Johnstone 9e Auditing 1
Johnstone 9e Auditing 1
Johnstone 9e Auditing 1
A RISK-BASED APPROACH TO
CONDUCTING A QUALITY AUDIT
9th Edition
CHAPTER 5
PROFESSIONAL AUDITING STANDARDS AND THE
AUDIT OPINION FORMULATION PROCESS
5-4
Copyright © 2014 South-Western/Cengage Learning
LEARNING OBJECTIVES
5-5
Copyright © 2014 South-Western/Cengage Learning
THE AUDIT OPINION FORMULATION
PROCESS
5-6
Copyright © 2014 South-Western/Cengage Learning
PROFESSIONAL JUDGMENT IN CONTEXT - IMPORTANCE
OF ADHERING TO PROFESSIONAL AUDITING STANDARDS
5-7
Copyright © 2014 South-Western/Cengage Learning
PROFESSIONAL JUDGMENT IN CONTEXT - IMPORTANCE
OF ADHERING TO PROFESSIONAL AUDITING STANDARDS
5-8
Copyright © 2014 South-Western/Cengage Learning
PROFESSIONAL JUDGMENT IN CONTEXT - IMPORTANCE
OF ADHERING TO PROFESSIONAL AUDITING STANDARDS
5-9
Copyright © 2014 South-Western/Cengage Learning
LEA R N I NG O B JEC TI VE 1
5-12
Copyright © 2014 South-Western/Cengage Learning
AICPA’S AUDITING STANDARDS BOARD
- CLARITY PROJECT
• Made standards easier to read, understand, and
apply
• Converged its standards with the International
Standards on Auditing (ISAs), issued by the IAASB
• Standards were written using drafting convention
called the clarity format
• Issued the clarified standards in a single Statement
on Auditing Standard (SAS No. 122) in 2012
5-13
Copyright © 2014 South-Western/Cengage Learning
EACH STANDARD OF CLARITY FORMAT
PRESENTED IN FOLLOWING SECTIONS
Introduction
• Purpose and scope of the standard
Objective
• Context in which the requirements are set
Definitions
• Relevant meanings of terms in standards
Requirements
• Actions required to achieve objective of the
standard
5-15
Copyright © 2014 South-Western/Cengage Learning
AUDITING STANDARDS ISSUED BY THE
IAASB
• Standards should to be understandable, clear, and
consistent
• Launched a program in 2004 to enhance clarity of its
ISAs
• Clarity Project was completed in 2009
• As of 2013, a set of its clarified standards comprises
of:
• 36 ISAs
• 1 International Standard on Quality Control (ISQC)
5-16
Copyright © 2014 South-Western/Cengage Learning
EACH STANDARD OF CLARITY FORMAT
PRESENTED IN FOLLOWING SECTIONS
Introduction
• Purpose and scope of subject matter of ISA
Objective
• Clear statement of the objective of the
auditor
Definitions
• For applicable terms included
Requirements
• For each objective are provided
5-17
Copyright © 2014 South-Western/Cengage Learning
AUDITING STANDARDS ISSUED BY THE
PCAOB
• Apply to auditors of U.S. public companies
• Issued sixteen Auditing Standards (ASs) as of 2013
• PCAOB interim standards - Standards adopted from
AICPA
• Requirement for public company auditors, unless
superseded by a PCAOB standard
• Standards issued by AICPA after April 16, 2003, not
included
5-18
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 5.1 - COMPARISON OF U.S. AND
INTERNATIONAL AUDITING STANDARDS
5-19
Copyright © 2014 South-Western/Cengage Learning
LEA R N I NG O B JEC TI VE 2
5-21
Copyright © 2014 South-Western/Cengage Learning
PCAOB GUIDANCE - FIELDWORK
STANDARDS
• Applicable to conduct of the audit
• Require auditors to:
• Properly plan and supervise the audit
• Develop an understanding of client’s controls
• Prerequisite for developing audit tests
• Obtain audit evidence by performing audit procedures
5-22
Copyright © 2014 South-Western/Cengage Learning
PCAOB GUIDANCE - REPORTING
STANDARDS
• Applicable to communicating auditor’s opinion
• Require auditors to:
• State whether financial statements are presented in
accordance with the applicable financial reporting
framework (i.e., GAAP or IFRS)
• Identify conditions where accounting principles are not
consistently observed
• Review disclosures for adequacy and state in the report if
disclosures are not reasonably adequate
• Express an opinion on financial statements as a whole or
state that an opinion cannot be expressed
5-23
Copyright © 2014 South-Western/Cengage Learning
AICPA GUIDANCE - PURPOSE AND
PREMISE OF AUDIT
• Purpose - Enhance degree of confidence that users
can place in financial statement
• Premise - Management has responsibility to:
• Prepare financial statements
• Maintain internal control over financial reporting
• Provide auditor with relevant information and access
to personnel
5-24
Copyright © 2014 South-Western/Cengage Learning
AICPA GUIDANCE - RESPONSIBILITIES
• The auditor’s responsibilities include
• Having appropriate competence and capabilities to
perform audit
• Complying with ethical requirements
• Maintaining professional skepticism throughout the
audit
5-25
Copyright © 2014 South-Western/Cengage Learning
AICPA GUIDANCE - PERFORMANCE
• Obtain assurance that financial statements are free
from material misstatement
• Limitations - Lack of absolute assurance about financial
statements being free from misstatement
• Requires an auditor to:
• Plan and supervise work
• Determine materiality levels
• Identify risks of material misstatement
• Design and implement audit responses to assessed risks
5-26
Copyright © 2014 South-Western/Cengage Learning
AICPA GUIDANCE - REPORTING
• Expressing either of the following
• Financial statements are free of material misstatement
• Stating that an opinion cannot be expressed
5-27
Copyright © 2014 South-Western/Cengage Learning
INTEGRATED AUDIT
5-28
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - BENEFITS OF
INTEGRATING THE AUDITS
• Integrating audits of internal controls and of financial
statements makes sense
• Both the tests of controls and direct tests of account
balances provide evidence related to each other
• Example:
• Tests of controls provide indirect evidence that financial
statements are free from misstatement
• Further, if material misstatements found in account
balances or disclosures, it implies that there were
material weaknesses in internal controls
5-29
Copyright © 2014 South-Western/Cengage Learning
LEA R N I NG O B JEC TI VE 3
5-31
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 5.3 - ACTIVITIES OF EACH PHASE OF THE
AUDIT OPINION FORMULATION PROCESS
5-32
Copyright © 2014 South-Western/Cengage Learning
IMPORTANT CONCEPTS AFFECTING AUDIT
OPINION FORMULATION PROCESS
• Accounting cycles
• Management assertions
• Audit evidence and audit procedures
• Documentation
5-33
Copyright © 2014 South-Western/Cengage Learning
LEA R N I NG O B JEC TI VE 4
5-35
Copyright © 2014 South-Western/Cengage Learning
ACCOUNTING CYCLES
• Auditor focuses on:
• Flow of transactions within a particular cycle
• Identifying:
• Points where material misstatement can occur
• Controls that have been designed and implemented to
mitigate those risks
• Understanding risks and controls within each cycle
• Helps determine specific audit procedures to be used and
specific audit evidence to be obtained
5-36
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 5.4 - ILLUSTRATIONS OF CYCLES
AND RELATED ACCOUNTS
5-37
Copyright © 2014 South-Western/Cengage Learning
LEA R N I NG O B JEC TI VE 5
5-39
Copyright © 2014 South-Western/Cengage Learning
MANAGEMENT’S FINANCIAL STATEMENT
ASSERTIONS IN PCAOB STANDARDS
Existence or O ccurrence
• Refers to existence of assets and liabilities
• Refers to occurrence of recorded transactions
Completeness
• Refers to inclusion of all transactions and accounts in financial statements
Valuation or Allocation
• Refers to inclusion of accounts in financial statements at
appropriate amounts
Rights and Obligations
• Refers to assets being the rights of an organization
• Refers to liabilities being the obligations of an organization
5-43
Copyright © 2014 South-Western/Cengage Learning
AUDIT PROCEDURES
• Sufficient appropriate audit evidence: Measure of the
quantity of audit evidence about following factors of
audit procedures
• Nature
• Timing
• Extent
• Audit program
• Lists audit procedures to be followed in gathering
evidence
• Helps monitor progress and supervising work
5-44
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 5.6 - TYPES OF AUDIT
PROCEDURES
5-45
Copyright © 2014 South-Western/Cengage Learning
LEA R N I NG O B JEC TI VE 7
5-47
Copyright © 2014 South-Western/Cengage Learning
PURPOSES OF AUDIT
DOCUMENTATION
• Assisting engagement team in:
• Planning and performing audit
• Supervising and reviewing
audit work
• Retaining a record of matters of continuing
significance to future audits
• Enabling internal or external inspections of
completed audits
• Assisting auditors in understanding work performed
in prior year
5-48
Copyright © 2014 South-Western/Cengage Learning
EXAMPLES OF AUDIT
DOCUMENTATION
• Audit programs
• Analyses prepared by client or auditor
• Memorandums
• Summaries of significant findings or issues
• Letters of confirmation and representation
• Checklists
• Correspondence concerning significant findings or
issues
5-49
Copyright © 2014 South-Western/Cengage Learning
LEA R N I NG O B JEC TI VE 8
5-51
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - ACCEPTING A
NEW AUDIT ENGAGEMENT
• Communicate with predecessor auditor
• Following issues should be addressed
• Information regarding integrity of management
• Disagreements with management about accounting
policies, auditing procedures
• Communications to management and those in
charge with governance regarding:
• Fraud and noncompliance with laws
• Deficiencies and material weaknesses in internal control
5-52
Copyright © 2014 South-Western/Cengage Learning
AUDIT ENGAGEMENT LETTER
• Document specifying responsibilities of client and
auditor that includes the following:
• Objective and scope of audit of financial statements
• Responsibilities of auditor and management
• Statement that some material misstatements may not be
detected due to inherent limitations of audit and internal
control
• Identification of applicable financial reporting framework
for preparation of financial statements
• Reference to expected form and content of any reports to
be issued
5-53
Copyright © 2014 South-Western/Cengage Learning
LEA R N I NG O B JEC TI VE 9
5-55
Copyright © 2014 South-Western/Cengage Learning
IDENTIFYING AND ASSESSING RISKS OF
MATERIAL MISSTATEMENT
• Essential to audit planning
• Requires identification of significant:
• Accounts
• Disclosures
• Relevant assertions
• Auditor establishes a materiality level overall and for
specific accounts and disclosures
5-56
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 5.7 - EXAMPLES OF SOURCES
OF RISK OF MATERIAL MISSTATEMENT
5-57
Copyright © 2014 South-Western/Cengage Learning
RISKS AT ASSERTION LEVEL
• Inherent risk
• The susceptibility of an assertion to a misstatement, due to
error or fraud, that could be material, individually or in
combination with other misstatements, before
consideration of any related controls
• Control risk
• The risk that a misstatement due to error or fraud that
could occur in an assertion and that could be material,
individually or in combination with other misstatements,
will not be prevented or detected on a timely basis by the
organization's internal control
5-58
Copyright © 2014 South-Western/Cengage Learning
RISK ASSESSMENT PROCEDURES
• Inquiries for information to assist in identifying risks
of material misstatement due to fraud or error
• Preliminary analytical procedures
• Observation and inspection of documentation
5-59
Copyright © 2014 South-Western/Cengage Learning
TYPES OF CONTROLS
• Entity-wide controls
• Transaction controls
• Fraud-related controls
5-60
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - CONTROLS TO
ADDRESS FRAUD RISK
• PCAOB has identified the following
• Controls over significant, unusual transactions, particularly
those resulting in unusual journal entries
• Controls over journal entries and adjustments made in the
period-end financial reporting process
• Controls over related-party transactions
• Controls related to significant management estimates
• Controls mitigating incentives for, and pressures on,
management to falsify financial results
5-61
Copyright © 2014 South-Western/Cengage Learning
TYPES OF PROCEDURES TO
ASSESS DESIGN EFFECTIVENESS
• Inquiry of appropriate personnel
• Observation of the organization’s operations
• Inspection of relevant documentation
• Performance of walkthroughs
• Documentation of preliminary assessment of control
design and basis for that assessment
• Understand the approach used by management for
conclusions on effectiveness of internal control
5-62
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - DOCUMENTING AUDITOR’S
UNDERSTANDING OF AN ORGANIZATION’S INTERNAL
CONTROLS
5-63
Copyright © 2014 South-Western/Cengage Learning
ASSESSING RANGE OF CONTROL RISK
• High control risk
• Weak internal controls
• Auditor cannot rely on controls to reduce substantive
procedures for account balances
• Assessing control risk as low
• Strong internal controls
• Auditor will test operating effectiveness of controls to
reduce substantive procedures for account balances
5-64
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE – EXAMPLE FOR WEAK INTERNAL
CONTROL DESIGN AND LINKS TO SUBSTANTIVE AUDIT
PROCEDURES
5-65
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE – EXAMPLE FOR WEAK INTERNAL
CONTROL DESIGN AND LINKS TO SUBSTANTIVE AUDIT
PROCEDURES
5-66
Copyright © 2014 South-Western/Cengage Learning
ADDITIONAL CONSIDERATIONS FOR AN
INTEGRATED AUDIT
• Risk assessment procedures apply to:
• Audit of internal control over financial reporting
• Audit of financial statements
• Top-down approach - Used for audit of internal control
over financial reporting to select controls to test
• Begins at financial statement level
• Focuses on entity-wide controls
• Works down to significant accounts and disclosures and
their relevant assertions
5-67
Copyright © 2014 South-Western/Cengage Learning
RESPONDING TO IDENTIFIED RISKS OF
MATERIAL MISSTATEMENT
• Purpose of risk assessment procedures
• Identify risks of material misstatement
• Determine where misstatements in financial
statements may occur
• Design appropriate audit strategy
• Controls reliance audit: Includes tests of controls
and substantive procedures
• Substantive audit: Includes substantive procedures
and does not include tests of controls
5-68
Copyright © 2014 South-Western/Cengage Learning
RESPONDING TO IDENTIFIED RISKS OF
MATERIAL MISSTATEMENT
• Selecting specific audit procedures to respond to
identified risks
• Assembling an audit team having knowledge, skill,
and ability needed to address assessed risks
• Emphasizing the need for professional skepticism
• Providing an appropriate level of supervision for
assessed risks
• Incorporating elements of unpredictability in
selection of audit procedures
5-69
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 5.8 - RESPONDING TO IDENTIFIED RISKS
THROUGH EVIDENCE DECISIONS
5-70
Copyright © 2014 South-Western/Cengage Learning
ADDITIONAL CONSIDERATIONS FOR AN
INTEGRATED AUDIT
• Audit strategy that includes tests of controls to
accomplish objectives of both audits
• Sufficient evidence related to operating effectiveness
of controls to support auditors:
• Control risk assessments for purposes of the audit of
financial statements
• Opinion on internal control over financial reporting as
of year-end
5-71
Copyright © 2014 South-Western/Cengage Learning
FRAUD CONSIDERATIONS
• Performing tests of controls and substantive
procedures susceptible to fraud risks
• Performing procedures related to risk of
management override of controls
• Examining journal entries
• Reviewing accounting estimates for
biases
• Evaluating business rationale for significant unusual
transactions
5-72
Copyright © 2014 South-Western/Cengage Learning
LEARN I NG OB JEC T I VE 10
5-74
Copyright © 2014 South-Western/Cengage Learning
AUDITING IN PRACTICE - RISK ASSESSMENT PROCEDURES
AND TESTS OF OPERATING EFFECTIVENESS OF
CONTROLS
• Auditor’s risk assessment procedures include
• Inquiring about management’s use of budgets
• Inspecting documentation of management’s
comparison of monthly budgeted and actual expenses
• Inspecting reports pertaining to the investigation of
variances between budgeted and actual amounts
5-75
Copyright © 2014 South-Western/Cengage Learning
SELECTING CONTROLS TO TEST
• Involves choosing controls that effectively indicate
capability to address the assessed risk of material
misstatement for relevant assertions
• Auditor selects:
• Entity-wide controls
• Reduce number of control activities selected for
testing
• Transaction controls
5-76
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 5.9 - LINKING FINANCIAL STATEMENT
ASSERTIONS AND SELECTING CONTROLS TO TEST
5-77
Copyright © 2014 South-Western/Cengage Learning
TYPES OF CONTROLS AND EXAMPLES OF
CONCEPTS AFFECTING CONTROL TESTING
Computerized Controls
Determining changes to
important computer applications
during the year
Reviewing
Taking a random
exception
Considering sample of
transactions for reports and
If there are submitting determining:
changes, testing test determining:
transactions a) Proper exceptions
integrity of controls a) Operations of
through being noted
after changes key controls
the system b) Exceptions go
b) Completion
to to authorized
of process personnel with
determine its
adequate follow -
performance up
5-78
Copyright © 2014 South-Western/Cengage Learning
TYPES OF CONTROLS AND EXAMPLES OF
CONCEPTS AFFECTING CONTROL TESTING
Manual Controls
5-80
Copyright © 2014 South-Western/Cengage Learning
TYPES OF CONTROLS AND EXAMPLES OF
CONCEPTS AFFECTING CONTROL TESTING
Controls over
Accounting
Estimates
5-81
Copyright © 2014 South-Western/Cengage Learning
FIRST APPROACH TO TESTING
CONTROLS
• Take sample of customer orders and trace it through
the system to determine whether:
• There was proper review of credit and
• Credit authorization or denial was proper
• Advantage - Most effective because it helps in
determining that the control worked effectively
• Requires documentation of all credit applications and
purchase orders required
• Based on audit sampling
5-82
Copyright © 2014 South-Western/Cengage Learning
SECOND APPROACH TO TESTING
CONTROLS
• Taking a sample of recorded items and tracing back
to credit approval process
• Provides evidence on proper credit approval for all
items presently recorded
• Does not provide evidence as to whether other items
should have been approved for credit, but had not
been approved
5-83
Copyright © 2014 South-Western/Cengage Learning
THIRD APPROACH TO TESTING
CONTROLS
• Uses a computer audit program and develops a print-
out of account balances exceeding their credit
authorization
• Cost-effective
• Requires an inference about the control
• Covers only the operation of the controls related to
the current account balances
• 100% evaluation of each item currently recorded
5-84
Copyright © 2014 South-Western/Cengage Learning
TESTING THE OPERATING
EFFECTIVENESS
• Auditor tests relevant principles of components of:
• Control environment
• Risk assessment
• Information and communication
• Monitoring
5-85
Copyright © 2014 South-Western/Cengage Learning
RESULTS OF TESTS OF CONTROLS FOR
FINANCIAL STATEMENT AUDIT
• If control deficiencies are identified
• Assess them to determine whether preliminary control
risk assessment should be modified
• Record the implications for substantive procedures
• If no control deficiencies are identified
• Assess whether preliminary control risk assessment is still
appropriate
• Determine extent that controls can provide evidence on
accuracy of account balances
• Determine planned substantive audit procedures
5-86
Copyright © 2014 South-Western/Cengage Learning
RESULTS OF TESTS OF CONTROLS FOR
FINANCIAL STATEMENT AUDIT
• Determine how much assurance about reliability of
account balances can be obtained from the effective
operation of controls
• Within any audit, level of assurance will vary across:
• Accounts
• Disclosures
• Assertions
5-87
Copyright © 2014 South-Western/Cengage Learning
LEARN I NG OB JEC T I VE 11
5-89
Copyright © 2014 South-Western/Cengage Learning
EXHIBIT 5.12 - FACTORS AFFECTING
SUBSTANTIVE PROCEDURES TO BE PERFORMED
5-90
Copyright © 2014 South-Western/Cengage Learning
LEARN I NG OB JEC T I VE 12
5-95
Copyright © 2014 South-Western/Cengage Learning
MANAGEMENT ASSESSMENT OF
CONTROLS
• Deficiency of lack of approval considered as a
significant deficiency based on the following
rationale:
• Major departure from an approved process
• Could lead to purchase of unauthorized goods
• Could be shipped elsewhere and lead to material
misstatement in financial statements
5-96
Copyright © 2014 South-Western/Cengage Learning
AUDITOR ASSESSMENT OF CONTROLS
• Auditor reviews:
• Management’s documentation of its internal control
• Management’s evaluation and findings related to
internal control effectiveness
• Auditor then gathers evidence on operating
effectiveness of these controls
• By taking a random sample auditor needs to
independently determine that the controls are working
or not
5-97
Copyright © 2014 South-Western/Cengage Learning
AUDITOR ASSESSMENT OF CONTROLS
• Implications for substantive procedures in financial
statement audit:
• Auditor will do limited testing of inventory quantities
at year end
• Auditor will assess year-end inventory for potential
obsolescence
• Auditor will continue to examine all adjusting entries at
the end of the year
5-98
Copyright © 2014 South-Western/Cengage Learning