Study Guide: Auditing and Assurance Services PDF

Business Risk The risk that an entity will fail to meet its objectives. Today’s information is more complex, demanded by remote users, needed in a timely manner, and has far-reaching consequences. Information Risk The probability that the information circulated by a company will be false or misleading. Users demand an independent third-party assessment of the information to reduce this risk. Risk Assessment Evaluating the risk of material misstatement in financial statements. Includes considering management assertions and evaluating evidence to ensure fair presentation. Assertions (Management’s Financial Statement Assertions) Existence or occurrence – Assets, liabilities, and recorded transactions exist and have actually occurred. Completeness – All balances and transactions are recorded in the financial statements. Valuation or allocation – Transactions are recorded at the correct amount in accordance with GAAP. Rights and obligations – Entity has a legal claim on assets and a responsibility for liabilities. Presentation and disclosure – Information is disclosed appropriately in statements and footnotes. Auditing Definitions Financial Statement Auditing: A systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events. Attestation Engagements: A practitioner assesses and reports on subject matter or assertions made by another party. Assurance Services: Independent professional services that improve the quality of information for decision-makers. Purpose of the Audit To provide independent assurance that financial statements are free from material misstatement. Enhances the reliability of financial reports used by investors and creditors. Professional Skepticism An auditor’s questioning mindset toward management representations and gathered evidence. Key Characteristics: ○ Inquiry alone is insufficient—corroborative evidence is needed. ○ Investigate unusual financial trends. ○ Verify document authenticity. ○ Recognize potential conflicts of interest between management and auditors. Independence (In Appearance & In Fact) Independence in Fact: The auditor maintains an unbiased mental attitude. Independence in Appearance: Avoiding situations that could lead outsiders to perceive a lack of objectivity. Responsibilities Principle Competence and Capabilities: Requires auditors to have the necessary experience and expertise. Independence: Auditors must maintain independence both: ○ In Fact: Unbiased mental attitude. ○ In Appearance: Avoiding relationships that might make others question their objectivity. Due Care: Auditors must perform with the same level of diligence and skill as a reasonable auditor in similar circumstances. Professional Skepticism and Judgment: ○ Skepticism: Questioning mindset and critical assessment of evidence. ○ Judgment: Applying training, knowledge, and experience to make informed audit decisions. Audit Evidence is Sufficient Sufficiency: Refers to the quantity of evidence gathered (e.g., number of transactions or components examined). Appropriateness: Relates to quality, including: ○ Relevance: Does the evidence address the assertion of interest? ○ Reliability: Can the auditor trust the source of evidence? Higher reliability: Auditor’s direct knowledge, external documents. Lower reliability: Internal documents or verbal confirmations. Fundamental Principles (Generally Accepted Auditing Standards - GAAS) Responsibilities Principle: Addresses auditor qualifications and ethical requirements. Performance Principle: Ensures audits are properly planned and executed to provide reasonable assurance. ○ Planning and Supervision: Preparing an audit plan. ○ Materiality: Determining the significance of misstatements. ○ Risk Assessment: Understanding the entity, its environment, and internal controls. ○ Audit Evidence: Evaluating sufficiency and appropriateness. Reporting Principle: Requires auditors to: ○ Express an opinion or indicate an inability to express an opinion. ○ Assess financial statements against a recognized financial reporting framework (e.g., GAAP, IFRS). Physical Observation, Confirmation, Expectation, and Scan Physical Observation: The auditor visually inspects tangible assets, such as inventory or equipment, to verify existence and condition. Confirmation: The auditor obtains evidence from a third party, such as banks confirming account balances or customers confirming accounts receivable. Expectation: Used in analytical procedures, where the auditor develops an expectation of what a balance should be based on trends and financial data. Scanning: A high-level review of records or transactions to identify unusual patterns or anomalies. What to Do Before Accepting an Engagement 1. Client Acceptance or Continuance: ○ Evaluate if the firm wants to accept a new client or continue with an existing one. 2. Communication with Predecessor Auditors (if applicable): ○ Required by the prospective auditor after approval from the client. ○ Discuss management integrity, disagreements, fraud risks, and the reason for auditor change. 3. Independence and Ethical Considerations: ○ Auditors must be independent in fact and appearance. ○ Violations can result in regulatory action or litigation. 4. Engagement Letter: ○ A written agreement outlining responsibilities, scope, and limitations of the engagement. Design the Written Audit Plan So That… The auditor gathers sufficient and appropriate evidence to support the audit opinion. It includes procedures for assessing risk of material misstatement at financial statement and assertion levels. It details control tests and substantive tests to mitigate identified risks. The nature, timing, and extent of audit procedures are clearly documented. Why Auditors Would Not Accept a New Audit Partner Independence Issues: The new partner has conflicts of interest (e.g., financial relationships with clients). Lack of Competence: The partner does not have the necessary expertise for complex engagements. Ethical Concerns: Prior disciplinary actions or questionable professional conduct. High-Risk Clients: If the new partner has relationships with high-risk clients or industries. Recalculation Definition: An audit procedure where the auditor checks the accuracy of financial data by performing independent mathematical calculations. Purpose: Ensures totals, interest calculations, depreciation, or tax computations are correct. What Should Be in the Engagement Letter Objectives of the Engagement: What the auditor is hired to do (e.g., express an opinion on financial statements). Management’s Responsibilities: Preparing financial statements, providing access to records, and ensuring compliance with accounting standards. Auditor’s Responsibilities: Conducting the audit per GAAS, obtaining sufficient evidence, and issuing an opinion. Limitations of the Engagement: Acknowledges that an audit does not guarantee fraud detection. Reporting Framework: Specifies whether financial statements will be evaluated under GAAP, IFRS, or another framework. Difference Between Vouching and Tracing Vouching: Tests occurrence/existence. ○ Starts from financial records (ledger/journal) and traces back to source documents (invoices, receipts). ○ Ensures recorded transactions actually happened. Tracing: Tests completeness. ○ Starts from source documents and traces forward to ensure transactions are recorded in financial records. ○ Ensures all valid transactions are included in financial statements. Brainstorming Audit team brainstorming discussions are a required procedure. Objectives include: ○ Gaining an understanding of previous experiences with the client. ○ Identifying how fraud might be perpetrated and concealed. ○ Recognizing procedures that might detect fraud. ○ Setting the proper tone for engagement. Discussions should be ongoing throughout the engagement. Difference Between the Three Risks 1. Inherent Risk (IR) ○ The probability that, in the absence of internal controls, material errors or fraud could occur. ○ Factors affecting inherent risk: Nature of the client’s business and competitive strategy. Major types of transactions. Effectiveness and integrity of managers and accountants. 2. Control Risk (CR) ○ The likelihood that the client’s internal controls fail to prevent or detect a material misstatement. ○ Factors affecting control risk: Control environment in which the company operates. Existence and effectiveness of control activities. Monitoring activities, such as the audit committee or internal audit function. 3. Detection Risk (DR) ○ The likelihood that the auditor’s substantive procedures fail to detect a material misstatement. ○ Factors affecting detection risk: Nature, timing, and extent of audit procedures. Sampling risk – choosing an unrepresentative sample. Non-sampling risk – inappropriate conclusions based on available evidence. What to Do if There Is High Inherent Risk If inherent risk is high, auditors need to: ○ Conduct more extensive audit procedures. ○ Increase professional skepticism. ○ Pay closer attention to high-risk accounts. ○ Perform more substantive testing. ○ Adjust the audit plan to reduce detection risk. Calculating the Risk of Material Misstatement (RMM) Formula: RMM=IR×CRRMM = IR \times CRRMM=IR×CR Example: ○ Inherent Risk (IR) = 0.90 ○ Control Risk (CR) = 0.50 ○ RMM = 0.90 \times 0.50 = 0.45 (or 45%) ] Calculating Detection Risk (DR) Formula: AR=IR×CR×DR ○ Where AR = Audit Risk. Example: ○ Audit Risk (AR) = 0.05 ○ Given: IR = 0.90 and CR = 0.50 ○ Solve for DR: 0.05=0.90×0.50×DR0.05 = 0.90 \times 0.50 \times DR0.05=0.90×0.50×DR DR = \frac{0.05}{0.45} = 0.11 \text{ (or 11%)} If IR and CR are high, auditors must keep DR low to maintain low overall audit risk. Matching All Definitions of Risks 1. Audit Risk (AR): The risk that the auditor expresses an inappropriate opinion on materially misstated financial statements. 2. Inherent Risk (IR): The susceptibility of an assertion to material misstatement without considering internal controls. 3. Control Risk (CR): The risk that internal controls fail to detect or prevent a material misstatement. 4. Detection Risk (DR): The risk that audit procedures fail to detect a material misstatement. Different Opinions Auditors Can Give on Internal Controls Auditors can issue one of three types of opinions on internal control over financial reporting: 1. Unqualified Opinion – No material weaknesses were found. 2. Disclaimer of Opinion – The audit team cannot perform all necessary procedures to determine if weaknesses exist. 3. Adverse Opinion – One or more material weaknesses were found. What Goes on the Report of Internal Control Auditors have two options for reporting: 1. Two Separate Reports ○ Fairness of the financial statements ○ Effectiveness of internal control over financial reporting (Each report has its own title, date, and signature.) 2. A Combined Report ○ One opinion on the financial statements. ○ A second opinion on internal control effectiveness. Three Phases of Internal Control Evaluations 1. Phase 1: Understand and Document ○ Understand the client’s internal control system. ○ Identify significant accounts and their relevant assertions. ○ Document understanding through narratives, flowcharts, or questionnaires. 2. Phase 2: Assess Control Risk (Preliminary) ○ Identify internal control activities supporting reliable financial reporting. ○ Consider the cost-effectiveness of reliance/testing. 3. Phase 3: Identify Controls to Test and Perform Test of Controls ○ Test the identified controls. ○ Two approaches: Exception testing (test all items in a population). Audit sampling (test a representative sample). Four Things About Separation of Duties 1. Authorization – Approving transactions. 2. Recording – Maintaining transaction records. 3. Custody – Handling physical assets. 4. Reconciliation – Comparing records to actual assets. (Segregating these duties reduces fraud risk and prevents errors.) Audit Committee Requirements The audit committee is a subcommittee of the board of directors with 3-6 members. All members must be financially literate. At least one member must be a financial expert.

Study Guide: Auditing and Assurance Services PDF

Document Details

Tags

Related

Summary

Full Transcript