

47 Filling the Assurance Bucket
Substantive Analytical Procedures Substantive Analytical Procedures Tests of Controls Risk Assessment Procedures

48 Filling the Assurance Bucket
Substantive Test of Details Substantive Tests of Details Substantive Analytical Procedures Tests of Controls Risk Assessment Procedures Emphasize that this top down approach illustrated in the assurance hierarchy is not about “avoiding detail testing” at all costs. Rather, it is about effectively leveraging the power of controls testing and substantive analytical procedures to direct attention to high risk areas as we go about obtaining sufficient appropriate evidence.

49 Filling the Financial Statement Assertion “Buckets”
Tests of Controls Substantive Analytical Procedures Substantive Tests of Details Risk Assessment Procedures Display PowerPoint slide “Filling Financial Statement Assertion Buckets”. Our risk assessment procedures help us determine how big the bucket is for each assertion. Obviously, there are assertions that are more important or present bigger risks for some accounts than for others. For instance, existence or validity is typically more important for accounts receivable than it is for accounts payable. After we determine the risks associated with accounts, we can determine the size of our assurance buckets and then begin filling our buckets as we move through the assurance hierarchy. As depicted on the slide, most buckets will be filled with a combination of audit tests. In some instances our assurance buckets will be nearly full after we conduct tests of controls and analytical procedures. In other instances we will need to fill a significant portion of the bucket with our tests of details. For example, we may choose to fill the bucket largely through tests of details when an account contains a few large transactions. Obviously, if we are conducting an audit of internal control over financial reporting we will also gather evidence on the design and operating effectiveness of important controls over significant accounts. Currently, some of our buckets runneth over and some of our buckets are not full. Our goal, and that of our peer reviewers and the regulators who review our work papers, is to see nice, even, full buckets. Completeness Cut-Off Existence Valuation 49

50 Questions?

Download ppt "Review of Introduction to Auditing"

Similar presentations

Ads by Google