Chapter 1 An Introduction to Auditing Auditing and Assurance Services: Understanding the Integrated Audit First Edition Karen L. Hooks Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons
Overview of an Integrated Audit Chapter 2 Overview of an Integrated Audit
Learning Objectives 1. Understand the legal and regulatory requirements for integrated audits. 2. Identify the basic requirements for an audit to be possible. 3. Recognize the basic stages of the audit 4. Explain the meaning of fundamental terms related to auditing. 5. Describe the activities that comprise the general stages of an integrated audit. 6. Learn the basic differences between the audit of a public and nonpublic company. 7. Explain the generally accepted auditing standards.
Review of Important Abbreviations GAAP PCAOB – AS AICPA – SAS IAASB – ISA COSO – IC Framework IFRS ICFR SEC - SAB
Review: Integrated Audits Integrated audit: examines both a company’s financial statements and internal control over financial reporting Financial statement audit: examines just the company’s financial statements PCAOB: has jurisdiction over audits of public companies and firms that perform those audits
Preliminary Requirements for an Audit Standards must exist to provide the benchmarks against which the auditor compares information GAAP or IFRS inform the auditor how financial statements should be prepared COSO IC Framework is a guide for how ICFR should be structured and function Auditing standards must exist so auditor knows how to perform an audit (AS, SAS, ISA) Entity must have records sufficient for audit evidence Auditor must have reasonable confidence in management’s integrity
Overview of An Integrated Audit Exhibit 2-1
Five Management Assertions Existence or Occurrence Completeness Rights and Obligations Valuation or allocation Presentation and disclosure An additional “assertion” that is the topic of management’s ICFR report is that ICFR is effective
AICPA Management Assertions Classes of transactions and events for the period under audit occurrence, completeness, accuracy, cutoff, classification Assertions about account balances at the period end existence, rights and obligations, completeness, valuation and allocation Assertions about presentations and disclosure occurrence, rights and obligations, completeness, classification and understandability, accuracy and valuation
Fair Financial Statements The collective result of management’s assertions in presenting financial statements is that the financial statements are “fair” Fair means “not materially misstated” Effective ICFR allows the company to produce financial statements that are not materially misstated Design effectiveness Operating effectiveness
Definition of ICFR Internal control over financial reporting is a process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP and includes those policies and procedures that:
Definition of ICFR (continued) Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Note: The auditor's procedures as part of either the audit of internal control over financial reporting or the audit of the financial statements are not part of a company's internal control over financial reporting. (AS5.A5)
Fundamental Concepts Audit evidence – can be anything the auditor uses as information Sufficient Appropriate Reliable and Relevant Audit procedures – used to collect evidence Control tests Substantive tests Tests of details of balances Substantive analytical procedures Dual purpose tests
Characteristics affecting Evidence Source of the evidence Direct personal knowledge of the auditor Quality of internal control under which the evidence was produced Original documents vs. copies and faxes Documents vs. oral evidence
Risk Concepts The term “risk” is used in many different ways in auditing standards and literature Audit risk Detection risk Client’s business risk Auditor’s business risk Fraud risk
Risk is Related to Materiality Materiality defined Reasonable person Prudent official Materially misstated financial statements Material weakness defined
Audit Terms that Relate to Each Other Professional judgment Professional skepticism Due professional care Economic limits Reasonable assurance vs. Absolute assurance Persuasive vs. convincing evidence Sampling Negligence Auditor opinion – not an absolute
More Audit Concepts The auditor identifies management assertions that are relevant to each material account balance and class of transactions: Based upon expected risk, the auditor uses professional judgment and decides on audit procedures The auditor collects evidence by performing audit procedures The auditor may use sampling Absolute assurance is not feasible, but reasonable assurance is a high level of assurance
Phases of an Audit Client Acceptance or Continuance Preliminary engagement procedures are a part of this process Audit Planning and Risk Assessment Tests of ICFR Operating Effectiveness Substantive Procedures on Accounts and Disclosures Wrap-Up, Completion, and Reporting
Client Acceptance or Continuance Exhibit 2-3 Do we want this client? Can we effectively perform this audit? Research the client Do we still want the audit? Present proposal Did we win the engagement? Complete preliminary engagement procedures
Preliminary Engagement Procedures Exhibit 2-4 Auditor proposal and client acceptance, or client continuance decision Confirm and communicate on auditor independence For new clients this step comes at the beginning, in writing For continuing clients this step happens yearly Establish understanding on terms of the engagement
Audit Planning and Risk Assessment Exhibit 2-5 Preliminary audit strategy Obtain an understanding Assess risk Audit planning
Preliminary audit strategy Review client’s entity-level controls Perform analytical procedures Decide on staffing and timing Assess potential misstatements Develop early plan
Understanding the Client Auditor needs to understand Client’s business Client’s activities Transactions Financial statement accounts Information system Entity level controls
Understanding the Client Sources of information the help auditor to obtain an understanding Client acceptance process Performing reviews of interim financial statements before client files them with SEC Client’s own ICFR documentation Process of assessing design effectiveness of ICFR
Assess Risk Auditor considers Fraud risk; includes asking management about fraud risk Risk of material misstatement in financial statements ICFR related risk – that a material weakness exists in ICFR Risks in the audit risk model Overall audit risk Inherent risk and control risk – togther they are the risk of material misstatement Auditor makes a judgment and sets planning materiality threshold
Audit Planning Plan Decide on Produce audit plan Nature, Timing, Extent Decide on Controls to test Accounts to test Sampling plan Procedures Produce audit plan
Side-by-Side Audit Efficiency Exhibit 2-1 shows overview of an integrated audit Tests of ICFR operating effectiveness and Substantive procedures on accounts and disclosures are show side-by-side When conducting an integrated audit, to the extent possible, the auditor collects and evaluates evidence useful to both financial statement and ICFR audits This approach can be used whether the ICFR evidence is used to issue an opinion on ICFR or as input for the financial statement audit
Tests of ICFR Operating Effectiveness Exhibit 2-6 This phase is side-by-side with Substantive Procedures Tests of controls and dual purpose tests Evaluate results and document Consider other information Form tentative conclusion on ICFR operating effectiveness
Tests of ICFR Operating Effectiveness Tests of controls Dual purpose tests If problems with ICFR are found in testing, the auditor does more work and may need to revise the audit plan; can impact substantive procedures on financial statement audit Other information considered includes knowledge gained from review engagements and management communications
Substantive Procedures Exhibit 2-7 This phase is side-by-side with Tests of ICFR Operating Effectiveness Dual purpose tests, tests of details of balances and substantive analytical procedures Evaluate results and document Consider other information Form tentative conclusions on fairness of financial statements
Substantive Procedures Tests of details of balances Substantive analytical procedures If problems with account balances are found in testing, the auditor does more work and may need to revise the audit plan; can impact ICFR procedures
Wrap-Up, Completion and Reporting Exhibit 2-8 Perform final audit steps Decide on appropriate audit report Communicate with audit committee and management Issue audit report on ICFR and financial statements
Wrap-Up Steps Reviews Communication with the client’s attorneys Obtain written representations from management Communication with the company’s audit committee
Nonpublic Company Audits Exhibit 2-9
Nonpublic Company Audit Steps A nonpublic company’s audit is based on AICPA or IAASB standards and addresses only the financial statements; no ICFR opinion is issued The auditor must consider significant risks but does not always test the operating effectiveness of ICFR Both public and nonpublic company audits require professional judgment on planning, risk, fraud assessment and evidence
Language in the Audit Standards Unconditional Responsibility Must Shall Is required Presumptively Mandatory Responsibility Should Responsibility to Consider May Might Could Should consider means presumptive responsibility to consider, but not to carry out the act
GAAS -10 Auditing Standards Historically, the 10 GAAS were the underlying principles for auditing standards 3 categories: general, field work, reporting Currently in the process of changing with the alignment of U.S. and international audit standards For ICFR audits, the PCAOB states that AS 5 presents the field work standards For integrated audits, AS 5 presents the reporting standards
Auditing Standards - General General Standards 1. The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor 2. In all matters relating to the assignment, an independence in mental attitude is to be maintained by the auditors 3. Due professional care is to be exercised in the performance of the audit and the preparation of the report
Auditing Standards – Field Work Standards of field work 1. The work is to be adequately planned, and assistants, if any, are to be properly supervised 2. A sufficient understanding of internal control is to be obtained to determine the nature, timing, and extent of tests to be performed. 3. Sufficient appropriate evidential matter is to be obtained through observation, inquires and confirmations to afford a reasonable basis for an opinion regarding the financial statements
Auditing Standards– Reporting Standards of Reporting 1. The report shall state whether the financial statements are presented in accordance with GAAP. 2. The report shall identify those circumstances in which those principles have not been consistently observed. 3. Informative disclosures in the financial statements are to be regarded as reasonably accurate. 4. The report should contain an expression of an opinion, or an assertion to the effect that an opinion can not be expressed.
Appendix A: AICPA Generally Accepted Auditing Standards The AICPA has modified the language in the 10 GAAS, but the substance is the same as the earlier version still used by the PCAOB that is shown in the body of the chapter.
Copyright “Copyright © 2011 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.”