Auditing 3 Class Notes I. Auditing 3: © 2009 Devry/Becker Educational Development Corp. All Rights Reserved
Auditing 3 Class Notes I. Auditing 3: © 2009 Devry/Becker Educational Development Corp. All Rights Reserved
Auditing 3 Class Notes I. Auditing 3: © 2009 Devry/Becker Educational Development Corp. All Rights Reserved
AUDITING 3
Auditing 3 primarily deals with two key areas on the exam, planning (which includes consideration
of fraud/illegal acts) and risk assessment (which includes consideration of internal control).
A.
B.
You must be familiar with the specific procedures an auditor performs before
deciding to accept a client.
2.
You must separate these procedures from the procedures that are performed after
acceptance.
3.
Pre-acceptance activities:
Make inquiries of the predecessor auditor.
b.
(2)
(3)
(4)
c.
Assess the client's business risk and the CPA's business risk.
d.
C.
a.
The auditor must establish an understanding with the client regarding the services to
be performed.
a.
b.
The objective of this phase is to develop an overall strategy for the audit.
2.
The following are required during the planning stage of the audit:
a.
Obtain a sufficient understanding of the entity and its environment, including its
internal control.
b.
Obtain knowledge of the client's industry and business (tour facilities, review
financial history, etc.).
c.
d.
Develop an overall audit strategy, and develop and document a written audit
plan.
e.
Consider materiality and audit risk so that an overall low level of audit risk is
attained.
1
2009 DeVry/Becker Educational Development Corp. All rights reserved.
2.
b.
c.
b.
c.
Internal Auditor The auditor may choose to make use of the client's internal
auditor.
(1)
(2)
(2)
(3)
E.
F.
The client's auditor (user auditor) may utilize the service auditor's report
in this situation.
MATERIALITY
1.
Know the terms known misstatement (specifically identified during the audit), likely
misstatement (an estimate of the misstatement that is likely to exist), and tolerable
misstatement (maximum error the auditor will accept).
2.
3.
4.
5.
AUDIT RISK
1.
You must know the definition of audit risk: financial statements are materially
misstated but the opinion is not appropriately modified.
2.
(2)
2
2009 DeVry/Becker Educational Development Corp. All rights reserved.
Detection Risk risk that the auditor does not detect a material misstatement
in a financial statement assertion.
(1)
3.
It is imperative that you understand that audit risk needs to stay relatively low.
a.
G.
H.
This is the only element that the auditor can control, by varying the
nature, extent, or timing of audit procedures.
(2)
Change the extent of substantive tests (i.e., use a larger sample size)
(3)
b.
The risk of material misstatement (inherent risk and control risk) has an inverse
relationship to detection risk if you don't understand this, memorize it.
c.
Remember that the auditor can change his or her assessment of the risk of
material misstatement (inherent and control risks), but cannot change the
actual risks.
Audit risk and materiality must be considered together in designing audit procedures.
2.
Audit risk and materiality must be considered at both the financial statement level and
at the individual account balance, transaction class, or disclosure item level.
3.
There are three categories of financial statement assertions and thirteen assertions
within those categories (CPA CO CARE CURV).
a.
b.
Completeness
(2)
(3)
Accuracy
(4)
Classification
(5)
Occurrence
Completeness
(2)
(3)
(4)
Existence
3
2009 DeVry/Becker Educational Development Corp. All rights reserved.
2.
I.
Completeness
(2)
(3)
(4)
You need to know the assertions and what they mean, and understand how relevant
assertions may be used by the auditor to develop audit procedures.
SUPERVISION
Proper supervision of assistants is required; disagreements among staff should be
documented.
J.
FRAUD
1.
2.
3.
b.
There are three fraud risk factors their presence indicates a greater possibility of
fraud.
a.
b.
Opportunity (e.g., the ability to steal from the company due to a lack of
controls)
c.
You must understand management's responsibility with respect to fraud versus the
auditor's responsibility.
a.
b.
(2)
(3)
(4)
(5)
(a)
(b)
Evaluate evidence.
4
2009 DeVry/Becker Educational Development Corp. All rights reserved.
K.
L.
(a)
(b)
(c)
(d)
ILLEGAL ACTS
1.
If the illegal act has a direct and material effect on the financial statements, the
auditor has a reasonable responsibility to detect it.
2.
The auditor has no responsibility to detect indirect effect illegal acts, but cannot
ignore such acts that come to his or her attention.
3.
4.
You should also know when it is acceptable to communicate illegal acts to outside
parties.
RISK ASSESSMENT
1.
The auditor must obtain an understanding of the entity and its environment, including
its internal control, and assess the risk of material misstatement.
a.
b.
c.
d.
2.
The auditor should document the audit team's discussion, key elements of the
understanding of the entity and its environment, including its internal control,
the risk assessment procedures performed, the basis for the risk assessment,
and the identified risks and related controls evaluated by the auditor.
b.
M.
As part of the auditor's risk assessment process, the auditor must obtain an
understanding of the entity's internal control.
5
2009 DeVry/Becker Educational Development Corp. All rights reserved.
The purpose of internal control is to help a company meet its objectives (reliable
financial statements, effective/efficient operations, compliance).
3.
There are five components of internal control (CRIME). Know the basic definition of
each, and be familiar with the factors included in each component.
Control environment.
b.
c.
d.
Monitoring.
e.
3.
The auditor studies internal control to assess the risk of material misstatement and to
determine the nature, extent, and timing of further audit procedures.
4.
5.
N.
a.
a.
b.
Determine whether controls have been implemented (i.e., are being used).
Be familiar with the inherent limitations of internal control (i.e., the reasons why
errors may occur in spite of an effective system of internal control).
CONTROL ACTIVITIES
When there is a strong system of internal control, control activities implemented by the
client might include (PAID TIPS):
O.
P.
1.
Prenumbering of documents.
2.
Authorization of transactions.
3.
4.
Documentation.
5.
6.
7.
8.
Use of information technology may impact any of the five components of internal
control.
2.
There are both benefits (faster processing, improved consistency) and risks
(unauthorized access to data or programs) associated with the use of information
technology.
3.
The auditor must respond to the assessed level of risk at two levels:
a.
6
2009 DeVry/Becker Educational Development Corp. All rights reserved.
The relevant assertion level the nature, extent, and timing of specific audit
procedures is based on the assessed level of risk for the relevant assertions.
b.
3.
Tests of Controls
a.
4.
b.
c.
Be familiar with the factors that affect the nature, extent, and timing of tests of
controls.
d.
Evidence from prior years about operating effectiveness may be used as long
as it is still relevant and it is not too old (tests should be reperformed at least
once every three years).
Substantive Tests
a.
b.
c.
Be familiar with the factors that affect the nature, extent, and timing of
substantive tests.
(1)
(2)
5.
In responding to the assessed level of risk, the auditor may discover that the initial
risk assessment needs to be modified, and the audit plan should be revised
accordingly.
6.
The auditor must use judgment to evaluate the sufficiency and appropriateness of
audit evidence.
7.
7
2009 DeVry/Becker Educational Development Corp. All rights reserved.