Presentation on theme: "Review of Introduction to Auditing"— Presentation transcript:
1 Review of Introduction to Auditing Lynn Kingston, CPAAdjunct FacultyPortland State University
2 Definition of Auditing Auditing is a systematic process of1) obtaining and evaluating evidence regarding assertions about economic actions and events2) ascertaining the degree of correspondence between assertions and established criteria3) Communicating the results to interested users
3 Audit Evidence“Audit evidence is all the information used by the auditor in arriving at the conclusions on which the audit opinion is based.”
5 Overview of Three Classes of Assertions Class of TransactionsAccount BalancesPresentation & DisclosureOccurrenceExistenceOccurrence/RightsCompletenessCutoffAccuracyValuation/AllocationAccuracy/ValuationClassificationClassification/UnderstandabilityRights/Obligations
6 Being Alert for Misstatements Misstatements can result from either errors or fraud and may consist of any misstatement of an assertionWhat is the difference between known misstatements and likely misstatements?What is the auditor’s responsibility for immaterial misstatements?What is the auditor’s responsibility to communicate misstatements to management?
8 Goal: Assessing the Risk of Material Misstatement Develop a knowledgeable perspective about the entityRelate risks to what can go wrong and the F/S level of assertion levelConsider the magnitude of risks that could result (Material?)Consider the likelihood of risks that could result
9 Inherent Risk at the Financial Statement Level (Pervasive Risks) Examples:Management turnover, reputation, or accounting skillsLiquidity and going concern problemsPressure to meet debt covenantsChanging industry conditions, etc.ResponsesIncreased knowledge, skill, and ability of personnel assigned significant engagement responsibilitiesInvolvement of a specialistAppropriate level of supervision of assistants
10 Inherent Risk at the Assertion Level Examples:Difficult to audit accounts or transactionsContentious or difficult accounting issuesSusceptibility to misappropriationComplexity of calculationsSignificant volume of transactionsResponsesChoices about nature, timing and extent of substantive tests depends on internal controls
11 Fraud Defined Acts Resulting in Material Misstatements Intentional or Unintentional2 Types of Misstatements Relevant to FraudFraudulent Financial ReportingMisappropriation of Assets
13 Significant risks that require special audit consideration Significant risks are often derived from business risks that may result in a material misstatement.Whether the risk is a risk of fraudWhether the risk is related to recent significant economic, accounting, or other developments and, therefore, requires specific attentionThe complexity of transactionsWhether the risk involves significant transactions with related partiesThe degree of subjectivity in measurementWhether the risk involves significant nonroutine transactions
14 Significant risksUnderstand whether the entity has developed internal controlsCommunicate significant deficiency or material weaknessAnalytical procedures should not be the primary substantive test
15 Internal ControlThe auditor should obtain an understanding of the five components of internal controlThe auditor should obtain a sufficient understanding by performing risk assessment procedures to evaluate the design of controls relevant to an audit of financial statements and to determine whether they have been implemented
16 Internal Control The auditor should know enough to: Identify types of potential misstatements.Consider factors that affect the risks of material misstatement.Design tests of controls, when applicable, and substantive procedures.
17 Components of Internal Control Control EnvironmentRisk AssessmentInformation and CommunicationMonitoringControl ActivitiesUnderstand inEvery AuditDepth of UnderstandingDepends on Audit strategy
18 Control EnvironmentTone at the top that influences control consciousnessIntegrity and Ethical ValuesCommitment to CompetenceBoard of Directors and Audit CommitteeManagement’s Philosophy and Operating StyleOrganizational StructureAssignment of Authority and ResponsibilityHuman Resource Policies and Practices
20 Information and Communication TransactionsAudit Trail or Transaction TrailDocumentsRecordsCommunication
21 Information and Communication AuthorizeExecuteRisk of MisstatementRisk of MisstatementReportRecordRisk when you change the contentof information about at transaction or you change the form of informationConsideration
22 Monitoring Ongoing monitoring programs Separate evaluations Element of reporting deficiencies to the management / governance
23 Control Activities Authorization Segregation of Duties Information Processing ControlsComputer General ControlsComputer Application ControlsControls over the Financial Reporting ProcessPhysical ControlsPerformance ReviewsControls over Mgmt. Discretion in Financial Reporting
25 Overview of Computer Controls And Strategies for Test of Controls
26 Computer General Controls Organizational and operational controlsSystem development and documentation controlsHardware and system controlsAccess ControlsData and Procedural Controls
27 Application ControlsProgrammed controls that identify and report possible misstatements in assertions
28 How to identify key controls CompletenessStart HereAuthorize / InitiateExecuteRecordStart Here For Occurrence,Accuracy, and ClassificationConsideration
29 Controls over the Financial Reporting Process SpreadsheetsAccountingDatabaseSQLFinancialStatementsStrongControlsWeak or No ControlsWeak or NoControls
30 Control Activities Authorization Segregation of Duties Information Processing ControlsComputer General ControlsComputer Application ControlsControls over the Financial Reporting ProcessPhysical ControlsPerformance ReviewsControls over Mgmt. Discretion in Financial Reporting
31 Overall Conclusion about Internal Controls What is the cumulative effect of all five components of internal control for each assertion?
32 PCAOB Auditing Standard #5 A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis.Note: There is a reasonable possibility of an event, as used in this standard, when the likelihood of the event is either "reasonably possible" or "probable," as those terms are used in Financial Accounting Standards Board Statement No. 5, Accounting for Contingencies ("FAS 5").3/
33 PCAOB Auditing Standard #5 A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.
34 Factors that influence judgments about likelihood The nature of the financial statement accounts, disclosures, and assertions involved. For example, suspense accounts and related party transactions involve greater risk.The susceptibility of the related assets or liabilities to loss or fraud.The subjectivity and complexity of the amount involved, and the extent of judgment needed to determine that amount.The cause and frequency of any known or detected exceptions related to the operating effectiveness of a control.The interaction or relationship of the control with other controls.The interaction of the control deficiency with other control deficiencies.The possible future consequences of the deficiency.
35 Factors that influence judgments about magnitude The financial statement amounts or total of transactions exposed to the deficiency.The volume of activity in the account balance or class of transactions exposed to the deficiency in the current period or expected in future periods.
38 Responses to risk at the assertion level NatureThe nature of the audit procedures is of most importance in responding to the assessed risks.TimingGood internal controls are required to modify the timing of audit proceduresExtentDirectly related to test of details risk in the audit risk modelThe auditor also needs to consider other factors related to sample size
40 General Categories of Substantive Tests Initial ProceduresAnalytical ProceduresTests of Details of TransactionsTests of Details of BalancesTests of Details of Accounting EstimatesTests of Details of Disclosures
41 Factors that influence performing substantive tests at an interim date The control environment and other relevant controlsThe availability of information at a later date that is necessary for the auditor’s proceduresThe objective of the substantive procedureThe assessed risk of material misstatementThe nature of the class of transactions or account balance and relevant assertionsThe ability of the auditor to reduce the risk that misstatements that exist at the period end are not detected by performing appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatements that exist at period end are not detected
42 Evaluating the sufficiency and appropriateness of evidence At the end of the audit the auditor should cycle back through risk assessments made and evidence obtained to evaluate the effectiveness of the audit.Significance of the potential misstatement in the relevant assertion and the likelihood of its having a material effect, individually or aggregated with other potential misstatements, on the financial statements.Effectiveness of management’s responses and controls to address the risks.Experience gained during previous audits with respect to similar potential misstatements.Results of audit procedures performed, including whether such audit procedures identified specific instances of fraud or error.Source and reliability of available information.Persuasiveness of the audit evidence.Understanding of the entity and its environment, including its internal control.
43 Final Consideration Evaluate known and likely misstatements Consider material overstatement and understatementsThe effect of misstatements in prior periods
44 The Assurance Bucket Accounting 493/593 – Spring 2009 I’d like to introduce our “Assurance Bucket” analogy. This analogy will be expanded on during the course of the training. Essentially, the auditor’s goal is the fill the bucket with appropriate audit evidence to gain the level of desired assurance (high level of assurance for audits).Explain this over the next few slides: Risk Assessment Procedures form the base layer in the bucket – you do those first. Once you have assessed risk and planned audit responses to the risks of the entity, then you have the base of a level of assurance required (this is not enough assurance to render an opinion). Next is tests of controls (if applicable), substantial analytical procedures and finally substantive tests of details (last resort).Accounting 493/593 – Spring 2009
45 Filling the Assurance Bucket Risk Assessment ProceduresRisk Assessment Procedures
46 Filling the Assurance Bucket Test of ControlsTests of ControlsRisk Assessment Procedures46
47 Filling the Assurance Bucket Substantive Analytical ProceduresSubstantive Analytical ProceduresTests of ControlsRisk Assessment Procedures
48 Filling the Assurance Bucket SubstantiveTest of DetailsSubstantive Tests of DetailsSubstantive Analytical ProceduresTests of ControlsRisk Assessment ProceduresEmphasize that this top down approach illustrated in the assurance hierarchy is not about “avoiding detail testing” at all costs. Rather, it is about effectively leveraging the power of controls testing and substantive analytical procedures to direct attention to high risk areas as we go about obtaining sufficient appropriate evidence.
49 Filling the Financial Statement Assertion “Buckets” Tests of ControlsSubstantive Analytical ProceduresSubstantive Tests of DetailsRisk Assessment ProceduresDisplay PowerPoint slide “Filling Financial Statement Assertion Buckets”.Our risk assessment procedures help us determine how big the bucket is for each assertion. Obviously, there are assertions that are more important or present bigger risks for some accounts than for others. For instance, existence or validity is typically more important for accounts receivable than it is for accounts payable. After we determine the risks associated with accounts, we can determine the size of our assurance buckets and then begin filling our buckets as we move through the assurance hierarchy.As depicted on the slide, most buckets will be filled with a combination of audit tests. In some instances our assurance buckets will be nearly full after we conduct tests of controls and analytical procedures. In other instances we will need to fill a significant portion of the bucket with our tests of details. For example, we may choose to fill the bucket largely through tests of details when an account contains a few large transactions. Obviously, if we are conducting an audit of internal control over financial reporting we will also gather evidence on the design and operating effectiveness of important controls over significant accounts.Currently, some of our buckets runneth over and some of our buckets are not full. Our goal, and that of our peer reviewers and the regulators who review our work papers, is to see nice, even, full buckets.CompletenessCut-OffExistenceValuation49