Adv Audit Quiz Study Chapters 1, 4, & 5, Module G & H

Chapter 1 ========= When seeking capital to grow their business, management has an incentive to present their company's financial statements and future prospects in a manner that will entice potential investors and creditors. Since the possibility exists that management could misrepresent their financial position and results of operations, it is essential that investors and creditors have assurance that they can rely on the information provided by management, which creates demand for the financial statement audit. Stated simply, when an independent auditor completes an audit and then issues a report that states that the financial statements are presented fairly, in all material respects and have been presented in accordance with Generally Accepted Accounting Principles (GAAP), the financial statements can be relied upon by investors and creditors. Unfortunately, the investors in Theranos, a blood-testing startup company, never asked for an independent audit report. In March 2018, the Securities and Exchange Commission (SEC) settled massive fraud charges against Theranos, their CEO Elizabeth Holmes, and their president, Sunny Balwani. The SEC's complaint alleged that the materials provided to potential investors included a company overview, reports of clinical trials, and financial statement information and projections. However, the package did not include an independent audit report. Unfortunately the company, which was valued as high as \$9 billion by investors back in 2015, barely had enough cash to pay the bills less than five years later.1 In January 2022, Elizabeth Holmes was convicted of two counts of wire fraud and two counts of conspiracy to commit wire fraud. She now faces up to 20 years in prison.2 This example helps to reinforce why it is so important for investors and creditors to review audited financial statements as they consider whether to invest or loan money to a company. Of course, for the audit to have true value to investors and creditors, it must be completed in accordance with professional standards in a high quality manner by independent auditors. You may be asking, why is audit quality so important? Well, as we have just seen, both investors and creditors depend on reliable financial statement information to make their investment and lending decisions about a company. As a result, the confidence of investors and creditors is shaken whenever audit quality is compromised. To help ensure that audit quality is not compromised, the Sarbanes--Oxley Act of 2002 (hereafter referred to as Sarbanes--Oxley) created the Public Company Accounting Oversight Board (PCAOB) to regulate the audit profession for public companies. In fact, the PCAOB is responsible for setting all audit standards to be followed on audits of public companies. In addition, the PCAOB is required to perform inspections of the audit work completed and the quality control processes employed by audit firms. As a direct result, accounting students should know that if they plan to work as financial statement auditors, they will be entering a world that is focused on audit quality. Consider the following Auditing Insight \"Audit Quality.\" AUDITING INSIGHT Audit Quality In November 2021, Ernst & Young (EY) published its report on audit quality for 2021. In the report, the firm's leaders affirmed their commitment to audit quality through continuous improvement of their audit process and a strong focus on their quality control system. They also firmly embraced their role to serve the public interest and acknowledged their critically important responsibility to the investing public for instilling confidence in the capital markets. The report highlights EY\'s key areas of focus to drive the firm's audit quality efforts, which include full implementation of their innovative digital audit methodology, an enhanced focus on staff training and project management skills, along with reinforcing the importance of independence and professional skepticism. The report also specifically discussed the enhancement of the firm's use of data and analytics as a way to manage the firm\'s focus on risks. The report is a clear indication to students that quality matters more than anything else in their future work as auditing professionals. Before we think about audit quality any further, we must first explain the vital role that financial statement auditors play in supplying key decision makers with useful, understandable, and timely information. When you have a better understanding of why auditing is so critical to help ensure the liquidity of the world's capital markets, we will then explore in detail the process auditors take to help ensure that audit quality is achieved. Because many of you are likely planning to enter the public accounting profession and work as an auditor, we hope that you will work hard to acquire this knowledge so that you may do your part in playing a key role in maintaining the public's confidence in both the auditing profession and the capital markets. Information Risk in a Big Data World All businesses make a countless number of decisions each and every day. Decisions to purchase or sell goods or services, lend money, enter into employment agreements, or buy or sell investments depend in large part on the quality of useful information. These decisions affect business risk, which is the risk that an entity will fail to meet its objectives. For example, business risk includes the chance a company takes that its own customers will buy from competitors, that product lines will become obsolete, that taxes will increase, that government contracts will be lost, or that employees will go on strike. If the company fails to meet its objectives enough times, the company may ultimately fail. To minimize these risks and take advantage of other opportunities presented in today's competitive business environment, decision makers such as chief executive officers (CEOs) demand timely, relevant, and reliable information. Similarly, investors and creditors demand high-quality information to make educated investing and lending decisions. Information professionals such as accountants and auditors help satisfy this demand. In recent years, as a result of ever-increasing computing power, the decision-making environment is rapidly being transformed into one that is characterized by the availability of significant amounts of data and information. Let's face it, the amount of information that organizations are seeking to manage is greater than anyone could have possibly imagined just 10 years ago. You are entering a world where upper management teams are placing more emphasis than ever on how to make sense of this seemingly ever-increasing availability of data and information. To help you prepare for this "big data" challenge as an auditor, we will be drawing upon this theme in multiple chapters throughout this book. There are at least four environmental conditions in this big data world that increase user demand for relevant and reliable information: Complexity. Events and transactions in today's global business environment are numerous and often very complicated. You may have studied derivative securities and hedging activities in other accounting courses, but investors and other decision makers may not have your level of expertise when dealing with these complex transactions. Furthermore, these decision makers are not trained to collect, compile, and summarize the key operating information themselves. They need the services provided by information professionals to help make the information more understandable for their decision processes. Remoteness. Decision makers are usually separated from current and potential business partners not only by a lack of expertise but also by distance and time. Investors may not be able to visit distant locations to check up on their investments. Instead, they need to employ full-time information professionals to do the work they cannot do for themselves. Time sensitivity. Today's economic environment requires businesses, investors, and other financial information users to make decisions more rapidly than ever before. The ability to promptly obtain high-quality information is essential to businesses that want to remain competitive in our global business environment. Consequences. Decisions can involve a significant investment of resources. The consequences are so important that reliable information, obtained and verified by information professionals, is an absolute necessity. Theranos's aftermath provides a graphic example of how decisions affect individuals' (as well as companies') financial security and well-being. Consider that back in 2015, as a private company, Theranos was valued over \$9 billion and employed over 700 people. Yet, by September 2018, Theranos was out of business.3 The following Auditing Insight "More Consequences" describes another example. AUDITING INSIGHT Even More Consequences Bernard Madoff, a former chairman of the NASDAQ stock market and a respected Wall Street adviser and broker for 50 years, was arrested after his sons turned him in for running "a giant Ponzi scheme," bilking investors out of billions of dollars. Many investors, including actors, investment bankers, politicians, and sports personalities, lost their life savings. Although some of the world's most knowledgeable investors fell prey to the scam, numerous red flags were present for all who were wise enough to see them. First, Madoff's fund returned 13--16 percent per year, every year, no matter how the markets performed. Second, his stated strategy of buying stocks and related options to hedge downside risk could not have occurred because the number of options necessary for such a strategy did not exist. Third, although his firm claimed to manage billions of dollars, its auditing firm had only three employees, including a secretary and a 78-year-old accountant who lived in Florida. A further complication in effective decision making is the presence of information risk. Information risk is the probability that the information circulated by a company will be false or misleading. Decision makers usually obtain their information from companies or organizations they want to conduct business with, provide loans to, or engage with in buying or selling the company's stock. Because the primary source of information is the target company itself, an incentive exists for that company's management to make its business or service appear to be better than it actually is, to put its best foot forward. As a result, preparers and issuers of financial information (directors, managers, accountants, and other people employed in a business) might benefit by giving false, misleading, or overly optimistic information. This potential conflict of interest between information providers and users, along with financial statement frauds such as the one perpetrated at Theranos, leads to a natural skepticism on the part of users. Thus, they depend on information professionals to serve as independent and objective intermediaries who will lend credibility to the information. This lending of credibility to information is known as providing assurance. When the assurance is provided for specific assertions made by management, we refer to the assurance provided as attestation. When the assertions are embodied in a company's financial statements, we refer to the attestation as auditing. More specifically, when their work is completed, the auditors supply an opinion as to whether the financial statements and related footnotes are presented fairly in all material respects. The actual compilation and creation of the financial statements is completed by the company's accountants. Now that you understand why decision makers need independent information professionals to provide assurance on key information, we further define assurance, attestation and financial statement auditing services in this section, and explain their roles in today's information economy. Assurance Services The American Institute of Certified Public Accountants (AICPA) defines an assurance service as any independent professional service that improves the quality of information, or its context, for decision makers. The definition is intentionally broad to encompass a wide range of services that could be performed by CPAs to add value in today\'s ever-changing information economy. In fact, given the market opportunities that exist in today\'s information economy, the AICPA is deliberately seeking to expand the CPA\'s traditional focus on financial statements to include different types of information, whether it be financial or nonfinancial. Before moving forward, let\'s take a closer look at the major elements and boundaries of the AICPA\'s definition for an assurance service which are Independence. CPAs want to preserve their attestation and audit reputations and competitive advantages by always preserving integrity and objectivity when performing any type of assurance service. Professional services. Virtually all work performed by CPAs (accounting, auditing, data management, taxation, management, marketing, finance) is defined as a professional service as long as it involves some element of judgment based on education and experience. Improving the quality of information or its context. CPAs can enhance information quality in a number of different ways. For example, by helping to assure users about the relevance of information being used in a particular decision-making context. Or, the CPA can enhance the quality of information by helping to assure users about the reliability or credibility of the information being used to make decisions. It is important to point out that the emphasis of the definition is on information, which focuses on CPAs' traditional value proposition. Also, remember that when considering assurance services, improving the context of information refers not only to the information itself but to how the information is being used in a decision-making context. For decision makers. The decision makers are the consumers of assurance services, and they personify the customer focus of different types of professional services being offered by CPAs. Ultimately, the decision makers are the beneficiaries of the assurance services performed, and depending upon the specific nature of the service, decision makers might be a very small, targeted group (e.g., an upper management team of a client, a group of creditors) or a large group (e.g., all potential investors). The following Auditing Insight "Third Party Assurance" indicates how the quality of information can assist both buyers and sellers in today's market. AUDITING INSIGHT THIRD PARTY ASSURANCE Exhibit 1.1 shows two 1961 Topps Mickey Mantle baseball cards. The card on the right was offered on eBay with the seller's representation that the card was in Near Mint/Mint condition. This representation is a standard description and is the equivalent of a grade 8 on a standard 10-point scale used in grading the quality of a trading card. The card was purchased on eBay for \$205.50. EXHIBIT 1.1 Professional Sports Authenticator as Third-Party Assuror Within a week, a second 1961 Topps Mickey Mantle baseball card was sold on eBay. Again, this card was offered with the seller's representation that the card was in Near Mint/Mint condition (card on the left). The only difference was that this card had been sent to Professional Sports Authenticator (PSA), a company that verifies the authenticity and quality of sports items. Note that PSA does not buy or sell sports merchandise; it acts only as an independent third party expressing a professional opinion regarding the merchandise in question. This card sold for \$585. The only difference between the two transactions was that the buyers of the card on the left had more information concerning the risk inherent in the transaction. Why was the first transaction riskier? What were the buyers' concerns? Were the concerns only from intentional misstatements? How did the grading of the card by PSA reduce these concerns? What are the incentives for PSA to grade the card accurately? How does the business of PSA relate to the profession of auditing? Examples of Assurance Services Without a doubt, the most common type of assurance services provided by CPAs are attestation services. In an attestation service, the CPA expresses an opinion about information (or an assertion about that information) that is the responsibility of another party. While there are many types of attestation services that can be performed, the financial statement audit is the most common type of attestation service provided by CPAs. When completing an attestation service, the CPA is auditing the information to enhance its reliability or credibility for decision makers. We will discuss attestation services, including the financial statement audit, shortly but before moving forward, just a reminder that assurance services is the most broad categorization of the services typically provided by CPAs. Keeping that in mind, Exhibit 1.2 depicts the relationships among assurance, attestation, and auditing services. EXHIBIT 1.2 The Relationships among Assurance, Attestation, and Audit Engagements In general, assurance services other than attestation and financial statement auditing services tend to be more customized for use by smaller, targeted groups of decision makers. For example, many companies and organizations have used public accounting firms to conduct a comprehensive assessment of risks that the enterprise faces. This type of enterprise risk assessment can then be used to show stakeholders that the management team understands and is properly managing the risks that the enterprise faces. We also present a few more examples of assurance services to illustrate the variety of services that fall under the assurance service umbrella. Some will look familiar and others may defy imagination: Cybersecurity risk assessment and assurance. XBRL (eXtensible Business Reporting Language) reporting. Evaluation of investment management policies. Internal audit outsourcing Fraud and illegal acts prevention and deterrence. Be aware, that public accounting firms must pick and choose the services that they wish to provide to the market based on the expertise that resides within the firm. Nobody believes or maintains that all public accounting firms will want or be able to provide all types of assurance services. However, as the following Auditing Insight "Can Accounting Complexity Be Measured Using XBRL" illustrates, there may be an emerging benefit of XBRL reporting that has yet to be fully realized. AUDITING INSIGHT Can Accounting Complexity Be Measured Using XBRL? XBRL (also referred to by the SEC as interactive data) is an information format designed specifically for business reporting. Through the "tagging" of specific data items (cash, inventory, sales transactions, etc.), XBRL facilitates the collection, summarization, and reporting of financial information in a medium that users can easily transform for their own decision-making purposes. Recently, researchers have created a measure of reporting complexity for the public companies and foreign private issuers listed with the SEC that are all required to use XBRL for SEC filings. The researchers proposed a new measure of accounting reporting complexity (ARC) based primarily on the sheer number of items that have an XBRL tag that were disclosed in the company's Form 10-K filings. It turns out that the disclosure of more XBRL tags is difficult because the accountants need to know more about accounting standards. And if they do not, they found that there is an increased chance of mistakes and outright errors by the company. Their analysis of the data revealed "a greater likelihood of misstatements and material weakness disclosures, longer audit delay, and higher audit fees" for the companies that had more accounting reporting complexity as measured by XBRL. Before turning our attention to attestation and financial statement auditing services, it is important to point out the difference between assurance services and consulting (or advisory services) performed by public accounting firms. In providing advisory services, CPAs use their professional skills and experiences to provide recommendations to a client\'s management team for specific outcomes such as information system design and operation; whereas in assurance services, the focus is entirely on the information that decision makers use. However, like advisory services, assurance services do have a "customer focus," and CPAs develop assurance services that add value for customers (i.e., decision makers). Consider the potential market opportunity that may exist related to non-fungible tokens, described in the following Auditing Insight "NFTs, an Emerging Market Opportunity." AUDITING INSIGHT NFTs, an Emerging Market Opportunity for CPAs? Non-Fungible Tokens, or NFTs, are becoming very popular. But what exactly is an NFT? According to Merriam-Webster, an NFT is "a unique digital identifier that cannot be copied, substituted, or subdivided, that is recorded in a blockchain, and that is used to certify authenticity and ownership (as of a specific digital asset and specific rights relating to it)." Put in simple terms, an NFT is a one-of-a-kind digital asset that allows you to prove that you are the owner of that digital asset. It is non-fungible because there is no asset you can trade equally for it. An NFT, for now, is anything produced digitally, which is mainly a photo, video, or other type of artwork. However, investors in this market do see the possibility of the deed to your house or even a used ticket to a sporting event as being an NFT. The possibilities appear to be limitless. So how much money is being spent on NFTs? Prior to 2021, a total of \$94.9 million was spent; in 2021 that number jumped to \$24.9 billion. What are some of the items purchased for these great sums? Digital art by the artist "Beeple" sold for \$6.6 million while the original code for the World Wide Web sold for \$5.4 million. The big question to ponder, can information assurers add value to this emerging market? Although attestation engagements and financial statement audits are specific types of assurance engagements and auditors can thus be described more generally as information assurors, hereafter we will use the term auditor instead of information assuror because of the specific responsibilities that auditors have under generally accepted auditing standards (GAAS) as well as under regulatory bodies such as the SEC and the PCAOB. However, many of the procedures that auditors perform as part of an audit engagement are similar to those performed as part of other information assurance engagements. Throughout this book, we will point out these shared procedures when appropriate. For now, let us turn our attention specifically to attestation engagements. Attestation Engagements Many people appreciate the value of auditors' attestations on historical financial statements, and as a result, they have found other types of information to which certified public accountants (CPAs) can attest. The AICPA defines an attestation engagement as a service where a practitioner is requested to examine whether management\'s assertion about some type of subject matter can be relied upon. Many decision makers have appreciated the value of financial statement auditors' attestations on historical financial statements, and as a result, they have found other types of information to which CPAs can attest to. For example, as more and more companies and organizations seek to demonstrate their efforts related to corporate social responsibility, demand is growing for attestation services related to environmental reporting. When applying the above definition to this context, you will note that a practitioner (i.e., an environmental reporting auditor) is engaged to issue a report on assertions about subject matter (i.e., that the environmental reports are presented in accordance with appropriate laws and regulations) that are the responsibility of another party (i.e., the management team). The following Auditing Insight "An Emerging Growth Opportunity for CPAs", indicates the significance of this emerging market for public accounting firms. AUDITING INSIGHT An Emerging Growth Opportunity for CPAs The International Financial Reporting Standards (IFRS) Foundation has announced a new board to oversee disclosures related to measures of sustainability. The board, which is being called the International Sustainability Standards Board (ISSB) is being asked to develop disclosure standards to help investors obtain relevant and reliable measures of sustainability. Assurance services related to measures of sustainability is part of a much broader Environmental, Social and Governance (ESG) effort being promoted by institutional investors, mutual funds, private equity, and venture capital funds. It is hoped that a "comprehensive global baseline of high-quality sustainability disclosure standards" will be developed that will help public accounting firms perform assurance services that identify the relevant measures. The key is to identify the set of measures that will meet investors' information needs and maximize the value of the entity. Of course, the standards would also provide a set of criteria that can be used to evaluate the reliability of the measures reported by the entity and allow public accounting firms to complete an attestation service. Sources: \"IFRS Foundation Announces International Sustainability Standards Board, consolidation with CDSB and VRF, and publication of prototype disclosure requirements,\" IFRS, November 3, 2021 (online source). Interestingly, in today's global business environment, activist shareholders are increasingly pressuring board of director members and upper management teams regarding issues of social responsibility, the environment, and other matters related to sustainability. As a direct result, more companies than ever are directly integrating their ESG initiatives into their overall business strategy and then seeking to quantify their efforts with measurable outputs. These measurements are often being used to help quantify the company's performance in areas such as the environment, labor, and basic human rights. For example, in the following Auditing insight "Climate Change Does Matter" students can see one of the world's largest asset managers, has recently toughened their standards related to climate change and environmental risk reporting for the corporations in their investment portfolio. AUDITING INSIGHT Climate Change Does Matter! The environment and sustainability matter a great deal. That is the clear message being sent by BlackRock, Inc. Indeed, the firm has made clear that it intends to take a much tougher stance against corporations that are unwilling to provide a "full accounting" of the environmental risks that they are facing in their business operations. In taking these steps, BlackRock seeks to show the marketplace that they are doing what they can in relation to climate change. Of course, it is an open question just how much influence BlackRock can have over companies, but their chief executive, Laurence Fink, clearly believes that by doing so, he will position his firm to "win over younger investors and millennials who want to invest money in line with personal values." Of course, whenever a management team makes an assertion about information, there is an opportunity to perform an attestation engagement. And, although sustainability is a prominent example of an emerging attestation engagement completed by CPAs, other examples of attestation engagements completed by CPAs (discussed in more detail in Module A) appear in the following box. EXAMPLES OF ATTESTATION ENGAGEMENTS Review Engagements (AT-C Section 210), such as providing limited assurance about whether the professional becomes aware of any material modifications that need to be made to the subject matter being examined. Agreed-Upon Procedures Engagements (AT-C Section 215), such as verifying inventory quantities and locations. Prospective Financial Information (AT-C Section 305), such as analysis of prospective or hypothetical "what-if" financial statements for some time period in the future. Reporting on Pro Forma Financial Information (AT-C Section 310), such as retroactively analyzing the effect of a proposed or consummated transaction on the historical financial statements as if that transaction had already occurred. Compliance Attestation (AT-C Section 315), such as ascertaining a client's compliance with debt covenants. Reporting on Controls at a Service Organization (AT-C Section 320), such as organizations that provide outsourced processes that are likely to be relevant to the user entities' internal control over financial reporting. Examination of Management's Discussion and Analysis (AT-C Section 395), prepared pursuant to the rules and regulations of the Securities and Exchange Commission (SEC). Financial Statement Auditing The focus of this book is on the financial statement auditing process, which is far and away the most common type of assurance service provided in today's market. Many years ago, the American Accounting Association (AAA) Committee on Basic Auditing Concepts provided a very useful general definition of auditing as follows: Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between the assertions and established criteria and communicating the results to interested users.4 A closer look at the definition reveals several ideas that are important to an auditing engagement. Auditing is a systematic process. It is a purposeful and logical process and is based on the discipline of a structured approach to reaching final decisions. It has a logical starting point, proceeds along established guidelines, and has a logical conclusion. It is not haphazard, unplanned, or unstructured. The process involves obtaining and evaluating evidence. Evidence consists of all types of information that ultimately guide auditors' decisions and relate to assertions made by management about economic actions and events. When beginning a financial statement audit engagement, an independent auditor is provided with financial statements and other disclosures by management. In doing so, management essentially makes assertions about the financial statement balances (e.g., that the inventory on the balance sheet really does exist, that revenue transactions recorded on the income statement really did occur, that the list of liabilities on the balance sheet is complete, etc.) as well as assertions that the footnote disclosures are fairly presented. The audit process has been around for a long time as shown in the following Auditing Insight "A Rich History." AUDITING INSIGHT A Rich History Although most of the largest public accounting firms trace their roots to the turn of the 19th century, auditing in the United States has a rich history. When the Pilgrims had a financial dispute with the English investors who financed their trip, an "auditor" was sent to resolve the difference. George Washington sent his financial records to the comptroller of the treasury to be audited before he could be reimbursed for expenditures he made during the Revolutionary War. One of the first Congress's actions in 1789 was to set up an auditor to review and certify public accounts. Even the "modern" concept of an audit committee is not so modern; the bylaws of the Potomac Company, formed in 1784 to construct locks on the Potomac River to increase commerce, required that three shareholders annually examine the company's records. Financial statement auditors generally begin their work with a focus on assertions (explicit representations) made by management about the financial statement amounts and information disclosed in footnotes, and then they set out to obtain and evaluate evidence to prove or disprove these assertions or representations made by management. The purpose of obtaining and evaluating evidence is to ascertain the degree of correspondence between the assertions made by the information provider and the established criteria. Auditors will ultimately communicate their findings to interested users. To communicate in an efficient and understandable manner, auditors and users must have a common basis or an established criteria for measuring and describing the financial statement information, which is essential for effective communication. Established criteria may be found in a variety of sources. For independent financial statement auditors, the criterion is whatever the applicable financial reporting framework is, whether it is GAAP in the United States or International Financial Reporting Standards (IFRS) in other jurisdictions. In a financial statement audit, the auditor obtains evidence and evaluates whether the financial statements are being presented fairly based on the evidence obtained. For example, if a company represented that they had \$10 million in a cash account, the auditor would have to verify with the bank that the company did in fact have \$10 million of cash in the bank. Exhibit 1.3 depicts an overview of financial statement auditing. EXHIBIT 1.3 Overview of Financial Statement Auditing Management makes assertions about economic actions and events in the Balance Sheet, Income Statement, Statement of Cash Flows, and Footnotes. An objective third party (Independent Auditor) obtains and evaluates evidence (knowledge of client's business, observation of physical assets, inquiry of managers, confirmations from third parties, inspection of documents). The Auditor ascertains the degree of correspondence between the financial statements provided by management and the applicable financial reporting framework (GAAP and IFRS). In doing so, the Auditor will create an Audit Report as well as other communications. The AAA definition already presented is broad and general enough to encompass external, internal, and even governmental auditing. The more specific viewpoint of external auditors in public accounting practice is reflected in the following statement about the financial statement audit made by the AICPA the public accounting community's professional association: The purpose of an audit is to provide financial statement users with an opinion by the auditor on whether the financial statements are presented fairly, in all material respects, in accordance with an applicable financial reporting framework, which enhances the degree of confidence that intended users can place in the financial statements. An audit conducted in accordance with GAAS and relevant ethical requirements enables the auditor to form that opinion. (AU-C-100.04) Auditing in a Big Data Environment In recent years, the auditing environment has been transformed into an environment that is characterized by the availability of significant amounts of data and cutting-edge analytical tools. As a direct result, entry-level professionals joining public accounting firms are being asked to have completed coursework related to the use of data and analytical tools. The following Auditing Insight "Is there really an "APP" for that?" provides compelling market support for this statement. AUDITING INSIGHT Is there really an "APP" for that? It has become clear that the skills needed by entry-level auditing professionals must include proficiency in data analytics and technology. But the need for a digital mindset is hardly limited to entry-level professionals, and to help in their efforts to upskill all of their professionals, PwC introduced an app that is designed to assess an individual's digital fluency. Once the assessment is complete, the app then helps an individual to understand what type of training they need to close any gaps that might exist in their digital fluency. There are now 60 different subject areas covered on the app, including blockchain, artificial intelligence, cybersecurity, and robotics among other topics. In addition, the Digital Fitness App (DFA) is now available on the App Store and is available for free for anyone to explore key trends in the digital world and to stay in close touch with recent updates. It is now obvious that the world has changed, and as a result, the set of skills acquired by students must also change to adapt to the new digital world. Most importantly, while PwC is just one firm, our conversations with professionals across firms of varying size are in agreement with the need for a digital mindset to effectively operate in an audit environment characterized by Big Data and advanced analytical tools. Among the critical issues for students to consider is how to identify the right set of data to analyze given a set of facts and circumstances. And, of course, how to present the analyses of such data in the most compelling format while documenting the results of their work. In addition, while analytical tools can rely on data sources that are both internal and external to the client, our current understanding is that entry-level audit professionals in today's environment need to first learn how to make the best use of internal data and information produced by the entity, including system-generated reports used by the client to execute its internal control activities and produce its financial statements. Throughout this book, we will be providing examples of how to make the best use of such internal client data, which includes an emphasis on always verifying the completeness and accuracy of the underlying data set being used. There is even an entire module (Module G) of this book that is dedicated to the use of Big Data and advanced analytical tools in the financial statement audit. From your earlier studies, you know that accounting is the process of recording, classifying, and summarizing a company's transactions into financial statements that will create assets, liabilities, equities, revenues, expenses, and related disclosures. It is the means of satisfying users' demands for financial information that arise from the forces of complexity, remoteness, time sensitivity, and consequences. Auditing does not include the function of producing financial reports. The function of financial reporting is to provide statements of financial position (balance sheets), results of operations (income statements, statements of shareholders' equity, and statements of comprehensive income), changes in cash flows (statements of cash flows), and accompanying disclosures to outside decision makers who do not have access to management's internal sources of information. A company's accountants, under the direction of its management team, perform this function. In fact, auditing standards emphasize that the financial statements are the responsibility of a company's management. Thus, the financial statements contain management's assertions about the transactions and events and related disclosures that occurred during the period being audited (primarily the income statement, statement of shareholders' equity, statement of comprehensive income, statement of cash flows, and related disclosures), and assertions about the account balances and related disclosures at the end of the period (primarily the balance sheet, and related disclosures). As the Auditing Insight "Sarbanes--Oxley and Management\'s Responsibility for Financial Reporting" makes clear below, the upper management team at public companies must certify the correctness of the financial statements and the effectiveness of the internal control system for financial reporting. Given the required focus on internal controls, entry-level audit professionals are expected to understand the relationship between a company's internal control activities and the relevant financial statement assertions about the financial statement account balances. We suggest that as a new auditing professional, a detailed understanding of this relationship will provide you with the opportunity to immediately contribute to the audit team. As a result, we are hopeful that this book can provide a foundation of knowledge to help simplify the relationship between internal controls and the financial statements, which is paramount in the post-Sarbanes--Oxley auditing environment. AUDITING INSIGHT Sarbanes--Oxley and Management's Responsibility for Financial Reporting Congress passed the Sarbanes--Oxley Act in 2002 in an attempt to address a number of weaknesses found in corporate financial reporting as a result of the frauds at companies such as WorldCom and Enron. Although the preparation of the financial statements has always been the responsibility of management, Sarbanes--Oxley has enhanced the disclosure provisions to create a heightened sense of accountability. One of its most important provisions (Section 302) states that key company officials must certify the financial statements. Certification means that the company's chief executive officer and chief financial officer must sign a statement indicating: They have read the financial statements. They are not aware of any false or misleading statements (or any key omitted disclosures). They believe that the financial statements present an accurate picture of the company's financial condition. Management must also make assertions regarding the effectiveness of the company's internal controls over financial reporting. In addition, the auditors are required to issue an attestation report (Section 404) on the system of internal controls to provide assurance that the system of internal controls over financial reporting has been designed and is operating effectively. When planning the audit engagement, auditors use management's assertions to assess external financial reporting risks by determining the different types of misstatements that could occur for each of the relevant management assertions identified and then develop auditing procedures that are appropriate in the circumstances. The auditing procedures are completed to provide the evidence necessary to persuade the auditor that there is no material misstatement related to each of the relevant assertions. Once the auditor is satisfied that the evidence has supported each of the relevant assertions, the auditor issues a report to provide assurance to financial statement users that the financial statements are free of material misstatement in accordance with generally accepted accounting principles. As an auditor, you must keep in mind the importance of understanding management's financial statement assertions and always remember that you are serving the entire public interest, including stakeholders such as bankers, investors, and employees when ultimately reporting that the financial statements are free of material misstatement. APOLLO SHOES The Company Throughout this book, we will use Apollo Shoes, Inc. (the "Company") as a comprehensive case example to help illustrate important auditing concepts. The company is a distributor of athletic shoes. The Company's products are shipped to large and small retail outlets in a six-state area. The Company operates from a large office, which includes a warehouse in the Shoetown, Maine, area. In this chapter, we will illustrate the financial statement assertions using Apollo Shoes. When studying and learning about the assertions, a student of auditing must always remember that each assertion gives rise to a question that can be answered with audit evidence. Exhibit 1.4 provides a list of all of management's financial statement assertions and some of the key questions that the audit team must address, with evidence, about each assertion. Note that column 1 in Exhibit 1.4 denotes the assertions currently identified by the PCAOB for public company audits.5 The PCAOB auditing standards do allow auditors to use different management assertions at their discretion, provided that the assertions cover the pertinent risks in each significant account. In that spirit, the Auditing Standards Board (ASB)6 provides an additional set of management assertions (columns 2 and 3 in Exhibit 1.4). You will note that the ASB set of assertions, while largely in alignment with the PCAOB assertions, does provide greater detail and clarity for students of auditing to conceptualize. The key questions (column 4) indicate how each of these assertions must be thought about when evaluating specific aspects of management's financial statements and disclosures. Each of the assertions is defined and described in detail in the following sections, organized along the lines of the PCAOB assertions identified in column 1, with the aligned ASB assertion(s) following in parentheses. EXHIBIT 1.4 Management AssertionsTable Summary: A table displays management assertions with three columns contains PCAOB assertions, ASB assertions, and key questions. The ASB assertions are further divided into assertions about events and transactions, account balance, and Presentation and Footnote Disclosures. ASB Assertions \(1) (2) (3) (4) PCAOB Assertions Assertions about Classes of Transactions and Events, and Related Disclosures Assertions about Account Balances and Related Disclosures Key Questions Existence or occurrence Occurrence Existence Do the assets listed really exist? Did the transactions really occur? Cutoff Did the recorded sales transactions occur in the period? Completeness Completeness Are all accounts recorded on the balance sheet? Completeness Were all transactions recorded on the income statement? Cutoff Are transactions included in the proper period? Valuation or allocation Accuracy Accuracy, valuation, and allocation Are the balance sheet accounts valued correctly? Are the transactions accurately recorded? Rights and obligations Rights and obligations Does the company really own the assets? Rights and obligations Are all legal responsibilities to pay the liabilities identified? Presentation and disclosure Classification Were all transactions recorded in the correct accounts? Presentation Presentation Are the disclosures understandable to users? Are all required footnote disclosures included? Existence or Occurrence (Existence, Occurrence, Cutoff) The numbers listed on the financial statements have no meaning to financial statement users unless the numbers faithfully represent the actual transactions, assets, and liabilities of the company. Existence asserts that each of the balance sheet and income statement balances actually exist. Occurrence asserts that each of the income statement events and transactions actually did occur in the proper period. As a general rule, the occurrence assertion relates to events, transactions, presentations, and footnote disclosures (as indicated in columns 2 of Exhibit 1.4), and the existence assertion relates to account balances and footnote disclosures (as indicated in column 3). Therefore, auditors must test whether the balance sheet amounts reported as assets, liabilities, and equities actually exist. To test the existence assertion, auditors typically verify cash with banks and count the physical inventory, verify accounts receivables and insurance policies with customers, and perform other procedures to obtain evidence whether management's assertion is in fact supported. Similarly, management asserts that each of the revenue and expense transactions summarized on the income statement or disclosed in the financial statement footnotes really did occur during the period being audited. To test the occurrence and the cutoff assertions, auditors complete procedures to ensure that the reported sales transactions really did occur and were not created to fraudulently inflate the company's profits. APOLLO SHOES Existence or Occurrence On Apollo Shoes, management would assert that their assets or liabilities all exist as of December 31. For example, management asserts that its cash on the balance sheet really does exist. In addition, management asserts that each revenue transaction on the income statement actually did occur. Completeness (Completeness, Cutoff) In the financial statements, management asserts that all transactions, events, assets, liabilities, and equities that should have been recorded have been recorded. In addition, management asserts that all disclosures that should have been included in the footnotes have been presented. Thus, auditors' specific objectives include obtaining evidence to determine whether, for example, all inventory is included, all accounts payable are included, all notes payable are included, all expenses are recorded, and so forth. A verbal or written management representation saying that all transactions are included in the accounts is not considered a sufficient basis for deciding whether the completeness assertion is true. Auditors need to obtain persuasive evidence about completeness. Cutoff is a more detailed expression of the completeness assertion. Cutoff refers to accounting for revenue, expense, and other transactions in the proper period (neither postponing some recordings to the next period nor accelerating next-period transactions into the current-year accounts). Assuming a calender year-end, simple cutoff errors can occur when (1) a company records late December sales invoices for goods not actually shipped until early January; (2) a company records cash receipts through the end of the week (e.g., Friday, January 4) when the last batch of receipts for the year should have been processed on December 31; (3) a company fails to record accruals for expenses incurred but not yet paid, thus understating both expenses and liabilities; (4) a company fails to record purchases of materials shipped free on board (FOB) shipping point but not yet received and, therefore, not included in the ending inventory, thus understating both inventory and accounts payable; and (5) a company fails to accrue unbilled revenue through the fiscal year-end for customers on a cycle billing system, thus understating both revenue and accounts receivable. In auditor's jargon, the cutoff date generally refers to the client's year-end balance sheet date. APOLLO SHOES Completeness On Apollo Shoes, management would assert that their assets or liabilities were complete as of December 31. For example, management asserts that its accounts payable on the balance sheet includes all amounts currently payable. In addition, management would assert that all expenses that should be included on the income statement actually were included. Valuation and Allocation (Accuracy, Valuation, and Allocation) In the financial statements, management asserts that the transactions and events have been recorded accurately and that the assets, liabilities, and equities listed on the balance sheet have been valued in accordance with GAAP (or IFRS). The audit objective related to valuation and allocation is to determine whether proper values have been assigned to assets, liabilities, and equities. Allocation refers to the appropriate percentage of an asset or liability balance being recorded on the income statement in accordance with GAAP (or IFRS). For example, has the proper depreciation expense been calculated for each fixed asset amount? Accuracy refers to the appropriate recording of the transactions at the correct amount. Auditors obtain evidence about specific valuations and mathematical accuracy by comparing vendors' invoices to inventory prices, obtaining lower-of-cost-or-market data, evaluating collectability of receivables, recalculating depreciation schedules, and so forth. Many valuation, accuracy, and allocation decisions amount to reaching conclusions about the proper application of GAAP (or IFRS). For example, due to the complexity in the accounting standards related to fair value (i.e., ASC Topic 820), there has been an increased focus on the valuation assertion by auditors. APOLLO SHOES Valuation and Allocation On Apollo Shoes, management would assert that their assets or liabilities were valued in accordance with GAAP as of December 31. For example, management asserts that its accounts receivable balance, net of the allowance for doubtful accounts, was stated at the amount they actually expect to collect. In addition, management would assert that depreciation expense on the income statement reflects the appropriate allocation of fixed assets to the period of benefit under GAAP. Rights and Obligations (Rights and Obligations) In the financial statements, management asserts that they have ownership rights for all amounts reported as assets on the company's balance sheet and that the amounts reported as liabilities represent the company's own obligations. In simpler terms, the objective for an auditor is to obtain evidence that the assets are really owned and that the liabilities are really owed by the company being audited. You should be careful about ownership, however, because the assertion extends to include assets for which a company may not actually hold title. For example, an auditor will have a specific objective of obtaining evidence about the amounts capitalized for leased property. Likewise, owing includes accounting liabilities a company may not yet be legally obligated to pay. For example, an auditor would have to obtain evidence about the estimated liability for product warranties. The auditor also has an obligation to ensure that the details of the company's obligations are properly disclosed in the footnotes to the financial statements. APOLLO SHOES Rights and Obligations On Apollo Shoes, management would assert that they really do own and have the rights to the assets listed on the balance sheet, and that they really are obliged to pay the amount listed on the balance sheet for liabilities as of December 31. For example, management asserts that it really owns its inventory of shoes. In addition, management asserts that it really does owe the amount listed for accrued expenses. Presentation and Disclosure (Classification, Presentation) In the financial statements, management asserts that all transactions and events have been presented correctly in accordance with GAAP (or IFRS) and that all relevant information has been disclosed to financial statement users, usually in the footnotes to the financial statements. This assertion embodies several different components. First, disclosures must be relevant, reliable, understandable, and transparent to financial statement users. In addition, auditors will test to make sure that all the proper disclosures have been made in accordance with GAAP (or IFRS). To complete this step, auditors will often use a disclosure checklist that highlights all the disclosures that should be made for a particular entity. Second, transactions must be classified in the correct accounts (e.g., proper classification of transactions as assets or expenses). To test this assertion, auditors perform audit procedures such as analyzing repair and maintenance expenses to ensure that they should in fact have been expensed rather than capitalized. Similarly, auditors will test from the opposite direction, examining additions to buildings and equipment to ensure that transactions that should have been expensed were not in fact capitalized in error (or fraud). Third, to be useful to decision makers, information must be understandable. Statement of Financial Accounting Concepts (SFAC) No. 2, "Qualitative Characteristics of Accounting Information," defines understandability as "the quality of information that enables users to perceive its significance." The responsibility levied on auditors is to make sure that the financial statements are "transparent." In other words, investors should be able to understand how the company is doing by reading its financial statements and footnotes and should not have to rely on financial experts or lawyers to help them figure out what the fine print is saying. Another way to regard this assertion is to ask whether the disclosures have been written in plain English. APOLLO SHOES Presentation and Disclosure On Apollo Shoes, management would assert that they have completely and accurately presented and disclosed all of their footnotes. For example, management asserts that its income tax footnote disclosure is complete and accurately shows the breakdown of current and deferred income taxes. Importance of Assertions On each audit engagement, the auditor must identify each significant account or disclosure in the financial statements. An account or disclosure is significant if there is a reasonable possibility that the account or disclosure could contain a misstatement that is material. Once the significant accounts and disclosures have been identified, the auditor must then consider the relevance of each financial statement assertion, one at a time. An assertion is relevant, if there is a \"reasonable possibility\" that a material misstatement exists related to that assertion for the significant account being audited. As a result, the relevance of a particular assertion is entirely dependent on the facts and circumstances on the audit engagement. For example, valuation may not be a relevant assertion for the cash account unless foreign currency translation is involved; however, the existence of cash is always relevant. The financial statement assertions are important and at times can be difficult to comprehend. A student of auditing must remember that the key questions that must be answered about each assertion become the focal points for the audit procedures to be performed. In other words, audit procedures are the means to answer the key questions posed by management's financial statement assertions. When evidence-gathering audit procedures are specified, you need to be able to relate the evidence produced by each procedure to one or more specific assertions. In essence, the secret to writing and reviewing a list of audit procedures is to ask, "Which assertion(s) does this procedure produce evidence about?" Then ask, "Does the list of procedures (the audit plan) cover all the assertions?" Exhibit 1.5 illustrates how the assertions relate to the financial statements. EXHIBIT 1.5 Management Assertions and Their Relationship to the Financial Statements On the Statement of Financial Condition: Regarding the Cash figures: Existence---Does this cash really exist? Regarding the Inventory figures: Rights and Obligations---Does the company really own this inventory? Regarding the Investments figures: Valuation or Allocation---Are these investments properly valued? On the Statements of Income: Regarding the Net Sales figures: Occurrence---Did these sales transactions really take place? Regarding all the figures on the statement: Completeness---Are all the expenses included? Are they recorded in the correct period? On the Notes to Consolidated Financial Statements Regarding all of the disclosures: Presentation and Disclosure---Are these disclosures understandable? Has everything been disclosed that should be? Although standards-setting bodies such as the PCAOB and ASB try to neatly categorize transactions, balances, and disclosures according to the different assertions, the real world is seldom as orderly. For example, although cutoff procedures provide evidence about completeness, they also provide evidence about valuation and occurrence. Prematurely recording sales transactions inflates revenue and/or asset values because the transaction did not occur by the income statement date. Similarly, if a cutoff test shows a delay in recording a liability, the liability is not only incomplete but undervalued as well. Thus, errors in financial statements may affect multiple management assertions. Professional skepticism is defined in the professional auditing standards as having an attitude that "includes a questioning mind and a critical assessment of evidence." Essentially, it is an auditor's responsibility to not accept management assertions without corroboration. Stated differently, an auditor must ask management to "prove" each of the relevant assertions with documentary evidence. The possibility of errors and fraud in financial reports highlights the following basic premise, which underlies the importance of professional skepticism: A potential conflict of interest always exists between the auditors and the management of the company being audited. This potential conflict arises because management wants to present the company's financial condition in the best possible light whereas auditors must ensure that the information about the company's financial condition is "presented fairly." The following Auditing Insight "Auditors Must Be Skeptical" illustrates why skepticism is needed. AUDITING INSIGHT Auditors Must Be Skeptical? Evergrande Group, the second largest property developer in China with more than 1,300 projects in over 280 cities, received a clean bill of health from its auditors, PricewaterhouseCoopers (PwC),on its 2020 financial statements. But should they have received a going-concern issuance instead? The obvious question is, were the auditors skeptical enough of the issues the company was facing. Evergrande is a company with significant debt; it has over \$300 billion in total liabilities, including \$88.5 billion in debt. In fact, in early December of 2021, Evergrande missed its interest payment of \$1.2 billion to international investors, causing the ratings company Fitch to declare Evergrande in default. Further, Evergrande is being forced to sell undeveloped land in Hong Kong that is used to secure debt held by a U.S. debt holder. Consider that all of this has occurred in less than a year of PwC's March 31, 2021 audit report. Perhaps a little more skepticism was warranted? With full awareness of this potential conflict of interest, auditors must always remain professionally skeptical in their relationships with management, but not adversarial or confrontational. Nevertheless, knowing that a potential conflict of interest always exists causes auditors to perform procedures to search for errors and frauds that could have a material effect on the financial statements. And even though the vast majority of audits do not contain fraud, auditors have no choice but to exercise professional skepticism at all times and on all audits because of misdeeds perpetrated by just a few people in a few companies. The professional standards emphasize the importance of maintaining and then applying an attitude of professional skepticism throughout the entire audit process. Auditing firms have long recognized the importance of exercising professional skepticism when making professional judgments. In fact, as illustrated in the following Auditing Insight, "Overcoming Judgment Biases," firms have increasingly stressed the importance of being skeptical when evaluating documentary evidence. You can definitely expect to encounter difficult economic transactions as an auditor. When auditors encounter a difficult transaction, they must take the time to fully understand the economic substance of that transaction and then critically evaluate, with skepticism, the evidence provided by the client to justify its accounting treatment. No shortcuts are allowed. Rather, auditors are required to be unbiased and objective when making their professional judgments. AUDITING INSIGHT Overcoming Judgment Biases Judgment and decision-making researchers in auditing have long known about common biases that can interfere with or obstruct auditors from making excellent professional judgments. One example is the anchoring bias, which recognizes the possibility that an auditor might "anchor" on a number provided by a client manager (e.g., an estimate for the allowance for doubtful accounts) and then have difficulty adjusting to the economically correct amount. In its monograph, entitled "Elevating Professional Judgment in Accounting and Auditing," KPMG outlines a professional judgment framework designed to help auditors mitigate professional judgment biases like the anchoring bias. In order to do so, auditors must first be aware of the possibility that these biases might interfere with their professional judgment. Beyond awareness, the monograph argues that auditors must follow a disciplined process that includes (1) clarifying the issues and objectives, (2) considering the possible alternatives, (3) gathering and evaluating the relevant evidence, (4) reaching an audit conclusion, and (5) carefully documenting their rationale for the professional judgment reached. And, perhaps most importantly, the monograph emphasizes the importance of an auditor exercising professional skepticism throughout the entire process. Persuading a skeptical auditor is not impossible, just somewhat more difficult than persuading a normal person in an everyday context. Skepticism is a manifestation of objectivity, holding no special concern for preconceived conclusions on any side of an issue. In fact, the auditor should not care about the impact that an economic transaction has on the "bottom line" of a company, only that the accounting rules were followed and were properly applied and that the financial statements are appropriate for the user's needs. Skepticism is not being cynical, hypercritical, or scornful. The properly skeptical auditor asks questions such as the following: (1) What do I need to know? (2) How well do I know it? (3) Does it make sense? and (4) What could go wrong? Auditors understand that receiving explanations from an entity's management is merely the first step in the professional judgment process, not the last. Auditors must listen to the explanation, and then always test it by examining sufficient competent audit evidence. The familiar phrase "healthy skepticism" should be viewed as a show-me attitude, not a predisposition to accepting unsubstantiated explanations. Auditors must gather the evidence needed, uncover all the implications from the evidence, and then arrive at the most appropriate and supportable conclusion. Time pressure to complete a financial statement audit engagement is no excuse for failing to exercise professional skepticism. Too many auditors have gotten themselves into trouble by accepting a manager's glib explanation and stopping too early in an investigation without seeking corroborating evidence. AUDITING INSIGHT Professional Skepticism In its Staff Audit Practice Alert about professional skepticism, the PCAOB expressed serious concern about "whether auditors consistently and diligently apply professional skepticism." The alert recognizes that there are a number of factors that could "impede" the application of professional skepticism but stresses the importance of taking whatever actions are necessary to make sure that professional skepticism is applied in an appropriate manner throughout the audit process. THE HURTT SKEPTICISM SCALE How skeptical are you? Answer the following 30 questions to find out. As a benchmark, business students typically fall between 90 to 150 points; auditors score much higher. Table Summary: A table shows Hurtt Skepticism Scale with questions and scale ranging from one to six from strongly disagree to strongly agree. Questions Strongly Disagree Strongly Agree I often accept other people's explanations without further thought. 1 2 3 4 5 6 I feel good about myself. 1 2 3 4 5 6 I wait to decide on issues until I can get more information. 1 2 3 4 5 6 The prospect of learning excites me. 1 2 3 4 5 6 I am interested in what causes people to behave the way that they do. 1 2 3 4 5 6 I am confident of my abilities. 1 2 3 4 5 6 I often reject statements unless I have proof that they are true. 1 2 3 4 5 6 Discovering new information is fun. 1 2 3 4 5 6 I take my time when making decisions. 1 2 3 4 5 6 I tend to immediately accept what other people tell me. 1 2 3 4 5 6 Other people's behavior does not interest me. 1 2 3 4 5 6 I am self-assured. 1 2 3 4 5 6 My friends tell me that I usually question things that I see or hear. 1 2 3 4 5 6 I like to understand the reason for other people's behavior. 1 2 3 4 5 6 I think that learning is exciting. 1 2 3 4 5 6 I usually accept things I see, read, or hear at face value. 1 2 3 4 5 6 I do not feel sure of myself. 1 2 3 4 5 6 I usually notice inconsistencies in explanations. 1 2 3 4 5 6 Most often I agree with what the others in my group think. 1 2 3 4 5 6 I dislike having to make decisions quickly. 1 2 3 4 5 6 I have confidence in myself. 1 2 3 4 5 6 I do not like to decide until I've looked at all of the readily available information. 1 2 3 4 5 6 I like searching for knowledge. 1 2 3 4 5 6 I frequently question things that I see or hear. 1 2 3 4 5 6 It is easy for other people to convince me. 1 2 3 4 5 6 I seldom consider why people behave in a certain way. 1 2 3 4 5 6 I like to ensure that I've considered most available information before making a decision. 1 2 3 4 5 6 I enjoy trying to determine if what I read or hear is true. 1 2 3 4 5 6 I relish learning. 1 2 3 4 5 6 The actions people take and the reasons for those actions are fascinating. 1 2 3 4 5 6 Although the SEC places constraints on the common practice of auditors' joining public clients that they have previously audited, close relationships often exist between former colleagues now employed by the client and members of the audit team. In these cases, the audit team must guard against being too trusting in accepting representations about the client's financial statements. Of more concern is the fact that former colleagues have inside knowledge of the firm's practices and procedures, knowing where the audit team will probably look (and where they might not look). To summarize, due care requires an auditor to be professionally skeptical and question all material representations made by management (whether written or oral) during the professional judgment process. Although this attitude must be balanced by maintaining healthy client relationships, auditors should never assume that management is perfectly honest. The key lies in auditors' skeptical attitude toward gathering and evaluating the evidence necessary to reach supportable conclusions. The practice of public accounting is conducted in thousands of practice units ranging in size from sole proprietorships (individuals who "hang out a shingle" in front of their homes) to the largest international firms with thousands of professionals. Furthermore, many public accounting firms no longer designate themselves as CPA firms. Many of them describe their businesses and their organizations as professional services firms or some variation of this term. While Exhibit 1.6 shows an organization for a typical public accounting firm, some firms differ in their organization. For example, some have other departments such as small business advisory and forensic accounting. Other firms may be organized by industry (e.g., entertainment, oil and gas, health care, financial institutions) to take advantage of firmwide expertise. And still some other firms have different names for their staff and management positions. EXHIBIT 1.6 Public Accounting Firm Organization Executive Committee Managing Partner Practice Offices Partners-in-Charge Tax Services Assurance Services Partner Manager Senior (in-charge) accountants Staff accountants (or associates) Manager Manager Partner Manager Senior (in-charge) accountants Staff accountants (or associates) Manager Manager Advisory Services Auditing and Assurance Services Generally speaking, auditing and assurance services involve adding value (e.g., lending credibility) to information, whether that information is financial or nonfinancial. While financial statement auditing services remain the dominant service area, CPAs have also provided assurance to vote counts (e.g., the Academy Awards), dollar amounts of prizes that sweepstakes have claimed to award, accuracy of advertisements, investment performance statistics, and characteristics claimed for computer software programs. Previously, we talked about the difference between assurance, attestation, and financial statement auditing services. And although assurance services (separate and distinct from auditing and attestation services) currently represent a fairly small part of a normal firm's operating revenues, the AICPA continues to make an effort to market these additional services to the public and businesses. Consider the following Auditing Insight "Baseball Hall of Fame." AUDITING INSIGHT Baseball Hall of Fame For baseball fans, the annual Hall of Fame vote has always been a source of fun and entertainment which is quite often accompanied by spirited conversation regarding the criteria that a player needs to meet to gain admittance into the Hall. The Baseball Writers' Association of America is responsible for the voting and only those writers that maintain 10 consecutive years following a team are eligible to vote. But, do you know who verifies that eligible voters are properly registered, has signed a code of conduct, and verifies the actual count of votes? You may have guessed it, one of the largest audit firms in the world, EY. So, although you might disagree with the final outcome from time to time, you can be assured that the appropriate process was followed and an accurate count was conducted each and every year! At the present time, public accounting firms will use auditing and assurance services as a revenue category that includes financial statement audit engagements, attestation engagements, and other assurance engagements. We discuss these services as key examples of auditing and assurance services that public accounting firms offer. Financial Statement Auditing Services Most of the large, international accounting (Big Four) firms were founded around the turn of the 20th century (late 1800s/early 1900s) during the Industrial Revolution as European financiers sent representatives (individuals whom we now refer to as auditors) to check up on their investments (mostly railroads) in the United States. As such, the primary focus of many large international accounting firms' practice has been traditional accounting and auditing services. Audits of traditional financial statements remain the most frequent type of assurance engagement that public companies (and most large and medium nonpublic companies) demand. Exhibit 1.7 shows the auditing (and other assurance services) revenues of the Big Four accounting firms based on their 2021 annual reports. This level of auditing activity usually drops as the size of the public accounting firm decreases. In other words, smaller firms usually provide more nonaudit and attestation services for their clients. EXHIBIT 1.7 Revenues for the Big Four CPA FirmsTable Summary: A table shows revenues for the big four CPA firms is divided into five columns containing the parameters, Deloitte, EY, KPMG, and PwC. Deloitte EY KPMG PwC Total revenues (in billions) \$50.2 \$40.0 \$32.1 \$45.1 Auditing and assurance services revenues \$10.4 \$13.6 \$11.4 \$17.0 (in billions and as a percent of revenue) 21% 34% 36% 38% Tax revenues \$8.9 \$10.5 \$7.1 \$11.1 (in billions and as a percent of revenue) 18% 26% 22% 24% Advisory services revenues \$30.9 \$15.9 \$13.6 \$17.0 (in billions and as a percent of revenue) 61% 40% 42% 38% Nonaudit and Attestation Engagements Basic accounting and review services are "nonaudit" services, performed frequently for medium and small businesses and not-for-profit organizations. Small public accounting firms perform a great deal of this type of nonaudit work. For example, CPAs can perform a compilation, which consists of preparing financial statements from a client's books and records, without performing any evidence-gathering work. They can also perform a review, in which limited evidence-gathering work is performed but which is narrower in scope than an audit. CPAs can also attest to the accuracy of management's discussion and analysis (MD&A) that accompanies the financial statements in an annual report, an entity's internal controls, and hypothetical "what-if" projections relating to mergers or acquisitions. Tax Services Local, state, national, and international tax laws are often called "accountant and attorney full-employment acts." The laws are complex, and CPAs perform tax planning services and tax return preparation in the areas of income, gift, estate, property, and other taxation. A large proportion of the practice in small public accounting firms is tax related. Tax laws change frequently, and tax practitioners must spend considerable time in continuing education and self-study to keep current. Exhibit 1.7 shows the tax revenues of the Big Four accounting firms based on their 2021 annual reports. Smaller public accounting firms tend to conduct more tax consulting engagements and fewer audit engagements. Regulatory guidance from the PCAOB and AICPA prohibits an accounting firm from providing auditing services to a public company if the accounting firm provides tax consulting on aggressive interpretations of tax laws or "listed" transactions (those included on the U.S. Treasury Department's list of questionable tax strategies), if contingent fees (i.e., fees depending on a certain outcome) are involved, or if the public accounting firm provides tax services for key company executives. In all three cases, the regulatory guidance suggests that auditor independence would be impaired. Providing normal corporate tax return preparation and advice is permissible as long as the audit committee discusses with the accounting firm the implications of the tax consulting fees on auditor independence and preapproves the relationship in writing. As a result, this remains a common service area for firms to provide to their audit clients, but the firm must always maintain its independence and objectivity. Advisory Services Prior to the turn of this century (the 1990s), the largest public accounting firms handled a great deal of advisory services for their auditing clients. In fact, advisory services provided a great new revenue opportunity for firms and the potential for even more business appeared at times to be unlimited. Public accounting firms tried to become "one-stop shopping centers" for clients' auditing, taxation, and advisory services. The SEC, the governmental agency which is responsible for investor protection, expressed reservations as to whether the performance of nonaudit services (such as advisory) impaired a public accounting firm's ability to conduct an independent audit. The SEC's concern was that the large amount of revenues generated from advisory services might sway the auditor's opinion on the company's financial statements. The public accounting firms, on the other hand, argued that the provision of advisory services allowed them a closer look at the client's operations, providing a synergistic, positive effect on the audit. In response to the spate of corporate frauds, Congress resolved this difference of opinion, in part, by passing Sarbanes--Oxley which was seen as a broad accounting and corporate governance reform measure. Sarbanes--Oxley prohibits public accounting firms from providing any of the following services to a public audit client: (1) bookkeeping and related services; (2) design or implementation of financial information systems; (3) appraisal or valuation services; (4) actuarial services; (5) internal audit outsourcing; (6) management or human resources services; (7) investment or broker/dealer services; and (8) legal and expert services (unrelated to the audit). As already stated, public accounting firms may provide general corporate tax return preparation and advice and other nonprohibited services to public audit clients if the company's audit committee has approved them in advance. To briefly summarize these restrictions, Sarbanes--Oxley prohibits public accounting firms from performing any consulting or advisory services in which the auditors may find themselves making managerial decisions or that would result in the firm auditing its own work (e.g., completing a financial information system implementation for its audit client). As a result of Sarbanes--Oxley, most of the large firms now provide consulting only for companies that they do not audit. However, the Big Four firms have still been able to dramatically increase the size of their advisory services in recent years. As shown in Exhibit 1.7, firm advisory revenues ranged between 38 and 61 percent of the Big Four firms' total revenues in 2021. Of course, public accounting firms are not required to follow Sarbanes--Oxley guidelines for their non-SEC clients, and in those situations, firms can provide an array of consulting and advisory services provided they maintain their independence and objectivity when completing the financial statement audit. In fact, the following Auditing Insight "Is There Room For Public Accounting Firms?" shows that public accounting firms may even enter the legal services market. AUDITING INSIGHT Is There Room for Public Accounting There are some that say it is only a matter of time until the Big 4 public accounting firms become a dominant force in the lucrative corporate legal services marketplace. A recent research study noted that "the Big 4 accounting firms have expanded their legal service arms to historic proportions over the last decade." And, even though "most of the Big 4's revenue from legal services is presently generated outside the U.S.," it appears to be only a matter of time until that changes. In fact, When the American Bar Association passed a resolution in February 2020 which encouraged state bar associations to look at new ways to access legal services, there are now some states that are considering allowing non-lawyers to own firms that provide legal services, which would appear to open the door for accounting firms to enter the market. Of course, there are very strict regulatory issues to deal with, in particular, in regards to whether a firm can remain independent if they are also performing a financial statement audit of a client. But, this line of service appears to be a promising avenue for growth. The AAA and the AICPA definitions of auditing clearly apply to the independent financial statement auditors who work in public accounting firms. The word audit, however, is also used in other contexts to describe broader types of work. The variety of engagements performed by different kinds of information assurors causes some problems with terminology. In this textbook, independent auditor, external auditor, and CPA will refer to people doing financial statement audit work with public accounting firms. In the internal and governmental contexts discussed here, auditors are identified as operational auditors, internal auditors, and governmental auditors. Although all of these professionals are information assurors (and many are certified public accountants), the term CPA in this book will refer to financial statement auditors engaged in public practice. The following sections provide a brief overview of the work completed by these professionals. In Module D, we provide a detailed description for each of these areas. Internal Auditing The Board of Directors of the Institute of Internal Auditors (IIA) defines internal auditing and states its objective as follows: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.7 Internal auditors are employed by organizations such as banks, hospitals, city governments, and industrial companies or work for CPA firms that provide internal auditing services. Internal auditors often perform operational audits. Operational auditing refers to the study of business operations for the purpose of making recommendations about the efficient and effective use of resources, effective achievement of business objectives, and compliance with company policies. The goal of operational auditing is to help managers discharge their management responsibilities and improve profitability. Internal auditors also perform audits of financial reports for internal use or limited external distribution (e.g., reports to regulatory agencies) much like external auditors audit financial statements distributed to outside users. Thus, some internal auditing work is similar to the auditing described elsewhere in this textbook. In addition, the services provided by internal auditors include (1) reviews of internal control systems to ensure compliance with company policies, plans, and procedures; (2) compliance with laws and regulations; (3) appraisals of the economy and efficiency of operations; and (4) reviews of effectiveness in achieving program results in comparison to established objectives and goals. It should be noted that the AICPA defines operational auditing performed by independent CPA firms as a distinct type of management consulting service whose goal is to help a client improve the use of its capabilities and resources to achieve its objectives. So, internal auditors consider operational auditing integral to internal auditing and external auditors define it as a type of assurance service offered by public accounting firms. In fact, providing these types of internal auditing services continues to be a growing business for many large CPA firms. However, both the SEC and the PCAOB prohibit CPA firms from providing internal auditing services to their own public audit clients. Governmental Auditing The U.S. Government Accountability Office (GAO) is an accounting, auditing, and investigating agency of the U.S. Congress, headed by the U.S. Comptroller General. In one sense, GAO auditors are the highest level of internal auditors for the federal government. Many states have audit agencies similar to the GAO. These agencies answer to state legislatures and perform the same types of work described in this section for GAO auditors. In another sense, GAO and similar state agencies are really external auditors with respect to government agencies they audit because they are organizationally independent. Many government agencies have their own internal auditors and inspectors general. Well-managed local governments also have internal audit departments. For example, most federal agencies (Department of Defense, Department of Human Resources, Department of the Interior), state agencies (education, welfare, controller), and local governments (cities, counties, tax districts) have internal audit staffs. Governmental and internal auditors have much in common. The GAO shares with internal auditors the same elements of expanded-scope services. The GAO, however, emphasizes the accountability of public officials for the efficient, economical, and effective use of public funds and other resources. The generally accepted government auditing standards (GAGAS) define and describe three broad types of audits that may be performed. They are financial audits, attestation engagements, and performance audits. Financial audits include determining whether financial information is presented in accordance with the established and applicable financial reporting framework. There are many types of attestation engagements, including whether the governmental entity's internal control system is suitably designed and implemented to achieve the applicable control objectives. Attestation engagements would also include a compliance audit function applied with respect to applicable laws and regulations. All government organizations, programs, activities, and functions are created by law, and most are surrounded by regulations that govern the things they can and cannot do. For example, a program established to provide school meals to low-income students must comply with regulations about the eligibility of recipients. A compliance audit of such a program involves a study of schools' policies, procedures, and actual performance in determining eligibility and handing out meal tickets. Performance audits refer to a wide range of governmental audits that include (1) economy and efficiency audits and (2) program audits. Governments are concerned about accountability for the appropriate use of taxpayers' resources; performance audits are a means of seeking to improve accountability for the efficient and economical use of resources and the achievement of program goals. In addition, the program audit helps determine whether the financial resources being spent are truly helping the government achieve its stated objectives for a particular program. Performance audits, like internal auditors' operational audits, involve studies of the management of government organizations, programs, activities, and functions. Consider the following examples of GAO engagements. GAO ENGAGEMENT EXAMPLES The Capitol Police Need Clearer Emergency Procedures and a Comprehensive Security Risk Assessment Process (GAO-22-105001, February 17, 2022). Enhanced Data Capabilities, Analysis, Sharing, and Risk Assessments Needed for Disaster Preparedness (GAO-22-104289, February 02, 2022). FY 2021 and FY 2020 Consolidated Financial Statements of the U.S. Government (GAO-22-105122, February 17, 2022). Challenges Facing DOD in Strategic Competition with China (GAO-22-105448, February 15, 2022). Agencies Need to Assess Adoption of Cybersecurity Guidance (GAO-22-105103, February 09, 2022). Regulatory Auditors For the sake of clarity, other kinds of auditors deserve separate mention. The U.S. Internal Revenue Service employs auditors. They take the "economic assertions" of taxable income made by taxpayers on tax returns and determine their correspondence with the standards found in the Internal Revenue Code. They also audit for fraud and tax evasion. Their reports can either certify the correctness of a taxpayer's return, claim that additional taxes are due, or even show that a refund is due to a taxpayer. State and federal bank examiners audit banks, savings and loan associations, and other financial institutions for evidence of solvency and compliance with banking and other related laws and regulations. As a result of the financial crisis of 2008/2009 and the resulting Dodd-Frank Act of 2010, these examiners have been quite busy for many years to help ensure the safety and security of the U.S. banking system. If you plan to begin your career in accounting (which we hope you do since you are reading this book!), you are on your way to being known as an accounting professional. Congratulations! Being part of a profession implies a higher level of societal responsibility. In order to meet this responsibility, it is absolutely essential that you acquire the knowledge required to do your job; certification indicates that you have acquired that knowledge. In that spirit, being certified as a CPA is generally regarded as the highest mark of distinction and is required to practice as a financial statement auditor in the United States. In Australia, Canada, and the United Kingdom, the chartered accountant (CA) designation is required to practice as a financial statement auditor. For an information technology (IT) audit professional, a certified information systems auditor (CISA) is the key mark of distinction. In fact, depending on your area of professional service within public accounting, a certified fraud examiner (CFE), certified forensic accountant (CFA), certified information systems security professional (CISSP), or even a certified internal auditor (CIA) certification may be just as important. Outside of public accounting, certification as a certified management accountant (CMA) or as a certified information technology professional (CITP) may be the most appropriate. Regardless of your career choice, a certification adds credibility that will assist you throughout your entire career. Education While education requirements vary across the different certifying organizations, we focus on the CPA certification in this book because of its importance to financial statement auditors. For the CPA, the specific education requirements vary by state for both having permission to take the CPA examination and for receiving a CPA certificate. As a result, students must visit the website of their own state's board of accountancy and search for the exact regulations that apply in their home state. While you are required to take 150 semester hours of college education before you receive a CPA certificate, many states now allow you to take the CPA examination after only 120 semester hours of college education. Still other certifications (such as the CIA) allow you to take the exam before you have graduated. In addition to entry-level education requirements, all certifying organizations have regulations about continuing professional education (CPE). Indeed, once certified, accounting professionals obtain CPE hours in a variety of ways: continuing education courses, in-house training, and even college courses. These types of courses range in length from one hour to two weeks, depending on the subject. Many CPE providers offer courses online. If in-house training is not an option, many CPAs obtain their CPE by taking part in training sessions offered by their home state's professional accounting organization or other industry conferences. Examination When working as a financial statement auditor, CPAs have a critically important role in protecting the public interest when they attest to the reliability of a company's financial statements. As a result, the profession needs to make sure that only qualified individuals can become certified and then licensed as CPAs. To do so, the AICPA creates and then administers the Uniform CPA Examination. When creating the exam, the AICPA works hard to ensure that the knowledge and skills covered on the exam are aligned with those that are needed to protect the public interest in current practice. This is an ongoing process. In fact, just recently, the AICPA and the National Association of State Boards of Accountancy (NASBA) came together on a joint initiative to redesign the CPA exam to "reflect changes in the profession and technology, focusing newly licensed CPAs on the most relevant and useful knowledge and skills."8 The proposed changes in the CPA exam are part of the CPA Evolution, a broader initiative to reimagine the CPA licensure model. The new exam is scheduled to debut in 2024 and is expected to include three new sections, Business Analysis & Reporting (BAR), Information Systems and Controls (ISC) and Tax Compliance & Planning (TCP). Although we encourage you to stay in close touch with changes to the CPA exam as they occur (see www.aicpa.org), at the present time, the CPA exam emphasizes higher-order skills like problem solving, critical thinking, and analytical ability. The exam covers Auditing and Attestation (AUD), Financial Accounting and Reporting (FAR), Regulation (REG), and Business Environment and Concepts (BEC). In the required AUD section, candidates will have four hours to complete 72 multiple-choice questions and eight to nine task-based simulations. The exam score is equally weighted between the multiple-choice questions and task-based simulations. To help candidates prepare for the exam, the AICPA has published detailed blueprints for each of the four sections. Each blueprint is designed to provide clarity about the knowledge content, skills, and types of tasks that might be tested for each exam. The summary blueprint for the AUD section is provided in the accompanying table (with rough approximations of weights given to each content area and skill allocation).9 Table Summary: A table displays content area allocation, and skill allocation with respective weight percentage ranges. Content Area Allocation Weight Ethics, Professional Responsibilities, and General Principles 15--25% Assessing Risk and Developing a Planned Response 25--35% Performing Further Procedures and Obtaining Evidence 30--40% Forming Conclusions and Reporting 10--20% Skill Allocation Weight Evaluation 5--15% Analysis 20--30% Application 30--40% Remembering and Understanding 25--35% Generally speaking, each section of the CPA exam consists of multiple-choice questions and task-based simulations (except for BEC, which also includes graded written communication). The task-based simulations are short case studies in which you will be asked to apply your auditing and accounting knowledge. A simulation may involve identifying a potential problem, electronically researching the topic using a database of authoritative standards, and reporting your findings. Each section's exam blueprint is designed specifically for candidates to help prepare for the exam. Throughout this book, you will have many opportunities to acquire the knowledge necessary to pass the AUD section of the exam. General information about the CPA exam can be obtained from a special site set up by the AICPA (available at www.aicpa.org). Because qualifications for taking the CPA examination vary from state to state, you will need to contact your state board of accountancy for an application or more information. You can find your state board of accountancy website through the NASBA website (www.nasba.org). Exhibit 1.8 lists the requirements for the most commonly recognized professional certifications. EXHIBIT 1.8 Certification RequirementsTable Summary: A table shows certification requirements for certified public accountant, information systems auditor, internal auditor, fraud examiner, and management accountant. Certified Public Accountant (CPA) Certified Information Systems Auditor (CISA) Certified Internal Auditor (CIA) Certified Fraud Examiner (CFE) Certified Management Accountant (CMA) Education Level Varies by state; Generally 150 hours. However, check with your state board of accountancy No specific degree requirement Generally, bachelor's degree or its educational equivalent Generally, bachelor's degree or its educational equivalent Bachelor's degree, or pass the CPA, CFA, CIA or CFE examination Experience Varies by state; Generally 1-2 years working under a CPA. Check with your state board of accountancy 5 years of professional information system (IS) auditing, control, or security work experience for certification. Some substitutions and waivers are possible. Generally 2 years of internal auditing experience or its equivalent for certification. May be less with a Master's degree. May be more without a degree. 2 years of professional experience for certification 2 continuous years of professional experience in management accounting and/or financial management Exam Coverage Auditing and attestation (AUD) Financial accounting and reporting (FAR) Regulation (REG) Business environment and concepts (BEC) The process of auditing information systems Governance and management of IT Information systems acquisition, development, and implementation Information systems operations, and business resilience Protection of information assets Essentials of internal auditing Practice of internal auditing Business knowledge of internal auditing Fraud prevention and deterrence Financial transactions and fraud schemes Inv

Adv Audit Quiz Study Chapters 1, 4, & 5, Module G & H

Document Details

Tags

Related

Summary

Full Transcript