Audit Notes.docx
Transcript
Contents {#contents.TOCHeading} ======== [CSQM 1 4](#_Toc178007100) [CSQM 2 5](#_Toc178007101) [CAS 210 -- Agreeing to the terms of audit engagement 5](#cas-210-agreeing-to-the-terms-of-audit-engagement) [CSOA 5000 -- Use of Practitioner's Communication or Name 5](#_Toc178007103) [CAS 300 -- Pl...
Contents {#contents.TOCHeading} ======== [CSQM 1 4](#_Toc178007100) [CSQM 2 5](#_Toc178007101) [CAS 210 -- Agreeing to the terms of audit engagement 5](#cas-210-agreeing-to-the-terms-of-audit-engagement) [CSOA 5000 -- Use of Practitioner's Communication or Name 5](#_Toc178007103) [CAS 300 -- Planning an Audit of Financial Statements 6](#_Toc178007104) [CAS 315 -- Identifying and Assessing the Risks of Material Mistatement 6](#_Toc178007105) [CAS 320 -- Materiality in Planning and Performing an Audit 8](#cas-320-materiality-in-planning-and-performing-an-audit) [CAS 240 -- Auditors responsibilities relating to fraud 8](#cas-240-auditors-responsibilities-relating-to-fraud) [Cas 260 -- Communication with those charged with governance 9](#cas-260-communication-with-those-charged-with-governance) [CAS 265 -- Communicating Deficiencies in Internal Control 10](#cas-265-communicating-deficiencies-in-internal-control) [CAS 402 -- Audit Considerations Relating to an Entity Using a Service Organization 11](#cas-402-audit-considerations-relating-to-an-entity-using-a-service-organization) [CAS 570 -- Going Concern 12](#cas-570-going-concern) [CAS 510 -- Initial Audit Engagements 13](#cas-510-initial-audit-engagements) [CAS 540 -- Auditing Accounting Estimates and Related Disclosures 13](#cas-540-auditing-accounting-estimates-and-related-disclosures) [CAS 550 -- Related Parties 16](#cas-550-related-parties) [CAS 560 -- Subsequent Events 17](#cas-560-subsequent-events) [CAS 610 -- Using the Work of Internal Auditors 17](#cas-610-using-the-work-of-internal-auditors) [CAS 620 -- Using the Work of an Auditor's Expert 19](#cas-620-using-the-work-of-an-auditors-expert) [CAS 710 -- Comparative Information -- Corresponding Figures and Comparative Financial Statements 19](#cas-710-comparative-information-corresponding-figures-and-comparative-financial-statements) [CAS 330 -- The Auditor's Responses to Assessed Risks 20](#cas-330-the-auditors-responses-to-assessed-risks) [CAS 530 -- Audit Sampling 23](#cas-530-audit-sampling) [CAS 505 -- External Confirmations 24](#cas-505-external-confirmations) Internal controls by cycle Auditing standards Audit assertions Audit reporting Risk assessment Extent of procedures Audit approaches Audit materiality Quizzes -- 12-15 questions -t/f \- fill in the blank \- mc Midterm -- small case type scenarios and apply standards Final -- 2.5 hours -- comb of mc of standards post midterm prob worth 20-30%, one case, define audit procedures etc, depth and breadth, entire course of standards in the case Fundamental Concepts Assurance engagement -- practitioner aims to obtain sufficient appropriate evidence in order to provide a conclusion designed to enhance the degree of confidence for the intended users about the outcome.\ - Limited assurance (review) -- 60-65% assurance, gives a conclusion (negative assurance)\ - Reasonable assurance (audit) -- 95-99% assurance, auditor expresses opinion (positive opinion)\ - private company could be 90%\ - others -- forensic, or value-for-money audit \*Test question -- what's the difference between review and audi t Agency risk -- risk that management sees things different than ownership, external audit overcomes this To increase trust in the audit profession, we increase the quality of audits. Regulatory Framework \*Be familiar with the standard setting process. CPAB -- audits the auditing firms -- doesn't MWF do this? CSA -- issues "instruments" Rules of Professional Conduct\ - Integrity\ - objectivity\ - professional competence and due care\ - confidentiality\ - professional behaviour \*Document threats to independence 796 797, 798 799 800,801 806,807 602 800,801 806 []{#_Toc178007100.anchor}CSQM 1\ - Firmwide system of quality control\ - specifies objectives that need to be met\ - risk based process for the following:\ - governance and leadership\ - relevant ethical requirements\ - acceptance and continuance of client relationships\ - engagement performance\ - resources\ - information and communication Audit partner ensures quality, they know the client best []{#_Toc178007101.anchor}CSQM 2\ - Engagement controls\ - engagement quality review\ - cannot be anyone on the engagement\ - has to be someone with time so they are able to take time\ - quality control review is not to second guess the partner ,but to check the policies and standards have been followed CAS 210 -- Agreeing to the terms of audit engagement ==================================================== Preconditions for an audit:\ - management is responsible for financial statements\ - management has to agree to unrestricted access to information\ - financial statements must be prepared with the appropriate framework Good to get a yearly engagement letter since this is where you can outline increased fees Change in terms of the engagement\ -should not be agreed to unless there is a reasonable justification for doing so\ -prior to completion, auditor must determine whether there is reasonable justification\ - if terms are changed, EL must be updated\ - if auditor does not agree and is not permitted to continue, withdraw from engagement and consider obligations to other parties, ie board of directors []{#_Toc178007103.anchor}CSOA 5000 -- Use of Practitioner's Communication or Name\ - Client has to get consent to send reports to third parties, such as the bank\ - understand the context in which the practitioners name is to be used\ - consider including in engagement letter\ - must be appropriate -- timing, placement, etc []{#_Toc178007104.anchor}CAS 300 -- Planning an Audit of Financial Statements\ - standard says engagement partner should be involved with the staff in planning the engagement, but is usually not in the actual world\ - preliminary engagement activities:\ - perform procedures required by CAS 220\ - obtain an agreement of the terms, ie engagement letter\ - planning activities:\ - establish audit strategy -- determine scope, timing, and direction of the audit\ - whats the nature, timing, and extent of the audit\ - nature -- internal control tests, substantive procedures (tests of detail and analytical procedures)\ - timing -- year end only, or preyear end\ - extent -- judgemental or statistical -if a new engagement, must go visit predecessor and review their files []{#_Toc178007105.anchor}CAS 315 -- Identifying and Assessing the Risks of Material Mistatement\ - objective of the auditor is to identify and assess the risks of material misstatement, due to fraud or error, at the F/S and assertion levels to provide a basis for designing and implementing responses to the risks\ -Key Concepts:\ - discussion of professional skepticism\ - discussion of audit risk\ - Audit risk = Inherent risk x control risk x detection risk\ - RMM exists at the FS and assertion level for classes of transactions, account balances, and disclosures\ - for identified RMM at the assertion level, must separately assess inherent risk and control risk\ - Assertions -- representation with respect to the recognition of information in the FS which are inherent in management representing that the FS are prepared in accordance with the appropriate framework\ - Assertions about classes of transactions and events for the period under audit:\ - occurrence\ - completeness\ - accuracy\ - cutoff\ - classification -Assertions about account balances at the period end:\ - existence\ - rights and obligations\ - completeness\ - valuation and allocation\ -Assertions about presentation and disclosure:\ - occurrence and right and obligations\ - completeness\ - classification and understandability\ - accuracy and valuation \- Risk assessment procedures\ - need to identify and assess RMM at both levels\ - assessment should not be biased towards obtaining audit evidence that may be corroborative or excluding audit evidence\ - risk assessment procedures include:\ - inquires of management and appropriate individuals within the entity\ - analytical procedures\ - observation and inspection\ - consider information obtained by engagement partner from performing other engagements for the entity\ - consider information auditor's previous experience with the entity and from audit procedures performed in previous audits\ -discussion between engagement partner and other key engagement team members as to the susceptibility of the entity's FS to material misstatement \- Understanding the entity, its environment and the applicable financial reporting framework:\ - perform risk assessment procedures to obtain an understanding of:\ - entity's org structure, ownership, governance, and business model\ - industry, regulatory, and other external factors\ - measures used, internally, and externally, to assess the entity's financial performance\ - applicable financial reporting framework, the entity's accounting policies and the reasons for change\ -how inherent risk factors affect susceptibility of assertions to the misstatement and the degree to which they do so, in the preparation of the FS Controls in IT\ - input controls\ - process controls\ - output controls CAS 320 -- Materiality in Planning and Performing an Audit ========================================================== - Materiality -- misstatements including ommissions are considered material if they could reasonably be expected to influence the economic decisions of users taken on the basis of FS - Judgements about materiality are made in light of surrounding circumstances and are affected by the size or nature of a misstatement or a combination of both Calculate materiality for a company -- quantitative and qualititave, calc performance materiality. How would factors affect your judgement on level of performance materiliaty\ 5% pretax CAS 240 -- Auditors responsibilities relating to fraud ====================================================== - Fraud -- an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. - Fraud risk factors -- events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity to commit fraud - Professional skepticism: - Maintain professional skepticism throughout audit recognizing the possibility that a material misstatement due to fraud could exist, even in spite of audtiro's past experience of honesty or integrity of management and those charged with governance - Unless evidence to the contrary, auditor may accept records and document as genuine. If evidence to the contrary, investigate further. - Investigate any inconsistencies in response to inquires from management and those charged with governance. - Risk assessment procedures - Inquiries of management as to: - Assessment of the risk that the FS may be materially misstated due to fraud - Process for identigfying and responding to risks of fraud in the entity - Management communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity - Management's communications to employees regarding its views on business practices and ethical behaviour - Inquiries of management and those charged with governance to determine whether they have knowledge of any actual, suspected, or alleged fraud - Obtain an understanding of how those charged with govenerance exercise oversight of management's processes for identifying and responding to the risks of fraud - Evaluate whether unusual or unexpected relationships that have been identified in performing analytical procedures, including those related to revenue accounts, may indicate risks of material misstatement due to fraud - **Identification and assessment of the risks of material misstatement due to fraud** - Identify and assess the risks of material misstatement due to fraud at the FS level and at the assertion level for classes of transactions, account balances, and disclosures. - Based on a presumption that there are risks of fraud in revenue recognition, evaluate which types of revenue, revenue transactions or assertions give risk to such risks - Treat assessed risks of material misstatement due to fraud as significant risks and accordingly, to the extent not already done so, identify the entity's controls and address such risks, evaluate their design and determine whether they have been implemented. - **Responses to the assessed risks of material misstatement due to fraud** - Overall response - Assign and supervise personnel - Evaluate the selection and application of accounting principles - Incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures - Assertion level -- design and perform audit procedures whose nature, timing, and extent are responsive to the assessed risks of material misstatement due to fraud at the assertion level - Audit procedures responsive to risks related based on a presumption that there are risks of fraud in revenue recognition, evaluate which types of revenue, revenue transactions or assertions give rise to such risks Cas 260 -- Communication with those charged with governance =========================================================== - Who to communicate with? - If dealing with a subgroup, determine whether the auditor also needs to communicate with the governing body - If all charged with governance are involved in management, okay to speak to only management - Matters to be communicated - Auditor's responsibility for forming and expressing an opinion on the FS, and that the audit does not relieve management of their responsibilities - Overview of the planned scope and timing of the audit - Significant findings of the audit - Auditor's views about significant aspects of the entity's accounting practices - Significant difficulties encountered - Significant matters arising from the audit - Written representations the auditor is requesting - Circumstances that affect form and content of the auditor's report - Any other significant matters that the auditor feels is important - For listed entities, communication should also include: - Statement that the engagement team and the firm have complied with ethical requirements - All relationships and other matters between the firm and the entity that may reasonably be thought to bear on independence - Related safeguards that have been applied to eliminate identified threats to independence or reduce them to an acceptable level - Communication process - Communication must be written - Communicate on a timely basis - Evaluate whether the two way communication has been adequate for the purpose of the audit. CAS 265 -- Communicating Deficiencies in Internal Control ========================================================= - Information to include: - A description of the deficiencies and an explanation of their potential effects - Sufficient information to enable management and those charged with governance to understand the context - The purpose of the audit was to express an opinion on the FS - The audit included consideration of internal controls relevant to the preparation of the FS to design audit procedures that are appropriate, but not for the purpose of expressing an opinion on the effectiveness of internal controls - The matters being reported are limited to those deficiencies that the auditor has identified during the audit - Also communicate to management in writing on a timely basis: - Significant deficiencies in internal control that the auditor has communicated, unless it would be inappropriate in the circumstance - Other deficiencies in internal control identified during the audit that are of sufficient importance CAS 402 -- Audit Considerations Relating to an Entity Using a Service Organization ================================================================================== - A service organization is a third-party organization that provides services to a user entity that are part of the entity's information systems relevant to financial reporting - *Like a payroll service* - *Is there data transfer, is it significant or material?* - *Review the contract between entity and SO* - *Inquire of management -- but about what \*\*\*\*\*\*need to say this on the quiz and/or midterm* - Obtaining an understanding of the services provided by a service organization, including internal control: - Obtain an understanding of how a user entity uses the service organization: - Nature of services provided and the impact on internal control - Nature and materiality of the transactions processed - The degree of interaction between the activities of the SO and the user entity - Nature of relationship between user entity and SO, including relevant contract terms - Evaluate the design and implementation of relevant controls - Assess whether a clear understanding of the service organization's services and their impact on the user entity's internal controls has been gained to identify and evaluate risks of material misstatement. If not, perform one of more of the following procedures: - Type 1 report -- management of the service organization provides a description of their system, control objectives, and related controls that have been designed and implemented as at a specified date. Then the service auditor reports on whether these are suitable and effective in achieving the specified control objectives. *At the SO, no testing goes on. It is also prepared at a point in time which can create timing issues. Closer to year end the better* - Type 2 report -- management makes a similar statement as above but can be for specified date or throughout a period, and their operating effectiveness throughout a period. The service auditor reports on the suitability and effectiveness of these controls. *Includes testing of controls. Service organization will pay for the report. If the controls are not sufficient, audit risk goes up, can do more substantive procedures.* - Contact the SO to obtain specific information - Perform procedures at the SO - Use another auditor to perform procedures at the SO - Responding to the Assessed Risks of Material Misstatement - Determine if sufficient appropriate evidence is available from records held at the user entity and if not, perform further audit procedures - If controls at the SO are expected to be operating effectively: - Obtain type 2 report - Perform appropriate tests of controls at the SO - If using type 2 report: - Evaluate if it is appropriate - Consider complementary user entity controls - Evaluate adequacy of the time period covered - Evaluate if the service auditor's report provides sufficient appropriate evidence to support the risk assessment *If fraud occurs at the SO, audit risk increases. Does management know there is fraud? What have they done about it? Can affect engagement, is this material?* *When relying on SO, no need to mention SO on audit report because we are the auditors and we are responsible for the audit.* CAS 570 -- Going Concern ======================== - Going concern basis of accounting - FS prepared on the assumption that the entity is a going concern and will continue operations for the foreseeable future - General purpose FS are prepared using the going concern basis of accounting, unless management intends to liquidate or cease operations - Assets and liabilities are recorded on the basis that the entity will be able to realize its assets and discharge its liabilities in the normal course of business - *Find out if management has a plan and Its details, then make your own decision on if the company is a going concern. Cashflow forecast is the best way to determine.* - Risk and assessment procedures - Consider whether there are events or conditions that may cast significant doubt on entity's ability to continue as a going concern - Determine if management has already performed a preliminary assessment of the entity's ability to continue as a going concern, discuss management's plans to address them - Remain alert throughout the audit for evidence that causes doubt on going concern - Audit procedures - Evaluate managements assessment of the entity's ability to continue as a going concern, this should cover a time period of at least 12 month beyond the FS date - Inquire of management as to its knowledge of events or conditions beyond the period of their assessment that may cast doubt. - Additional audit procedures when events or conditions are identified that case doubt, to determine whether a material uncertainty exists: - Request management make an assessment of going concern if they have not - Evaluate managements plans for future actions - Assess reliability of data and assumptions on a cashflow forecast - Request written representations from management regarding their plans for future actions - **Use of going concern basis but a material uncertainty exists:** - **Determine if there is adequate disclosure in the FS** - **Description of conditions that may cast doubt and their plan to deal with these conditions** - **Disclose clearly that there is a material uncertainty related to going concern and the entity may be unable to realize its assets and discharge liabilities in the normal course of business** - Audit report implications - FS prepared using going concern but auditor considers it to be inappropriate: adverse opinion - FS prepared using going concern, which is considered appropriate, but material uncertainty exists - Adequate disclosure of material uncertainty is made in FS: unmodified opinion but include a separate section under the heading "Material Uncertainty Related to Going Concern" to state that these conditions exist - Inadequate disclosure of material uncertainty in FS: - Express a quailed or adverse opinion and in the "Basis for Qualified Opinion" section, state the uncertainty exists - If management is unwilling to make or extend its assessment, consider implications for audit report - Other issues: - Communicate that events/conditions exist that may cast significant doubt on going concern: - Material uncertainty? - Does management use going concern? - Are there adequate disclosures in the FS - If there is a delay in the approval of FS, inquire. Information Quality *Dimensions of Quality --* - *Information quality is the measure of value which information provides to the user* - *Quality is subjective* - *Dimensions* - *Relevant* - *Ease of use* - *Information integrity* - *Authority* - *Verifiability* - *Objectivity* - *Timeliness* - *Currency* - *Frequency* - *Accuracy* - *Completeness* - *Conciseness* *Types of Data* - *Numeric -- quantitative* - *Discrete* - *Continuous* - *Categorical -- qualitative* - *Nominal* - *Ordinal* - *Time-series* - *Test* - *Audio* *Professional Skepticism* - *Managers should rarely take data at face value* - *Get a deeper understanding of the data* - *Relevant, timely, complete* - *What assumptions were used* *Model-driven Decision Making* - *Utlilizes a model to solve problems or in making a decision* - *A model can be statistical, financial, mathematical, analytical, simulation, or optimization and may be developed using machine learning* - *Should be biuilt using hard data* - *Philips curve ?* - *Sensitivity analysis or "what if" analysis* CAS 510 -- Initial Audit Engagements ==================================== - Initial audit engagement -- an engagement in which the FS for prior period were unaudited or were audited by a predecessor auditor - Audit procedures: - Review prior period FS and audit report, look for qualifications in audit report and assess impact for current year - If prior year unaudited, need to perform specific audit procedures on opening balances -- *audit bank rec, confirm with bank balances, look at subsequent receipts, inventory count* - Ensure accounting policies have been applied consistently *Must confirm opening balances if the FS were audited by another firm, must ask predecessor if there is any reason we should not take this client* CAS 520 ======= - Developing expectation - CAS 540 -- Auditing Accounting Estimates and Related Disclosures ================================================================ - Definitions - Accounting estimate -- monetary amount for which the measurement is subject to estimation uncertainty - Auditor's point estimate or range -- an amount developed by the auditor in evaluating managements point estimate - Estimation uncertainty -- susceptibility to an inherent lack of precision in measurement - Management bias -- lack of neutrality by management in the preparation of information - Management's point estimate -- amount selected by management for recognition or disclosure in the FS as an accounting estimate - Risk assessment procedures for accounting estimates: - Obtain an understanding of the following matters related to accounting estimates: - Transactions or other events that may give rise to a change in estimates - Requirements of applicable financial reporting framework including the impact from inherent risk factors - Regulatory factors - Nature of accounting estimates and related disclosures expected - Nature and extent of oversight and governance in place over management's financial reporting process relevant to accounting estimates - How management identifies the need for specialized skills or knowledge related to accounting estimates - Entity's information system as it related to accounting estimates: - Classes of transactions - How management identifies relevant methods - How management understands degree of estimation - How management addresses the estimation uncertainty - Control activities relevant to the audit over management's process for making accounting estimates - How management reviews the outcome of previous estimates - Review the outcome of previous estimates to assist in identifying and assessing the risks in the current period - Determine whether the engagement team requires specialized skills - Identifying and assessing the risks of material misstatement related to accounting estimates: - Separate assessment of inherent risk and control risk required. - Auditor needs to consider: - The degree to which the estimate is subject to estimation uncertainty - The degree to which the following are affected by complexity, subjectivity or other inherent risk factors: - Selection and application of the method, assumptions and data in making the accounting estimate - Selection of management's point estimate and related disclosures - For those with a high degree of estimation uncertainty, assess whether they give rise to significant risks - If risks of material misstatement are significant, if so, obtain an understanding of the entity's controls relevant to that risk - Responses to the assessed risks of material misstatement - Auditors further audit procedures related to accounting estimates will include one or more of the following approaches: - Obtain audit evidence from subsequent events up to the date of the auditor's report - Test how management made the accounting estimate - Develop an auditor's point estimate or range - Test how management made the accounting estimate: - Methods -- consider: - Is the method selected appropriate? - Do judgements made in selecting method give rise to indicators of management bias? - Calculations mathematically correct? - Have integrity of the significant assumptions and data been maintained in applying the method - Significant assumptions -- consider: - Are significant assumptions appropriate? - Indications of management bias? - Are SA consistent with each other and with those used in other accounting estimates - If management has the intent and ability to carry out specific courses of action - Data -- - Is data used appropriate - Indications of management bias? - Is data relevant and reliable in the circumstances? - Management's selection of a point estimate and related disclosures: - Has management taken appropriate steps to understand estimate uncertainty, select an appropriate point estimate and develop related disclosures - If not, auditor will request management perform additional procedures - Develop an auditor's point estimate or range: - May be required to evaluate mangement's point estimate - Need to evaluate appropriateness of methods, significant assumptions and data - Determine that the range includes only amounts that are supported by sufficient appropriate audit evidence and have been evaluated by the auditor to be reasonable - Design and perform further audit procedures relating to the disclosures in the FS that describe the estimation uncertainty - Indicators of possible management bias: - Evaluate judgements and decisions by management are indicators of bias - If so, evaluate the implications - Overall Evaluation of Accounting Estimates - Evaluate based on procedures: - Assessments of risks of material misstatement at the assertion level remain appropriate - Management's decisions relating to the recognition, measurement, presentation and disclosure are in accordance with the applicable framework - Sufficient appropriate audit evidence has been obtained - Take into account all relevant audit evidence - If unable to obtain sufficient evidence, consider implications for audit - Determine whether accounting estimates and related disclosures are reasonable CAS 550 -- Related Parties ========================== Risk assessment procedures: - Engagement team -- at planning stage, discuss susceptibility of FS to material misstatement due to fraud or error as a result of related party relations and transactions. Share relevant information obtained with all engagement team members - Enquiries of management: - Identity of entity's related parties, including changes from the prior period - Nature of relationships with related parties - Transactions entered into with related parties during period - Management controls to: - Identify, account for, and disclose RPTs - Authorize and approve significant RPTs - Maintain alertness when reviewing records or documents for RPT which management has not previously identified or disclosed to auditor - If auditor identifies significant transactions outside the entity's normal course of business, inquire of management as to the nature of these transactions Identifying and assessing the risks of material misstatement: - Identify and assess the risks of material misstatement associated with RPT and determine if there are significant risks -- all RPTs outside the entity's normal course of business are considered significant risks - If the auditor identifies fraud risk factors when performing work on RPTs, consider such information when identifying and assessing risks of material misstatement related to fraud Responses to the risks of material misstatement: - If auditor identifies RPTs that management has not previously identified: - Promptly communicate with engagement team members - Ask management to identify all transactions with the newly identified related party - Inquire why the entity's controls failed to identify the RPT - Perform substantive procedures such as enquiry of management as to nature of relationship - Verify terms and conditions of RPT - Reconsider risk that there may be other RPT that have not been identified - If non-disclosure by management appears intentional, evaluate implications for audit - *Increase alertness as a result of this* - For identified significant RPT outside the entity's normal course of business: - Inspect the underlying contracts or agreements - Obtain audit evidence that the transactions have been appropriately authorized and approved - If management has made an assertion in the FS to the effect that a RPT was conducted on terms equivalent to those prevailing in an arm's length transaction, obtain evidence to support CAS 560 -- Subsequent Events ============================ Events occurring between the date of the FS and the auditor's report: - Perform audit procedures to identify subsequent events: - Review/test records or transactions during subsequent events period - Understand managements procedures to identify subsequent events - Inquire of management the existence of SEs that may affect the FS - Read shareholders' minutes in subsequent events period - Obtain written representation from management that all subsequent events requiring adjustment or disclosure have been addressed. Facts which become known to the auditor after the date of the auditor's report but before the date the FS are issued: - No obligation for auditor to perform procedures regarding FS after the date of auditor's report, but if something comes to the attention of the auditor, which had it been previously known, may have caused the auditor to amend the report, auditor shall: - Discuss with management - Determine whether the FS needs amendment - If management amends the FS, auditor shall: - Carry out audit procedures on amendment - If "new" audit report to be provided, extend subsequent events review to new date of audit report - If management does not issue amended FS when auditor thinks they should: - If audit report has not been provided, modify opinion - If audit report has been provided, notify management to not issue the FS before amendments have been made. CAS 600 ======= Group parent auditor sets materiality and FS materiality for all entities. CAS 610 -- Using the Work of Internal Auditors ============================================== Been on the CFE a lot Determine whether the work of the internal auditors is likely to be adequate for the purposes of the audit -- evaluate: - Objectivity of the internal audit function - Competence of internal auditors - Whether the internal audit function applies a systematic and disciplined approach, including quality control Planning -- determine the nature and extent of work of the internal audit function that can be used: - Consider the nature and scope of work performed - External auditor needs to make all significant judgements in the engagement - External auditor has sole responsibility for the audit opinion - Communicate with management how the external auditor plans to use the work of the internal audit function. Using the work of the internal audit function: - Discuss planned use of their work with internal audit function - Read reports of work performed by internal audit function - Perform procedures on work done by internal audit to evaluate: - Work has been properly planned, performed, supervised, reviewed and documented - Sufficient appropriate evidence to support conclusions - Conclusions reached are appropriate in the circumstances and reports are consistent with results of work performed - Nature and extent of external auditors audit procedures will depend on: - Amount of judgement involved - Assessed risk of material misstatement - Objectivity of internal audit function - Competence of internal audit function Direct assistance -- the use of internal auditors to perform audit procedures under the direction, supervision and review of the external auditor. Factors to consider to determine if and to what extent internal auditors can be used to provide direct assistance: - Prohibitions by law or regulation - Evaluate threats to objectivity and competence of the internal auditor - Amount of judgement involved - Assessed risk of material misstatement - External auditor cannot used internal auditors to provide direct assistance to perform procedures that: - Involve making significant judgement -- significant judgement means higher risk - Relate to higher assessed risk of material misstatement - Relate to work performed by internal audit which will be reported on to management - Relate to decisions the external auditor makes regarding the internal audit function - Communicate with management the nature and extent of the planned use of internal auditors to provide direct assistance so as to reach a mutual understanding that such use is not excessive - Evaluate if the use of internal auditors for direct assistance still results in the external auditor being sufficiently involved in the audit Using internal auditors to provide direct assistance: - Obtain written agreement - External auditor will direct, supervise, and review the work performed by internal. CAS 620 -- Using the Work of an Auditor's Expert ================================================ Auditor's Expert -- an individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the auditor to assist in obtaining sufficient appropriate audit evidence. - In determining the nature, timing and extent of audit procedures involving an expert, consider: - Nature of the matter to which the expert's work relates - Risks of material misstatement in the matter - Significance of the experts work in the context of the audit - Auditor's knowledge of and experience with previous work performed by that expert - Whether that expert is subject to the audit firm's quality control policies and procedures - Evaluate the competence, capabilities and objectivity of the expert - Understand the field of expertise of the expert to enable the auditor to determine nature, scope and objectives - Agreement in writing stating nature, scope and objectives, and experts role - Evaluate and document the adequacy of the experts work for the auditors purposes - If the work of the expert is not adequate, auditor needs to determine if additional work needs to be performed by the expert or additional audit procedures need to be performed by the auditor - No reference needs to be made to the expert in the audit report unless required by law. CAS 710 -- Comparative Information -- Corresponding Figures and Comparative Financial Statements ================================================================================================ Determine whether the FS include the comparative information required by the applicable financial reporting framework and whether such information is appropriately classified. Evaluate whether: - The comparative information agrees with the amounts and other disclosures presented in the prior period - The accounting policies reflected in the comparative information are consistent with those applied in the current period or if there have been changes that they have been properly accounted for and disclosed. If become aware of a possible material misstatement in comparative information, perform additional audit procedures Written representation from management refers specifically to all periods referred to in the auditor's opinion. Also need to obtain specific written representation regarding any restatement made to correct a material misstatement in prior period FS that affect comparative information. Audit report: - Do not usually refer to corresponding figures - Consider whether a modified opinion in prior period will impact this year's report - If auditor obtains evidence that a material misstatement exists in the prior period FS and last year's audit report was unmodified and comparative information has not been restated, consider impact on this year's report - If prior year audited by a predecessor, state in an other matter paragraph: - The FS of prior period were audited by predecessor - Type of opinion expressed by predecessor and why - Date of that report - If prior period FS not audited, state in an other matter paragraph that the corresponding figures are unaudited. CAS 330 -- The Auditor's Responses to Assessed Risks ==================================================== Overall Responses -- design and implement overall responses to address the assessed risks of material misstatement at FS level. *Overall financial statement risk -- are the assets, liabilities, expenses properly classified. Are all the notes complete. Full disclosure principle.* *Assertion risk -- test existence and valuation* - Overall responses may include: - Emphasizing to audit team the need to maintain professional skepticism - Assigning more experienced staff or those with special skills or using experts - Providing more supervision - Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed - Making general changes to the nature, timing and extent of audit procedures - Affected by the auditor's understanding of the control environment. An effective control environment may allow the auditor to have more confidence in internal control and the reliability of audit evidence generated internally - Deficiencies in the control environment may result in: - Conducting more audit procedures as of the period end rather than at an interim date - Obtaining more extensive audit evidence from substantive procedures - Increasing the number of locations to be included in the audit scope - Overall approach - Substantive approach -- an emphasis on substantive procedures - Combined approach -- uses tests of controls as well as substantive procedures - Substantive procedures -- an audit procedure designed to detect material misstatement at the assertion level. Comprise tests of details and substantive analytical procedures - Tests of controls -- an audit procedure designed to evaluate the operating effectiveness of controls in preventing or detecting and correcting material misstatements at the assertion level Assertion Level -- design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level. - For each significant class of transactions, account balance, or disclosure, consider the reasons for the assessed risk including likelihood and magnitude of material misstatement and whether risk assessment takes into account relevant controls. If so, auditor will need to obtain audit evidence to determine whether the controls are operating effectively. - Obtain more persuasive audit evidence the higher the auditors assessment of risk. Tests of Controls - Design and perform tests of controls to obtain sufficient evidence as to the operating effectiveness of the relevant controls if: - Auditor intends to rely on them in determining the nature, timing and extent of substantive procedures - Substantive procedures alone cannot provide sufficient evidence at the assertion level - Obtain more persuasive audit evidence the greater the reliance the auditor places on effectiveness of a control - Perform other audit procedures in combination with inquiry, including: - How the controls were applied at relevant times during the period - The consistency with which they were applied - By who or what means they were applied - Determine if the controls to be tested depend upon other indirect controls - Test controls for the particular time or throughout the period for which the auditor intends to rely - Interim audit testing -- obtain audit evidence about significant changes to those controls subsequent to the interim period and consider extending testing for remaining period - Using audit evidence obtained in previous audits: - Assess factors such as effectiveness of control environment, general IT controls, results of testing controls previously and extent of reliance on the control - Determine if there have been significant changes over the year - If no changes, the tests must be performed at least once in every third audit - If control relates to a significant risk and auditor intends to rely, must test each year - Evaluating the operating effectiveness of controls - Evaluate whether misstatements that have been detected by substantive procedures indicate that controls are not operating effectively. - If deviations, determine whether: - The test of controls that have been performed provide an appropriate basis for reliance on the controls - Additional tests of controls are necessary - Risks of misstatement need to be addressed using substantive procedures Substantive Procedures - Irrespective of the assessed risks of material misstatement, design and perform substantive procedures for each material class of transactions, account balance, and disclosure - Consider if external confirmation procedures are to be performed. External confirmations may be used to confirm terms of agreements, contracts, transactions between an entity and other parties, etc. - *External confirmations are only about existence, not about valuation* - Substantive procedures related to the FS closing process: - Agree or reconcile the FS with the underlying accounting records - Examine material journal entries and other adjustments made during the course of preparing the FS - Must perform substantive procedures that are specifically responsive to significant risk - Timing of substantive procedures: - If substantive procedures are performed at an interim date, need to cover the remaining period by substantive procedures combined with tests of further controls - If misstatements from interim testing, evaluate whether the related assessment of risk and the planned nature, timing or extent of substantive procedures covering the remaining period need to be modified *If errors found, assess to see how big it is, extend testing* *Test of details -- tracing to external documents, shipping label, etc.* *Analytical procedures -- looking at accounting cycles and trends/expectations. If sales goes up, we expect AR would go up, etc.* Adequacy of presentation and disclosure - Need to perform audit procedures to evaluate whether the overall presentation of the FS is in accordance with the applicable framework. Consider whether the FS are presented in a manner that reflects the appropriate: - Classification and description of financial information - Presentation, structure and content of the FS Evaluating the sufficiency and appropriateness of audit evidence - Based on audit procedures performed and audit evidence obtained, evaluate at the conclusion of the audit whether the assessments of the risks of material misstatement at the assertion level remain appropriate - Conclude whether sufficient appropriate audit evidence has been obtained - If sufficient evidence related to a relevant assertion about a class of transactions has not been obtained, obtain further audit evidence. CAS 530 -- Audit Sampling ========================= Audit Sampling -- application of audit procedures to less than 100% of items within a population, such that each item in the population has a chance of selection in order to provide the auditor with a reasonable basis on which to draw conclusions about the entire population. Sampling Risk -- risk that the auditor's conclusion based on a sample may be different from the conclusion if the entire population were subjected to the same audit procedure. Erroneous conclusions could relate to the effectiveness of controls or material misstatement for tests of details. Non-sampling Risk -- risk that the auditor reaches an erroneous conclusion for any other reason than sampling risk - Statsitical sampling risk has the following characteristics: - Random selection of the sample items - Use of probability theory to evaluate sample results, including measurement of sampling risk Sampling approaches that do not have these two characteristics are considered non-statistical sampling. Sample design, size, and selection of items for testing: - Need to define what constitutes a deviation or misstatement before testing begins - Sample design -- consider specific purpose to be achieved and combination of audit procedures needed to achieve that purpose - Sample size will be affected by: - Level of sampling risk that the auditor is willing to accept - Tolerable misstatement/rate of deviation - Sample size can be determined by the application of statistically-based formula or through the exercise of professional judgement - Selection of items for testing - Important to choose a representative sample, free from bias - Methods of selecting samples: random, systematic, or haphazard Performing audit procedures: - If unable to perform the audit procedures on the selected item, select a replacement item - If unable to perform the procedure on selected or alternative item, treat as a deviation or misstatement Nature and cause of deviations and misstatements: - Investigate nature and cause of any deviation or misstatements identified and evaluate their possible effect on audit procedure and other areas of the audit - If it is considered to be an anomaly, auditor must ensure that the deviation is not representative of the population by performing additional audit procedures Projecting misstatements -- for tests of details, project misstatement from sample to population in total CAS 505 -- External Confirmations ================================= External confirmation -- audit evidence obtained as a direct written response to the auditor from a third party in paper or electronic form External confirmation procedures -- auditor should control process for selecting, preparing and sending confirmation requests and should ask the recipient to reply directly to the auditor Managements refusal to allow the auditor to send a confirmation request: - Consider if management's reasons are valid and reasonable - Evaluate impact on risk assessment (including fraud) - Perform alternative audit procedures - If management's refusal is unreasonable, communicate with governance. Positive confirmation request -- third party is requested to respond whether they agree or disagree. Evaluate results of external confirmations: - Reliability of response received - Perform alternative procedures for non-responses - Investigate exceptions *If don't get back positive confirmation, risk increases, increases testing, send out another confirmation. If the second doesn't come back, verify another way. Ex verify shipping document with invoice with product catalog to confirm quantity and price. Look for subsequent cash receipt.* \*\*Say exactly what you would do on the exam, what procedure?? Negative confirmation request -- third party is only requested to respond if they disagree. Accordingly, they provide less persuasive evidence than positive confirmations. Cannot use negative confirmation requests as sole substantive audit procedure to address an assessed risk of material misstatement unless all of the following are present: - Risk of material misstatement is low and operating effectiveness of controls have been tested - Population of items to be tested is comprised of a large number of small, homogenous items - Very low exception rate is expected - Auditor is not aware of circumstances or conditions that would cause recipients to disregard negative confirmation requests
