Audit Evidence and Procedures

Questions and Answers

Which of the following is the primary responsibility of an auditor in relation to the financial statements?

• Ensuring that the company's internal controls are effective.
• Preparing the financial statements in accordance with GAAP.
• Testing management's assertions to determine if the financial statements comply with GAAP. (correct)
• Preventing fraud and errors in the financial statements.

Which management assertion relates to whether transactions have been recorded in the correct accounting period?

• Cutoff (correct)
• Completeness
• Accuracy
• Occurrence

Which management assertion primarily addresses concerns about potential understatement of liabilities?

• Existence
• Completeness (correct)
• Accuracy, Valuation, and Allocation
• Rights and Obligations

Which of the following forms of audit evidence is generally considered the most reliable?

Electronic information corroborated with external documents. (A)

Which of the following factors would most likely lead an auditor to increase the quantity of audit evidence they need to obtain?

Greater risk of misstatement. (C)

Which of the following best exemplifies audit evidence that is considered relevant?

Examining documentation on accounts receivable when testing sales revenue. (D)

An auditor is examining the reliability of evidence. Which source of evidence is generally considered most reliable?

Evidence from an independent source outside the entity. (B)

Which of the following audit procedures would be considered a 'test of controls'?

Observing whether shipping documents are matched with sales invoices. (C)

An auditor is comparing recorded balances of fixed assets to supporting documentation. What type of audit test is being performed?

Vouching (B)

An auditor is following a customer order through the accounting system to ensure it is properly recorded in the general ledger. What type of audit test is being performed?

Tracing (D)

Which of the following actions by an auditor would be considered the most reliable way to independently obtain evidence about a company's cash balance?

Obtaining a bank confirmation directly from the company's bank. (C)

Which of the following is the primary reason an auditor performs recalculation during an audit?

To verify the mathematical accuracy of documents or records. (A)

When an auditor re-performs the aging of accounts receivable to verify a client's allowance for doubtful accounts, this is refered to as:

Reperformance (B)

An auditor performs an analysis of current-year sales revenues compared to prior-year sales revenues, along with a comparison to industry trends. This is an example of:

An analytical procedure. (A)

In which stage(s) of the audit is an auditor required to perform analytical procedures?

Planning, substantive testing and final review stages (D)

What is the purpose of 'ticking off' items on a working paper?

To verify that the auditor has completed all the necessary steps for the test sample. (C)

Who owns audit documentation, including the documents prepared by the client at the auditor's request?

The auditor, as they compiled and analyzed the documentation. (D)

What is the minimum length of time that the Sarbanes-Oxley Act of 2002 requires audit documentation to be retained, from the completion date of the engagement?

Seven years (D)

Which of the following is an example of applying professional skepticism during an audit engagement?

Critically assessing audit evidence and having a questioning mind. (A)

Which of the following examples showcases a potential limitation of professional skepticism?

An auditor, under time pressure, forgoes further investigation despite inconsistencies noted in management's explanations. (D)

In the context of internal controls, what is the primary objective of separation of duties?

To prevent one person from controlling all aspects of a financial transaction. (A)

Which of the following best describes the objective of the COSO framework?

Establishing a common definition and framework for internal controls. (A)

Which of the following components is NOT a component of the COSO internal control framework?

IT Governance (D)

The 'tone at the top' from senior management regarding the importance of internal control and expected standards of conduct is a reference to which component of the COSO framework?

Control Environment (D)

What does 'monitoring activities' mean in the context of internal controls?

A process that assesses the quality of internal control performance over time. (A)

In what way does an entity’s size impact its internal controls?

Smaller entities are likely to have less formal internal controls. (A)

An auditor chooses to follow a substantive strategy and set control risk at HIGH. Which of the following is the most likely implication of it?

More testing of the financial statement data will be performed. (C)

What is the primary purpose of an auditor obtaining an understanding of each of the five components of internal control?

To plan the audit. (B)

Which set of controls is related to all IT within the company?

IT General Controls (C)

Which of the following illustrates an IT dependent manual control?

Review of vendor statements (D)

Controls that operate across the entire company are called:

Entity-Level Controls (B)

How can an auditor reduce their work by 20-30%?

Relying on SOME of the work if internal control is separate, reports directly to the audit committee, and takes jobs seriously. (D)

The process for fixing a material weakness is called.

Remediation (A)

What is a result when the auditor tries to look for material weakness?

An adverse opinion (B)

When the auditor does not get written representation ab IC, will the auditor issue a disclaimer?

Yes (B)

What type of opinion can get if the auditor decides to refer to the report of other auditors.

Not qualified opinion, either unqualified or adverse (D)

When are conversations regarding ICFR to management and the audit committee supposed to be done?

BEFORE issuing the report (B)

Which of the following reports does auditor request Camden Suppliers' auditors to use?

SOC 1 Type 2 Report (B)

Below what circumstances does an auditor not have to apply sampling techniques to gather audit evidence?

When auditing a few large items (C)

What has reduced the times auditors need to apply sampling techniques to gather audit evidence??

Development of well-controlled, automated accounting systems (B)

You select that sampling risk is 5%. What percent is the confidence level??

95% (D)

What auditor testing involves auditors being more concerned about a type 2 risk and avoiding these instances?

Reaching the wrong conclusion/opinion (D)

What are advantages to statistical sampling?

Design an efficient sample. (C)

Flashcards

Audit Evidence

Auditor's responsibility to give support for their opinion on financial statements.

Management Assertions:

Assertions about classes of transactions and events for the period under audit.

Occurrence

Did the transactions actually occur?

Accuracy

Are transactions accurately stated?

Completeness

Are ALL tranactions reported; actually reported?

Audit Evidence

The information used to reach conclusions.

Oral Information

Talking to company staff.

Visual Information

Observing company activities.

Sufficiency

Quantity of audit evidence.

Appropriateness

Quality of audit evidence.

Relevance

Evidence relevant to what is being tested.

Reliability

Making sure evidence is reliable.

Audit Procedures

Specific acts performed by the auditor.

Risk Assessment Procedures

Initial risk assessment to create audit plan.

Substantive Procedures

Testing that details balances and transactions align.

Audit Program

A set of procedure to test assertion.

Existence

Confirming accounts receivable.

Inspection

Physical examination of tangible assets.

Vouching

Relates to occurrence.

Tracing

Relates to completeness.

Observation

Watching a process or procedure.

Inquiry

Taking to the client, asking questions.

Confirmation

A direct written response from a third party.

Recalculation

Checking the mathematical accuracy.

Reperformance

Auditor's independent execution.

Analytical Procedures

Evaluating financial info.

Trend Analysis

Looking at trends over time.

Ratio Analysis

Calculating ratios.

Reasonableness Analysis

expectation vs. the financial statements.

Professional Skepticism

a questioning mind and critical evidence.

Internal Control

make sure things do not go wrong.

Control Environment

COSO framework.

Risk Assessment

business risks.

Control Activities

Day-to-day actions.

Information and Communication

Communication among all parties.

Monitoring Activities

Controls over controls.

Substantive Strategy

internal control.

Reliance Strategy

Control Based.

IT General Controls

IT related within the company.

Study Notes

Chapter Objectives

• Basic concepts, procedures for obtaining, and reliability of audit evidence must be learned
• Audit documentation functions, content, and types must be understood
• The purpose, types, and process of analytical procedures must be understood
• Must learn how to use data analytics in the audit

Audit Evidence and the Audit Report

• The auditor provides the underlying support for the 1-2 page report in the 10K, giving their opinion on the financial statements (FS)
• The ultimate output of an audit is the audit report
• Management prepares the FS, asserting certain things are true
• Auditors perform audit procedures to test these assertions, ensuring the FS is fairly stated and complies with GAAP
• Auditors gather evidence through procedures, which is key to providing underlying support to eventually reach an independent opinion
• The auditor reaches a conclusion based on evidence and provides an opinion in the audit report

Management Assertions: Transactions and Events

• These assertions concern classes of transactions and events, including related disclosures, for audit periods
• Occurrence: Addresses whether the transactions actually occurred
• Presentation: Addresses whether transactions are presented in compliance with GAAP
• Classification: Addresses whether transactions are classified appropriately
• Cutoff: Ensures revenue earned after the year is not included in the prior year's financials
• Accuracy: Addresses whether transactions are accurate
• Authorization: Addresses whether all transactions were authorized
• Completeness: Addresses whether all transactions have been reported

Management Assertions: Account Balances

• These are assertions about account balances and related disclosures at the end of the reporting period
• Existence: Similar to occurrence but applying to account balances, confirms assets listed on the balance sheet actually exist
• Rights and obligations: Addresses whether the entity has the rights to the assets on their balance sheet
• Completeness: Addresses if all the accounts payable due to vendors have been reported; used for liabilities
• Accuracy, valuation, and allocation: all accounts are accurate, properly valued, and correctly allocated
• Classification and Presentation
• Assures the account balances exist for assets and liabilities are complete and accurate

Audit Evidence

• Audit evidence is the information used by the auditor to reach conclusions on which the audit opinion is based
• It is the underlying documentation that supports the audit opinion
• An unqualified opinion cannot be provided without evidence
• Strong evidence is important

Forms of Audit Evidence

• Oral information: Involves conversations with managers and company personnel, detailed notes should be created detailing the conversation
• Visual information: Involves observing activities at the company such as check approval processes, and should be documented
• Paper documents: Includes actual documents
• Electronic information: Includes documentation transformed into electronic form and data analytics, can provide additional audit evidence

Sufficiency and Appropriateness of Audit Evidence

• Sufficiency is the quantity of audit evidence needed to support conclusions, and is impacted by the risk of material misstatement
• Appropriateness is the quality of audit evidence, factors affecting the quality of evidence include:
• Relevance: This means the audit evidence is related to what the auditor is trying to test (e.g., AR documentation)
• Reliability: This assures that the audit evidence is dependable, with an independent source outside the entity being more reliable
• An independent source is more reliable than information from inside the entity, as they have more incentive to commit fraud
• The audit client cannot be involved in gathering evidence

Internal Controls and Audit Evidence

• The effectiveness of internal controls impacts reliability of Audit evidence
• Effective internal controls make evidence more reliable
• Ineffective internal controls make the evidence unreliable
• Auditor's Direct Personal Knowledge: What the auditor directly gains knowledge of or does themselves is more reliable than information from someone else
• External auditors performing procedures directly is more reliable than internal auditors
• Ex: inventory count, recalculation
• Documentary Evidence: Documentary evidence is more reliable than oral evidence
• AR confirmations are more reliable than verbal conversations
• Original Documents: Original documents are more reliable than copies, although less common due to most documentation being digital now

Sufficiency and Appropriateness Considerations

• Higher quality evidence will require a smaller quantity of evidence to support the opinion
• Sufficient and appropriate evidence is needed to show the FS are not materially misstated

Evaluation of Audit Evidence

• Proper evaluation requires understanding of available evidence and relative reliability
• Auditors should be thorough and unbiased in their search for and evaluation of audit evidence

Audit Procedures

• Audit procedures are specific acts performed by the auditor to gather evidence about whether specific assertions are being met
• Risk assessment procedures: Conducted initially to establish the audit plan
• Test of controls: Help auditors evaluate whether controls can prevent, detect, and correct misstatements
• Substantive procedures: Test account balances and transactions to ensure assertions are met and the FS are fairly stated

Audit Program

• Consists of audit procedures used to test assertions for a component of the financial statements, which is essential for gathering audit evidence
• Example management assertions and audit procedures include:
• Existence: Confirms accounts receivable through confirmations
• Rights and obligations: Verifies the company has not sold rights to the accounts receivable
• Completeness: Checks that all accounts receivable are recorded
• Agree total accounts receivable subsidiary ledger to the accounts receivable control amount, and can indicate a lower risk level
• Valuation or allocation: Tests the adequacy of the allowance for doubtful accounts

More Audit Procedures

• Inspection of records and documents:
• Evidence from external documents is more reliable than internal documents
• Two types of inspection tests include:
• Vouching, relates to occurrence: Begins with the financial statements and vouches back to source documents
• Verifies the transaction occurred
• Tracing, relates to completeness: Starts from source documents and traces forward to ensure information is included in the general ledger
• Inspection of tangible assets: Physical examination of assets
• An inventory count can test for existence but does not provide evidence about valuation or rights and obligations

Observation

• Observation is the process of watching a process or procedure
• It helps understand how processes and internal controls work
• It is not sufficient audit evidence on its own because people may act differently when watched
• It assists in understanding the company but is not appropriate as final audit evidence

Inquiry

• Inquiry involves taking to the client and asking questions
• On its own is not sufficient audit evidence, but still is an important part of the audit
• Inquiry is insufficient, as it is not from an independent source (client) and may be biased in the client's favor
• It needs corroborating evidence and documentation from other procedures to be conclusive
• Auditors should consider the knowledge, objectivity, experience, responsibility, and qualification of the client
• Inquiries should consist of clear, concise, and relevant questions
• Open and closed questions should be used appropriately
• Open-ended and close-ended questions should be used appropriately depending on the auditor's objective
• The auditor should listen actively, consider responses, and ask follow-up questions

Confirmation

• A confirmation is a direct written response to the auditor from a third party
• Reliability may be affected by the form of confirmation and factors such as:
• Positive confirmation: Request a response whether the balance is correct or incorrect
• Negative confirmation: Request a response only if the balance is incorrect
• Positive confirmations are more reliable due to response rate and verification
• Prior experience with the entity.
• The nature of the information being confirmed.
• The intended respondent's ability to provide appropriate information
• Common information confirmed includes:
• Cash balances with banks
• Accounts receivable with customers
• Inventory on consignment with consignees
• Accounts payable with vendors
• Bonds payable with bondholders/trustees
• Insurance coverage with insurance companies
• Collateral for loans with creditors

Recalculation

• Recalculation involves verifying the mathematical accuracy of documents and records
• Recalculating interest expense and comparing it with information from the FS is an example
• It is only as good as the data used

Reperformance

• Reperformance is an auditor's independent execution of procedures or controls initially performed by company personnel
• It focuses on individual or specific transactions
• An Example, re-performing the aging of accounts receivable to understand their process of determining their allowance for doubtful accounts

Analytical Procedures

• Analytical procedures evaluate financial information through the study of relationships among both financial and nonfinancial data
• It is completed to obtain audit evidence, and looks at relationships among data
• It emphasizes classes of transactions or balances
• Steps are performed as part of risk assessment during the planning stage
• Five types include:
• Compare client and industry data
• Compare client data with prior-period data

Audit Testing Hierarchy

• Captures the process by which auditors use different tests
• Public companies are subject to testing of internal controls
• Analytical procedures and substantive tests are used if controls are effective

Filling the Assurance Bucket

• All evidence gathered from procedures fills the "assurance bucket" to reach a desired level for an opinion
• Buckets can be assessed at the account or assertion level
• Higher-risk accounts have larger buckets
• Completeness is a frequently higher-risk assertion

Audit Documentation

• Serves as the auditor's record of procedures performed, evidence gathered, and conclusions reached
• The 3 key functions of working papers are to:
• Provide support for the audit report (opinion)
• Aid in planning, performance, and supervision
• Provide a focal point for reviewing work of subordinates, forming a basis for quality reviews
• Audit documentation should:
• Demonstrate compliance with auditing and professional standards
• Support the basis for the auditor's conclusions on FS assertions
• Demonstrate agreement or reconciliation of underlying accounting records with the FS
• Include a written audit program detailing procedures
• Enable a knowledgeable reviewer to understand procedures, evidence, and conclusions Format for audit documentation includes:
• Heading: Entity name, working paper title, and entity's year-end date.
• Indexing and cross-referencing: Notations that provide a trail from financial statements to audit documentation.
• Tick Marks: Notations indicating auditor/reviewer actions on work papers.
• Ownership of Audit Documentation, Archiving, and Retention: - Audit documentation should let audit team members and others find evidence supporting financial statements. - All audit documentation is the auditor's property, not the client's. - The Sarbanes-Oxley Act requires audit documentation be retained for seven years from the date of the engagement to comply with PCAOB quality control standards. - Private companies need to keep material for five years

Purpose of Analytical Procedures

• Performed three times during the audit:
• Risk assessment procedures: Assist in understanding the business to plan the audit.
• Substantive analytical procedures: Obtain evidential matter about particular accounts or transactions
• Final analytical procedures: As an overall review in the final stage of the audit

Types of analytical procedures

• Trend analysis: Simplest; looks at trends over time
• Ratio analysis: Calculates ratios based on financial information
• Reasonableness analysis: Complex; comparing an amount to financial statements

Substantive Analytical Procedure Decision Process

• Auditor must form an exception
• Analytics must also be more or less precise
• Auditing standards require an auditor to have an expectation whenever analytical procedures are used. An expectation can be developed using a variety of info sources

Measuring Precision

• Potential effectiveness of an analytical procedure
• Degree of reliance that can be placed on the procedure
• The more precise the expectation, the more extensive and expensive the audit procedures (cost-benefit trade-off)
• If there is LOW detection risk, HIGH precision is required, and a HIGH extensiveness of procedures
• Factors affecting the precision of analytical procedures:
• Disaggregation
• Plausibility
• Data reliability
• Type of analytical procedure

Tolerable Difference

• A tolerable difference refers to the maximum variation the auditor can accept while still considering the result acceptable
• Size of tolerable difference depends on :
• Account significance
• Reliance on substantive analytical procedures
• Level of disaggregation
• Precision of the expectation
• Compare expectation to the recorded amount and evaluate differences.

Investigating and Corroborating

• Deviations demand follow-up which begins with asking and receiving explanations from the client:
• Corroborate the data with appropriate evidence

Investigating Differences

• Risk Assessment and Final Analytical Procedures
• As such, the analytical procedures involved are also very different:
  • Corroborate the data Corroborating evidence is NOT required in the planning process

Audit Data Analytics(ADA)

• Uses analysis, modeling, and visualization to identify anomalies while planning and performing audits
• ADA typically involves these steps:
  • Planning the ADA
  • Identify what procedure the data will go through
• Assess data for accuracy and access
• Run analytics for patterns
• Evaluate if the ADA’s original objective has been achieved

Professional Skepticism

• Maintain a questioning mind and critically assess audit evidence.
• Professional judgment and skepticism are used throughout the audit process.

Internal Control

• Guarantees the reliability of financial reporting. Public company audits should have opinion over internal controls.
• Responsibilities of internal controls over financial reporting (ICFR):
  • Reasonable Assurance
  • Procedures which accurately and fairly reflect ICFR
  • Authorization and Recording based on GAAP
  • Prevention and detection with timely data

ICFR and the Sarbanes-Oxley Act

• Section 404 – management provides auditor with internal control framework; signs-off that ICFR is effective for the entire year.
• Auditor must audit and report on effectiveness of ICFR.
• Follow a top-down risk-based approach.

Auditor responsibilities and test controls

Identify risks or fraud that may lead to a material misstatement

• Scaling the audit (think size of the client and operations as this impacts ability to rest controls)
  • smaller clients may have more detective controls
• The auditors should Eval if others in the company will be using their own IC reports They should identify controls and test controls by identifying the nature, timing, and extent of selected controls

Designing and Testing ICFR

• DESIGN controls effectively: accurate and reliable
• TESTING controls: inquiry, observation and reperformance will lead to reliance
• Auditor must identify deficiencies in the system to understand the magnitude and consider 2 dimensions
  • Likelihood - can be remote or reasonably possible Magnitude - should be material

Control Deficiency

• A deficiency in internal control with 3 levels
  • Control Deficiency: cannot function in assigned task
  • Significant Deficiency: less severe with lots of judgement from audit committee
  • Material Weakness: cannot rely on the controls
• If there is a MW you must get an adverse opinion.

ICFR report

• Form an opinion whether the balance is materially misstated AND if there is significant scope of limitation
• Communications with the auditor MUST be made before issuing the report
• Audit report must include: - The audit’s objectives - Results and procedures - If the auditor relied on external work
• Communication is key with both management and individuals in charge through - the audit

Bitcoin and Blockchain Case Discussion

Risks associated with accepting payments with bitcoin:

• Accounting concerns
• Risk of improper revenue
• Risk of incorrect valuation
• The risk of owners - coins can simply poof and disappear

Relevant Financial Statement assertions include the following

• Financial Disclosures
• Valuation and allocation
• Completness, existence, or occurrence