ACC 179 Management Accounting 1 - Auditing PDF

ACC 179 UPDATES IN MANAGEMENT ACCOUNTING 1 - AUDITING ERIELE JUNE G. RIVERA, CPA, CTT, MBA OVERVIEW AUDITING AND AUDITORS PLANNING THE AUDIT O2C CYCLE (ORDER TO CASH) P2P CYCLE (PROCURE TO PAY) R2R CYCLE (RECORD TO REPORT) H2R CYCLE (HIRE TO RETIRE) INTERNAL CONTROL AUDIT EVIDENCE AND DOCUMENTATION AUDIT OBJECTIVES AND AUDIT PROCEDURES OPERATIONS AUDITING START O F S C H OOL B RE AK P H I NM A AU FOUNDATI ON DAY RES UM P TION OF C L AS S ES P 3 EXAM I NATION (GRADUATING) P 1 EXAM I NATION P3 EXAMI NATI O N (NON GRADUATING) P 2 E X AM I NATION END OF SEM THINGS TO BRING: BINDER FILLER PENCIL AND BLACK BALLPEN RED BALLPEN FOR CHECKING SOME PASSION FOR THE SUBJECT Olympus Corporation is a Japanese OLYMPUS manufacturer of optics and reprography products, headquartered in Hachioji, ACCOUNTING Tokyo. Olympus was established in 1919, initially specializing in microscopes and SCANDAL thermometers, and later in imaging. The Hidden Losses (1990s) Olympus started losing 01 money on risky investments in the 1990s. To avoid showing these losses, 02 they used a method called "tobashi". This involved hiding bad investments by moving them to other companies and covering them up with complicated financial tricks. The Trick (Hiding Losses) 01 Instead of reporting these losses, the company creates or uses separate companies (called "shell companies"). 02 A shell company is registered like a normal business, but it doesn’t produce goods, sell services, or engage in normal business activities. Its main role is to hold assets, manage financial transactions, or hide ownership of other companies or assets. The Suspicious Deals (2008–2010) Olympus made some strange 01 financial moves, like: Buying companies for very high prices, even though they weren’t worth much. Paying over $687 million in “advisory fees” to unknown companies. Michael Woodford Investigates (2011) 01 April 2011: Michael Woodford, a British executive, became CEO of Olympus. 02 He noticed these strange transactions and questioned senior executives. Woodford demanded answers and asked for an investigation into the suspicious payments. The Whistleblower Is Fired (October 2011) Instead of addressing his concerns, 01 Olympus fired Woodford. 02 Officially, they claimed it was because of his "management style," but it was clear he was being silenced. 03 After being fired, Woodford exposed the scandal to the media and authorities. This brought international attention to Olympus and its hidden losses. Scandal Confirmed (November 2011) 01 Olympus admitted that it had hidden over $1.7 billion in investment losses. Investigations revealed that the fraud had been going on for decades, involving top executives. 02 Japanese authorities arrested and charged key Olympus executives with fraud. Olympus was fined ¥700 million (about $7 million), and its stock value dropped dramatically. What is an auditor? An auditor is an independent professional who examines and verifies the accuracy of a company’s financial records and reports. Auditors are responsible for ensuring that financial statements are accurate and in compliance with various laws and regulations. Auditor’s also provide assurance that an organisation’s financial statements are free from misstatements and fraud. Put very simply; an auditor is like an accountant crossed with a detective. After investigating a company’s financial statements, an auditor writes a report detailing the findings. This practice is called an audit. AUDIT ACTIVITY: 1.THE CLASS WILL BE DIVIDED INTO 6 GROUPS 2.EACH GROUP WILL VISIT THE AREA ASSIGNED TO THEM AREAS: LIBRARY CANTEEN FOODIE HUB FOOD STRIP ACAD FOOD STALLS HH FOOD STALLS AUDIT ACTIVITY: 3. THE GROUP WILL OBSERVE THE FLOW OF BUSINESS TRANSACTIONS EXAMPLE: Placing the Order Order Confirmation Order Entry Payment Method Receipt Record AUDIT ACTIVITY: 4.THE GROUP WILL MAKE A REPORT ON THEIR OBSERVATIONS OF THE FOLLOWING: Business Process Identified risks or red flags. Highlights of positive practices. Recommendations for improvement. Write it on a yellow paper. 5. THE GROUP WILL ASSIGN 2 REPRESENTATIVES TO PRESENT THEIR OBSERVATIONS. ACC 179 PLANNING THE AUDIT ERIELE JUNE G. RIVERA, CPA, CTT, MBA WHY PLAN? Basically, for three reasons: 01 so the auditor is able to gather sufficient and appropriate evidential matter 02 to minimize audit costs; 03 to pave the way for clear understanding between the company and the auditor. The steps in planning are: 01 Pre-plan; 02 Obtain background information about the company and the industry to which it belongs; 03 Obtain information about the company’s legal obligations; The steps in planning are: 04 Set materiality level and acceptable risks; 05 Understand internal control and assess control risks; 06 Develop the overall audit plan and write the audit program. PREPLANNING involves the making of a decision on whether or not to accept the engagement, the auditor is the only party who can decide this Knowledge of the Prospective Client The auditor should obtain knowledge of the prospective client to be able to assess business risks and control risks and to determine the nature, timing and extent of audit procedures. Knowledge of the Prospective Client Industry Analysis: Study the industry in which the client operates to understand general risks and norms. Look into trends, regulations, and economic conditions affecting the industry. Industry Analysis - Example E-Mart Solutions Inc. is an e-commerce platform with high daily transaction volumes, offering products globally and handling sensitive customer data (payment details, personal information). Nature of Operations The company relies heavily on its e-commerce platform for revenue generation. High volumes of online payments processed daily. Operations are supported by third-party payment gateways and cloud service providers. Industry Analysis - Example Key Cybersecurity Concerns Identified Data Breach Risks: Exposure of sensitive customer data (e.g., credit card details). Business Disruption: A cyberattack (e.g., ransomware) could halt online operations, leading to revenue loss. Compliance Risks: Non-compliance with data privacy regulations (e.g., GDPR, CCPA) could result in hefty fines. Fraudulent Transactions: The platform is a potential target for cyber fraud. Industry Analysis - Example Understanding the IT Environment Evaluate the company's IT systems, including payment processing software, security infrastructure, and data protection measures. Assess reliance on third-party service providers and their controls (e.g., cloud vendors, payment gateways). Industry Analysis - Example Inquiries with Management and Key Personnel "What measures are in place to detect and prevent cyberattacks?" "Have there been any past incidents of cyber breaches, and how were they handled?" "How does the company monitor the security of third-party service providers?" Knowledge of the Prospective Client Prior Audit Reports: Review audit reports or financial statements from previous years, if available, to identify historical issues or trends. Public Information: Analyze publicly available data such as press releases, regulatory filings, and news about the company. What if you are a continuing auditor? A continuing auditor is an auditor or audit firm that has been reappointed to conduct the audit of an entity for successive periods. What if you are a continuing auditor? A continuing auditor should perform a repeat self-examination to ensure their independence, objectivity, and professional competence remain intact, even after working with the same client for multiple periods. This self-review is essential for maintaining the integrity of the audit and upholding public trust. Five Threats to Auditor Independence 1. Self-Interest Threat Occurs when the auditor has a financial or personal interest in the audit client. 2. Self-Review Threat Happens when the auditor is auditing their own work or judgments. Five Threats to Auditor Independence 3. Familiarity Threat Occurs when the auditor becomes too familiar with the client’s management or systems, impairing objectivity. 4. Intimidation Threat Happens when the auditor feels pressured by the client or fears repercussions. 5. Advocacy Threat Arises when the auditor acts in support of the client’s interests. CHECKPOINT 1: TRUE OR FALSE 1.Audit planning is only necessary for first-time audits. 2.Preplanning helps auditors identify potential challenges and risks before the main audit begins. 3.Publicly available information, such as regulatory filings, can provide insights into the client’s business. 4.Preplanning includes detailed testing of financial statement assertions. 5.Interviews with management are an effective way to gather knowledge about the prospective client. 6. Accepting expensive gifts from a client’s management could lead to a self-interest threat. 7. Rotating key audit personnel periodically can help mitigate familiarity threats. 8. Advocating for a client in a tax dispute with a regulatory body creates a self-interest threat. 9. An auditor feeling pressured to sign off on financial statements due to threats from the client’s management faces an intimidation threat. 10. An auditor auditing a company's financial statements while also owning shares in the company creates a self-interest threat. Information about the company’s legal obligations Before the proper audit begins, obtaining information about a company’s legal obligations is part of the preplanning phase. During this phase, auditors focus on gathering preliminary knowledge to understand the client’s environment and potential risks. Information about the company’s legal obligations Review Key Documents: Articles of Incorporation or Organization: Check for information about the company’s structure and legal responsibilities. Corporate Policies: Evaluate compliance-related policies, such as codes of ethics or anti-bribery regulations. Information about the company’s legal obligations Contracts and Agreements: Look for major obligations like debt covenants, lease agreements, or guarantees. Pending lawsuits or penalties in news reports or public court filings. Regulatory notices or warnings related to the client’s business activities. Set materiality level and acceptable risks; Materiality Materiality is a concept used in accounting and auditing to determine the significance of financial information, errors, or omissions. An item is considered material if its omission or misstatement could influence the economic decisions of users (e.g., investors, creditors, regulators) based on the financial statements. Assessing the materiality level Choose a financial metric that is most relevant to the entity and its stakeholders. Common benchmarks include: Profit before tax (for profit-oriented entities) Revenue (for entities with variable profits) Total assets or equity (for entities like financial institutions or nonprofits) The choice depends on the nature of the business and what stakeholders consider important. Determine a Percentage Range Apply a percentage to the chosen benchmark to arrive at a preliminary materiality level. Examples include: Profit before tax: 5% to 10% Revenue or total assets: 0.5% to 2% Adjust the percentage based on the nature of the entity, industry, and financial environment. CHECKPOINT 2: TRUE OR FALSE 1.Reviewing the minutes of board meetings can help the auditor identify potential legal obligations. 2.Identifying contingencies, such as lawsuits, is part of understanding the company’s legal obligations. 3.Both quantitative and qualitative factors are considered when determining materiality. 4.Materiality is determined once at the planning stage and cannot be adjusted during the audit. 5.Materiality thresholds are documented to justify the auditor’s decisions and procedures. Understand the Concept of Audit Risk Audit Risk (AR): The risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated. Components of Audit Risk Inherent Risk (IR): The risk of a material misstatement occurring due to the nature of the business or transactions, without considering controls. Control Risk (CR): The risk that a material misstatement will not be prevented or detected by the entity's internal controls. Detection Risk (DR): The risk that the auditor's procedures will fail to detect a material misstatement. Inherent Risk - Example Complex revenue streams: Sales from different countries, multiple currencies, and varying tax regulations. Online platforms are prone to fraudulent activities, such as fake transactions, chargebacks, or unauthorized access. Subscription services or prepayments may result in improper cutoff or timing issues for revenue recognition. Control Risk - Example In a small retail company, the same employee processes customer payments, records transactions in the accounting system, and reconciles the bank accounts. A company uses an ERP system for accounting, but user access is not restricted based on roles. Non- accounting staff can edit financial data. A logistics company does not reconcile its inventory ledger with physical inventory counts regularly. Detection Risk - Example An auditor tests only a small sample of invoices from a large population of transactions during revenue testing. During an inventory audit, the auditor relies solely on client-provided inventory records without performing physical inventory counts or observing inventory valuation practices. Components of Audit Risk The relationship is expressed as: AR = IR × CR × DR Develop the Audit Strategy The acceptable audit risk influences: Extent of testing: More sampling or substantive testing for higher risks. Nature of procedures: Focus on areas with higher risk of misstatement. Timing of work: Interim vs. year-end testing to address evolving risks. CHECKPOINT 3: TRUE OR FALSE 1.A company has recently launched a complex new product line with significant sales, and the revenue recognition for these new sales involves complex terms and conditions. The inherent risk of material misstatement in revenue recognition is high due to the complexity of the new product line and its sales terms. CHECKPOINT 3: TRUE OR FALSE 2. A manufacturing company has automated its production process and implemented a robust system for tracking inventory and production costs. However, the company does not perform regular reconciliations of physical inventory with the system’s records. The control risk related to inventory misstatement is high due to the lack of regular reconciliations. CHECKPOINT 3: TRUE OR FALSE 3. During an audit, the auditor uses analytical procedures to detect unusual patterns in the client’s revenue but does not conduct further testing or inquire about unusual transactions identified. The detection risk is low because the auditor used analytical procedures to examine revenue. CHECKPOINT 3: TRUE OR FALSE 4. A company with a simple business model and a small number of transactions has strong internal controls over financial reporting. The control risk is low for this company because of the simplicity of its operations and strong internal controls. CHECKPOINT 3: TRUE OR FALSE 5. An auditor is conducting a year-end audit for a client with complex international operations and varying tax regulations across regions. The auditor relies heavily on the client's tax department to provide accurate tax filings and supporting documentation. The detection risk is high because the auditor has relied on the client's tax department without independently verifying the tax filings. Understand internal control and assess control risks; Understanding internal control and assessing control risks during audit planning is a critical step to evaluate the effectiveness of an entity's internal control system and determine the nature, timing, and extent of audit procedures. Here's how this process is done: Components of Internal Control 1.Control Environment: The organization's tone at the top, ethics, and commitment to competence. 2.Risk Assessment: The entity's processes for identifying and managing risks that could affect financial reporting. Components of Internal Control 3.Control Activities: Specific policies and procedures designed to prevent, detect, or correct errors and fraud. 4. Information and Communication: Systems that ensure accurate and timely communication of financial data. 5. Monitoring Activities: Processes to ensure controls are working effectively over time. Develop the overall audit plan and write the audit program Writing the Audit Program The audit program translates the overall audit plan into detailed, actionable steps to perform during the audit. It serves as a guide for auditors to ensure all areas are appropriately addressed. CHECKPOINT 4: TRUE OR FALSE 1.The control environment is part of the internal control system and reflects the entity's overall attitude toward controls. 2.Control risk is assessed as high if the auditor determines that internal controls are ineffective in preventing or detecting material misstatements. 3.The audit program provides a high-level strategy but does not include detailed procedures. CHECKPOINT 4: TRUE OR FALSE 4. Audit risk is solely the responsibility of the entity's management. 5. If inherent and control risks are high, detection risk should also be high to balance the audit risk equation.

ACC 179 Management Accounting 1 - Auditing PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue