Wiley CPAexcel Focus Notes AUDITING PDF
Document Details
Uploaded by DazzlingFibonacci
2015
Ray Whittington
Tags
Summary
This document is a study guide for the CPA exam, focusing on auditing and attestation. It provides key concepts, strategies, and techniques to help with the exam, including formulas, acronyms, and problem-solving methods. This resource is appropriate for professional accounting students or those preparing for the CPA exam.
Full Transcript
ffirs.indd 2 10/7/2014 12:55:59 PM 2015 Wiley ® CPAexcel EXAM REVIEW FOCUS NOTES ffirs.indd 1 10/7/2014 12:55:59 PM ffirs.indd 2 10/7/2014 12:55:59 PM ...
ffirs.indd 2 10/7/2014 12:55:59 PM 2015 Wiley ® CPAexcel EXAM REVIEW FOCUS NOTES ffirs.indd 1 10/7/2014 12:55:59 PM ffirs.indd 2 10/7/2014 12:55:59 PM 2015 Wiley ® CPAexcel EXAM REVIEW FOCUS NOTES AUDITING AND ATTESTATION ffirs.indd 3 10/7/2014 12:55:59 PM Cover Design by Wiley Cover image: © turtleteeth/iStockphoto Copyright © 2015 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-750- 4470, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, or online at http:// Proudly sourced and uploaded by [StormRG] www.wiley.com/go/permission. Kickass Torrents | TPB | ET | h33t Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services, or technical support, please contact our Customer Care Department within the United States at 800-762-2974, outside the United States at 317-572-3993 or fax 317-573-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. For more information about Wiley products, visit our Web site at http://www.wiley.com. ISBN: 978-1-118-91775-6 (paperback); 978-1-119-05165-7 (ebk); 978-1-119-05172-5 (ebk) Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 ffirs.indd 4 10/7/2014 12:55:59 PM CONTENTS Preface vii About the Author ix About the Contributor ix Module 1: Professional Responsibilities 1 Module 2: Engagement Planning, Obtaining an Understanding, and Assessing Risks 32 Module 3: Understanding Internal Control and Assessing Control Risk 63 Module 4: Responding to Risk Assessment: Evidence Accumulation and Evaluation 95 Module 5: Reporting 156 Module 6: Accounting and Review Services 231 Module 7: Audit Sampling 247 Module 8: Auditing with Technology 263 Index 271 v ftoc.indd 5 9/30/2014 10:14:21 PM ftoc.indd 6 9/30/2014 10:14:21 PM PREFACE This publication is a comprehensive, yet simplified study program. It provides a review of all the basic skills and concepts tested on the CPA exam and teaches important strategies to take the exam faster and more accurately. This tool allows you to take control of the CPA exam. This simplified and focused approach to studying for the CPA exam can be used: r As a handy and convenient reference manual r To solve exam questions r To reinforce material being studied Included is all of the information necessary to obtain a passing score on the CPA exam in a concise and easy-to-use format. Due to the wide variety of information covered on the exam, a number of techniques are included: r Acronyms and mnemonics to help candidates learn and remember a variety of rules and checklists r Formulas and equations that simplify complex calculations required on the exam r Simplified outlines of key concepts without the details that encumber or distract from learning the essential elements vii fpref.indd 7 9/30/2014 10:12:04 PM r Techniques that can be applied to problem solving or essay writing, such as preparing a multiple-step income statement, determining who will prevail in a legal conflict, or developing an audit program r Pro forma statements, reports, and schedules that make it easy to prepare these items by simply filling in the blanks r Proven techniques to help you become a smarter, sharper, and more accurate test taker This publication may also be useful to university students enrolled in Intermediate, Advanced and Cost Accounting; Auditing, Business Law, and Federal Income Tax classes; or Economics and Finance Classes. Good luck on the exam, Ray Whittington, PhD, CPA Preface viii fpref.indd 8 9/30/2014 10:12:04 PM ABOUT THE AUTHOR Ray Whittington, PhD, CPA, CMA, CIA, is the dean of the Driehaus College of Business at DePaul University. Prior to joining the faculty at DePaul, Professor Whittington was the Director of Accountancy at San Diego State University. From 1989 through 1991, he was the Director of Auditing Research for the American Institute of Certified Public Accountants (AICPA), and he previously was on the audit staff of KPMG. He previously served as a member of the Auditing Standards Board of the AICPA and as a member of the Accounting and Review Services Committee and the Board of Regents of the Institute of Internal Auditors. Professor Whittington has published numerous textbooks, articles, monographs, and continuing education courses. ABOUT THE CONTRIBUTOR Kurt Pany, PhD, CPA, is a Professor of Accounting at Arizona State University. His basic and advanced auditing courses provided the basis on which he received the Arizona Society of CPA’s Excellence in Teaching Award and an Arizona CPA Foundation Award for Innovation in the Classroom for the integration of computer and professional ethics applications. His professional experience includes serving for four years on the AICPA’s Auditing Standards Board, serving as an academic fellow in the Auditing Division of the AICPA, and prior to entering academe, working as a staff auditor for Deloitte and Touche. ix flast.indd 9 9/30/2014 10:11:48 PM flast.indd 10 9/30/2014 10:11:48 PM FINANCIAL STATEMENTS, AN AUDIT AND AUDITED FINANCIAL STATEMENTS Audited Financial Statements Financial CPA Audit Statement Audit Report Prepared following a Conducted following Financial Reporting Auditing Standards Framework (e.g., GAAP) (e.g., GAAS) Focus on Professional Responsibilities—Module 1 1 c01.indd 1 10/7/2014 6:18:36 PM DIAGRAM OF AN AUDIT Plan Audit Obtain Understanding of Client and Its Environment Including Internal Control Assess Risks of Misstatement and Design Further Tests Perform Tests of Controls Perform Substantive Procedures Complete the Audit Issue Audit Report Focus on Professional Responsibilities—Module 1 2 c01.indd 2 10/7/2014 6:18:36 PM Principles Underlying an Audit r Purpose of audit1SPWJEFBOPQJOJPO r Premise of audit.BOBHFNFOUIBTSFTQPOTJCJMJUZGPSQSFQBSJOHàOBODJBMTUBUFNFOUTBOE QSPWJEJOHBVEJUPSXJUIBMMOFFEFEJOGPSNBUJPO r Personal responsibilities of auditor$PNQFUFODF GPMMPXFUIJDBMSFRVJSFNFOUT NBJO- UBJOQSPGFTTJPOBMTLFQUJDJTN r Auditor actions in audit1SPWJEF QSPDFEVSFT UP PCUBJO SFBTPOBCMF BTTVSBODF BCPVU XIFUIFSàOBODJBMTUBUFNFOUTBSFGSFFGSPNNBUFSJBMNJTTUBUFNFOUT r Reporting results of an audit8SJUUFO SFQPSU XJUI BO PQJOJPO PS B TUBUFNFOU UIBU BO PQJOJPODBOOPUCFPCUBJOFE Focus on Professional Responsibilities—Module 1 3 c01.indd 3 10/7/2014 6:18:36 PM Auditing Standard Requirement Categories r Unconditional requirement5IFBVEJUPSNVTUDPNQMZXJUIUIFSFRVJSFNFOUJOBMMDBTFT JOXIJDIUIFDJSDVNTUBODFTFYJTU4"4VTFUIFXPSETmustPSis requiredUPJOEJDBUFBO VODPOEJUJPOBMSFRVJSFNFOU r Presumptively mandatory requirement4JNJMBSMZ UIF BVEJUPS NVTU DPNQMZ XJUI UIF SFRVJSFNFOU CVU JOSBSFDJSDVNTUBODFT UIFBVEJUPSNBZEFQBSUGSPNTVDIBSFRVJSFNFOU *OTVDIDJSDVNTUBODFT UIFBVEJUPSEPDVNFOUTUIFEFQBSUVSF UIFKVTUJàDBUJPOGPSUIFEFQBS- UVSF BOEIPXUIFBMUFSOBUJWFQSPDFEVSFTQFSGPSNFEJOUIFDJSDVNTUBODFTXFSFTVGGJDJFOU 4"4VTFUIFXPSEshouldUPJOEJDBUFBQSFTVNQUJWFMZNBOEBUPSZSFRVJSFNFOU /PUF5IF1$"0#JODMVEFTBUIJSEMFWFM Responsibility to Consider JOXIJDIUIFBVEJUPSGPMMPXT EFQFOETVQPOUIFFYFSDJTFPGQSPGFTTJPOBMKVEHNFOUJOUIFDJSDVNTUBODFT5FSNTTVDIBTNBZ NJHIU PSDPVME JOEJDBUFBSFTQPOTJCJMJUZUPDPOTJEFS Focus on Professional Responsibilities—Module 1 4 c01.indd 4 10/7/2014 6:18:36 PM CODE OF PROFESSIONAL CONDUCT Sections r 1SFGBDF BQQMJDBCMFUPBMMNFNCFST r 1BSU"QQMJDBCMFUP.FNCFSTJO1VCMJD1SBDUJDF r 1BSU"QQMJDBCMFUP.FNCFSTJO#VTJOFTT r 1BSU"QQMJDBCMFUPPUIFSNFNCFST SFUJSFEBOEVOFNQMPZFE Structure r 1SJODJQMFT HFOFSBMTUBUFNFOUT r 3VMFTPGDPOEVDU PWFSBMMTUBOEBSET r *OUFSQSFUBUJPOTPGUIFSVMFT r 0UIFSHVJEBODF FH EFàOJUJPOT QFOEJOHSFWJTJPOT Focus on Professional Responsibilities—Module 1 5 c01.indd 5 10/7/2014 6:18:36 PM CODE OF PROFESSIONAL CONDUCT (CONTINUED) Principles 3FTQPOTJCJMJUJFT 1VCMJD*OUFSFTU *OUFHSJUZ 0CKFDUJWJUZBOE*OEFQFOEFODF %VF$BSF 4DPQFBOE/BUVSFPG4FSWJDFT Focus on Professional Responsibilities—Module 1 6 c01.indd 6 10/7/2014 6:18:36 PM RULES AND APPLICABILITY Public Rules Business Other Practice *OUFHSJUZBOE0CKFDUJWJUZ X X *OEFQFOEFODF X (FOFSBM4UBOEBSET X X $PNQMJBODFXJUI4UBOEBSET X X "DDPVOUJOH1SJODJQMFT X X "DUT%JTDSFEJUBCMF X X X 'FFTBOE0UIFS5ZQFTPG3FNVOFSBUJPO r $POUJOHFOU'FFT X r $PNNJTTJPOTBOE3FGFSSBM'FFT X "EWFSUJTJOHBOE0UIFS'PSNTPG4PMJDJUBUJPO X $POàEFOUJBM$MJFOU*OGPSNBUJPO X 'PSNPG0SHBOJ[BUJPOBOE/BNF X Focus on Professional Responsibilities—Module 1 7 c01.indd 7 10/7/2014 6:18:36 PM Conceptual Frameworks $PEFJODMVEFTDPODFQUVBMGSBNFXPSLTGPSTJUVBUJPOTOPUFYQMJDJUMZBEESFTTFECZB3VMF Members in public practiceJOEFQFOEFODFDPODFQUVBMGSBNFXPSLBOEHFOFSBMDPO- DFQUVBMGSBNFXPSLUPBEESFTTJTTVFTPUIFSUIBOJOEFQFOEFODF Members in businessBHFOFSBMDPODFQUVBMGSBNFXPSL "MMGSBNFXPSLTVTFBOBQQSPBDIPGDPOTJEFSJOHTFSJPVTOFTTPGUISFBUTBOEXIFUIFSTBGF- HVBSETSFEVDFUIFSJTLUPBOBDDFQUBCMFMFWFM Focus on Professional Responsibilities—Module 1 8 c01.indd 8 10/7/2014 6:18:36 PM Threats and Safeguards Considered by Conceptual Frameworks Threats Safeguards r "EWFSTFJOUFSFTU r $SFBUFECZUIFQSPGFTTJPO MFHJTMBUJPOPSSFHVMBUJPO r "EWPDBDZ r *NQMFNFOUFECZUIFDMJFOU r 'BNJMJBSJUZ r *NQMFNFOUFECZUIF$1"àSN r.BOBHFNFOUQBSUJDJQBUJPO r 4FMGJOUFSFTU r 4FMGSFWJFX r 6OEVFJOáVFODF Focus on Professional Responsibilities—Module 1 9 c01.indd 9 10/7/2014 6:18:36 PM General Conceptual Framework Code of Professional Conduct Approach Relationship or circumstance that potentially affects compliance with Code Does the relationship or Does Code directly address? No No May provide service circumstance create one or more threats to compliance with Code? Yes Yes Do qualitative and quantitative factors, including existing Do not provide professional Follow Code requirements No safeguards, reduce the risk of non- service compliance with the Code to an acceptable level? Yes May provide service Focus on Professional Responsibilities—Module 1 10 c01.indd 10 10/7/2014 6:18:36 PM Independence Rule r 0OMZBQQMJFTUPNFNCFSTJOQVCMJDQSBDUJDFBOEUIFJSBUUFTUDMJFOUT r 5IFDPODFQUPGBcovered memberJTJNQPSUBOUCFDBVTF JOHFOFSBM DPWFSFENFNCFST NVTUCFJOEFQFOEFOUGPSUIFàSNUPSFUBJOJUTJOEFQFOEFODF$PWFSFENFNCFSTJODMVEF r.FNCFSTPGBUUFTUFOHBHFNFOUUFBN r 1FSTPOXIPNBZJOáVFODFBUUFTUFOHBHFNFOU FH QBSUOFSXIPTVQFSWJTPSUIFQBSU- OFSJODIBSHFPGUIFFOHBHFNFOU r "MMQBSUOFSTJOUIFPGGJDFJOXIJDIUIFMFBEBUUFTUQBSUOFSQSBDUJDFT r $FSUBJOQBSUOFSTPSNBOBHFSTXIPQFSGPSNOPOBUUFTUTFSWJDFTUPUIFDMJFOU r 5IFàSN JODMVEJOHJUTCFOFàUQMBOT Focus on Professional Responsibilities—Module 1 11 c01.indd 11 10/7/2014 6:18:36 PM Independence Requirements for all Partners and Staff /PQBSUOFSPSQSPGFTTJPOBMFNQMPZFF PSUIFJSJNNFEJBUFGBNJMZNFNCFST PSHSPVQBDUJOH UPHFUIFSNBZPXONPSFUIBOPGBUUFTUDMJFOUTFRVJUZTFDVSJUJFT /PQBSUOFSPSQSPGFTTJPOBMFNQMPZFFNBZCFEJSFDUPS PGGJDFS FNQMPZFFFUDPGUIFDMJFOU $1"TQSFWJPVTMZFNQMPZFECZBDMJFOU CVUOPXFNQMPZFECZ$1"àSN NVTUOPUCFJOWPMWFE XJUIUIFBVEJUPGBOZQFSJPEEVSJOHXIJDIUIFZXFSFFNQMPZFECZUIBUDMJFOU *GBOZPGUIFBCPWFTJUVBUJPOTPDDVS UIF$1"àSNTJOEFQFOEFODFJTJNQBJSFEBOEJUNBZOPUQSP- WJEFBUUFTUTFSWJDFTUPUIBUDMJFOU Focus on Professional Responsibilities—Module 1 12 c01.indd 12 10/7/2014 6:18:36 PM Additional Independence Requirements for Covered Members—Financial 'JOBODJBMSFMBUJPOTIJQTUIBUimpair the independence of both the member and the firmJODMVEF "MMEJSFDUàOBODJBMJOUFSFTUT FH TUPDLPSEFCUJOWFTUNFOUJOBUUFTUDMJFOU .BUFSJBMJOEJSFDUàOBODJBMJOUFSFTUT FH JOWFTUNFOUJOBNVUVBMGVOEIFBWJMZJOWFTUFEJOUIF BUUFTUDMJFOU "NBUFSJBMKPJOUDMPTFMZIFMEJOWFTUNFOUIFMEXJUIBOBUUFTUDMJFOU PSPOFPGUIFDMJFOUTPGGJ- DFSTPSEJSFDUPST PSBOZPXOFSXJUITJHOJàDBOUJOáVFODFPWFSUIFBUUFTUDMJFOU Focus on Professional Responsibilities—Module 1 13 c01.indd 13 10/7/2014 6:18:36 PM Additional Independence Requirements for Covered Members—Family *OUFSFTUTPGSFMBUJWFTBOEGSJFOET Immediate family TQPVTF TQPVTBMFRVJWBMFOU EFQFOEFOUT TBNFSFRVJSFNFOUTBTDPW- FSFENFNCFS XJUIMJNJUFEFYDFQUJPOT Close relatives FH QBSFOUT TJCMJOHT PSOPOEFQFOEFOUDIJMESFO PWFSBMM $1"àSNJOEF- QFOEFODFJTJNQBJSFEJGDMPTFSFMBUJWFIBT B BLFZQPTJUJPOXJUIUIFDMJFOU PS C *TNBUF- SJBMUPUIFDMPTFSFMBUJWFPGXIJDIUIFBDDPVOUBOUIBTLOPXMFEHF Other considerations for all relatives and friends*OEFQFOEFODFJTPOMZJNQBJSFEVOMFTTB SFBTPOBCMFQFSTPOBXBSFPGUIFGBDUTXPVMEDPODMVEFUIFSFJTBOVOBDDFQUBCMFSJTL Focus on Professional Responsibilities—Module 1 14 c01.indd 14 10/7/2014 6:18:36 PM Examples of Activities that Impair Independence r 4VQFSWJTJOHDMJFOUTQFSTPOOFM r 4JHOJOHDMJFOUTDIFDLT r "DUJOHBTDMJFOUTTUPDLUSBOTGFSBHFOU r "DDFQUJOHHJGUTGSPNDMJFOU Focus on Professional Responsibilities—Module 1 15 c01.indd 15 10/7/2014 6:18:36 PM Independence—Unpaid Fees r 6OQBJEGFFTNBZJNQBJSJOEFQFOEFODF r.BZOPUFYUFOECFZPOEPOFZFBS r "VEJUNBZCFQFSGPSNFE CVUSFQPSUNBZOPUCFJTTVFEVOUJMQSJPSZFBSGFFTQBJE Focus on Professional Responsibilities—Module 1 16 c01.indd 16 10/7/2014 6:18:36 PM Independence—Auditor on Engagement Considers or Takes Employment with Audit Client r *OEJWJEVBM NVTU JOGPSN UIF BVEJU àSN XIFO TFFLJOH PS EJTDVTTJOH QPUFOUJBM FNQMPZNFOU XJUIDMJFOU r *OEJWJEVBMTJOEFQFOEFODFJNQBJSFE TIPVMECFUBLFOPGGKPC VOUJMFNQMPZNFOUCZDMJFOUJT OPMPOHFSCFJOHDPOTJEFSFECZUIBUJOEJWJEVBM r 0ODFJOEJWJEVBMBDDFQUTFNQMPZNFOUXJUIBVEJUDMJFOU UIFBVEJUàSNTIPVMEDPOTJEFSUIF OFFEUPNPEJGZUIFBVEJUQMBOPSDIBOHFNFNCFSTPGUIFBVEJU r *OBOZBVEJUQFSGPSNFEXJUIJOBZFBSPGUIFQSPGFTTJPOBMKPJOJOHUIFDMJFOU BNFNCFSPG UIFBVEJUàSNXJUIOPDPOOFDUJPOUPUIFBVEJUNVTUSFWJFXBMMXPSLUPFOTVSFJUUBLFTJOUP BDDPVOUJOEFQFOEFODFJTTVFT Focus on Professional Responsibilities—Module 1 17 c01.indd 17 10/7/2014 6:18:36 PM Independence—Nonattest Services r.BZQSPWJEFBEWJDF SFTFBSDINBUFSJBMT BOESFDPNNFOEBUJPOT r $MJFOUNVTUBDDFQUSFTQPOTJCJMJUZGPSNBLJOHBMMEFDJTJPOT r 4QFDJàDDMJFOUQFSTPOOFMNVTUCFEFTJHOBUFEUPPWFSTFFTFSWJDFT r $MJFOUNVTUCFSFTQPOTJCMFGPSFTUBCMJTIJOHBOENBJOUBJOJOHBMMJOUFSOBMDPOUSPMTBOENBZ OPUiPVUTPVSDFuTVDITFSWJDFTUPUIFBVEJUPS r "OVOEFSTUBOEJOHPGUIFPCKFDUJWFTPGUIFFOHBHFNFOUBOEDMJFOUSFTQPOTJCJMJUJFTNVTUCF EPDVNFOUFEQSJPSUPQFSGPSNJOHUIFOPOBUUFTUTFSWJDFTGPSBOBUUFTUDMJFOU "NFNCFSTIBMMNBJOUBJOPCKFDUJWJUZBOEJOUFHSJUZ TIBMMCFGSFFPGDPOáJDUTPGJOUFSFTU BOETIBMMOPU LOPXJOHMZNJTSFQSFTFOUGBDUTPSTVCPSEJOBUFIJTPSIFSKVEHNFOUUPPUIFST r.JTSFQSFTFOUBUJPOPGGBDUT.FNCFSJTGPSCJEEFOUPLOPXJOHMZ PSMFUTPNFPOFFMTF r.BLFNBUFSJBMMZGBMTFBOENJTMFBEJOHFOUSJFT r 'BJMUPDPSSFDUàOBODJBMTUBUFNFOUTPSSFDPSETUIBUBSFNBUFSJBMMZGBMTFBOENJTMFBEJOH r 4JHOBEPDVNFOUDPOUBJOJOHNBUFSJBMMZGBMTFBOENJTMFBEJOHJOGPSNBUJPO Focus on Professional Responsibilities—Module 1 18 c01.indd 18 10/7/2014 6:18:36 PM Independence—Nonattest Services (continued) r "DPOáJDUPGJOUFSFTUNBZFYJTUJGNFNCFSQFSGPSNJOHBTFSWJDFBOEUIFNFNCFSNFNCFST àSNIBTBSFMBUJPOTIJQUIBUDPVMEJOUIFNFNCFSTKVEHNFOUCFWJFXFEBTJNQBJSJOHUIF NFNCFSTPCKFDUJWJUZ'PSFYBNQMF r 4VHHFTUUIBUUIFDMJFOUJOWFTUJOBCVTJOFTTJOXIJDIIFPSTIFIBTBàOBODJBMJOUFSFTU r 1SPWJEFUBYTFSWJDFTGPSTFWFSBMNFNCFSTPGBGBNJMZXIPNBZIBWFPQQPTJOHJOUFSFTUT r )BWFBTJHOJàDBOUàOBODJBMJOUFSFTUPSJOáVFODFXJUIBNBKPSDPNQFUJUPSPGBDMJFOU r 0CMJHBUJPOTPGBNFNCFSUPIJTPSIFSFNQMPZFSTFYUFSOBMBDDPVOUBOU r.VTU CF DBOEJE BOE OPU LOPXJOHMZ NJTSFQSFTFOU GBDUT PS LOPXJOHMZ GBJM UP EJTDMPTF NBUFSJBMGBDUT Focus on Professional Responsibilities—Module 1 19 c01.indd 19 10/7/2014 6:18:36 PM Responsibilities to Clients "NFNCFSJOQVCMJDQSBDUJDFTIBMMOPU r %JTDMPTFBOZDPOàEFOUJBMDMJFOUJOGPSNBUJPOXJUIPVUUIFTQFDJàDDPOTFOUPGUIFDMJFOU r "DDFQUBDPOUJOHFOUGFFGPS r "OBVEJUPSSFWJFXPGBàOBODJBMTUBUFNFOU r "DPNQJMBUJPOPGBàOBODJBMTUBUFNFOU r "OFYBNJOBUJPOPGQSPTQFDUJWFàOBODJBMJOGPSNBUJPO r 1SFQBSFBOPSJHJOBMPSBNFOEFEUBYSFUVSOPSDMBJNGPSBUBYSFGVOEGPSBDPOUJOHFOUGFFGPS BOZDMJFOU "$1"NVTUNBJOUBJODMJFOUJOGPSNBUJPOBTDPOàEFOUJBM.BZEJTDMPTFDMJFOUJOGPSNBUJPOUP r $PNQMZXJUIBTVCQPFOB r $PPQFSBUFXJUIBRVBMJUZDPOUSPMSFWJFX Focus on Professional Responsibilities—Module 1 20 c01.indd 20 10/7/2014 6:18:36 PM Other Responsibilities and Practices "$1"TIPVMEOPUQFSGPSNBDUTEJTDSFEJUBCMFUPUIFQSPGFTTJPO TVDIBT r 3FUBJOJOHDMJFOUSFDPSET r 6OEFSTUBUJOHBOUJDJQBUFEGFFTGPSTFSWJDFT r "DDFQUJOHBDPNNJTTJPOJOSFMBUJPOUPBOBUUFTUDMJFOU r 1SBDUJDFVOEFSBNJTMFBEJOHOBNF "$1"TIBMMCFDPNQFUFOU r "HSFFJOH UP QFSGPSN QSPGFTTJPOBM TFSWJDFT JNQMJFT UIBU UIF NFNCFS IBT UIF OFDFTTBSZ DPNQFUFODFUPDPNQMFUFUIPTFQSPGFTTJPOBMTFSWJDFTCVUJTOPUJOGBMMJCMF r *OWPMWFTCPUIUIFUFDIOJDBMRVBMJàDBUJPOTPGUIFNFNCFSBOETUBGGBOEUIFBCJMJUZUPTVQFS WJTFBOEFWBMVBUFUIFRVBMJUZPGUIFXPSLQFSGPSNFE r *GUIFNFNCFSEPFTOPUIBWFUIFOFDFTTBSZDPNQFUFODF NBZQFSGPSNBEEJUJPOBMSFTFBSDI PSDPOTVMUXJUIPUIFST r #VUJGDBOOPUBUUBJODPNQFUFODF TIPVMESFDPNNFOEDMJFOUTFFLIFMQGSPNTPNFPOFFMTF Focus on Professional Responsibilities—Module 1 21 c01.indd 21 10/7/2014 6:18:37 PM Quality Control $1"àSNTTIPVMEFTUBCMJTIRVBMJUZDPOUSPMTUPFOTVSFDPNQMJBODFXJUIQSPGFTTJPOBMTUBOEBSET /BUVSFBOEFYUFOUPGRVBMJUZDPOUSPMQPMJDJFTBOEQSPDFEVSFTXJMMEFQFOEPO r 4J[FPGàSNBOEOVNCFSPGPGGJDFT r ,OPXMFEHFBOEFYQFSJFODFPGQFSTPOOFMBOEBVUIPSJUZBMMPXFEUPQFSTPOOFM r /BUVSFBOEDPNQMFYJUZPGàSNTQSBDUJDF r $PTUCFOFàUDPOTJEFSBUJPOT Quality Control Elements r -FBEFSTIJQSFTQPOTJCJMJUJFTGPSRVBMJUZXJUIJOUIFàSN r 3FMFWBOUFUIJDBMSFRVJSFNFOUT r "DDFQUBODFBOEDPOUJOVBODFPGDMJFOUSFMBUJPOTIJQTBOETQFDJàDFOHBHFNFOUT r )VNBOSFTPVSDFT r &OHBHFNFOUQFSGPSNBODF r.POJUPSJOH Focus on Professional Responsibilities—Module 1 22 c01.indd 22 10/7/2014 6:18:37 PM Tax Preparer "DUJPOTCZBOBDDPVOUBOUQSFQBSJOHBDMJFOUTUBYSFUVSODBOSFTVMUJOQFOBMUJFTGPS r /PUQSPWJEJOHDMJFOUXJUIDPQZPGSFUVSO r 'BJMJOHUPTJHOSFUVSOBTBQSFQBSFS r &OEPSTJOHBOEDBTIJOHDMJFOUTSFGVOEDIFDL r 'BJMJOHUPàMFBUJNFMZSFUVSO r /PUBEWJTJOHDMJFOUPGUBYFMFDUJPOT r /FHMFDUJOHFWBMVBUJPOPGKPJOUWFSTVTTFQBSBUFSFUVSOT "$1"QFSGPSNJOHUBYTFSWJDFT r.BZOPUSFDPNNFOEBUBYQPTJUJPOUIBUMBDLTNFSJU r.VTUNBLFBSFBTPOBCMFFGGPSUUPBOTXFSBQQMJDBCMFRVFTUJPOTPOUIFSFUVSO r.BZSFMZPODMJFOUJOGPSNBUJPOXIFOQSFQBSJOHUIFSFUVSO r.VTUNBLFSFBTPOBCMFJORVJSJFTBCPVURVFTUJPOBCMFPSJODPNQMFUFJOGPSNBUJPO r.BZVTFFTUJNBUFT Focus on Professional Responsibilities—Module 1 23 c01.indd 23 10/7/2014 6:18:37 PM Standards for Consulting Services 8IFOQFSGPSNJOHDPOTVMUJOHTFSWJDFT B$1"NVTUBEIFSFUPDFSUBJOHFOFSBMTUBOEBSET r 1SPGFTTJPOBMDPNQFUFODF r %VFQSPGFTTJPOBMDBSF r 1MBOOJOHBOETVQFSWJTJPO r 0CUBJOJOHTVGGJDJFOUSFMFWBOUEBUB Focus on Professional Responsibilities—Module 1 24 c01.indd 24 10/7/2014 6:18:37 PM GAO Code of Ethics 'FEFSBMBVEJUPST PS$1"àSNTBVEJUJOHGFEFSBMEPMMBST TIPVMEOPUQFSGPSNNBOBHFNFOUGVODUJPOT PSNBLFNBOBHFNFOUEFDJTJPOT 'FEFSBMBVEJUPST PS$1"àSNTBVEJUJOHGFEFSBMEPMMBST TIPVMEOPUBVEJUUIFJSPXOXPSL 'FEFSBMBVEJUPST PS$1"àSNTBVEJUJOHGFEFSBMEPMMBST TIPVMEOPUQSPWJEFOPOBVEJUTFSWJDFTUIBU BSFNBUFSJBMUPUIFTVCKFDUNBUUFSPGBOBVEJU &NQIBTJT r "DDPVOUBCJMJUZPGHPWFSONFOUPGGJDJBMTUPUIF$POHSFTT r "DDPVOUBCJMJUZPGUIFBVEJUPSUPDPOEVDUXPSLQSPGFTTJPOBMMZ r /PSFRVJSFNFOUUPFWBMVBUFNBOBHFNFOUDPOUSPMT r &YFDVUJWFMFBEFSTIJQPGUIFBVEJUFEBHFODJFTJTOPUUIFQSJNBSZDVTUPNFS r.BOBHFNFOUJOQVUOPUTPMJDJUFEBTQBSUPGUIFBVEJUQSPDFTT r.BOBHFNFOUJOQVUOPUTPMJDJUFEJOEFWFMPQNFOUPGTPMVUJPOT r.BOBHFNFOUJTQSFTFOUFEXJUIiàOEJOHTuUPXIJDIJUNVTUiSFTQPOEu Focus on Professional Responsibilities—Module 1 25 c01.indd 25 10/7/2014 6:18:37 PM Institute of Internal Auditors Code of Ethics 5IF**"4UBOEBSETGPDVTPOimprovement of risk management, control and governance processes XJUIJO BO PSHBOJ[BUJPO TP UIBU JTTVFT PG DPODFSO DBO CF identified BOE corrected CFGPSF UIFZ CFDPNFQFSTJTUFOUPSQFSWBTJWFQSPCMFNT r.BOEBUF PSHBOJ[BUJPOBM JOEFQFOEFODF PG UIF BVEJU EFQBSUNFOU BOE NBOEBUF JOEJWJEVBM BVEJUPSPCKFDUJWJUZ r *OUFSOBMBVEJUPST *" NVTUSFQPSUUPBMFWFMXJUIJOUIFPSHBOJ[BUJPOUIBUQFSNJUTUIFBVEJU EFQBSUNFOUUPGVMàMMJUTSFTQPOTJCJMJUJFT r *"NVTUOPUQFSGPSNNBOBHFNFOUGVODUJPOTPSNBLFNBOBHFNFOUEFDJTJPOT r *"NVTUOPUBVEJUUIFJSPXOXPSL r *"NVTUEFUFSNJOFUIFOBUVSFBOETDPQFPGUIFJSXPSL Focus on Professional Responsibilities—Module 1 26 c01.indd 26 10/7/2014 6:18:37 PM Sarbanes-Oxley Act 3FHVMBUJPO4,SFRVJSFTDPNQBOJFTUPEJTDMPTF r 8IFUIFSUIFZIBWFBXSJUUFODPEFPGFUIJDTUIBUBQQMJFTUPUIFJS$&0 $'0 $POUSPMMFS PS QFSTPOTQFSGPSNJOHTJNJMBSGVODUJPOT r "OZXBJWFSTPGUIFDPEFPGFUIJDTGPSUIFTFJOEJWJEVBMT r "OZDIBOHFTUPUIFDPEFPGFUIJDT $PEFNVTUCFEFTJHOFEUPQSPNPUF r )POFTUBOEFUIJDBMDPOEVDU JODMVEJOHUIFFUIJDBMIBOEMJOHPGBDUVBMPSBQQBSFOUDPOáJDUT PGJOUFSFTU r 'VMM GBJS BDDVSBUF UJNFMZ BOEVOEFSTUBOEBCMFEJTDMPTVSFJODPNQBOZàMJOHTBOEQVCMJDBUJPOT r $PNQMJBODFXJUIBQQMJDBCMFHPWFSONFOUBMMBXT SVMFT BOESFHVMBUJPOT r 1SPNQUJOUFSOBMSFQPSUJOHPGWJPMBUJPOTPGUIFDPEFUPUIFBQQSPQSJBUFQFSTPOPSQFSTPOT JEFOUJàFE r "DDPVOUBCJMJUZGPSBEIFSFODFUPUIFDPEF Focus on Professional Responsibilities—Module 1 27 c01.indd 27 10/7/2014 6:18:37 PM Sarbanes-Oxley Act (continued) "VEJUDPNNJUUFF "$ SFTQPOTJCMFGPSUIFBQQPJOUNFOU DPNQFOTBUJPO BOEPWFSTJHIUPGBVEJUàSN r &BDINFNCFSPGUIF"$JTBNFNCFSPGUIFCPBSEPGEJSFDUPSTBOEJOEFQFOEFOU r 0OFàOBODJBMFYQFSUSFRVJSFEPO"$ r "$SFQPSUTEJSFDUMZUP#PBSE $&0BOE$'0NVTUDFSUJGZBDDVSBDZBOEUSVUIGVMOFTTPGàOBODJBMTUBUFNFOUT r $JWJM BOEDSJNJOBM ZFBST MJBCJMJUZ r "OZQFSTPOXIPLOPXJOHMZBUUFNQUTUPPSDPNNJUTGSBVEJOTBMFPGTFDVSJUJFTIBTDJWJMBOE DSJNJOBMMJBCJMJUZ VQUPZFBST Focus on Professional Responsibilities—Module 1 28 c01.indd 28 10/7/2014 6:18:37 PM International Ethics Standards 5IF *OUFSOBUJPOBM &UIJDT 4UBOEBSET #PBSE GPS "DDPVOUBOUT *&4#" JT B TUBOEBSETFUUJOH CPEZ XJUIJOUIF*OUFSOBUJPOBM'FEFSBUJPOPG"DDPVOUBOUT *'"$ UIBUJTTVFTFUIJDBMTUBOEBSETGPSBDDPVO- UBOUTUISPVHIPVUUIFXPSME5IFIESB Framework BQQMJFTUPBMMQSPGFTTJPOBMBDDPVOUBOUT r IOUFHSJUZ r OCKFDUJWJUZ r PSPGFTTJPOBMDPNQFUFODFBOEEVFDBSF r CPOàEFOUJBMJUZ r PSPGFTTJPOBMCFIBWJPS Focus on Professional Responsibilities—Module 1 29 c01.indd 29 10/7/2014 6:18:37 PM Department of Labor Independence Requirements for Employee Benefit Plans "OBDDPVOUBOUJTOPUJOEFQFOEFOUXJUISFTQFDUUPUIFQMBOJGIFTIF r )BTEJSFDUàOBODJBMJOUFSFTUPSBOZNBUFSJBMJOEJSFDUàOBODJBMJOUFSFTUJOUIFQMBOPSQMBO TQPOTPS r *TBQSPNPUFS VOEFSXSJUFS JOWFTUNFOUBEWJTPS WPUJOHUSVTUFF EJSFDUPS PGGJDFS PSFNQMPZFF PGUIFQMBO r.BJOUBJOTàOBODJBMSFDPSETGPSUIFFNQMPZFFCFOFàUQMBO Focus on Professional Responsibilities—Module 1 30 c01.indd 30 10/7/2014 6:18:37 PM International Auditing and Assurance Standards *OUFSOBUJPOBM BVEJUJOH TUBOEBSET BSF EFWFMPQFE CZ UIF *OUFSOBUJPOBM "VEJUJOH BOE "TTVSBODF 4UBOEBSET#PBSE M""4# PGUIF*OUFSOBUJPOBM'FEFSBUJPOPG"DDPVOUBOUT *'"$ r *OUFSOBUJPOBMTUBOEBSETEPOPUSFRVJSFBOBVEJUPGJOUFSOBMDPOUSPM XIJMF1$"0#TUBOEBSET EPTPSFRVJSF r *OUFSOBUJPOBMTUBOEBSETEPOPUBMMPXSFGFSFODFUPBOPUIFSBVEJUàSNJOWPMWFEJOBQPSUJPO PGUIFBVEJU r *OUFSOBUJPOBMTUBOEBSETGPSEPDVNFOUBUJPOBSFMFTTEFUBJMFEUIBO1$"0#TUBOEBSET MFBW JOHNPSFUPQSPGFTTJPOBMKVEHNFOU r *OUFSOBUJPOBMTUBOEBSETJOUIFBSFBPGHPJOHDPODFSOJODMVEFBUJNFIPSJ[POPGBUMFBTU CVU OPUMJNJUFEUP UXFMWFNPOUIT r *OUFSOBUJPOBMTUBOEBSETBSFCBTFEPOBSJTLBTTFTTNFOUPGFGGFDUJWFOFTTPGRVBMJUZDPOUSPM QPMJDJFTBOEQSPDFEVSFT Focus on Professional Responsibilities—Module 1 31 c01.indd 31 10/7/2014 6:18:37 PM Financial Statement Assertions r.BOBHFNFOUTSFTQPOTJCJMJUZ r "TTFSUJPOTUIFNTFMWFT Transaction Classes Account Balances Disclosures 0DDVSSFODF &YJTUFODF 0DDVSSFODF 3JHIUTBOEPCMJHBUJPOT 3JHIUTBOEPCMJHBUJPOT $PNQMFUFOFTT $PNQMFUFOFTT $PNQMFUFOFTT "DDVSBDZ 7BMVBUJPOBOEBMMPDBUJPO "DDVSBDZBOEWBMVBUJPO $VUPGG $MBTTJàDBUJPO $MBTTJàDBUJPOBOEVOEFSTUBOEBCJMJUZ Focus on Engagement Planning, Obtaining an Understanding, 32 and Assessing Risks—Module 2 c02.indd 32 10/7/2014 12:54:13 PM Audit Risk (AR) ARJTSJTLUIBUNBUFSJBMFSSPSTPSGSBVEFYJTUTSFTVMUJOHJOBOJOBQQSPQSJBUFBVEJUSFQPSU r "VEJUPSVTFTKVEHNFOUJOFTUBCMJTIJOHBDDFQUBCMFMFWFMPG"3 r -PXFSBDDFQUBCMFMFWFMPG"3BDIJFWFEUISPVHIPCUBJOJOHNPSFBVEJUFWJEFODF "3DPOTJTUTPGJOIFSFOUSJTL *3 DPOUSPMSJTL $3 BOEEFUFDUJPOSJTL %3 IRBDLOPXMFEHFTUIBUDFSUBJOJUFNTBSFNPSFTVTDFQUJCMFUPSJTL r.BZCFEVFUPDPNQMFYJUZPGUSBOTBDUJPOTPSDBMDVMBUJPOT FBTFPGUIFGU PSMBDLPGBWBJMBCMF PCKFDUJWFJOGPSNBUJPO r *3JTCFZPOEDPOUSPMPGBVEJUPSBOEHFOFSBMMZCFZPOEDPOUSPMPGFOUJUZ CRBDLOPXMFEHFTUIBUNJTTUBUFNFOUTNBZOPUCFQSFWFOUFEPSEFUFDUFECZFOUJUZTJOUFSOBMDPOUSPM r &OUJUZTJOUFSOBMDPOUSPMNBZCFQPPSMZEFTJHOFEPSQPPSMZFYFDVUFE r $3JTCFZPOEDPOUSPMPGBVEJUPSCVUXJUIJODPOUSPMPGFOUJUZ 5IFDPNCJOBUJPOPG*3BOE$3JTSFGFSSFEUPBTUIFiSJTLPGNBUFSJBMNJTTUBUFNFOUuUIFTFSJTLT NBZCFBTTFTTFETFQBSBUFMZ PSJODPNCJOBUJPO Focus on Engagement Planning, Obtaining an Understanding, 33 and Assessing Risks—Module 2 c02.indd 33 10/7/2014 12:54:13 PM Audit Risk (continued) DRBDLOPXMFEHFTUIBUBVEJUPSNBZOPUEFUFDUNBUFSJBMNJTTUBUFNFOU r "VEJUPSNBZOPUQSPQFSMZQMBOBVEJUQSPDFEVSFT r %3JTXJUIJODPOUSPMPGBVEJUPS Audit Risk = Risk of material misstatement * Risk Auditor Fails to Detect Misstatements Audit Risk = Inherent Risk * Control Risk * Detection Risk Focus on Engagement Planning, Obtaining an Understanding, 34 and Assessing Risks—Module 2 c02.indd 34 10/7/2014 12:54:14 PM Components of Audit Risk Increases risk Decreases risk *OIFSFOUSJTL %FDMJOJOHJOEVTUSZ.PSFQSPàUBCMFUIBOJOEVTUSZBWFSBHF -BDLPGXPSLJOHDBQJUBM -PXNBOBHFNFOUUVSOPWFS )JHISBUFPGPCTPMFTDFODF $POUSPMSJTL *OFGGFDUJWFJOUFSOBMDPOUSPMT &GGFDUJWFJOUFSOBMDPOUSPM 8FBLNBOBHFNFOUPWFSTJHIU 4USPOHNBOBHFNFOUPWFSTJHIU %FUFDUJPOSJTL %FDSFBTFTVCTUBOUJWFUFTUJOH *ODSFBTFFYUFOUPGTVCTUBOUJWFQSPDFEVSFT 1FSGPSNUFTUTFBSMZJOZFBS 4FMFDUNPSFFGGFDUJWFUFTUT 1FSGPSNUFTUTOFBSZFBSFOE Focus on Engagement Planning, Obtaining an Understanding, 35 and Assessing Risks—Module 2 c02.indd 35 10/7/2014 12:54:14 PM Applying Audit Risk Model "3=*3×$3×%3 5PBQQMZNPEFM &TUBCMJTIBDDFQUBCMFMFWFMPGBVEJUSJTL "TTFTTJOIFSFOUSJTLCBTFEPOJOUFSOBMBOEFYUFSOBMGBDUPST &TUBCMJTI QMBOOFE BTTFTTFE MFWFM PG DPOUSPM SJTL CBTFE PO JORVJSJFT BOE PUIFS SJTL BTTFTTNFOU QSPDFEVSFT r.BZTFUDPOUSPMSJTLBUNBYJNVNMFWFM r *GDPOUSPMSJTLTFUCFMPXNBYJNVN NVTUQFSGPSNUFTUTPGDPOUSPMTUPWFSJGZBTTFTTNFOU $PODFQUVBMMZ PSBDUVBMMZ POFDPNQVUFTOFDFTTBSZMFWFMPGEFUFDUJPOSJTL %3"3÷ *3×$3 %FUFSNJOFJGQMBOOFEOBUVSF UJNJOH BOEFYUFOUPGTVCTUBOUJWFUFTUTBSFBEFRVBUFUPQSPWJEFBQQSP QSJBUFMFWFMPGEFUFDUJPOSJTL Focus on Engagement Planning, Obtaining an Understanding, 36 and Assessing Risks—Module 2 c02.indd 36 10/7/2014 12:54:14 PM Materiality.BHOJUVEF PG PNJTTJPO PS NJTTUBUFNFOU UIBU NBLFT JU QSPCBCMF UIBU UIF KVEHNFOU PG B SFBTPO BCMFQFSTPOSFMZJOHPOUIFJOGPSNBUJPODPVMEIBWFCFFODIBOHFEPSJOáVFODFECZUIFPNJTTJPOPS NJTTUBUFNFOU 3FDPHOJ[FTSFMBUJWFJNQPSUBODFPGJUFNTUPGBJSQSFTFOUBUJPOPGàOBODJBMTUBUFNFOUT r *UFNTNBZCFNBUFSJBMEVFUPIJHIEPMMBSBNPVOU 2VBOUJUBUJWF r *UFNTNBZCFNBUFSJBMEVFUPOPONPOFUBSZTJHOJàDBODF 2VBMJUBUJWF %FUFSNJOJOHNBUFSJBMJUZ r "VEJUPSTTIPVMEEFUFSNJOFNBUFSJBMJUZGPSàOBODJBMTUBUFNFOUTBTBXIPMF r "MTP QBSUJDVMBSUSBOTBDUJPOT BDDPVOUT PSEJTDMPTVSFTNBZSFRVJSFMPXFSMFWFMT Focus on Engagement Planning, Obtaining an Understanding, 37 and Assessing Risks—Module 2 c02.indd 37 10/7/2014 12:54:14 PM Materiality (continued).BUFSJBMJUZJTNBUUFSPGQSPGFTTJPOBMKVEHNFOU r.VTUQMBOBVEJUUPPCUBJOSFBTPOBCMFBTTVSBODFUIBUàOBODJBMTUBUFNFOUTBSFOPUNJTTUBUFE r.JTTUBUFNFOUTDPVMECFNBUFSJBMJOEJWJEVBMMZPSDPMMFDUJWFMZ r.BUFSJBMJUZNFBTVSFNFOUCBTFEPOTNBMMFTUBHHSFHBUFMFWFM r 1FSGPSNBODFNBUFSJBMJUZ PSEJOBSJMZTNBMMFSUIBONBUFSJBMJUZ JTVTFEUPEFUFSNJOFUIBUTNBMM NJTTUBUFNFOUTEPOPUUPUBMBNBUFSJBMBNPVOU Focus on Engagement Planning, Obtaining an Understanding, 38 and Assessing Risks—Module 2 c02.indd 38 10/7/2014 12:54:14 PM Evaluation of Misstatements.JTTUBUFNFOUTTIPVMEOPUKVTUCFFWBMVBUFERVBOUJUBUJWFMZ CVURVBMJUBUJWFMZ TVDIBTNJTTUBUFNFOUT UIBU "GGFDUUSFOETPGQSPàUBCJMJUZ $IBOHFMPTTFTJOUPJODPNF "GGFDUTFHNFOUJOGPSNBUJPO "GGFDUDPNQMJBODFXJUIMFHBMBOEDPOUSBDUVBMSFRVJSFNFOUT.JTTUBUFNFOUTJOBTBNQMFBSFMJLFMZUPJOEJDBUFHSFBUFSNJTTUBUFNFOUJOUIFQPQVMBUJPOBTBXIPMF 5IFVTFPGFTUJNBUFTJOBDDPVOUJOHJODSFBTFTUIFSJTLPGNBUFSJBMNJTTUBUFNFOUT Focus on Engagement Planning, Obtaining an Understanding, 39 and Assessing Risks—Module 2 c02.indd 39 10/7/2014 12:54:14 PM Consideration of Fraud in a Financial Statement Audit 1SFWFOUJPOBOEEFUFDUJPOPGGSBVEJTNBOBHFNFOUTSFTQPOTJCJMJUZ r "VEJUPS QSPWJEFT SFBTPOBCMF BTTVSBODF UIBU àOBODJBM TUBUFNFOUT BSF OPU NBUFSJBMMZ NJTTUBUFE r 1SPWJEJOHBCTPMVUFBTTVSBODFJTJNQPTTJCMFEVFUPJOIFSFOUMJNJUBUJPOTPGUIFBVEJU JODMVE JOH UIFOBUVSFPGàOBODJBMSFQPSUJOH UIFOBUVSFPGBVEJUQSPDFEVSFTBOE UIFOFFE UPDPOEVDUBVEJUXJUIJOBSFBTPOBCMFUJNFQFSJPEBUBSFBTPOBCMFDPTU Types of Fraud 5XPUZQFTPGGSBVEDBOSFTVMUJONBUFSJBMNJTTUBUFNFOUPGàOBODJBMTUBUFNFOUT r 'SBVEVMFOUàOBODJBMSFQPSUJOHJOUFOUJPOBMNJTTUBUFNFOUTPSPNJTTJPOT r.JTBQQSPQSJBUJPOTPGBTTFUT EFGBMDBUJPOT FNCF[[MFNFOU TUFBMJOH PSNJTVTFPGGVOET 'SBVENPTUPGUFODPNNJUUFEXIFOUIFSFJT r 1SFTTVSFPSJODFOUJWF r 0QQPSUVOJUZ r 3BUJPOBMJ[BUJPO JOEJWJEVBMKVTUJàFTUIFBDUUPTFMG Focus on Engagement Planning, Obtaining an Understanding, 40 and Assessing Risks—Module 2 c02.indd 40 10/7/2014 12:54:14 PM Steps in Consideration of Fraud r 4UBGGEJTDVTTJPOPGUIFSJTLPGNBUFSJBMNJTTUBUFNFOU r 0CUBJOJOGPSNBUJPOOFFEFEUPJEFOUJGZSJTLTPGNBUFSJBMNJTTUBUFNFOU r *EFOUJGZSJTLTUIBUNBZSFTVMUJOBNBUFSJBMNJTTUBUFNFOUEVFUPGSBVE r "TTFTTUIFJEFOUJàFESJTLTBGUFSDPOTJEFSJOHQSPHSBNTBOEDPOUSPMT r 3FTQPOEUPUIFSFTVMUTPGUIFBTTFTTNFOU r &WBMVBUFBVEJUFWJEFODF r $PNNVOJDBUFBCPVUGSBVE r %PDVNFOUDPOTJEFSBUJPOPGGSBVE 5ISPVHIPVUUIFFOHBHFNFOU UIFBVEJUUFBNTIPVMEFYFSDJTFprofessional skepticismSFHBSEJOH UIFQPTTJCJMJUZPGGSBVE1SPGFTTJPOBMTLFQUJDJTNJODMVEFTBRVFTUJPOJOHNJOE CFJOHBMFSUUPDPOEJ UJPOTUIBUNBZJOEJDBUFGSBVEPSFSSPS BOEBDSJUJDBMBTTFTTNFOUPGBVEJUFWJEFODF Focus on Engagement Planning, Obtaining an Understanding, 41 and Assessing Risks—Module 2 c02.indd 41 10/7/2014 12:54:14 PM Fraud Risk Factors r &YJTUFODF PG DFSUBJO GBDUPST MFBE BVEJUPS UP DPODMVEF IJHI SJTL PG fraudulent financial reporting r 4LJNUIFTFRVJDLMZ.BOBHFNFOUDIBSBDUFSJTUJDT r $PNQFOTBUJPOUJFEUPBHHSFTTJWFSFTVMUT r &YDFTTJWFJOUFSFTUJOTUPDLQSJDFTBOEFBSOJOHT r $PNNJUNFOUTNBEFUPBOBMZTUTSFHBSEJOHBDIJFWJOHVOSFBMJTUJDGPSFDBTUT r 1VSTVJUPGNJOJNJ[JOHFBSOJOHTGPSUBYQVSQPTFT.BOBHFNFOUTBUUJUVEFUPXBSEJOUFSOBMDPOUSPM r.BOBHFNFOUEPNJOBUFECZTJOHMFQFSTPOPSTNBMMHSPVQ r $POUSPMTOPUBEFRVBUFMZNPOJUPSFE Focus on Engagement Planning, Obtaining an Understanding, 42 and Assessing Risks—Module 2 c02.indd 42 10/7/2014 12:54:14 PM Fraud Risk Factors (continued) r ,OPXOXFBLOFTTFTOPUDPSSFDUFEUJNFMZ r 6OSFBMJTUJDHPBMTTFUGPSPQFSBUJOHQFSTPOOFM r 6TFPGJOFGGFDUJWFBDDPVOUJOH UFDIOPMPHZ PSJOUFSOBMBVEJUTUBGG 0UIFSNBOBHFNFOUSFMBUFEGBDUPST r )JHIUVSOPWFS r 4USBJOFESFMBUJPOTIJQXJUIBVEJUPS *OEVTUSZDPOEJUJPOT r /FXBDDPVOUJOHSVMFTPSSFRVJSFNFOUTJNQBJSJOHQSPàUBCJMJUZ r )JHIEFHSFFPGDPNQFUJUJPO r %FDMJOJOHJOEVTUSZ r 7PMBUJMFJOEVTUSZ Focus on Engagement Planning, Obtaining an Understanding, 43 and Assessing Risks—Module 2 c02.indd 43 10/7/2014 12:54:14 PM Fraud Risk Factors (continued) 0QFSBUJOHDIBSBDUFSJTUJDTBOEàOBODJBMJOTUBCJMJUZPGFOUJUZ r /FHBUJWFDBTIáPXT r /FFEGPSDBQJUBM r 6TFPGFTUJNBUFTUIBUBSFVOVTVBMMZTVCKFDUJWFPSTVCKFDUUPDIBOHF r 3FMBUFEQBSUZUSBOTBDUJPOTPVUTJEFUIFPSEJOBSZDPVSTFPGCVTJOFTT r 4JHOJàDBOUPSVOVTVBMUSBOTBDUJPOTOFBSZFBSFOE r 0WFSMZDPNQMFYTUSVDUVSF r 6OVTVBMHSPXUIPSQSPàUBCJMJUZ r 7VMOFSBCMFUPDIBOHFTJOJOUFSFTUSBUFT r %JGGJDVMUEFCUDPWFOBOUT r 0WFSMZBHHSFTTJWFJODFOUJWFQSPHSBNT r 5ISFBUPGCBOLSVQUDZ GPSFDMPTVSF PSUBLFPWFS r 1FOEJOHUSBOTBDUJPOUIBUXJMMCFBEWFSTFMZBGGFDUFECZQPPSSFTVMUT &YJTUFODFPGPUIFSGBDUPSTMFBETBVEJUPSUPDPODMVEFIJHISJTLPGmisappropriation of assets Focus on Engagement Planning, Obtaining an Understanding, 44 and Assessing Risks—Module 2 c02.indd 44 10/7/2014 12:54:14 PM Fraud Risk Factors (continued) $IBSBDUFSJTUJDTJOEJDBUJOHMBDLPGBEFRVBUFDPOUSPMPWFSTVTDFQUJCMFBTTFUT r 0QFSBUJPOTOPUTVCKFDUUPQSPQFSPWFSTJHIU r *OBEFRVBUFTDSFFOJOHPGBQQMJDBOUTGPSQPTJUJPOTXJUIBDDFTTUPBTTFUT r *OBEFRVBUFSFDPSELFFQJOH r *OTVGGJDJFOUTFHSFHBUJPOPGEVUJFTXJUIMBDLPGJOEFQFOEFOUDIFDLT r *OBQQSPQSJBUFTZTUFNGPSBVUIPSJ[JOHBOEBQQSPWJOHUSBOTBDUJPOT r *OBEFRVBUFQIZTJDBMTBGFHVBSETPWFSBTTFUT r 6OUJNFMZPSJOBQQSPQSJBUFEPDVNFOUBUJPOPGUSBOTBDUJPOT r /PSFRVJSFNFOUGPSWBDBUJPOTBNPOHFNQMPZFFTQFSGPSNJOHLFZGVODUJPOT Other factors increase general risk of material misstatement of financial statements due to fraud r -PXFNQMPZFFNPSBMF r &NQMPZFFTàOBODJBMMZTUSFTTFE r "EWFSTFSFMBUJPOTIJQCFUXFFOFNQMPZFFTBOENBOBHFNFOUPSFOUJUZ Focus on Engagement Planning, Obtaining an Understanding, 45 and Assessing Risks—Module 2 c02.indd 45 10/7/2014 12:54:14 PM Assessing Risk of Fraud 3JTLPGNBUFSJBMNJTTUBUFNFOUEVFUPGSBVEQBSUPGBVEJUSJTL r "VEJUPSNVTUDPOTJEFSFYJTUFODFPGSJTLGBDUPSTXIFOEFTJHOJOHBVEJUQSPDFEVSFT r 3JTLGBDUPSTOPUOFDFTTBSJMZJOEJDBUJWFPGFYJTUFODFPGGSBVE r 'BDUPSTBSFDPOTJEFSFEJOEJWJEVBMMZBOEDPMMFDUJWFMZ "VEJUPSTIPVMENBLFJORVJSJFTPGNBOBHFNFOUSFHBSEJOH r.BOBHFNFOUTVOEFSTUBOEJOHPGSJTLPGGSBVEJOFOUJUZ r.BOBHFNFOUTLOPXMFEHFPGGSBVE "VEJUPSNBZCFDPNFBXBSFPGSJTLGBDUPSTXIFO r %FDJEJOHPOBDDFQUBODFPGUIFFOHBHFNFOU r 1MBOOJOHUIFFOHBHFNFOU r 0CUBJOJOHBOVOEFSTUBOEJOHPGJOUFSOBMDPOUSPM r 1FSGPSNJOHàFMEXPSL Focus on Engagement Planning, Obtaining an Understanding, 46 and Assessing Risks—Module 2 c02.indd 46 10/7/2014 12:54:14 PM Effects of Fraud Assessment 6QPOBTTFTTNFOUPGSJTLPGGSBVE BVEJUPSNBZ r %FUFSNJOFQMBOOFEBVEJUQSPDFEVSFTBSFTVGGJDJFOUPS r %FDJEFUPNPEJGZQMBOOFEQSPDFEVSFT.PEJàDBUJPOTNBZJODMVEF r "QQMZJOHHSFBUFSEFHSFFPGTLFQUJDJTN r "TTJHOJOHIJHIFSMFWFMQFSTPOOFMUPFOHBHFNFOU r &WBMVBUJOHNBOBHFNFOUTBDDPVOUJOHEFDJTJPOTNPSFDBSFGVMMZ 8IFONPEJàDBUJPOOPUQSBDUJDBM BVEJUPSNBZXJUIESBXGSPNFOHBHFNFOU Focus on Engagement Planning, Obtaining an Understanding, 47 and Assessing Risks—Module 2 c02.indd 47 10/7/2014 12:54:14 PM Laws and Regulations—Responsibility to Detect and Report Illegal Acts *MMFHBMBDUTNBZIBWFBEJSFDUFGGFDUPOàOBODJBMTUBUFNFOUTPSPOMZBOJOEJSFDUFGGFDU Responsibility: Direct3FTQPOTJCJMJUZTBNFBTGPSFSSPSTBOEGSBVE PCUBJOSFBTPOBCMFBTTVSBODFPGEFUFD UJPOPGNBUFSJBMNJTTUBUFNFOUT Other"O BVEJU JO BDDPSEBODF XJUI (""4 EPFT OPU JODMVEF BVEJU QSPDFEVSFT TQFDJBMMZ EFTJHOFE UP EFUFDU JMMFHBM BDUT OPU IBWJOH B NBUFSJBM BOE EJSFDU FGGFDU PO àOBODJBM TUBUFNFOU BNPVOUT BOE EJTDMPTVSFT )PXFWFS XIFO QSPDFEVSFT BQQMJFE GPS PUIFS QVSQPTFTJEFOUJGZQPTTJCMFJMMFHBMBDUT UIFBVEJUPSTIPVMEBQQMZBVEJUQSPDFEVSFTUP EFUFSNJOFXIFUIFSBOJMMFHBMBDUIBTPDDVSSFE Focus on Engagement Planning, Obtaining an Understanding, 48 and Assessing Risks—Module 2 c02.indd 48 10/7/2014 12:54:14 PM Laws and Regulations—Responsibility to Detect and Report Illegal Acts (continued) 8IFONJTTUBUFNFOUUIBUJOEJDBUFTQPTTJCJMJUZPGGSBVEJTFJUIFSNBUFSJBMPSNBUFSJBMJUZDBOOPUCF EFUFSNJOFE r %JTDVTTXJUIBQQSPQSJBUFMFWFMPGNBOBHFNFOU r "UUFNQUUPPCUBJOBEEJUJPOBMFWJEFODF r 4VHHFTU QFSIBQT UIBUDMJFOUTFFBUUPSOFZ r $POTJEFSXJUIESBXJOHGSPNFOHBHFNFOU $JSDVNTUBODFTNBZSFRVJSFNPEJàDBUJPOPGPQJOJPO r 2VBMJàFEPSBEWFSTFPQJOJPO EFQFOEJOHPONBUFSJBMJUZ JGJMMFHBMBDUXJUINBUFSJBMFGGFDUPO àOBODJBMTUBUFNFOUTOPUQSPQFSMZSFQPSUFEPSEJTDMPTFE r %JTDMBJNFSJGDMJFOUQSFWFOUTBVEJUPSGSPNPCUBJOJOHTVGGJDJFOUFWJEFODFUPFWBMVBUFPDDVSSFODF 3FGVTBMCZDMJFOUUPBDDFQUBNPEJàFEPQJOJPONBZSFTVMUJOXJUIESBXBMGSPNUIFFOHBHFNFOU Focus on Engagement Planning, Obtaining an Understanding, 49 and Assessing Risks—Module 2 c02.indd 49 10/7/2014 12:54:14 PM Laws and Regulations—Responsibility to Detect and Report Illegal Acts (continued) Documentation "TTFTTNFOU PG SJTL PG NBUFSJBM NJTTUBUFNFOU EVF UP GSBVE JO QMBOOJOH FOHBHFNFOU TIPVME CF EPDVNFOUFE JODMVEJOH r 3JTLGBDUPSTJEFOUJàFE r "VEJUPSTSFTQPOTFUPSJTLGBDUPST r 'VSUIFSSFTQPOTFJOEJDBUFECZEFUFDUJPOPGSJTLGBDUPSTEVSJOHBVEJU Focus on Engagement Planning, Obtaining an Understanding, 50 and Assessing Risks—Module 2 c02.indd 50 10/7/2014 12:54:14 PM Laws and Regulations—Responsibility to Detect and Report Illegal Acts (continued) Actions Resulting from Evidence of Fraud 6QPOEFUFDUJOHFWJEFODFPGGSBVE BVEJUPSTIPVME r /PUJGZBQQSPQSJBUFMFWFMPGNBOBHFNFOU r *OGPSN BVEJU DPNNJUUFF XIFOFWFS TFOJPS NBOBHFNFOU JT JOWPMWFE PS XIFOFWFS NBUFSJBM GSBVEJTDPNNJUUFECZBOZPOFXJUIJOUIFPSHBOJ[BUJPO r %JTDMPTFUPUIJSEQBSUJFTPOMZUPDPNQMZXJUIMFHBMPSSFHVMBUPSZSFRVJSFNFOUT JOSFTQPOTF UP JORVJSJFT PG B TVDDFTTPS BVEJUPS JO SFTQPOTF UP B TVCQPFOB PS JO BDDPSEBODF XJUI SFRVJSFNFOUTGPSBVEJUTPGFOUJUJFTSFDFJWJOHHPWFSONFOUBMàOBODJBMBTTJTUBODF Focus on Engagement Planning, Obtaining an Understanding, 51 and Assessing Risks—Module 2 c02.indd 51 10/7/2014 12:54:14 PM Summary of Assurance Provided by Auditor Not material Material &SSPST /PBTTVSBODF 3FBTPOBCMFBTTVSBODF 'SBVE /PBTTVSBODF 3FBTPOBCMFBTTVSBODF *MMFHBMBDUTXJUIEJSFDUFGGFDUPOàOBODJBM /PBTTVSBODF 3FBTPOBCMFBTTVSBODF TUBUFNFOUT 0UIFSJMMFHBMBDUT UIPTFXJUIBOJOEJSFDU /PBTTVSBODF /PBTTVSBODF FGGFDUPOàOBODJBMTUBUFNFOUT Focus on Engagement Planning, Obtaining an Understanding, 52 and Assessing Risks—Module 2 c02.indd 52 10/7/2014 12:54:14 PM Audit Planning: Communication with Predecessor Auditor 4VDDFTTPSNVTUNBLFJORVJSJFTPGQSFEFDFTTPSBVEJUPSCFGPSFBDDFQUJOHFOHBHFNFOU r 4VDDFTTPSJOJUJBUFTDPNNVOJDBUJPO r 3FRVJSFTQFSNJTTJPOPGDMJFOU r $POTJEFSJNQMJDBUJPOTPGDMJFOUTSFGVTBM /BUVSFPGJORVJSJFT r %JTBHSFFNFOUTXJUINBOBHFNFOUBCPVUBVEJUQSPDFEVSFTPSBDDPVOUJOHQSJODJQMFT r $PNNVOJDBUJPOXJUIBVEJUDPNNJUUFFBCPVUGSBVE JMMFHBMBDUT PSJOUFSOBMDPOUSPM r 3FBTPOGPSDIBOHFJOBVEJUPS r *OUFHSJUZPGNBOBHFNFOU Focus on Engagement Planning, Obtaining an Understanding, 53 and Assessing Risks—Module 2 c02.indd 53 10/7/2014 12:54:14 PM Audit Planning: Engagement Letter *ODMVEFTDMFBSVOEFSTUBOEJOHPGOBUVSFPGTFSWJDFTBOESFTQPOTJCJMJUZBTTVNFE 6OEFSTUBOEJOHNBZCFXSJUUFOBOEJODMVEF r OCKFDUJWFTPGFOHBHFNFOU r RFTQPOTJCJMJUJFTPGNBOBHFNFOU r AVEJUPSTSFTQPOTJCJMJUJFT r LJNJUBUJPOTPGFOHBHFNFOU 6OEFSTUBOEJOHXJMMBMTPJOEJDBUF r FJOBODJBMSFDPSETBOEJOGPSNBUJPOXJMMCFNBEFBWBJMBCMF r IOEJDBUJPOPGDPNQMJBODFXJUIBQQMJDBCMFMBXTBOESFHVMBUJPOT r LFUUFSPGSFQSFTFOUBUJPOTBUDPODMVTJPOPGàFMEXPSL r ETUBCMJTINFOUBOENBJOUFOBODFPGJOUFSOBMDPOUSPM r SUBUFNFOUTBSFUIFSFTQPOTJCJMJUZPGNBOBHFNFOU Focus on Engagement Planning, Obtaining an Understanding, 54 and Assessing Risks—Module 2 c02.indd 54 10/7/2014 12:54:14 PM Audit Planning: Engagement Letter (continued) "OFOHBHFNFOUMFUUFSNBZBMTPBEESFTT r 'FFTUPCFDIBSHFECZUIFBVEJUPS r *NNBUFSJBMFSSPSTPSGSBVEOPUFYQFDUFEUPCFGPVOECZBVEJU r 3FBTPOBCMFBTTVSBODFQSPWJEFEUIBUTUBUFNFOUTBSFOPUNBUFSJBMMZNJTTUBUFE r.BUFSJBMNJTTUBUFNFOUTNBZOPUCFEFUFDUFE Focus on Engagement Planning, Obtaining an Understanding, 55 and Assessing Risks—Module 2 c02.indd 55 10/7/2014 12:54:14 PM Planning Considerations "VEJUQMBOOJOHEFWFMPQJOHTUSBUFHZGPSTDPQFBOEDPOEVDUPGBVEJUCBTFEPO r 4J[FBOEDPNQMFYJUZPGFOUJUZ r "VEJUPSTFYQFSJFODFXJUIFOUJUZ r "VEJUPSTLOPXMFEHFPGFOUJUZTCVTJOFTT Planning considerations r &OUJUZTBDDPVOUJOHQPMJDJFT r.BUFSJBMJUZMFWFMT r "VEJUSJTLBOEQMBOOFEBTTFTTFEMFWFMPGDPOUSPMSJTL r &OUJUZTCVTJOFTTFOWJSPONFOU r.FUIPETPGQSPDFTTJOHBDDPVOUJOHJOGPSNBUJPO r *UFNTPOàOBODJBMTUBUFNFOUTQSPOFUPBEKVTUNFOU r $POEJUJPOTBGGFDUJOHBVEJUUFTUT r 3FQPSUTUPCFJTTVFE Focus on Engagement Planning, Obtaining an Understanding, 56 and Assessing Risks—Module 2 c02.indd 56 10/7/2014 12:54:14 PM Audit Planning Procedures r %FUFSNJOFJOWPMWFNFOUPGDPOTVMUBOUT TQFDJBMJTUT BOEJOUFSOBMBVEJUPST r 3FBEDVSSFOUZFBSTJOUFSJNàOBODJBMTUBUFNFOUT r $PPSEJOBUFBTTJTUBODFPGFOUJUZQFSTPOOFM r %JTDVTTXJUIàSNQFSTPOOFMSFTQPOTJCMFGPSOPOBVEJUTFSWJDFTNBUUFSTBGGFDUJOHUIFBVEJU r 3FWJFXDPSSFTQPOEFODFàMFT QSJPSZFBSTXPSLJOHQBQFST QFSNBOFOUàMFT àOBODJBMTUBUF NFOUT BOEBVEJUPSTSFQPSU r *ORVJSFBCPVUDVSSFOUCVTJOFTTEFWFMPQNFOUTBGGFDUJOHFOUJUZ r %JTDVTT UZQF TDPQF BOE UJNJOH PG BVEJU XJUI NBOBHFNFOU CPBSE PG EJSFDUPST PS BVEJU DPNNJUUFF r $POTJEFSFGGFDUTPGSFDFOUQSPOPVODFNFOUT r &TUBCMJTIUJNJOHPGBVEJUXPSL r &TUBCMJTIBOEDPPSEJOBUFTUBGGJOH r $PNQBSFàOBODJBMTUBUFNFOUTUPBOUJDJQBUFESFTVMUT r 1FSGPSNBOBMZUJDBMQSPDFEVSFTUPJEFOUJGZSJTLBSFBT r "TTFTTNBUFSJBMJUZBOEBVEJUSJTL Focus on Engagement Planning, Obtaining an Understanding, 57 and Assessing Risks—Module 2 c02.indd 57 10/7/2014 12:54:14 PM Obtaining an Understanding of the Client and Its Environment "VEJUPSTQFSGPSNrisk assessment procedures,JODMVEJOH r *ORVJSJFTPGNBOBHFNFOUBOEPUIFSTXJUIJOUIFFOUJUZ r "OBMZUJDBMQSPDFEVSFT r 0CTFSWBUJPOBOEJOTQFDUJPO r 0UIFS QSPDFEVSFT TVDI BT XJUI PUIFST PVUTJEF UIF FOUJUZ FH MFHBM DPVOTFM WBMVBUJPO FYQFSUT r 3FWJFXJOGPSNBUJPOGSPNFYUFSOBMTPVSDFTTVDIBOBMZTUT CBOLT FUD Focus on Engagement Planning, Obtaining an Understanding, 58 and Assessing Risks—Module 2 c02.indd 58 10/7/2014 12:54:14 PM Specialists "VEJUPSTNBZSFMZPOUIFXPSLPGTQFDJBMJTUTUP r 7BMVFBTTFUT r %FUFSNJOFUIFQIZTJDBMDIBSBDUFSJTUJDTPGJOWFOUPSJFT r %FUFSNJOFBNPVOUTEFSJWFEUISPVHITQFDJBMJ[FEUFDIOJRVFT r *OUFSQSFUUFDIOJDBMSFRVJSFNFOUT SFHVMBUJPOT PSBHSFFNFOUT #FGPSFSFMZJOHPOUIFXPSLPGBTQFDJBMJTU UIFBVEJUPSTIPVME r &WBMVBUFUIFRVBMJàDBUJPOTPGUIFTQFDJBMJTU r 6OEFSTUBOEUIFOBUVSFPGUIFXPSLUPCFQFSGPSNFECZUIFTQFDJBMJTU r &WBMVBUFUIFSFMBUJPOTIJQPGUIFTQFDJBMJTUUPUIFDMJFOU Focus on Engagement Planning, Obtaining an Understanding, 59 and Assessing Risks—Module 2 c02.indd 59 10/7/2014 12:54:14 PM Specialists (continued) *OFWBMVBUJOHUIFàOEJOHTPGUIFTQFDJBMJTU UIFBVEJUPSTIPVME r 6OEFSTUBOEUIFNFUIPETVTFEBOEBTTVNQUJPOTNBEF r 5FTUEBUBQSPWJEFEUPUIFTQFDJBMJTU r &WBMVBUFXIFUIFSUIFàOEJOHTTVQQPSUUIFSFMBUFEBTTFSUJPOT 5IFVTFPGBTQFDJBMJTUXJMMOPUHFOFSBMMZIBWFBOFGGFDUPOUIFBVEJUPSTSFQPSU r 5IFBVEJUPSNBZBEEFYQMBOBUPSZMBOHVBHFUPUIFTUBOEBSESFQPSUBTBSFTVMUPGUIFàOE JOHTPGUIFTQFDJBMJTU r 5IFBVEJUPSNBZEFDJEFUPNPEJGZUIFPQJOJPOJGUIFàOEJOHTPGUIFTQFDJBMJTUEPOPUDPS SPCPSBUFUIFSFMBUFEBTTFSUJPOT 5IFVTFPGBTQFDJBMJTUXJMMPOMZCFSFGFSSFEUPJOUIFBVEJUSFQPSUJGUIFàOEJOHTPGUIFTQFDJBMJTU SFTVMUFEJOBNPEJàDBUJPOPGUIFSFQPSU Focus on Engagement Planning, Obtaining an Understanding, 60 and Assessing Risks—Module 2 c02.indd 60 10/7/2014 12:54:14 PM Communication of Certain Information to Those Charged with Governance 5IFGPMMPXJOHNBUUFSTTIPVMECFDPNNVOJDBUFE Audit responsibilities under GAAS 3FTQPOTJCJMJUZUPGPSNBOEFYQSFTTBOPQJOJPO "O BVEJU EPFT OPU SFMJFWF NBOBHFNFOU PG UIPTF DIBSHFE XJUI HPWFSOBODF PG UIFJS SFTQPOTJCJMJUJFT Planned scope and timing of the audit"OPWFSWJFXPGUIFQMBOOFETDPQFBOEUJNJOHPGUIF BVEJU UIJT NBZ BTTJTU UIPTF DIBSHFE XJUI HPWFSOBODF JO VOEFSTUBOEJOH UIF DPOTFRVFODFT PG UIFBVEJUPSTXPSLGPSUIFJSPWFSTJHIUBDUJWJUJFTBOEUIFBVEJUPSUPVOEFSTUBOECFUUFSUIFFOUJUZBOE JUTFOWJSPONFOU Focus on Engagement Planning, Obtaining an Understanding, 61 and Assessing Risks—Module 2 c02.indd 61 10/7/2014 12:54:14 PM Communication of Certain Information to Those Charged with Governance (continued) Significant findings from the audit 2VBMJUBUJWFBTQFDUTPGUIFFOUJUZTTJHOJàDBOUBDDPVOUJOHQSBDUJDFT 4JHOJàDBOUEJGGJDVMUJFTFODPVOUFSFEEVSJOHUIFBVEJU 6ODPSSFDUFENJTTUBUFNFOUT %JTBHSFFNFOUTXJUINBOBHFNFOU .BOBHFNFOUTDPOTVMUBUJPOTXJUIPUIFSBDDPVOUBOUT 4JHOJàDBOUJTTVFTEJTDVTTFE PSTVCKFDUUPDPSSFTQPOEFODFXJUINBOBHFNFOU "VEJUPSJOEFQFOEFODFJTTVFT *GUIPTFDIBSHFEXJUIHPWFSOBODF BSF OPU JOWPMWFE JO NBOBHJOH UIF FOUJUZ UIF GPMMPXJOH TIPVMEBMTPCFDPNNVOJDBUFE r.BUFSJBMDPSSFDUFENJTTUBUFNFOUTSFTVMUJOHGSPNBVEJU r 3FQSFTFOUBUJPOTSFRVFTUFEGSPNNBOBHFNFOU r 0UIFSTJHOJàDBOUJTTVFT Focus on Engagement Planning, Obtaining an Understanding, 62 and Assessing Risks—Module 2 c02.indd 62 10/7/2014 12:54:14 PM CONSIDERATION OF INTERNAL CONTROL Consideration of internal control is necessary to determine nature, timing, and extent of substan- tive tests Internal control is defined as a process—effected by an entity’s board of directors, management, and other personnel—designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (a) Reliability of financial reporting, (b) Effectiveness and efficiency of operations, and (c) Compliance with applicable laws and regulations. Related to the above is the safeguarding of assets. Focus on Understanding Internal Control and 63 Assessing Control Risk—Module 3 c03.indd 63 10/7/2014 12:54:29 PM Components of Internal Control Internal control consists of five interrelated components 1. Control Activities 2. Risk Assessment 3. Information and Communication 4. Monitoring 5. Control Environment Focus on Understanding Internal Control and 64 Assessing Control Risk—Module 3 c03.indd 64 10/7/2014 12:54:29 PM Control Activities Control activities are policies and procedures that help ensure that management directives are followed The auditor will be concerned about r Performance reviews—comparisons of actual performance to expectations r Information processing—checks on accuracy, completeness, and authorization of transactions r Physical controls—safeguarding assets and controlling access to records r Segregation of duties—reducing opportunities for one individual to commit errors and conceal them I say! These control activities are pips Duties requiring segregation are r Authorization r Recording r Custody ARC Focus on Understanding Internal Control and 65 Assessing Control Risk—Module 3 c03.indd 65 10/7/2014 12:54:29 PM Risk Assessment Risk assessment addresses how the company identifies, analyzes, and manages risk Risks relevant to preparation of financial statements are affected by internal and external events and circumstances r Changes in operating environment r New personnel r New information systems r Rapid growth r New technology r New lines, products, or activities r Corporate restructuring r Foreign operations r Accounting pronouncements Focus on Understanding Internal Control and 66 Assessing Control Risk—Module 3 c03.indd 66 10/7/2014 12:54:29 PM Entity Risk Assessment versus Auditor Risk Assessment Entity—designed to identify, analyze, and manage risks that affect entity’s objectives Auditor—involves assessment of inherent risk and control risk to evaluate likelihood of material misstatements occurring in financial statements Information and Communication Information and communication relates to the identification, capture, and exchange of information that enables individuals to carry out their responsibilities Monitoring Monitoring by management allows for evaluation as to whether internal control is operating as planned Focus on Understanding Internal Control and 67 Assessing Control Risk—Module 3 c03.indd 67 10/7/2014 12:54:29 PM Control Environment The control environment sets the tone of the organization Factors include r Integrity and ethical values r Commitment to competence r Human resource policies and practices r Assignment of authority and responsibility r Management’s philosophy and operating style r Board of directors or audit committee participation r Organizational structure Focus on Understanding Internal Control and 68 Assessing Control Risk—Module 3 c03.indd 68 10/7/2014 12:54:29 PM Understanding Internal Control Assists Auditors in r Identifying types of potential misstatements and factors that affect the risks of material misstatement r Designing the nature, timing, and extent of further audit procedures Focus on Understanding Internal Control and 69 Assessing Control Risk—Module 3 c03.indd 69 10/7/2014 12:54:29 PM Obtaining an Understanding of Internal Control during Risk Assessment Risk assessment procedures for internal control include r Inquiries of management and others within the entity r Observing the application of specific controls r Inspecting documents and records r Tracing transactions through the information system Uses of internal control understanding obtained during risk assessment r Identify types of potential misstatements r Consider factors that affect the risk of material misstatement r Design tests of controls and substantive procedures (“further procedures”) Focus on Understanding Internal Control and 70 Assessing Control Risk—Module 3 c03.indd 70 10/7/2014 12:54:29 PM Understanding the Design of Internal Control An understanding of the design allows an auditor to assess how internal control is intended to function The auditor must understand each of the five components to r Identify types of potential misstatements r Consider factors that affect the risk of material misstatement r Design substantive tests To accomplish this, the auditor must perform procedures that will provide knowledge of r The design of controls for each of the five components as they relate to the financial statements r Whether controls have been placed in operation and are being used by client Focus on Understanding Internal Control and 71 Assessing Control Risk—Module 3 c03.indd 71 10/7/2014 12:54:29 PM Understanding the Design of Internal Control (continued) In addition to previous experience, the auditor may perform such procedures as r Making inquiries of appropriate individuals r Inspecting documents and records r Observing activities The auditor is not required to evaluate the effectiveness of controls unless reliance upon them is intended The auditor is required to document the understanding of the entity’s internal control Common forms of documentation include r A memorandum, describing the entity’s internal control in narrative form r A flowchart, diagramming internal control r An internal control questionnaire, providing management’s responses to questions about internal control r A decision table Focus on Understanding Internal Control and 72 Assessing Control Risk—Module 3 c03.indd 72 10/7/2014 12:54:29 PM Flowcharts Flowcharts diagram the design of internal control Symbols used Manual operation Process Decision Input or output Document Manual input Magnetic tape Off-line storage Magnetic disc storage On-page connector Off-page connector Focus on Understanding Internal Control and 73 Assessing Control Risk—Module 3 c03.indd 73 10/7/2014 12:54:30 PM Internal Control Questionnaire Consists of series of questions asked of management r Some questions designed to address objectives of internal control r Other questions designed to address control activities designed to accomplish objectives Questions designed to require “yes” or “no” answer r “No” answer generally indicative of weakness in internal control r Makes identification of weaknesses easier Focus on Understanding Internal Control and 74 Assessing Control Risk—Module 3 c03.indd 74 10/7/2014 12:54:30 PM Assessing Control Risk Based on the understanding of the design of internal control, the auditor will establish a planned assessed level of control risk in relation to management’s assertions Control risk may be set at the maximum level for some or all assertions r The auditor does not intend to rely on internal control in relation to those assertions r Tests of controls will not be performed Control risk may be set below maximum for some or all assertions r The auditor must verify the effectiveness of internal control so that it can be relied upon r Tests of controls will be performed Assessing control risk below maximum involves two components 1) Identify controls that will prevent or detect material misstatements in specific assertions 2) Perform tests of control to evaluate the effectiveness of the controls identified Focus on Understanding Internal Control and 75 Assessing Control Risk—Module 3 c03.indd 75 10/7/2014 12:54:30 PM Tests of Controls Tests of controls include r Inquiry—Asking questions of appropriate personnel such as inquiring about the procedure followed when merchandise is received r Inspection—Looking at documentary evidence such as inspecting paid invoices to make certain they have been cancelled to avoid double payment r Observation—Watching client employees as they perform such as observing employees receiving and recording purchases of merchandise to determine if there is proper segrega- tion of duties r Reperformance—Repeating procedures performed by client employee’s such as recount- ing inventories or recalculating invoice amounts Know the four types of tests of controls Focus on Understanding Internal Control and 76 Assessing Control Risk—Module 3 c03.indd 76 10/7/2014 12:54:30 PM Tests of Controls (continued) Tests of controls can be used to evaluate the effectiveness of the design of internal control as part of obtaining an understanding The auditor would r Inquire of appropriate personnel r Inspect documents and reports r Observe the application of specific controls Tests of controls can also be used to evaluate the operating effectiveness of internal control in the desire to reduce the assessed level of control risk The auditor would r Inquire of appropriate personnel r Inspect documents and reports r Observe the application of specific controls r Reperform procedures performed by clients Focus on Understanding Internal Control and 77 Assessing Control Risk—Module 3 c03.indd 77 10/7/2014 12:54:30 PM Relationship of Control Risk to Tests of Controls, Detection Risk, and Substantives Procedures Control risk at maximum Control risk below maximum When appropriate Internal control expected to be Internal control expected to be relatively ineffective relatively effective Not cost effective to rely on Cost effective to rely on internal internal control to reduce control to reduce substantive substantive procedures procedures Tests of controls Not required Required Detection risk Relatively low Relatively high Substantive procedures Must be more effective Can be less effective Focus on Understanding Internal Control and 78 Assessing Control Risk—Module 3 c03.indd 78 10/7/2014 12:54:30 PM Further Reducing the Assessed Level of Control Risk Since many of the procedures used to understand the design of internal control are also used to support the assessed level of control risk r Obtaining an understanding of internal control and supporting the assessed level of control risk are often done simultaneously r The auditor may determine that additional tests of controls will provide evidence that will further reduce the assessed level of control risk Concerning performing tests of controls, conceptually r If their expected cost leads to a lower total expected audit cost than not performing them, they will be performed r Tests of controls allow auditors to assess control risk below the maximum and to accept a higher level of detection risk